Bug #33732: The default password in settings is not encoded - Foreman

Custom queries

3.11.5 release DONE
3.11.5 release TODO
3.12.2 release DONE
3.12.2 release TODO
3.13.0 release DONE
3.13.0 release TODO
All bugs by votes
All issues closed in the last 3 weeks
Easy and Trivial Issues
Easy Issues (only)
Foreman - new open issues in last 10 days
Good first issues - Foreman core
high prio open bugs
Host registration [open]
Mine
My issues closed in the last 3 weeks
old bugs
Open with target version set (aka blockers)
registration
taken-none
Team Atlas untriaged bugs
templates
Trivial Issues
Untriaged and opened in the past two weeks

Actions

Copy link

Bug #33732

closed

The default password in settings is not encoded

Added by Richard Stempfl about 3 years ago. Updated about 3 years ago.

Status:

Closed

Priority:

High

Assignee:

Bernhard Suttner

Category:

API

Target version:

Difficulty:

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman/pull/8878

Fixed in Releases:

3.1.0

Found in Releases:

2.3.5

Red Hat JIRA:

Description

If i want to deploy a host via api the default password set in settings is not encoded in the template.
In the operating system i´ve set base64-windows as root password hash for my hosts, but it gets ignored when i use the api to deploy hosts. If i use the webgui it works fine.

Related issues 2 (0 open — 2 closed)

	Related to Foreman - Bug #33811: Reprovisioning a host using new HostGroup does not inherit root password from the new HostGroup	Closed	Dominik Matoulek				Actions
	Related to Foreman - Refactor #34289: Remove workaround for root_password encoding	Closed	Ondřej Ezr				Actions

Issue # Delay: days Cancel

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Richard Stempfl about 3 years ago

To better describe the error:

I have set a default password in the settings that will be used for new hosts.
I have set a password hash (Base64-windows) in the relevant OS (Windows)
When creating a host with this OS and the default password from the settings, the template for this host does not have a encoded password the password is in plain text.(Should be Base64-windows encoded)

The vm can not be installed completely with this because this OS expects a password encoded

This happens only if i create a host via api. (hammer & FAM & CURL)

If you go to "preview template" the rendered template shows:

                <AdministratorPassword>
                    <Value>PLAIN_TEXT_PASSWORD</Value>
                    <PlainText>false</PlainText>
                </AdministratorPassword>

Actions

Copy link

Updated by Bernhard Suttner about 3 years ago

If you start a 'foreman-rake console' and analyze the root_pass.

Host created via GUI:
irb(main):008:0> gui_h.root_pass
=> "CCAGkAeBBhAHQAaQG4AEEAZABtZGkAbgBpAHM3dAByAGEAdABvAHIAUABAAHMAcwBEAG8AcgXkAC=="

Host created via API (hammer):
irb(main):009:0> api_h.root_pass
=> "plainpw"

Actions

Copy link

Updated by Bernhard Suttner about 3 years ago

In case of API creation of host:

Found out that root_pass_changed? method https://github.com/theforeman/foreman/blob/develop/app/models/host/base.rb#L614 is false and therefore the method password_base64_encrypted? returns true -> password is already base64.

I would prefer to determine if string is base64 but this is not save - except we mark base64 encoded passwords with something like <b64> in the root_pass.

Actions

Copy link