From: Christoph Heiss <c.heiss@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH installer v2 4/5] auto: raise minimum root password length to 8 characters
Date: Fri, 29 Nov 2024 13:21:12 +0100 [thread overview]
Message-ID: <20241129122125.1494917-5-c.heiss@proxmox.com> (raw)
In-Reply-To: <20241129122125.1494917-1-c.heiss@proxmox.com>
.. in accordance with current NIST recommendations [0].
It's 2024; so reasonable to expect an 8-character-password at the
minimum.
While at it, refactor the `InstallRootPassword` struct into an enum, as
suggested by Stefan.
[0] https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
Changes v1 -> v2:
* reworked check to use a `match` instead, as suggested by Stefan
proxmox-auto-installer/src/utils.rs | 22 +++++++++++++------
.../tests/resources/parse_answer/btrfs.json | 2 +-
.../tests/resources/parse_answer/btrfs.toml | 2 +-
.../resources/parse_answer/disk_match.json | 2 +-
.../resources/parse_answer/disk_match.toml | 2 +-
.../parse_answer/disk_match_all.json | 2 +-
.../parse_answer/disk_match_all.toml | 2 +-
.../parse_answer/disk_match_any.json | 2 +-
.../parse_answer/disk_match_any.toml | 2 +-
.../resources/parse_answer/first-boot.json | 2 +-
.../resources/parse_answer/first-boot.toml | 2 +-
.../tests/resources/parse_answer/minimal.json | 2 +-
.../tests/resources/parse_answer/minimal.toml | 2 +-
.../resources/parse_answer/nic_matching.json | 2 +-
.../resources/parse_answer/nic_matching.toml | 2 +-
.../resources/parse_answer/specific_nic.json | 2 +-
.../resources/parse_answer/specific_nic.toml | 2 +-
.../tests/resources/parse_answer/zfs.json | 2 +-
.../tests/resources/parse_answer/zfs.toml | 2 +-
19 files changed, 33 insertions(+), 25 deletions(-)
diff --git a/proxmox-auto-installer/src/utils.rs b/proxmox-auto-installer/src/utils.rs
index 3378bdd..5dc7979 100644
--- a/proxmox-auto-installer/src/utils.rs
+++ b/proxmox-auto-installer/src/utils.rs
@@ -14,6 +14,7 @@ use proxmox_installer_common::{
InstallBtrfsOption, InstallConfig, InstallFirstBootSetup, InstallRootPassword,
InstallZfsOption, LocaleInfo, RuntimeInfo, SetupInfo,
},
+ ROOT_PASSWORD_MIN_LENGTH,
};
use serde::{Deserialize, Serialize};
@@ -325,13 +326,20 @@ fn verify_email_and_root_password_settings(answer: &Answer) -> Result<()> {
email_validate(&answer.global.mailto).with_context(|| answer.global.mailto.clone())?;
- if answer.global.root_password.is_some() && answer.global.root_password_hashed.is_some() {
- bail!("`global.root_password` and `global.root_password_hashed` cannot be set at the same time");
- } else if answer.global.root_password.is_none() && answer.global.root_password_hashed.is_none()
- {
- bail!("One of `global.root_password` or `global.root_password_hashed` must be set");
- } else {
- Ok(())
+ match (
+ &answer.global.root_password,
+ &answer.global.root_password_hashed,
+ ) {
+ (Some(_), Some(_)) => {
+ bail!("`global.root_password` and `global.root_password_hashed` cannot be set at the same time");
+ }
+ (None, None) => {
+ bail!("One of `global.root_password` or `global.root_password_hashed` must be set");
+ }
+ (Some(password), None) if password.len() < ROOT_PASSWORD_MIN_LENGTH => {
+ bail!("`global.root_password` must be at least {ROOT_PASSWORD_MIN_LENGTH} characters long");
+ }
+ _ => Ok(()),
}
}
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/btrfs.json b/proxmox-auto-installer/tests/resources/parse_answer/btrfs.json
index de4c6e5..0c1f032 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/btrfs.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/btrfs.json
@@ -16,7 +16,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "eno1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"timezone": "Europe/Vienna",
"btrfs_opts": {
"compress": "zlib"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/btrfs.toml b/proxmox-auto-installer/tests/resources/parse_answer/btrfs.toml
index 8fcd27d..9071f7f 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/btrfs.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/btrfs.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-dhcp"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/disk_match.json b/proxmox-auto-installer/tests/resources/parse_answer/disk_match.json
index 48a82e6..d5ffddd 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/disk_match.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/disk_match.json
@@ -18,7 +18,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "eno1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"timezone": "Europe/Vienna",
"zfs_opts": {
"arc_max": 2048,
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/disk_match.toml b/proxmox-auto-installer/tests/resources/parse_answer/disk_match.toml
index 68676ac..5177eb2 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/disk_match.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/disk_match.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-dhcp"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.json b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.json
index f012eb1..78a5e0c 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.json
@@ -15,7 +15,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "eno1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"timezone": "Europe/Vienna",
"zfs_opts": {
"arc_max": 2048,
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.toml b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.toml
index f20a4fe..60daa54 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_all.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-dhcp"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.json b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.json
index ad3e304..2e65fce 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.json
@@ -22,7 +22,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "eno1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"timezone": "Europe/Vienna",
