Add support for Blowfish passwd hashing algorithm

This is not supported by the Linux version of crypt and is needed
for NetBSD and OpenBSD. Add a new python-bcrypt packet in the helper
that implements the OpenBSD Blowfish password hashing algorithm.

diff --git a/snf-image-helper/snf-passtohash.py b/snf-image-helper/snf-passtohash.py
index eb71d99..baf8fad 100755 (executable)
--- a/snf-image-helper/snf-passtohash.py
+++ b/snf-image-helper/snf-passtohash.py
@@ -27,6 +27,7 @@ To do this, it generates a random salt internally.
 
 import sys
 import crypt
+import bcrypt
 
 from string import ascii_letters, digits
 from random import choice
@@ -40,7 +41,6 @@ from optparse import OptionParser
 HASH_ID_FROM_METHOD = {
     'md5': '1',
     'blowfish': '2a',
-    'sun-md5': 'md5',
     'sha256': '5',
     'sha512': '6'
 }
@@ -71,8 +71,13 @@ def parse_arguments(input_args):
 
 def main():
     (passwd, method) = parse_arguments(sys.argv[1:])
-    salt = random_salt()
-    hash = crypt.crypt(passwd, "$" + HASH_ID_FROM_METHOD[method] + "$" + salt)
+
+    if method != 'blowfish' :
+        hash = crypt.crypt(
+            passwd,"$" + HASH_ID_FROM_METHOD[method] + "$" + random_salt())
+    else:
+        hash = bcrypt.hashpw(passwd, bcrypt.gensalt(8))
+
     sys.stdout.write("%s\n" % (hash))
     return 0
 

diff --git a/snf-image-helper/tasks/50ChangePassword.in b/snf-image-helper/tasks/50ChangePassword.in
index 38c511d..f152e5a 100644 (file)
--- a/snf-image-helper/tasks/50ChangePassword.in
+++ b/snf-image-helper/tasks/50ChangePassword.in
@@ -99,8 +99,18 @@ unix_password() {
        log_error "No ${!shadow} found!"
     fi
 
-    hash=$("@scriptsdir@/snf-passtohash.py" "$password")
-    
+    case "$flavor" in
+        linux|freebsd)
+            hash=$("@scriptsdir@/snf-passtohash.py" "$password")
+            ;;
+        openbsd|netbsd)
+            hash=$("@scriptsdir@/snf-passtohash.py" -m blowfish "$password")
+            ;;
+        *)
+            log_error "Unknown unix flavor: \`$flavor'"
+            ;;
+    esac
+
     users=()
     
     if [ -n "$SNF_IMAGE_PROPERTY_USERS" ]; then

diff --git a/snf-image-host/multistrap.conf b/snf-image-host/multistrap.conf
index 1612009..25269bb 100644 (file)
--- a/snf-image-host/multistrap.conf
+++ b/snf-image-host/multistrap.conf
@@ -34,7 +34,7 @@ suite=wheezy/
 components=
 
 [Helper]
-packages=ufsutils linux-image-3.2.0-4-amd64
+packages=ufsutils linux-image-3.2.0-4-amd64 python-bcrypt
 # Don't change the parameters below unless you really know what you are doing.
 # The /'s and the empty `componets' variable are needed when working with apt.
 source=http://apt.dev.grnet.gr/

diff --git a/snf-image-host/version_pinning.pref b/snf-image-host/version_pinning.pref
index 13fdcf4..481d92b 100644 (file)
--- a/snf-image-host/version_pinning.pref
+++ b/snf-image-host/version_pinning.pref
@@ -6,6 +6,10 @@ Package: ufsutils
 Pin: version 8.2-3+wheezy+grnet.growfs.fix
 Pin-Priority: 1001
 
+Package: python-bcrypt
+Pin: version 0.4-1grnet
+Pin-Priority: 1001
+
 Package: linux-image-3.2.0-4-amd64
 Pin: version 3.2.46-1+deb7u1+ufs.rw
 Pin-Priority: 1001