From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id A30881FF2A0
	for <inbox@lore.proxmox.com>; Mon, 15 Jul 2024 10:04:54 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id B9EEB35891;
	Mon, 15 Jul 2024 10:05:08 +0200 (CEST)
From: Christoph Heiss <c.heiss@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Mon, 15 Jul 2024 09:56:05 +0200
Message-ID: <20240715075700.283532-6-c.heiss@proxmox.com>
X-Mailer: git-send-email 2.45.1
In-Reply-To: <20240715075700.283532-1-c.heiss@proxmox.com>
References: <20240715075700.283532-1-c.heiss@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.017 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pve-devel] [PATCH installer v2 5/6] auto-installer: add new
 `global.root_password_hashed` answer option
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

This allows user to specify the root password in a hashed format,
generated using e.g. mkpasswd(1), instead of plaintext.

Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
Changes v1 -> v2:
  * move root password setting validation into own function
  * explicitly check for case for both are unset

 proxmox-auto-installer/src/answer.rs |  3 ++-
 proxmox-auto-installer/src/utils.rs  | 16 ++++++++++++++--
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/proxmox-auto-installer/src/answer.rs b/proxmox-auto-installer/src/answer.rs
index aab7198..d691da1 100644
--- a/proxmox-auto-installer/src/answer.rs
+++ b/proxmox-auto-installer/src/answer.rs
@@ -26,7 +26,8 @@ pub struct Global {
     pub keyboard: KeyboardLayout,
     pub mailto: String,
     pub timezone: String,
-    pub root_password: String,
+    pub root_password: Option<String>,
+    pub root_password_hashed: Option<String>,
     #[serde(default)]
     pub reboot_on_error: bool,
     #[serde(default)]
diff --git a/proxmox-auto-installer/src/utils.rs b/proxmox-auto-installer/src/utils.rs
index 229b7e2..2500f43 100644
--- a/proxmox-auto-installer/src/utils.rs
+++ b/proxmox-auto-installer/src/utils.rs
@@ -303,6 +303,17 @@ pub fn verify_locale_settings(answer: &Answer, locales: &LocaleInfo) -> Result<(
     Ok(())
 }
 
+fn verify_root_password_settings(answer: &Answer) -> Result<()> {
+    if answer.global.root_password.is_some() && answer.global.root_password_hashed.is_some() {
+        bail!("`global.root_password` and `global.root_password_hashed` cannot be set at the same time");
+    } else if answer.global.root_password.is_none() && answer.global.root_password_hashed.is_none()
+    {
+        bail!("One of `global.root_password` or `global.root_password_hashed` must be set");
+    } else {
+        Ok(())
+    }
+}
+
 pub fn parse_answer(
     answer: &Answer,
     udev_info: &UdevInfo,
@@ -318,6 +329,7 @@ pub fn parse_answer(
     let network_settings = get_network_settings(answer, udev_info, runtime_info, setup_info)?;
 
     verify_locale_settings(answer, locales)?;
+    verify_root_password_settings(answer)?;
 
     let mut config = InstallConfig {
         autoreboot: 1_usize,
@@ -337,8 +349,8 @@ pub fn parse_answer(
         keymap: answer.global.keyboard.to_string(),
 
         root_password: InstallRootPassword {
-            plain: Some(answer.global.root_password.clone()),
-            hashed: None,
+            plain: answer.global.root_password.clone(),
+            hashed: answer.global.root_password_hashed.clone(),
         },
         mailto: answer.global.mailto.clone(),
         root_ssh_keys: answer.global.root_ssh_keys.clone(),
-- 
2.45.1



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel