Commit d1628244 authored by Nikos Skalkotos's avatar Nikos Skalkotos
Browse files

Add support for sha1 hashing method

This is the default password hashing method for NetBSD.
parent 9e8db27f
...@@ -26,39 +26,39 @@ To do this, it generates a random salt internally. ...@@ -26,39 +26,39 @@ To do this, it generates a random salt internally.
""" """
import sys import sys
import crypt
import bcrypt import passlib.hash
from string import ascii_letters, digits from string import ascii_letters, digits
from random import choice from random import choice
from os.path import basename from os.path import basename
from optparse import OptionParser from optparse import OptionParser
# This dictionary maps the hashing algorithm method
# with its <ID> as documented in:
# http://www.akkadia.org/drepper/SHA-crypt.txt
HASH_ID_FROM_METHOD = {
'md5': '1',
'blowfish': '2a',
'sha256': '5',
'sha512': '6'
}
def random_salt(length=8): def random_salt(length=8):
pool = ascii_letters + digits + "/" + "." pool = ascii_letters + digits + "/" + "."
return ''.join(choice(pool) for i in range(length)) return ''.join(choice(pool) for i in range(length))
METHOD = {
# Name: (algoritm, options)
'md5': (passlib.hash.md5_crypt, {}),
'blowfish': (passlib.hash.bcrypt, {}),
'sha256': (
passlib.hash.sha256_crypt,
{'rounds': 5000, 'implicit_rounds': True, 'salt': random_salt()}),
'sha512': (
passlib.hash.sha512_crypt,
{'rounds': 5000, 'implicit_rounds': True, 'salt': random_salt()}),
'sha1': (passlib.hash.sha1_crypt, {})
}
def parse_arguments(input_args): def parse_arguments(input_args):
usage = "usage: %prog [-h] [-m encrypt-method] <password>" usage = "usage: %prog [-h] [-m encrypt-method] <password>"
parser = OptionParser(usage=usage) parser = OptionParser(usage=usage)
parser.add_option( parser.add_option(
"-m", "--encrypt-method", dest="encrypt_method", type='choice', "-m", "--encrypt-method", dest="encrypt_method", type='choice',
default="sha512", choices=HASH_ID_FROM_METHOD.keys(), default="sha512", choices=METHOD.keys(),
help="encrypt password with ENCRYPT_METHOD [%default] (supported: " + help="encrypt password with ENCRYPT_METHOD [%default] (supported: " +
", ".join(HASH_ID_FROM_METHOD.keys()) + ")" ", ".join(METHOD.keys()) + ")"
) )
(opts, args) = parser.parse_args(input_args) (opts, args) = parser.parse_args(input_args)
...@@ -72,13 +72,9 @@ def parse_arguments(input_args): ...@@ -72,13 +72,9 @@ def parse_arguments(input_args):
def main(): def main():
(passwd, method) = parse_arguments(sys.argv[1:]) (passwd, method) = parse_arguments(sys.argv[1:])
if method != 'blowfish' : algorithm, options = METHOD[method]
hash = crypt.crypt( print algorithm.encrypt(passwd, **options)
passwd,"$" + HASH_ID_FROM_METHOD[method] + "$" + random_salt())
else:
hash = bcrypt.hashpw(passwd, bcrypt.gensalt(8))
sys.stdout.write("%s\n" % (hash))
return 0 return 0
if __name__ == "__main__": if __name__ == "__main__":
......
...@@ -103,9 +103,12 @@ unix_password() { ...@@ -103,9 +103,12 @@ unix_password() {
linux|freebsd) linux|freebsd)
hash=$("@scriptsdir@/snf-passtohash.py" "$password") hash=$("@scriptsdir@/snf-passtohash.py" "$password")
;; ;;
openbsd|netbsd) openbsd)
hash=$("@scriptsdir@/snf-passtohash.py" -m blowfish "$password") hash=$("@scriptsdir@/snf-passtohash.py" -m blowfish "$password")
;; ;;
netbsd)
hash=$("@scriptsdir@/snf-passtohash.py" -m sha1 "$password")
;;
*) *)
log_error "Unknown unix flavor: \`$flavor'" log_error "Unknown unix flavor: \`$flavor'"
;; ;;
...@@ -173,10 +176,19 @@ else ...@@ -173,10 +176,19 @@ else
unix_password "$SNF_IMAGE_PROPERTY_OSFAMILY" "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD" unix_password "$SNF_IMAGE_PROPERTY_OSFAMILY" "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD"
fi fi
# For FreeBSD, OpenBSD and NetBSD we need to recreate the password database too # For FreeBSD, OpenBSD and NetBSD we need to recreate the password databases too
if [[ "$SNF_IMAGE_PROPERTY_OSFAMILY" == *bsd ]]; then if [[ "$SNF_IMAGE_PROPERTY_OSFAMILY" == *bsd ]]; then
rm -f "$SNF_IMAGE_TARGET/etc/spwd.db" rm -f "$SNF_IMAGE_TARGET/etc/spwd.db"
# NetBSD is very strict about the existence & non-existence of the db files
if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "netbsd" ]; then
rm -f "$SNF_IMAGE_TARGET/etc/pwd.db.tmp"
rm -f "$SNF_IMAGE_TARGET/etc/spwd.db.tmp"
touch "$SNF_IMAGE_TARGET/etc/spwd.db"
fi
# Make sure /etc/spwd.db is recreated on first boot # Make sure /etc/spwd.db is recreated on first boot
rc_local=$(cat <<EOF rc_local=$(cat <<EOF
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
......
...@@ -21,7 +21,7 @@ debootstrap=Debian GRNet Helper ...@@ -21,7 +21,7 @@ debootstrap=Debian GRNet Helper
aptsources=Debian aptsources=Debian
[Debian] [Debian]
packages=socat iproute xenstore-utils ntfsprogs xmlstarlet python reglookup chntpw parted python-support eatmydata gdisk ntfs-3g packages=socat iproute xenstore-utils ntfsprogs xmlstarlet python reglookup chntpw parted python-support eatmydata gdisk ntfs-3g python-passlib
source=http://ftp.gr.debian.org/debian source=http://ftp.gr.debian.org/debian
suite=wheezy suite=wheezy
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment