Skip to content

Commit a79ef15

Browse files
jeremiahsnappjeremiahsnapp
committed
Ensure random windows password satisfies policy
Signed-off-by: Jeremiah Snapp <[email protected]>
1 parent 61c747b commit a79ef15

File tree

1 file changed

+19
-22
lines changed

1 file changed

+19
-22
lines changed

packer/windows/conf/bin/bk-install-elastic-stack.ps1

Lines changed: 19 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -119,32 +119,29 @@ Set-PSDebug -Trace 0
119119

120120
Write-Output "Creating buildkite-agent user account in Administrators group"
121121

122-
$UserName = "buildkite-agent"
122+
$lowerChars = [char[]](97..122) # a-z
123+
$upperChars = [char[]](65..90) # A-Z
124+
$numbers = [char[]](48..57) # 0-9
125+
$specialChars = [char[]](40, 41, 33, 64, 36, 37, 45, 61, 46, 63, 42, 59, 38) # ()!@$%-=.?*;&
123126

124-
$StopLoop = $false
125-
[int]$RetryCount = "0"
127+
$minPasswordLength = 32
128+
$randomChars = @()
126129

127-
# a Try/Catch block is used in a loop to make a few extra attempts at creating the user account before finally giving up and failing
128-
# because sometimes the generated random password does not satisfy the system's password policy
129130
Do {
130-
Try {
131-
$Count = Get-Random -min 24 -max 32
132-
$Password = -join ((65..90) + (97..122) + (48..57) | Get-Random -Count $Count | ForEach-Object {[char]$_})
131+
$randomChars += Get-Random -Count 1 -InputObject $lowerChars
132+
$randomChars += Get-Random -Count 1 -InputObject $upperChars
133+
$randomChars += Get-Random -Count 1 -InputObject $numbers
134+
$randomChars += Get-Random -Count 1 -InputObject $specialChars
133135

134-
New-LocalUser -Name $UserName -PasswordNeverExpires -Password ($Password | ConvertTo-SecureString -AsPlainText -Force) | out-null
135-
$StopLoop = $true
136-
}
137-
Catch {
138-
If ($RetryCount -gt 10){
139-
Write-Output "Could not create $UserName user after 10 retries."
140-
exit 1
141-
}
142-
Else {
143-
Write-Output "Could not create $UserName user, retrying..."
144-
$RetryCount = $RetryCount + 1
145-
}
146-
}
147-
} While ($StopLoop -eq $false)
136+
# randomize the order of the random characters
137+
$randomChars = Get-Random -Count $randomChars.Length -InputObject $randomChars
138+
} While ($randomChars.Length -lt $minPasswordLength)
139+
140+
$Password = -join $randomChars
141+
142+
$UserName = "buildkite-agent"
143+
144+
New-LocalUser -Name $UserName -PasswordNeverExpires -Password ($Password | ConvertTo-SecureString -AsPlainText -Force) | out-null
148145

149146
If ($Env:BUILDKITE_WINDOWS_ADMINISTRATOR -eq "true") {
150147
Add-LocalGroupMember -Group "Administrators" -Member $UserName | out-null

0 commit comments

Comments
 (0)