Revision 75dc676f
Added by Tom Caspy over 8 years ago
app/models/concerns/host_common.rb | ||
---|---|---|
end
|
||
|
||
if unencrypted_pass.present?
|
||
is_actually_encrypted = if PasswordCrypt.crypt_gnu_compatible?
|
||
is_actually_encrypted = if operatingsystem.try(:password_hash) == "Base64"
|
||
password_base64_encrypted?
|
||
elsif PasswordCrypt.crypt_gnu_compatible?
|
||
unencrypted_pass.match('^\$\d+\$.+\$.+')
|
||
else
|
||
unencrypted_pass.starts_with?("$")
|
app/models/host/base.rb | ||
---|---|---|
errors.add(:interfaces, _('some interfaces are invalid')) unless success
|
||
success
|
||
end
|
||
|
||
def password_base64_encrypted?
|
||
if root_pass_changed?
|
||
root_pass == hostgroup.try(:read_attribute, :root_pass)
|
||
else
|
||
true
|
||
end
|
||
end
|
||
end
|
||
end
|
app/models/hostgroup.rb | ||
---|---|---|
return [] if new_record? && parent_id.blank?
|
||
Host::Base.where(:hostgroup_id => self.path_ids).uniq.pluck(type).compact
|
||
end
|
||
|
||
def password_base64_encrypted?
|
||
!root_pass_changed?
|
||
end
|
||
end
|
test/unit/host_test.rb | ||
---|---|---|
host.operatingsystem.password_hash = 'Base64'
|
||
host.root_pass = unencrypted_password
|
||
assert host.save!
|
||
assert_equal host.root_pass, 'eHlieGE2SlVrejYzdw=='
|
||
assert_equal 'eHlieGE2SlVrejYzdw==', host.root_pass
|
||
# Encrypted passwords should have UTF-8 encoding
|
||
assert_equal Encoding::UTF_8, host.root_pass.encoding
|
||
end
|
||
|
||
test "should not reencode base64 passwords" do
|
||
unencrypted_password = "xybxa6JUkz63w"
|
||
host = FactoryGirl.create(:host, :managed)
|
||
host.hostgroup = nil
|
||
host.operatingsystem.password_hash = 'Base64'
|
||
host.operatingsystem.save
|
||
host.root_pass = unencrypted_password
|
||
assert host.save!
|
||
host.reload
|
||
host.name = "whatever"
|
||
assert host.save!
|
||
assert_equal 'eHlieGE2SlVrejYzdw==', host.root_pass
|
||
#then let's check that we can change root pass
|
||
host.root_pass = "oh my pass"
|
||
assert host.save!
|
||
refute_equal host.root_pass, 'eHlieGE2SlVrejYzdw=='
|
||
end
|
||
|
||
test "should use hostgroup base64 root password without reencoding" do
|
||
Setting[:root_pass] = "$1$default$hCkak1kaJPQILNmYbUXhD0"
|
||
hg = FactoryGirl.create(:hostgroup, :with_os)
|
||
hg.operatingsystem.update_attribute(:password_hash, 'Base64')
|
||
hg.root_pass = "abcdefghi"
|
||
hg.save!
|
||
assert_equal "YWJjZGVmZ2hp", hg.root_pass
|
||
|
||
h = FactoryGirl.create(:host, :managed, :hostgroup => hg, :operatingsystem => nil)
|
||
h.root_pass = nil
|
||
h.save!
|
||
assert h.root_pass.present?
|
||
assert_equal h.hostgroup.root_pass, h.root_pass
|
||
assert_equal h.hostgroup.root_pass, h.read_attribute(:root_pass), 'should copy root_pass to host unmodified'
|
||
end
|
||
|
||
test "should use hostgroup root password" do
|
||
Setting[:root_pass] = "$1$default$hCkak1kaJPQILNmYbUXhD0"
|
||
h = FactoryGirl.create(:host, :managed, :with_hostgroup)
|
Also available in: Unified diff
fixes #11715 - base64 encoded passwords must not be reencoded