Jira (PUP-8330) macOS agents fails to retrieve password hash

2 views
Skip to first unread message

Michael Krause (JIRA)

unread,
Jan 8, 2018, 10:37:02 AM1/8/18
to puppe...@googlegroups.com
Michael Krause created an issue
 
Puppet / Bug PUP-8330
macOS agents fails to retrieve password hash
Issue Type: Bug Bug
Affects Versions: PUP 5.3.3
Assignee: Unassigned
Created: 2018/01/08 7:36 AM
Environment:

macOS 10.13.2
Priority: Major Major
Reporter: Michael Krause

Puppet Version: 5.3.3
Puppet Server Version: 5.1.4
OS Name/Version: macOS 10.13.2

puppet user provider fails with every puppet run or with puppet resource

Desired Behavior:

No error or error handling.

Actual Behavior:

Crash.

Example:

{{

  1. puppet resource user admin --trace --debug
    [..]
    Debug: Executing: '/usr/bin/dscl -plist . readall /Groups'
    Debug: Converting binary plist to hash
    Debug: Converting binary plist to hash
    Debug: Converting binary plist to hash
    Debug: Converting binary plist to hash
    Debug: Converting binary plist to hash
    Error: Could not run: undefined method `unpack' for nil:NilClass
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/user/directoryservice.rb:210:in `get_salted_sha512_pbkdf2'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/user/directoryservice.rb:149:in `generate_attribute_hash'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/user/directoryservice.rb:87:in `block in instances'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/user/directoryservice.rb:86:in `collect'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/user/directoryservice.rb:86:in `instances'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type.rb:1164:in `block in instances'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type.rb:1163:in `collect'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type.rb:1163:in `instances'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/resource/ral.rb:14:in `find'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/indirector/indirection.rb:195:in `find'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/resource.rb:216:in `find_or_save_resources'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/resource.rb:142:in `block in main'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in `override'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:263:in `override'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/resource.rb:137:in `main'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:366:in `run_command'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:358:in `block in run'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:666:in `exit_on_fail'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:358:in `run'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:132:in `run'
    /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:72:in `execute'
    /opt/puppetlabs/puppet/bin/puppet:5:in `<main>'
    }}
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db)
Atlassian logo

Michael Krause (JIRA)

unread,
Jan 8, 2018, 10:38:03 AM1/8/18
to puppe...@googlegroups.com
Michael Krause updated an issue
Change By: Michael Krause
*Puppet Version: 5.3.3*
*Puppet Server Version: 5.1.4*
*OS Name/Version: macOS 10.13.2*


puppet user provider fails with every puppet run or with puppet resource

*Desired Behavior:*


No error or error handling.

*Actual Behavior:*

Crash.

*Example:*

{ { code}
# puppet resource user admin --trace --debug
{code } }

Michael Krause (JIRA)

unread,
Jan 8, 2018, 10:47:02 AM1/8/18
to puppe...@googlegroups.com
Michael Krause commented on Bug PUP-8330
 
Re: macOS agents fails to retrieve password hash

This may be related to https://www.exploit-db.com/exploits/43248/ as the affected user resource is root.

I can workaround this problem by manually setting a new password with passwd.

Craig Gomes (JIRA)

unread,
Jan 8, 2018, 5:38:02 PM1/8/18
to puppe...@googlegroups.com
Craig Gomes updated an issue
 
Change By: Craig Gomes
Team: Platform OS

Geoff Nichols (JIRA)

unread,
Mar 24, 2018, 9:02:03 PM3/24/18
to puppe...@googlegroups.com
Geoff Nichols updated an issue
Change By: Geoff Nichols
Labels: macos type_and_provider
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
Atlassian logo

Branan Riley (JIRA)

unread,
May 9, 2018, 1:39:02 PM5/9/18
to puppe...@googlegroups.com
Branan Riley updated an issue
Change By: Branan Riley
Labels: macos triaged type_and_provider user

Josh Cooper (Jira)

unread,
Jun 11, 2021, 3:17:01 PM6/11/21
to puppe...@googlegroups.com
Josh Cooper commented on Bug PUP-8330
 
Re: macOS agents fails to retrieve password hash

It looks like the entropy field is missing from the SALTED-SHA512-PBKDF2 hash that we parsed... I'm not able to reproduce on 10.15. Since this hasn't been updated in awhile, I'm going to close. Please reopen if it's still an issue using Puppet 6 or later.
This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages