From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 03F8D1FF17C for ; Wed, 3 Sep 2025 15:42:09 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 4AB7FE637; Wed, 3 Sep 2025 15:42:22 +0200 (CEST) References: <20250829182603.46493-1-pjcreath+proxmox@gmail.com> In-Reply-To: Date: Wed, 3 Sep 2025 09:41:28 -0400 To: pve-devel@lists.proxmox.com MIME-Version: 1.0 Message-ID: List-Id: Proxmox VE development discussion List-Post: From: Peter via pve-devel Precedence: list Cc: Peter X-Mailman-Version: 2.1.29 X-BeenThere: pve-devel@lists.proxmox.com List-Subscribe: , List-Unsubscribe: , List-Archive: Reply-To: Proxmox VE development discussion List-Help: Subject: Re: [pve-devel] [PATCH installer 1/1] assistant: validate: add verify-password option Content-Type: multipart/mixed; boundary="===============8786206410031497449==" Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" --===============8786206410031497449== Content-Type: message/rfc822 Content-Disposition: inline Return-Path: X-Original-To: pve-devel@lists.proxmox.com Delivered-To: pve-devel@lists.proxmox.com Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 5E280D3364 for ; Wed, 3 Sep 2025 15:42:20 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 36CB2E5D4 for ; Wed, 3 Sep 2025 15:41:50 +0200 (CEST) Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 3 Sep 2025 15:41:48 +0200 (CEST) Received: by mail-pg1-x529.google.com with SMTP id 41be03b00d2f7-b4d1e7d5036so3410063a12.1 for ; Wed, 03 Sep 2025 06:41:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1756906901; x=1757511701; darn=lists.proxmox.com; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=pzBIHw23McYUVNGAF8jGkGnbHosJXc3Ghwt+DI9LoSY=; b=OmILk4z4e7bgz2P1BxP1pIPJQr+2mpFKISmTPIqdB8taFYPOiEradCIy9ZGk2UW5j1 0aMBoEnBBPlWLPkQKF8RYmFHE5DPKhYgyWXR/viqoUc2Fpr3qI4//mIqEuCfigvClhTE xcMh+raevd7wb8AhBLDDpcCtQ68iYMAdKgNzZ0Rt+YQlj7ZMX6KL+5NpLDHjGwsk+uYV KuipRAokvynVA9OBboEYAmePN85/GrpehNo3/f+OLe3fXRC/QLKKMxoFYC5lwuFy0wcs W8GjAcsrto7Zehn1IJ2pHyGGSwIFYpit/HOGRgXH8RUGFIdcofbcP29E8hR5T12i4L6/ RBIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756906901; x=1757511701; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=pzBIHw23McYUVNGAF8jGkGnbHosJXc3Ghwt+DI9LoSY=; b=pK6qB8c8IcHQ/y/kz+qIbny0CSvxgLWBIPFuGuL/zVVkcfccn2RbDanmpIz79PGxuG Hmn3OJF9WKAYfiQe4n7HHAaXNyYY6RdJBedBfH/ihv5NWyYAPiA40NxgQ02BS38aUBPl SqUxWtbYSgdq2/m5phKYyWXpkMDV/gVi0fCmKJKE4lST1ybANX1xuEnk8/ITwgUBIIBD 33QkCrTCfJjyOHLkD3Pgmt+uij7FJghhYKaFyHdJgupgemU1DETrDfrYoXOc0U5hEok1 /jpXPzgJThFh3eOoZEzciaUGrJWNFgwN4nJFx4N+31ES8gmilUU/jPelJgQyXQprmTPS B1xg== X-Gm-Message-State: AOJu0YyfnZSn6aZhokJGKqkD1dfXBWY3HkN6i/Un33L7va3djX2yxt/w FTb8Xf2lBPCGcHGjAAQ2sZHDyTbttpcVJuakcK/3l/A4Mlze0X5aaK99h7F7RnQaZNvxcxrp6q4 R5XuSAIdbxVH53uYpBqOl5RFFkySJFCHZdA== X-Gm-Gg: ASbGncuKrdkzrbeFetM+tsSjevpu5naBaJ6jdfpITX2Lha1jtWM+peIQ/FmZVr0V+xy D7v9yRPiyWaG9bq3U1qOub4S57u7zWCxQDHD3X0hiOqoU6WxfYC+4cCOvpGNYwvXmkgf/BS47cP 7nLYw6iyfNBGPOT9n7aimTsCYOJVZtibfI+bYn2oWXfJCsRLFCT1Yp2s4gn1CpkXv8XeBo24CdK oImAMBBfn2aFhlRRiYldGimedrAEOivjKYJjzUXn+GD4bXhj+LFAsRK4Ufd7cAEAzvpaXol/J7m CZ1pqwc= X-Google-Smtp-Source: AGHT+IHQEQAN4Wah3GczYq4H1J3YJanQ7qsF0ULL5Bt2LckLvynbZ4ygmsG0dNYVD8zdM1LyXAlrLswACSgTDFKeFv8= X-Received: by 2002:a17:902:db04:b0:248:f736:1ebb with SMTP id d9443c01a7336-24944b45cdfmr198361495ad.47.1756906900148; Wed, 03 Sep 2025 06:41:40 -0700 (PDT) MIME-Version: 1.0 References: <20250829182603.46493-1-pjcreath+proxmox@gmail.com> In-Reply-To: From: Peter Date: Wed, 3 Sep 2025 09:41:28 -0400 X-Gm-Features: Ac12FXxguwjBH3JlJngqzhmO-K6Yb5U0Xe2LBnghxUyYc8XzErIPUXqiqW-SS6k Message-ID: Subject: Re: [PATCH installer 1/1] assistant: validate: add verify-password option To: pve-devel@lists.proxmox.com X-SPAM-LEVEL: Spam detection results: 0 BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_PASS -0.1 DMARC pass policy FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider FREEMAIL_REPLY 1 From and body contain different freemails HTML_MESSAGE 0.001 HTML included in message RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [main.rs,crypt.rs,proxmox.com] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Yes, I've signed the CLA. Thank you for your feedback, I'll work on a revised patch! On Mon, Sep 1, 2025 at 6:09=E2=80=AFAM Christoph Heiss wrote: > On Fri Aug 29, 2025 at 8:26 PM CEST, Peter wrote: > > Adds an option to interactively verify the hashed root password in > > the answer file, so that mistakes can be caught before installation. > > Sounds like a useful option to me! > > > > > Signed-off-by: