From: Christoph Heiss <c.heiss@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH installer v2 3/6] low-level: change root password option to contain either plaintext or hash
Date: Mon, 15 Jul 2024 09:56:03 +0200 [thread overview]
Message-ID: <20240715075700.283532-4-c.heiss@proxmox.com> (raw)
In-Reply-To: <20240715075700.283532-1-c.heiss@proxmox.com>
A hashed password can be created e.g. using the `mkpasswd(1)`.
This then will allow the auto-installer to pass along a
already-hashed password from the user, instead of simple plaintext.
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
Changes v1 -> v2:
* no changes
Proxmox/Install.pm | 25 ++++++++++++++++++++++---
Proxmox/Install/Config.pm | 20 +++++++++++++++++---
proxinstall | 4 ++--
3 files changed, 41 insertions(+), 8 deletions(-)
diff --git a/Proxmox/Install.pm b/Proxmox/Install.pm
index c0f8955..bcf8ba7 100644
--- a/Proxmox/Install.pm
+++ b/Proxmox/Install.pm
@@ -621,6 +621,27 @@ sub prepare_grub_efi_boot_esp {
die "failed to prepare EFI boot using Grub on '$espdev': $err" if $err;
}
+my sub setup_root_password {
+ my ($targetdir) = @_;
+
+ my $plain = Proxmox::Install::Config::get_root_password('plain');
+ my $hashed = Proxmox::Install::Config::get_root_password('hashed');
+
+ die "root password must be set!\n"
+ if !defined($plain) && !defined($hashed);
+
+ die "plain and hashed root password cannot be set at the same time!\n"
+ if defined($plain) && defined($hashed);
+
+ if (defined($plain)) {
+ my $octets = encode("utf-8", $plain);
+ run_command("chroot $targetdir /usr/sbin/chpasswd", undef, "root:$octets\n");
+ } elsif (defined($hashed)) {
+ my $octets = encode("utf-8", $hashed);
+ run_command("chroot $targetdir /usr/sbin/chpasswd --encrypted", undef, "root:$octets\n");
+ }
+}
+
sub extract_data {
my $iso_env = Proxmox::Install::ISOEnv::get();
my $run_env = Proxmox::Install::RunEnv::get();
@@ -1269,9 +1290,7 @@ _EOD
diversion_remove($targetdir, "/sbin/start-stop-daemon");
- # set root password
- my $octets = encode("utf-8", Proxmox::Install::Config::get_password());
- run_command("chroot $targetdir /usr/sbin/chpasswd", undef, "root:$octets\n");
+ setup_root_password($targetdir);
# set root ssh keys
my $ssh_keys = Proxmox::Install::Config::get_root_ssh_keys();
diff --git a/Proxmox/Install/Config.pm b/Proxmox/Install/Config.pm
index ecd8a74..0313fd9 100644
--- a/Proxmox/Install/Config.pm
+++ b/Proxmox/Install/Config.pm
@@ -90,7 +90,7 @@ my sub init_cfg {
keymap => 'en-us',
# root credentials & details
- password => undef,
+ root_password => undef,
mailto => 'mail@example.invalid',
root_ssh_keys => [],
@@ -196,8 +196,22 @@ sub get_timezone { return get('timezone'); }
sub set_keymap { set_key('keymap', $_[0]); }
sub get_keymap { return get('keymap'); }
-sub set_password { set_key('password', $_[0]); }
-sub get_password { return get('password'); }
+sub set_root_password {
+ my ($key) = @_;
+ croak "unknown root password option '$key'"
+ if $key ne 'plain' && $key ne 'hashed';
+
+ set_key('root_password', { $_[0] => $_[1] });
+}
+
+sub get_root_password {
+ my ($key) = @_;
+ croak "unknown root password option '$key'"
+ if $key ne 'plain' && $key ne 'hashed';
+
+ my $password = get('root_password');
+ return defined($password->{$key}) ? $password->{$key} : undef;
+}
sub set_mailto { set_key('mailto', $_[0]); }
sub get_mailto { return get('mailto'); }
diff --git a/proxinstall b/proxinstall
index a6a4cfb..12f3eaa 100755
--- a/proxinstall
+++ b/proxinstall
@@ -674,7 +674,7 @@ sub create_password_view {
cleanup_view();
- my $password = Proxmox::Install::Config::get_password();
+ my $password = Proxmox::Install::Config::get_root_password('plain');
my $grid = &$create_basic_grid();
$gtk_state->{inbox}->pack_start($grid, 0, 0, 0);
@@ -745,7 +745,7 @@ sub create_password_view {
return;
}
- Proxmox::Install::Config::set_password($t1);
+ Proxmox::Install::Config::set_root_password('plain', $t1);
Proxmox::Install::Config::set_mailto($t3);
$step_number++;
--
2.45.1
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2024-07-15 8:04 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-15 7:56 [pve-devel] [PATCH installer v2 0/6] auto-installer: add option for providing hashed root password Christoph Heiss
2024-07-15 7:56 ` [pve-devel] [PATCH installer v2 1/6] common: move `PasswordOptions` type to tui crate Christoph Heiss
2024-07-15 7:56 ` [pve-devel] [PATCH installer v2 2/6] tui-installer: remove `Debug` implementation for password options Christoph Heiss
2024-07-15 7:56 ` Christoph Heiss [this message]
2024-07-15 7:56 ` [pve-devel] [PATCH installer v2 4/6] {auto, tui}-installer: adapt to new `root_password` plain/hashed setup option Christoph Heiss
2024-07-15 7:56 ` [pve-devel] [PATCH installer v2 5/6] auto-installer: add new `global.root_password_hashed` answer option Christoph Heiss
2024-07-15 7:56 ` [pve-devel] [PATCH installer v2 6/6] auto-installer: add test for hashed root password option Christoph Heiss
2024-07-16 13:48 ` [pve-devel] [PATCH installer v2 0/6] auto-installer: add option for providing hashed root password Theodor Fumics via pve-devel
2024-07-22 16:43 ` [pve-devel] applied-series: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240715075700.283532-4-c.heiss@proxmox.com \
--to=c.heiss@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.