OpenStack-Ansible

AIO script password may be 0-length

Bug #1465684 reported by Hugh Saunders
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Medium
Hugh Saunders
OpenStack-Ansible 11.0.4

Bug Description

The bootstrap aio script generates a password with variable length. The length depends on the number of alpha-numeric characters that are read from the system's random number generator.

See: https://github.com/stackforge/os-ansible-deployment/blob/master/scripts/bootstrap-aio.sh#L22

The problem with this is a that in a bad case, a short of 0-length password may be generated.

Tags: in-kilo
Hugh Saunders (hughsaunders)
Changed in openstack-ansible:
assignee: nobody → Hugh Saunders (hughsaunders)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to os-ansible-deployment (master)

Fix proposed to branch: master
Review: https://review.openstack.org/192220

OpenStack Infra (hudson-openstack)
Changed in openstack-ansible:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to os-ansible-deployment (kilo)

Fix proposed to branch: kilo
Review: https://review.openstack.org/193628

Kevin Carter (kevin-carter)
Changed in openstack-ansible:
milestone: none → 11.0.4
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to os-ansible-deployment (kilo)

Reviewed: https://review.openstack.org/193628
Committed: https://git.openstack.org/cgit/stackforge/os-ansible-deployment/commit/?id=0a2158372ba7ccbeee6b83111b7002160bb9adf1
Submitter: Jenkins
Branch: kilo

commit 0a2158372ba7ccbeee6b83111b7002160bb9adf1
Author: Hugh Saunders <email address hidden>
Date: Tue Jun 16 15:18:43 2015 +0100

    Generate consistent length passwords in AIO

    The bootstrap-aio.sh script generates a password by reading a set number
    of characters from urandom then removing those that aren't alphanumeric.
    The problem with this is that its possible for 0 characters to remain.

    This patch changes the order so that tr (translate) reads urandom
    directly and removes non alphanumeric characters then that output is
    truncated to the required length. This ensures the generated password is
    always the desired length.

    Change-Id: I03984ab891f88fe4b064f7f7fcb71edf48096493
    Closes-Bug: #1465684
    (cherry picked from commit b98422b9743c7536a82ad9f07f2e86ddddf831c5)

tags: added: in-kilo
Kevin Carter (kevin-carter)
Changed in openstack-ansible:
status: Fix Committed → Fix Released
Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote : Fix included in openstack/openstack-ansible 11.2.11

This issue was fixed in the openstack/openstack-ansible 11.2.11 release.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/openstack-ansible 11.2.12

This issue was fixed in the openstack/openstack-ansible 11.2.12 release.

Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote : Fix included in openstack/openstack-ansible 11.2.14

This issue was fixed in the openstack/openstack-ansible 11.2.14 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.