group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1570325] Re: RFE: chpasswd in cloud-init should support hashed passwords

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1570325@xxxxxxxxxxxxxxxxxx>
Date: Thu, 20 Apr 2017 19:33:34 -0000
Reply-to: Bug 1570325 <1570325@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package cloud-init - 0.7.9-90-g61eb03fe-
0ubuntu1~16.10.1

---------------
cloud-init (0.7.9-90-g61eb03fe-0ubuntu1~16.10.1) yakkety; urgency=medium

  * debian/cloud-init.templates: add Bigstep to list of sources. (LP: #1676460)
  * New upstream snapshot.
    - OpenStack: add 'dvs' to the list of physical link types. (LP: #1674946)
    - Fix bug that resulted in an attempt to rename bonds or vlans.
      (LP: #1669860)
    - tests: update OpenNebula and Digital Ocean to not rely on host
      interfaces.
    - net: in netplan renderer delete known image-builtin content.
      (LP: #1675576)
    - doc: correct grammar in capabilities.rst [David Tagatac]
    - ds-identify: fix detecting of maas datasource. (LP: #1677710)
    - netplan: remove debugging prints, add debug logging [Ryan Harper]
    - ds-identify: do not write None twice to datasource_list.
    - support resizing partition and rootfs on system booted without
      initramfs.  [Steve Langasek] (LP: #1677376)
    - apt_configure: run only when needed. (LP: #1675185)
    - OpenStack: identify OpenStack by product 'OpenStack Compute'.
      (LP: #1675349)
    - GCE: Search GCE in ds-identify, consider serial number in check.
      (LP: #1674861)
    - Add support for setting hashed passwords [Tore S. Lonoy] (LP: #1570325)
    - Fix filesystem creation when using "partition: auto"
      [Jonathan Ballet] (LP: #1634678)
    - ConfigDrive: support reading config drive data from /config-drive.
      (LP: #1673411)
    - ds-identify: fix detection of Bigstep datasource. (LP: #1674766)
    - test: add running of pylint [Joshua Powers]
    - ds-identify: fix bug where filename expansion was left on.
    - advertise network config v2 support (NETWORK_CONFIG_V2) in features.
    - Bigstep: fix bug when executing in python3. [root]
    - Fix unit test when running in a system deployed with cloud-init.
    - Bounce network interface for Azure when using the built-in path.
      [Brent Baude] (LP: #1674685)
    - cloudinit.net: add network config v2 parsing and rendering [Ryan Harper]
    - net: Fix incorrect call to isfile [Joshua Powers] (LP: #1674317)
    - net: add renderers for automatically selecting the renderer.
    - doc: fix config drive doc with regard to unpartitioned disks.
      (LP: #1673818)
    - test: Adding integratiron test for password as list [Joshua Powers]
    - render_network_state: switch arguments around, do not require target
    - support 'loopback' as a device type.
    - Integration Testing: improve testcase subclassing [Wesley Wiedenmeier]
    - gitignore: adding doc/rtd_html [Joshua Powers]
    - doc: add instructions for running integration tests via tox.
      [Joshua Powers]
    - test: avoid differences in 'date' output due to daylight savings.
    - Fix chef config module in omnibus install. [Jeremy Melvin] (LP: #1583837)
    - Add feature flags to cloudinit.version. [Wesley Wiedenmeier]
    - tox: add a citest environment
    - Support chpasswd/list being a list in addition to a string.
      [Sergio Lystopad] (LP: #1665694)
    - doc: Fix configuration example for cc_set_passwords module.
      [Sergio Lystopad] (LP: #1665773)
    - net: support both ipv4 and ipv6 gateways in sysconfig.
      [Lars Kellogg-Stedman] (LP: #1669504)
    - net: do not raise exception for > 3 nameservers
      [Lars Kellogg-Stedman] (LP: #1670052)

 -- Scott Moser <smoser@xxxxxxxxxx>  Mon, 03 Apr 2017 12:03:30 -0400

** Changed in: cloud-init (Ubuntu Yakkety)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1570325

Title:
  RFE: chpasswd in cloud-init should support hashed passwords

Status in cloud-init:
  Confirmed
Status in cloud-init package in Ubuntu:
  Fix Released
Status in cloud-init source package in Xenial:
  Fix Released
Status in cloud-init source package in Yakkety:
  Fix Released

Bug description:
  === Begin SRU Template ===
  [Impact]
  The only way to assign a hashed password to a user is to use passwd within a
  users entry like this:
   users:
     - name: root
       passwd: $6$Cl....Hy$IEJciQZLxQLzkST......g.bzqf3lUl.

  But, if that user is already present on the system, cloud-init would skip
  setting the password.  The change was to add support for providing
  encrypted passwords to 'chpasswd' as:

   chpasswd:
     list: |
       user:$5$eriogqzq$Dg7PxHsKGzziuEGkZgkLvacjuEFeljJ.rLf.hZqKQLA

  [Test Case]
  There is an integration test in cloud-init that runs though this code.
  To run that:

  $ git clone https://git.launchpad.net/cloud-init
  $ cd cloud-init

  # download the appropriate deb for cloud-init from -proposed
  $ rel=xenial
  $ pver=$(rmadison --url=ubuntu --suite=$rel-proposed cloud-init | awk '{print $3}')
  $ fname="cloud-init_${pver}_all.deb"
  $ wget "http://archive.ubuntu.com/ubuntu/pool/main/c/cloud-init/$fname";
  $ ln -sf $fname cloud-init_all.$rel.deb
  $ tox -e citest -- run -v -n $rel --deb=cloud-init_all.$rel.deb \
     -t tests/cloud_tests/testcases/modules/set_password_list_string.py \
     -t tests/cloud_tests/testcases/modules/set_password_list.py
  That will install the new cloud-init into a container and run
  with user data to excercise this new feature.

  [Regression Potential]
  Some user passwords provided via chpasswd and starting with '$'
  may be interpreted as hashed passwords.
  Specifically, those matching: r'\$[1,2a,2y,5,6](\$.+){2}'

  In english, that regex is:
    - starts with a '$'
    - followed by '1', '2a', '2y', '5', '6'
    - followed by a $
    - followed by 1 or more characters
    - followed by another $
    - followed by 1 or more characters

  So a total of 3 '$' and starting with one of those specific 3 or 4
  character strings.  That could definitely happen, but it is low odds, and also fairly low risk.  If a user hits this, they'd be unable to reach a new instance.

  [Other Info]
  Upstream commit:
   https://git.launchpad.net/cloud-init/commit/?id=21632972df034

  
  === End SRU Template ===

  The only way to assign a hashed password to a user is to use passwd within a users entry like this:
  users:
     - name: root
       passwd: $6$Cl....Hy$IEJciQZLxQLzkST......g.bzqf3lUl.

  But, if that user is already present on the system, cloud-init will skip setting the password:
  journal: [CLOUDINIT] __init__.py[INFO]: User root already exists, skipping.

  You can change password with chpasswd, but that only supports clear-
  text password.

  Requesting that chpasswd get support for setting a hashed password to
  users.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1570325/+subscriptions