Project

General

Profile

Actions
Copy link

Bug #37610

closed

HostCommon.crypt_passwords reencrypts Base64 based passwords for Grub, leading to errors

Added by Evgeni Golov 6 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Evgeni Golov
Category:
Unattended installations
Target version:
3.11.1
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/10229, https://github.com/theforeman/foreman/pull/10249, https://github.com/theforeman/foreman/pull/10314
Fixed in Releases:
3.11.1, 3.12.0
Found in Releases:
3.2.0
Red Hat JIRA:

Description

crypt() only accepts passwords up to 512 characters (at least in modern libxcrypt >= 4.4.4 like present on EL9)

While we usually do not pass so long passwords into it, there is a situation where we (accidentally) do while using Base64(-Windows) passwords.
This is usually guarded by password_base64_encrypted?, but because we are changing the password, it returns false.
The later code then works fine for the root password, but when we also try to encrypt the grub password, we pass in the (already "encrypted") root password, which now is longer than 512 characters.

Related issues 1 (0 open1 closed)

Related to Foreman - Bug #33811: Reprovisioning a host using new HostGroup does not inherit root password from the new HostGroupClosedDominik MatoulekActions
Actions
Copy link

Also available in: Atom PDF