Add support for Blowfish passwd hashing algorithm

[snf-image] / snf-image-helper / snf-passtohash.py

diff --git a/snf-image-helper/snf-passtohash.py b/snf-image-helper/snf-passtohash.py
index a4c6f0f..baf8fad 100755 (executable)
--- a/snf-image-helper/snf-passtohash.py
+++ b/snf-image-helper/snf-passtohash.py
@@ -1,17 +1,33 @@
 #!/usr/bin/env python
+
+# Copyright (C) 2011 GRNET S.A.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
 #
-# Copyright (c) 2011 Greek Research and Technology Network
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
 #
-"""Generate a Hash from a given Password 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+
+"""Generate a hash from a given password
 
-This program takes a Password as an argument and
+This program takes a password as an argument and
 returns to standard output a hash followed by a newline.
-To do this, it generates internally a random salt.
+To do this, it generates a random salt internally.
 
 """
 
 import sys
-import crypt 
+import crypt
+import bcrypt
 
 from string import ascii_letters, digits
 from random import choice
@@ -25,11 +41,11 @@ from optparse import OptionParser
 HASH_ID_FROM_METHOD = {
     'md5': '1',
     'blowfish': '2a',
-    'sun-md5': 'md5',
     'sha256': '5',
     'sha512': '6'
 }
 
+
 def random_salt(length=8):
     pool = ascii_letters + digits + "/" + "."
     return ''.join(choice(pool) for i in range(length))
@@ -38,27 +54,30 @@ def random_salt(length=8):
 def parse_arguments(input_args):
     usage = "usage: %prog [-h] [-m encrypt-method] <password>"
     parser = OptionParser(usage=usage)
-    parser.add_option("-m", "--encrypt-method",
-                       dest="encrypt_method",
-                       type='choice',
-                       default="sha512",
-                       choices=HASH_ID_FROM_METHOD.keys(),
-                       help="encrypt password with ENCRYPT_METHOD [%default] \
-                       (supported: " + ", ".join(HASH_ID_FROM_METHOD.keys()) +")",
+    parser.add_option(
+        "-m", "--encrypt-method", dest="encrypt_method", type='choice',
+        default="sha512", choices=HASH_ID_FROM_METHOD.keys(),
+        help="encrypt password with ENCRYPT_METHOD [%default] (supported: " +
+        ", ".join(HASH_ID_FROM_METHOD.keys()) + ")"
     )
 
     (opts, args) = parser.parse_args(input_args)
 
     if len(args) != 1:
-       parser.error('password is missing')
+        parser.error('password is missing')
 
     return (args[0], opts.encrypt_method)
 
 
 def main():
-    (password, method) = parse_arguments(sys.argv[1:])
-    salt = random_salt()
-    hash = crypt.crypt(password, "$"+HASH_ID_FROM_METHOD[method]+"$"+salt)
+    (passwd, method) = parse_arguments(sys.argv[1:])
+
+    if method != 'blowfish' :
+        hash = crypt.crypt(
+            passwd,"$" + HASH_ID_FROM_METHOD[method] + "$" + random_salt())
+    else:
+        hash = bcrypt.hashpw(passwd, bcrypt.gensalt(8))
+
     sys.stdout.write("%s\n" % (hash))
     return 0