Feature #8890
closedAllow selection of plaintext "encryption" method for root password
Description
Deployment of Windows servers/clients with Foreman is substantially complicated by the fact that access to the unencrypted root pass inside templates is only possible by exploiting the 'if a password starts with $, leave it alone' mechanism, which means users need to input a root password starting with a $. Windows unattended.xml files require a plaintext or base64-encoded password.
Adding template access to the unencrypted root password by providing a "plaintext" "encryption" option on the host creation page would make Windows deployment much more hassle-free.
I am new to Ruby, but I managed to get something working by modifying the new PasswordCrypt class/service, something like this:
class PasswordCrypt
ALGORITHMS = {'plaintext' => '', 'MD5' => '$1$', 'SHA256' => '$5$', 'SHA512' => '$6$'}
def self.passw_crypt(passwd, hash_alg = 'MD5')
raise Foreman::Exception.new(N_("Unsupported password hash function '%s'"), hash_alg) unless ALGORITHMS.has_key?(hash_alg)
if hash_alg == 'plaintext'
return passwd.crypt("#{ALGORITHMS[hash_alg]}#{SecureRandom.base64(6)}")
else
return passwd
end
end
def self.grub2_passw_crypt(passw)
self.passw_crypt(passw, 'MD5')
end
end
The only apparent required changes are then to some strings in app/controllers/api/v1/operatingsystems_controller.rb, app/controllers/api/v2/operatingsystems_controller.rb and locale files.