"zfs_opts": {
"arc_max": 2048,
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.toml b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.toml
index e1f33c9..6e45c5b 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/disk_match_any.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-dhcp"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/first-boot.json b/proxmox-auto-installer/tests/resources/parse_answer/first-boot.json
index ff3f859..fafde51 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/first-boot.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/first-boot.json
@@ -12,7 +12,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "eno1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"target_hd": "/dev/sda",
"timezone": "Europe/Vienna",
"first_boot": { "enabled": 1, "ordering_target": "network-pre" }
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/first-boot.toml b/proxmox-auto-installer/tests/resources/parse_answer/first-boot.toml
index 75c6a5d..720cd9c 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/first-boot.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/first-boot.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[first-boot]
source = "from-iso"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/minimal.json b/proxmox-auto-installer/tests/resources/parse_answer/minimal.json
index 62b45c9..0339dbc 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/minimal.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/minimal.json
@@ -12,7 +12,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "eno1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"target_hd": "/dev/sda",
"timezone": "Europe/Vienna",
"first_boot": { "enabled": 0 }
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/minimal.toml b/proxmox-auto-installer/tests/resources/parse_answer/minimal.toml
index db8fec4..16f355c 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/minimal.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/minimal.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-dhcp"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.json b/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.json
index e8b5424..5d707c4 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.json
@@ -12,7 +12,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "enp65s0f0",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"target_hd": "/dev/sda",
"timezone": "Europe/Vienna",
"first_boot": { "enabled": 0 }
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.toml b/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.toml
index 087c37f..eb6130a 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/nic_matching.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-answer"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.json b/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.json
index a5a4e0b..49240b4 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.json
@@ -12,7 +12,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "enp129s0f1np1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"target_hd": "/dev/sda",
"timezone": "Europe/Vienna",
"first_boot": { "enabled": 0 }
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.toml b/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.toml
index 60f7f14..4ea49bc 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/specific_nic.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-answer"
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/zfs.json b/proxmox-auto-installer/tests/resources/parse_answer/zfs.json
index 090b58d..622f6d6 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/zfs.json
+++ b/proxmox-auto-installer/tests/resources/parse_answer/zfs.json
@@ -16,7 +16,7 @@
"keymap": "de",
"mailto": "mail@no.invalid",
"mngmt_nic": "eno1",
- "root_password": { "plain": "123456" },
+ "root_password": { "plain": "12345678" },
"timezone": "Europe/Vienna",
"zfs_opts": {
"arc_max": 2048,
diff --git a/proxmox-auto-installer/tests/resources/parse_answer/zfs.toml b/proxmox-auto-installer/tests/resources/parse_answer/zfs.toml
index 4d48998..369fd63 100644
--- a/proxmox-auto-installer/tests/resources/parse_answer/zfs.toml
+++ b/proxmox-auto-installer/tests/resources/parse_answer/zfs.toml
@@ -4,7 +4,7 @@ country = "at"
fqdn = "pveauto.testinstall"
mailto = "mail@no.invalid"
timezone = "Europe/Vienna"
-root_password = "123456"
+root_password = "12345678"
[network]
source = "from-dhcp"
--
2.47.0
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2024-11-29 12:22 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-29 12:21 [pve-devel] [PATCH installer/{pve, pmg}-docs/proxmox-backup v2 0/8] " Christoph Heiss
2024-11-29 12:21 ` [pve-devel] [PATCH installer v2 1/5] proxinstall: " Christoph Heiss
2024-11-29 12:21 ` [pve-devel] [PATCH installer v2 2/5] tui: " Christoph Heiss
2024-11-29 12:21 ` [pve-devel] [PATCH installer v2 3/5] common: convert `InstallRootPassword` into an enum Christoph Heiss
2024-11-29 12:21 ` Christoph Heiss [this message]
2024-11-29 12:21 ` [pve-devel] [PATCH installer v2 5/5] auto: add negative tests for root password option Christoph Heiss
2024-11-29 12:21 ` [pve-devel] [PATCH pve-docs v2 6/8] installation: adapt to raised root password length requirement Christoph Heiss
2024-11-29 12:21 ` [pve-devel] [PATCH pmg-docs v2 7/8] " Christoph Heiss
2024-11-29 12:21 ` [pve-devel] [PATCH proxmox-backup v2 8/8] using-the-installer: " Christoph Heiss
2024-12-16 11:12 ` [pve-devel] [PATCH installer/{pve, pmg}-docs/proxmox-backup v2 0/8] raise minimum root password length to 8 characters Christoph Heiss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241129122125.1494917-5-c.heiss@proxmox.com \
--to=c.heiss@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.