From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
by lore.proxmox.com (Postfix) with ESMTPS id A6C361FF2A0
for <inbox@lore.proxmox.com>; Mon, 15 Jul 2024 10:04:43 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id A3A8E357A4;
Mon, 15 Jul 2024 10:05:07 +0200 (CEST)
From: Christoph Heiss <c.heiss@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Mon, 15 Jul 2024 09:56:03 +0200
Message-ID: <20240715075700.283532-4-c.heiss@proxmox.com>
X-Mailer: git-send-email 2.45.1
In-Reply-To: <20240715075700.283532-1-c.heiss@proxmox.com>
References: <20240715075700.283532-1-c.heiss@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results: 0
AWL 0.017 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DMARC_MISSING 0.1 Missing DMARC policy
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
Subject: [pve-devel] [PATCH installer v2 3/6] low-level: change root
password option to contain either plaintext or hash
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>
A hashed password can be created e.g. using the `mkpasswd(1)`.
This then will allow the auto-installer to pass along a
already-hashed password from the user, instead of simple plaintext.
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
Changes v1 -> v2:
* no changes
Proxmox/Install.pm | 25 ++++++++++++++++++++++---
Proxmox/Install/Config.pm | 20 +++++++++++++++++---
proxinstall | 4 ++--
3 files changed, 41 insertions(+), 8 deletions(-)
diff --git a/Proxmox/Install.pm b/Proxmox/Install.pm
index c0f8955..bcf8ba7 100644
--- a/Proxmox/Install.pm
+++ b/Proxmox/Install.pm
@@ -621,6 +621,27 @@ sub prepare_grub_efi_boot_esp {
die "failed to prepare EFI boot using Grub on '$espdev': $err" if $err;
}
+my sub setup_root_password {
+ my ($targetdir) = @_;
+
+ my $plain = Proxmox::Install::Config::get_root_password('plain');
+ my $hashed = Proxmox::Install::Config::get_root_password('hashed');
+
+ die "root password must be set!\n"
+ if !defined($plain) && !defined($hashed);
+
+ die "plain and hashed root password cannot be set at the same time!\n"
+ if defined($plain) && defined($hashed);
+
+ if (defined($plain)) {
+ my $octets = encode("utf-8", $plain);
+ run_command("chroot $targetdir /usr/sbin/chpasswd", undef, "root:$octets\n");
+ } elsif (defined($hashed)) {
+ my $octets = encode("utf-8", $hashed);
+ run_command("chroot $targetdir /usr/sbin/chpasswd --encrypted", undef, "root:$octets\n");
+ }
+}
+
sub extract_data {
my $iso_env = Proxmox::Install::ISOEnv::get();
my $run_env = Proxmox::Install::RunEnv::get();
@@ -1269,9 +1290,7 @@ _EOD
diversion_remove($targetdir, "/sbin/start-stop-daemon");
- # set root password
- my $octets = encode("utf-8", Proxmox::Install::Config::get_password());
- run_command("chroot $targetdir /usr/sbin/chpasswd", undef, "root:$octets\n");
+ setup_root_password($targetdir);
# set root ssh keys
my $ssh_keys = Proxmox::Install::Config::get_root_ssh_keys();
diff --git a/Proxmox/Install/Config.pm b/Proxmox/Install/Config.pm
index ecd8a74..0313fd9 100644
--- a/Proxmox/Install/Config.pm
+++ b/Proxmox/Install/Config.pm
@@ -90,7 +90,7 @@ my sub init_cfg {
keymap => 'en-us',
# root credentials & details
- password => undef,
+ root_password => undef,
mailto => 'mail@example.invalid',
root_ssh_keys => [],
@@ -196,8 +196,22 @@ sub get_timezone { return get('timezone'); }
sub set_keymap { set_key('keymap', $_[0]); }
sub get_keymap { return get('keymap'); }
-sub set_password { set_key('password', $_[0]); }
-sub get_password { return get('password'); }
+sub set_root_password {
+ my ($key) = @_;
+ croak "unknown root password option '$key'"
+ if $key ne 'plain' && $key ne 'hashed';
+
+ set_key('root_password', { $_[0] => $_[1] });
+}
+
+sub get_root_password {
+ my ($key) = @_;
+ croak "unknown root password option '$key'"
+ if $key ne 'plain' && $key ne 'hashed';
+
+ my $password = get('root_password');
+ return defined($password->{$key}) ? $password->{$key} : undef;
+}
sub set_mailto { set_key('mailto', $_[0]); }
sub get_mailto { return get('mailto'); }
diff --git a/proxinstall b/proxinstall
index a6a4cfb..12f3eaa 100755
--- a/proxinstall
+++ b/proxinstall
@@ -674,7 +674,7 @@ sub create_password_view {
cleanup_view();
- my $password = Proxmox::Install::Config::get_password();
+ my $password = Proxmox::Install::Config::get_root_password('plain');
my $grid = &$create_basic_grid();
$gtk_state->{inbox}->pack_start($grid, 0, 0, 0);
@@ -745,7 +745,7 @@ sub create_password_view {
return;
}
- Proxmox::Install::Config::set_password($t1);
+ Proxmox::Install::Config::set_root_password('plain', $t1);
Proxmox::Install::Config::set_mailto($t3);
$step_number++;
--
2.45.1
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel