Feature #8890
closedAllow selection of plaintext "encryption" method for root password
Description
Deployment of Windows servers/clients with Foreman is substantially complicated by the fact that access to the unencrypted root pass inside templates is only possible by exploiting the 'if a password starts with $, leave it alone' mechanism, which means users need to input a root password starting with a $. Windows unattended.xml files require a plaintext or base64-encoded password.
Adding template access to the unencrypted root password by providing a "plaintext" "encryption" option on the host creation page would make Windows deployment much more hassle-free.
I am new to Ruby, but I managed to get something working by modifying the new PasswordCrypt class/service, something like this:
class PasswordCrypt
ALGORITHMS = {'plaintext' => '', 'MD5' => '$1$', 'SHA256' => '$5$', 'SHA512' => '$6$'}
def self.passw_crypt(passwd, hash_alg = 'MD5')
raise Foreman::Exception.new(N_("Unsupported password hash function '%s'"), hash_alg) unless ALGORITHMS.has_key?(hash_alg)
if hash_alg == 'plaintext'
return passwd.crypt("#{ALGORITHMS[hash_alg]}#{SecureRandom.base64(6)}")
else
return passwd
end
end
def self.grub2_passw_crypt(passw)
self.passw_crypt(passw, 'MD5')
end
end
The only apparent required changes are then to some strings in app/controllers/api/v1/operatingsystems_controller.rb, app/controllers/api/v2/operatingsystems_controller.rb and locale files.
Updated by The Foreman Bot over 9 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/2083 added
- Pull request deleted (
)
Updated by William Hefter over 9 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 331ff165939399787022e77ad17778e2ac39c148.
Updated by Dominic Cleal over 9 years ago
- Assignee set to William Hefter
- Translation missing: en.field_release set to 28
Updated by Dominic Cleal about 9 years ago
- Related to Bug #11715: Base64 encoded Passwords get re-encoded on unattended/built call added