feat: Implement pluggable password generator #2659
Conversation
|
Kudos, SonarCloud Quality Gate passed!
|
| func (p *PasswordProvider) SetConfiguration(passwordProvider string, passwordProviderArgs []string) error { | ||
| var err error | ||
| p.passwordProvider = passwordProvider | ||
| p.passwordProviderArgs = passwordProviderArgs |
There was a problem hiding this comment.
Should there be any validation of these strings (i.e. max length)?
There was a problem hiding this comment.
PasswordProvider is validated by LookPath. ProviderArgs there is no obvious validation criteria. Also, since this is the password generation function, the input is implicitly trusted. (If the input can be forged, it can run pretty much anything.)
There was a problem hiding this comment.
OK, if you're OK with it, then I'll trust your judgement on this. The only reason I brought this up is because of the recent GRub2 BootHole vulnerability which involved buffer overruns involving the Grub2 config file...
|
@mkbhanda we should try to avoid using github's merge from master, and leave this to the PR submitter to handle with 'git pull -r' (which uses rebase to pop-off the pending commits, rebases to latest HEAD, and re-applies the commits). Otherwise we end up with lots of identical "merge from master" commits in our git log. |
Remove dependency on GoKey for password generator; if not specified, the built-in password generator does the equivalent of "openssl rand -base64 33" which generates a base64 encoded random string of 264 random bits. Otherwise, the code looks for a PasswordProvider in configuration that points to an executable, and PasswordProviderArgs that specify the arguments to that executable. The code then launches that exectuable, trims the trailing newline, and uses the result as a password. Signed-off-by: Bryon Nevis <bryon.nevis@intel.com>
|
Kudos, SonarCloud Quality Gate passed!
|
|
Rebased and squashed fixup commits. Can @tonyespy please re-review? |
Remove dependency on GoKey for password generator;
if not specified, the built-in password generator
does the equivalent of "openssl rand -base64 33"
which generates a base64 encoded random string
of 264 random bits.
Otherwise, the code looks for a PasswordProvider
in configuration that points to an executable,
and PasswordProviderArgs that specify the
arguments to that executable. The code then
launches that exectuable, trims the trailing
newline, and uses the result as a password.
Signed-off-by: Bryon Nevis bryon.nevis@intel.com
PR Checklist
Please check if your PR fulfills the following requirements:
make testhas completed successfullyPR Type
What kind of change does this PR introduce?
What is the current behavior?
Current functionality uses Vault root token and database name to feed into GoKey password generator. The GoKey password generator was never fully vetted for this purpose before being introduced. Community would like a pluggable password generator rather than forcing use of Gokey
Issue Number:
Fixes #1946
What is the new behavior?
Remove dependency on GoKey for password generator;
if not specified, the built-in password generator
does the equivalent of "openssl rand -base64 33"
which generates a base64 encoded random string
of 264 random bits.
Otherwise, the code looks for a PasswordProvider
in configuration that points to an executable,
and PasswordProviderArgs that specify the
arguments to that executable. The code then
launches that exectuable, trims the trailing
newline, and uses the result as a password.
Does this PR introduce a breaking change?
Are there any new imports or modules? If so, what are they used for and why?
Are there any specific instructions or things that should be known prior to reviewing?
Other information
While doing research, although openssl is a commonly installed dependency (though by no means guaranteed to there in a minimal container), the apg (automatic password generator) tool is only installed (in Ubuntu) by the Gnome packages. It is reasonable to assume that in a gui-less installation, that apg tool will not be available. Thus, no default external password generator is configured by default. Instead, the code simulates the output of openssl rand -base64 33