[pve-devel] applied: [PATCH RFC container] fix 1153: let crypt() handle unicode CT passwords

Wolfgang Bumiller w.bumiller at proxmox.com
Thu Jan 26 10:53:44 CET 2017 

Applied.

Conclusion: the point we do this at is essentially the equivalent of
the login process which will simply call crypt() on whichever data it
gets. Any encoding/decoding would happen in the rest of the chain from
the user input method through the terminal up to the file descriptor
feeding /bin/login.
Even if we did care about the encoding the code we have here would only
be half the story as encode() doesn't know the source, it encodes from
perl's internal string representation and is therefore not eg. also not
locale dependent. If anything we'd have to deal with this where the
string is originally coming from, or both.

On Mon, Jan 23, 2017 at 01:20:30PM +0100, Fabian Grünbichler wrote:
> according to "perldoc -f crypt", crypt() should downgrade
> unicode strings anyway:
> 
> If using crypt() on a Unicode string (which potentially has
> characters with codepoints above 255), Perl tries to make
> sense of the situation by trying to downgrade (a copy of)
> the string back to an eight-bit byte string before calling
> crypt() (on that copy).  If that works, good.  If not,
> crypt() dies with "Wide character in crypt".
> 
> login via Spice and ssh works now at least, the noVNC /
> vncterm combo seems to be broken because of an unrelated
> unicode issue..
> 
> Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
> ---
>  src/PVE/LXC/Setup/Base.pm | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/PVE/LXC/Setup/Base.pm b/src/PVE/LXC/Setup/Base.pm
> index 7bf66ca..8cd7255 100644
> --- a/src/PVE/LXC/Setup/Base.pm
> +++ b/src/PVE/LXC/Setup/Base.pm
> @@ -363,7 +363,7 @@ sub set_user_password {
>      if (defined($opt_password)) {
>  	if ($opt_password !~ m/^\$/) {
>  	    my $time = substr (Digest::SHA::sha1_base64 (time), 0, 8);
> -	    $opt_password = crypt(encode("utf8", $opt_password), "\$1\$$time\$");
> +	    $opt_password = crypt($opt_password, "\$1\$$time\$");
>  	};
>      } else {
>  	$opt_password = '*';
> -- 
> 2.1.4

More information about the pve-devel mailing list