Skip to content

Support for encrypted passwords#1771

Merged
lslezak merged 5 commits intomasterfrom
encrypted_password
Nov 25, 2024
Merged

Support for encrypted passwords#1771
lslezak merged 5 commits intomasterfrom
encrypted_password

Conversation

@lslezak
Copy link
Contributor

@lslezak lslezak commented Nov 15, 2024

Problem

  • The Agama autoinstallation and CLI accept the first user and the root passwords only in plain text
  • That's insecure, everybody who can access the installation profile knows the root password

Solution

  • Support passing an already encrypted (hashed) password in the profile
  • Similar to AutoYaST, an additional encryptedPassword boolean flag is used to determine whether the specified password is encrypted (true value) or plain text (false value or missing in the profile)

Notes

  • The web UI allows specifying only plain text passwords
  • Encrypted passwords are long and hard to type and they need to be encrypted externally

Features

  • Adapted schema definition
  • Adapted the AutoYaST conversion tool
  • When an encrypted password is set from Agama CLI then web UI resets the flag back to plain text (it supports only plain text passwords)

Testing

  • Tested manually (both root user and first user), tested the AutoYaST profile conversion
  • Updated unit tests

@lslezak
Support for encrypted passwords
b95e532 
Allow to use an encrypted (hashed) password in autoinstallation
and in Agama CLI.
@lslezak
Changes
f71dfbb
@coveralls
Copy link

coveralls commented Nov 15, 2024

Pull Request Test Coverage Report for Build 11860193169

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

Details

  • 11 of 15 (73.33%) changed or added relevant lines in 7 files are covered.
  • 68 unchanged lines in 4 files lost coverage.
  • Overall coverage increased (+0.001%) to 71.348%
Changes Missing Coverage Covered Lines Changed/Added Lines %
rust/agama-lib/src/users/client.rs 0 1 0.0%
rust/agama-server/src/users/web.rs 0 1 0.0%
service/lib/agama/dbus/users.rb 3 4 75.0%
service/lib/agama/users.rb 3 4 75.0%
Files with Coverage Reduction New Missed Lines %
service/service/lib/agama/users.rb 1 96.77%
service/service/lib/agama/dbus/users.rb 16 61.11%
rust/agama-lib/src/users/client.rs 21 0.0%
rust/agama-server/src/users/web.rs 30 0.0%
Totals Coverage Status
Change from base Build 11842624800: 0.001%
Covered Lines: 16928
Relevant Lines: 23726
💛 - Coveralls

@lslezak lslezak mentioned this pull request Nov 15, 2024
Merged
imobachgs
imobachgs approved these changes Nov 25, 2024
View reviewed changes
@lslezak @imobachgs
Update service/package/rubygem-agama-yast.changes
5c4cdfe 
Co-authored-by: Imobach González Sosa <igonzalezsosa@suse.com>
@lslezak lslezak merged commit c738625 into master Nov 25, 2024
@lslezak lslezak deleted the encrypted_password branch November 25, 2024 15:45
@imobachgs imobachgs mentioned this pull request Jan 10, 2025
Merged
imobachgs added a commit that referenced this pull request Jan 13, 2025
@imobachgs
Update to release 11 (#1887)
3ab318a 
Update to release version 11.

* #1495
* #1564
* #1617
* #1618
* #1625
* #1626
* #1627
* #1628
* #1630
* #1631
* #1632
* #1633
* #1634
* #1635
* #1636
* #1639
* #1640
* #1641
* #1642
* #1643
* #1644
* #1645
* #1646
* #1647
* #1648
* #1649
* #1650
* #1651
* #1652
* #1654
* #1655
* #1656
* #1657
* #1660
* #1663
* #1666
* #1667
* #1668
* #1670
* #1671
* #1673
* #1674
* #1675
* #1676
* #1677
* #1681
* #1682
* #1683
* #1684
* #1687
* #1688
* #1689
* #1690
* #1691
* #1692
* #1693
* #1694
* #1695
* #1696
* #1698
* #1699
* #1702
* #1703
* #1704
* #1705
* #1707
* #1708
* #1709
* #1710
* #1711
* #1712
* #1713
* #1714
* #1715
* #1716
* #1717
* #1718
* #1720
* #1721
* #1722
* #1723
* #1727
* #1728
* #1729
* #1731
* #1732
* #1733
* #1734
* #1735
* #1736
* #1737
* #1740
* #1741
* #1743
* #1744
* #1745
* #1746
* #1751
* #1753
* #1754
* #1755
* #1757
* #1762
* #1763
* #1764
* #1765
* #1766
* #1767
* #1769
* #1771
* #1772
* #1773
* #1774
* #1777
* #1778
* #1785
* #1786
* #1787
* #1788
* #1789
* #1790
* #1791
* #1792
* #1793
* #1794
* #1795
* #1796
* #1797
* #1798
* #1799
* #1800
* #1802
* #1803
* #1804
* #1805
* #1807
* #1808
* #1809
* #1810
* #1811
* #1812
* #1814
* #1815
* #1821
* #1822
* #1823
* #1824
* #1825
* #1826
* #1827
* #1828
* #1830
* #1831
* #1832
* #1833
* #1834
* #1835
* #1836
* #1837
* #1838
* #1839
* #1840
* #1841
* #1842
* #1843
* #1844
* #1845
* #1847
* #1848
* #1849
* #1850
* #1851
* #1854
* #1855
* #1856
* #1857
* #1860
* #1861
* #1863
* #1864
* #1865
* #1866
* #1867
* #1871
* #1872
* #1873
* #1875
* #1876
* #1877
* #1878
* #1880
* #1881
* #1882
* #1883
* #1884
* #1885
* #1886
* #1888
* #1889
* #1890
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@imobachgs imobachgs imobachgs approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lslezak @coveralls @imobachgs