cloud-init: pre-hash passwords

We don't leave this up to cloud-init as we don't want
un-hashed values at all in our configs.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index e8152cc3695d837b17629e8941d90f262fd6d17e..0174feb32d7fd99f76fa6d21bcc34d62df04a084 100644 (file)
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -941,6 +941,12 @@ my $update_vm_api  = sub {
        PVE::Tools::validate_ssh_public_keys($ssh_keys);
     }
 
+    if (defined(my $cipassword = $param->{cipassword})) {
+       # Same logic as in cloud-init (but with the regex fixed...)
+       $param->{cipassword} = PVE::Tools::encrypt_pw($cipassword)
+           if $cipassword !~ /^\$(?:[156]|2[ay])(\$.+){2}/;
+    }
+
     die "no options specified\n" if !$delete_str && !$revert_str && !scalar(keys %$param);
 
     my $storecfg = PVE::Storage::config();