From: Christoph Heiss <c.heiss@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH installer 3/3] auto-installer: raise minimum root password length to 8 characters
Date: Mon, 7 Oct 2024 11:22:17 +0200 [thread overview]
Message-ID: <20241007092218.723938-4-c.heiss@proxmox.com> (raw)
In-Reply-To: <20241007092218.723938-1-c.heiss@proxmox.com>
.. in accordance with current NIST recommendations [0].
It's 2024; so reasonable to expect an 8-character-password at the
minimum.
[0] https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
proxmox-auto-installer/src/utils.rs | 5 +++++
.../tests/resources/parse_answer/disk_match.json | 2 +-
.../tests/resources/parse_answer/disk_match.toml | 2 +-
.../tests/resources/parse_answer/disk_match_all.json | 2 +-
.../tests/resources/parse_answer/disk_match_all.toml | 2 +-
.../tests/resources/parse_answer/disk_match_any.json | 2 +-
.../tests/resources/parse_answer/disk_match_any.toml | 2 +-
.../tests/resources/parse_answer/minimal.json | 2 +-
.../tests/resources/parse_answer/minimal.toml | 2 +-
.../tests/resources/parse_answer/nic_matching.json | 2 +-
.../tests/resources/parse_answer/nic_matching.toml | 2 +-
.../tests/resources/parse_answer/specific_nic.json | 2 +-
.../tests/resources/parse_answer/specific_nic.toml | 2 +-
proxmox-auto-installer/tests/resources/parse_answer/zfs.json | 2 +-
proxmox-auto-installer/tests/resources/parse_answer/zfs.toml | 2 +-
15 files changed, 19 insertions(+), 14 deletions(-)
diff --git a/proxmox-auto-installer/src/utils.rs b/proxmox-auto-installer/src/utils.rs
index 45ad222..e0dd2ae 100644
--- a/proxmox-auto-installer/src/utils.rs
+++ b/proxmox-auto-installer/src/utils.rs
@@ -13,6 +13,7 @@ use proxmox_installer_common::{
setup::{
InstallConfig, InstallRootPassword, InstallZfsOption, LocaleInfo, RuntimeInfo, SetupInfo,
},
+ ROOT_PASSWORD_MIN_LENGTH,
};
use serde::{Deserialize, Serialize};
@@ -309,6 +310,10 @@ fn verify_root_password_settings(answer: &Answer) -> Result<()> {
} else if answer.global.root_password.is_none() && answer.global.root_password_hashed.is_none()
{
bail!("One of `global.root_password` or `global.root_password_hashed` must be set");
+ } else if answer.global.root_password.is_some()
+ && answer.global.root_password.as_ref().map(|s| s.len()) < Some(ROOT_PASSWORD_MIN_LENGTH)
+ {
+ bail!("`global.root_password` must be at least {ROOT_PASSWORD_MIN_LENGTH} characters long");
} else {
Ok(())
}
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/disk_match.json b/proxmox-auto-installer/tests/resources/parse_answer/disk_match.json
index 6c8d6d9..a2f8b6f 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/disk_match.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/disk_match.json
@@ -18,7 +18,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "eno1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"timezone": "Europe/Vienna",
"zfs_opts": {
"arc_max": 2048,
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/disk_match.toml b/proxmox-auto-installer/tests/resources/parse_answer/disk_match.toml
index 68676ac..5177eb2 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/disk_match.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/disk_match.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-dhcp"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.json b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.json
index 2d2e94e..a6567c2 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.json
@@ -15,7 +15,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "eno1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"timezone": "Europe/Vienna",
"zfs_opts": {
"arc_max": 2048,
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.toml b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.toml
index f20a4fe..60daa54 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-dhcp"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.json b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.json
index 1f3b2eb..f9d29f7 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.json
@@ -22,7 +22,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "eno1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"timezone": "Europe/Vienna",
"zfs_opts": {
"arc_max": 2048,
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.toml b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.toml
index e1f33c9..6e45c5b 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-dhcp"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/minimal.json b/proxmox-auto-installer/tests/resources/parse_answer/minimal.json
index 9fe9150..1db23e6 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/minimal.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/minimal.json
@@ -12,7 +12,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "eno1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"target_hd": "/dev/sda",
"timezone": "Europe/Vienna"
}
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/minimal.toml b/proxmox-auto-installer/tests/resources/parse_answer/minimal.toml
index db8fec4..16f355c 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/minimal.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/minimal.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-dhcp"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.json b/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.json
index 610060e..ba0a47f 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.json
@@ -12,7 +12,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "enp65s0f0",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"target_hd": "/dev/sda",
"timezone": "Europe/Vienna"
}
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.toml b/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.toml
index 087c37f..eb6130a 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-answer"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.json b/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.json
index 5f456bb..fcf26fb 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.json
@@ -12,7 +12,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "enp129s0f1np1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"target_hd": "/dev/sda",
"timezone": "Europe/Vienna"
}
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.toml b/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.toml
index 60f7f14..4ea49bc 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-answer"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/zfs.json b/proxmox-auto-installer/tests/resources/parse_answer/zfs.json
index 025dd8f..710b4d6 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/zfs.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/zfs.json
@@ -16,7 +16,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "eno1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"timezone": "Europe/Vienna",
"zfs_opts": {
"arc_max": 2048,
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/zfs.toml b/proxmox-auto-installer/tests/resources/parse_answer/zfs.toml
index 4d48998..369fd63 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/zfs.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/zfs.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-dhcp"
--
2.46.0
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2024-10-07 9:22 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-07 9:22 [pve-devel] [PATCH installer 0/3] " Christoph Heiss
2024-10-07 9:22 ` [pve-devel] [PATCH installer 1/3] proxinstall: " Christoph Heiss
2024-10-07 9:22 ` [pve-devel] [PATCH installer 2/3] tui: " Christoph Heiss
2024-10-07 9:22 ` Christoph Heiss [this message]
2024-10-07 9:49 ` [pve-devel] [PATCH installer 3/3] auto-installer: " Stefan Hanreich
2024-10-07 9:52 ` Christoph Heiss
2024-10-07 9:55 ` Stefan Hanreich
2024-10-07 10:02 ` Christoph Heiss
2024-10-07 10:39 ` Stefan Hanreich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241007092218.723938-4-c.heiss@proxmox.com \
--to=c.heiss@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.