Peter > > --- > > > > In preparing an answer file for auto-installation, I somehow mangled > > the hashed root password, which I only discovered after performing > > the automated installation. > > > > This patch adds an option to the auto-install assistant that lets > > the user verify the hash in the answer file by interactively typing > > in the expected password and checking it against the hash. > > > > I don't love that I had to add an unsafe call to crypt(), but there > > isn't a Rust implementation of yescrypt. To minimize the impact > > I wrapped the unsafe call in its own function. > > > > This is my first submission to this mailing list. I've tried to > > follow all of the guidelines in the developer documentation, so > > please forgive any oversights and let me know if there's anything > > I should do differently. > > Did you sign our CLA [0]? Just to be sure we can accept it :) > > [0] > https://pve.proxmox.com/wiki/Developer_Documentation#Software_License_and= _Copyright > > > > > proxmox-auto-install-assistant/Cargo.toml | 2 + > > proxmox-auto-install-assistant/src/main.rs | 51 +++++++++++++++++++++- > > 2 files changed, 52 insertions(+), 1 deletion(-) > > > > diff --git a/proxmox-auto-install-assistant/Cargo.toml > b/proxmox-auto-install-assistant/Cargo.toml > > index 9b4a9c4..8af7d9d 100644 > > --- a/proxmox-auto-install-assistant/Cargo.toml > > +++ b/proxmox-auto-install-assistant/Cargo.toml > > @@ -17,4 +17,6 @@ proxmox-installer-common =3D { workspace =3D true, > features =3D [ "cli" ] } > > serde_json.workspace =3D true > > toml.workspace =3D true > > > > +crypt-sys =3D "0.1" > > That crate is (currently) not packaged for Debian, so that would have to > be done first. > > But fortunately we got that already properly & safely wrapped in our > `proxmox-sys` [1] crate, including a function for verifying passwords. > You can find it in proxmox-sys/src/crypt.rs, including some example > usages in the unit tests. > > For the proxmox-sys crate you need to pull in our `devel` repository, as > described in [2]. > > [1] https://git.proxmox.com/?p=3Dproxmox.git;a=3Dtree;f=3Dproxmox-sys > [2] > https://pve.proxmox.com/wiki/Developer_Documentation#Development_Package_= Repository > > > glob =3D "0.3" > > +rpassword =3D "7.2" > > For this we also already got some functionality in our `proxmox-sys` > crate, see below for an example. > > > diff --git a/proxmox-auto-install-assistant/src/main.rs > b/proxmox-auto-install-assistant/src/main.rs > > index 5d6c1d5..88d0032 100644 > > --- a/proxmox-auto-install-assistant/src/main.rs > > +++ b/proxmox-auto-install-assistant/src/main.rs > [..] > > > > impl cli::Subcommand for CommandValidateAnswerArgs { > > fn parse(args: &mut cli::Arguments) -> Result { > > Ok(Self { > > debug: args.contains(["-d", "--debug"]), > > + verify_password: args.contains("--verify-password"), > > This should probably throw an error if stdin (at least) is not connected > to an interactive terminal, this can be checked with: > > std::io::stdin().is_terminal() > > Also, IMO the option should be named `--verify-root-password`, to make > its name a bit more precise. > > > // Needs to be last > > path: args.free_from_str()?, > > }) > > @@ -176,6 +182,7 @@ ARGUMENTS: > > > > OPTIONS: > > -d, --debug Also show the full answer as parsed. > > + --verify-password Interactively verify the hashed root password= . > > -h, --help Print this help > > -V, --version Print version > > "#, > > @@ -545,6 +552,42 @@ fn validate_answer_file_keys(path: impl AsRef > + fmt::Debug) -> Result [..] > > +fn verify_hashed_password_interactive(answer: &Answer) -> Result<()> { > > + if let Some(hashed) =3D &answer.global.root_password_hashed { > > + println!("Verifying hashed root password."); > > + let password =3D prompt_password("Enter root password to verif= y: > ") > > + .context("Failed to read password")?; > > So this could be something like: > > use proxmox_sys::linux::tty; > let password =3D tty::read_readpassword("Enter root password to verify:= ") > .context("Failed to read password")?; > > > + > > + if system_crypt(&password, hashed)? { > > + println!("Password matches hashed password."); > > + Ok(()) > > + } else { > > + bail!("Password does not match hashed password."); > > + } > > + } else { > > + bail!("'root-password-hashed' not set in answer file, cannot > verify."); > > + } > > +} > > --===============8786206410031497449== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel --===============8786206410031497449==--