Revision 75dc676f
Added by Tom Caspy over 8 years ago
| app/models/concerns/host_common.rb | ||
|---|---|---|
|
end
|
||
|
|
||
|
if unencrypted_pass.present?
|
||
|
is_actually_encrypted = if PasswordCrypt.crypt_gnu_compatible?
|
||
|
is_actually_encrypted = if operatingsystem.try(:password_hash) == "Base64"
|
||
|
password_base64_encrypted?
|
||
|
elsif PasswordCrypt.crypt_gnu_compatible?
|
||
|
unencrypted_pass.match('^\$\d+\$.+\$.+')
|
||
|
else
|
||
|
unencrypted_pass.starts_with?("$")
|
||
| app/models/host/base.rb | ||
|---|---|---|
|
errors.add(:interfaces, _('some interfaces are invalid')) unless success
|
||
|
success
|
||
|
end
|
||
|
|
||
|
def password_base64_encrypted?
|
||
|
if root_pass_changed?
|
||
|
root_pass == hostgroup.try(:read_attribute, :root_pass)
|
||
|
else
|
||
|
true
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
end
|
||
| app/models/hostgroup.rb | ||
|---|---|---|
|
return [] if new_record? && parent_id.blank?
|
||
|
Host::Base.where(:hostgroup_id => self.path_ids).uniq.pluck(type).compact
|
||
|
end
|
||
|
|
||
|
def password_base64_encrypted?
|
||
|
!root_pass_changed?
|
||
|
end
|
||
|
end
|
||
| test/unit/host_test.rb | ||
|---|---|---|
|
host.operatingsystem.password_hash = 'Base64'
|
||
|
host.root_pass = unencrypted_password
|
||
|
assert host.save!
|
||
|
assert_equal host.root_pass, 'eHlieGE2SlVrejYzdw=='
|
||
|
assert_equal 'eHlieGE2SlVrejYzdw==', host.root_pass
|
||
|
# Encrypted passwords should have UTF-8 encoding
|
||
|
assert_equal Encoding::UTF_8, host.root_pass.encoding
|
||
|
end
|
||
|
|
||
|
test "should not reencode base64 passwords" do
|
||
|
unencrypted_password = "xybxa6JUkz63w"
|
||
|
host = FactoryGirl.create(:host, :managed)
|
||
|
host.hostgroup = nil
|
||
|
host.operatingsystem.password_hash = 'Base64'
|
||
|
host.operatingsystem.save
|
||
|
host.root_pass = unencrypted_password
|
||
|
assert host.save!
|
||
|
host.reload
|
||
|
host.name = "whatever"
|
||
|
assert host.save!
|
||
|
assert_equal 'eHlieGE2SlVrejYzdw==', host.root_pass
|
||
|
#then let's check that we can change root pass
|
||
|
host.root_pass = "oh my pass"
|
||
|
assert host.save!
|
||
|
refute_equal host.root_pass, 'eHlieGE2SlVrejYzdw=='
|
||
|
end
|
||
|
|
||
|
test "should use hostgroup base64 root password without reencoding" do
|
||
|
Setting[:root_pass] = "$1$default$hCkak1kaJPQILNmYbUXhD0"
|
||
|
hg = FactoryGirl.create(:hostgroup, :with_os)
|
||
|
hg.operatingsystem.update_attribute(:password_hash, 'Base64')
|
||
|
hg.root_pass = "abcdefghi"
|
||
|
hg.save!
|
||
|
assert_equal "YWJjZGVmZ2hp", hg.root_pass
|
||
|
|
||
|
h = FactoryGirl.create(:host, :managed, :hostgroup => hg, :operatingsystem => nil)
|
||
|
h.root_pass = nil
|
||
|
h.save!
|
||
|
assert h.root_pass.present?
|
||
|
assert_equal h.hostgroup.root_pass, h.root_pass
|
||
|
assert_equal h.hostgroup.root_pass, h.read_attribute(:root_pass), 'should copy root_pass to host unmodified'
|
||
|
end
|
||
|
|
||
|
test "should use hostgroup root password" do
|
||
|
Setting[:root_pass] = "$1$default$hCkak1kaJPQILNmYbUXhD0"
|
||
|
h = FactoryGirl.create(:host, :managed, :with_hostgroup)
|
||
Also available in: Unified diff
fixes #11715 - base64 encoded passwords must not be reencoded