From 230406dc52f37683caa2c62c0ba33091a457c3fe Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Thu, 8 Mar 2018 14:57:19 +0100
Subject: [PATCH] cloud-init: pre-hash passwords

We don't leave this up to cloud-init as we don't want
un-hashed values at all in our configs.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
 PVE/API2/Qemu.pm | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index e8152cc3..0174feb3 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -941,6 +941,12 @@ my $update_vm_api  = sub {
 	PVE::Tools::validate_ssh_public_keys($ssh_keys);
     }
 
+    if (defined(my $cipassword = $param->{cipassword})) {
+	# Same logic as in cloud-init (but with the regex fixed...)
+	$param->{cipassword} = PVE::Tools::encrypt_pw($cipassword)
+	    if $cipassword !~ /^\$(?:[156]|2[ay])(\$.+){2}/;
+    }
+
     die "no options specified\n" if !$delete_str && !$revert_str && !scalar(keys %$param);
 
     my $storecfg = PVE::Storage::config();