From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id A6C361FF2A0 for ; Mon, 15 Jul 2024 10:04:43 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id A3A8E357A4; Mon, 15 Jul 2024 10:05:07 +0200 (CEST) From: Christoph Heiss To: pve-devel@lists.proxmox.com Date: Mon, 15 Jul 2024 09:56:03 +0200 Message-ID: <20240715075700.283532-4-c.heiss@proxmox.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240715075700.283532-1-c.heiss@proxmox.com> References: <20240715075700.283532-1-c.heiss@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.017 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH installer v2 3/6] low-level: change root password option to contain either plaintext or hash X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" A hashed password can be created e.g. using the `mkpasswd(1)`. This then will allow the auto-installer to pass along a already-hashed password from the user, instead of simple plaintext. Signed-off-by: Christoph Heiss --- Changes v1 -> v2: * no changes Proxmox/Install.pm | 25 ++++++++++++++++++++++--- Proxmox/Install/Config.pm | 20 +++++++++++++++++--- proxinstall | 4 ++-- 3 files changed, 41 insertions(+), 8 deletions(-) diff --git a/Proxmox/Install.pm b/Proxmox/Install.pm index c0f8955..bcf8ba7 100644 --- a/Proxmox/Install.pm +++ b/Proxmox/Install.pm @@ -621,6 +621,27 @@ sub prepare_grub_efi_boot_esp { die "failed to prepare EFI boot using Grub on '$espdev': $err" if $err; } +my sub setup_root_password { + my ($targetdir) = @_; + + my $plain = Proxmox::Install::Config::get_root_password('plain'); + my $hashed = Proxmox::Install::Config::get_root_password('hashed'); + + die "root password must be set!\n" + if !defined($plain) && !defined($hashed); + + die "plain and hashed root password cannot be set at the same time!\n" + if defined($plain) && defined($hashed); + + if (defined($plain)) { + my $octets = encode("utf-8", $plain); + run_command("chroot $targetdir /usr/sbin/chpasswd", undef, "root:$octets\n"); + } elsif (defined($hashed)) { + my $octets = encode("utf-8", $hashed); + run_command("chroot $targetdir /usr/sbin/chpasswd --encrypted", undef, "root:$octets\n"); + } +} + sub extract_data { my $iso_env = Proxmox::Install::ISOEnv::get(); my $run_env = Proxmox::Install::RunEnv::get(); @@ -1269,9 +1290,7 @@ _EOD diversion_remove($targetdir, "/sbin/start-stop-daemon"); - # set root password - my $octets = encode("utf-8", Proxmox::Install::Config::get_password()); - run_command("chroot $targetdir /usr/sbin/chpasswd", undef, "root:$octets\n"); + setup_root_password($targetdir); # set root ssh keys my $ssh_keys = Proxmox::Install::Config::get_root_ssh_keys(); diff --git a/Proxmox/Install/Config.pm b/Proxmox/Install/Config.pm index ecd8a74..0313fd9 100644 --- a/Proxmox/Install/Config.pm +++ b/Proxmox/Install/Config.pm @@ -90,7 +90,7 @@ my sub init_cfg { keymap => 'en-us', # root credentials & details - password => undef, + root_password => undef, mailto => 'mail@example.invalid', root_ssh_keys => [], @@ -196,8 +196,22 @@ sub get_timezone { return get('timezone'); } sub set_keymap { set_key('keymap', $_[0]); } sub get_keymap { return get('keymap'); } -sub set_password { set_key('password', $_[0]); } -sub get_password { return get('password'); } +sub set_root_password { + my ($key) = @_; + croak "unknown root password option '$key'" + if $key ne 'plain' && $key ne 'hashed'; + + set_key('root_password', { $_[0] => $_[1] }); +} + +sub get_root_password { + my ($key) = @_; + croak "unknown root password option '$key'" + if $key ne 'plain' && $key ne 'hashed'; + + my $password = get('root_password'); + return defined($password->{$key}) ? $password->{$key} : undef; +} sub set_mailto { set_key('mailto', $_[0]); } sub get_mailto { return get('mailto'); } diff --git a/proxinstall b/proxinstall index a6a4cfb..12f3eaa 100755 --- a/proxinstall +++ b/proxinstall @@ -674,7 +674,7 @@ sub create_password_view { cleanup_view(); - my $password = Proxmox::Install::Config::get_password(); + my $password = Proxmox::Install::Config::get_root_password('plain'); my $grid = &$create_basic_grid(); $gtk_state->{inbox}->pack_start($grid, 0, 0, 0); @@ -745,7 +745,7 @@ sub create_password_view { return; } - Proxmox::Install::Config::set_password($t1); + Proxmox::Install::Config::set_root_password('plain', $t1); Proxmox::Install::Config::set_mailto($t3); $step_number++; -- 2.45.1 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel