"""
import sys
-import crypt
-import bcrypt
+
+import passlib.hash
from string import ascii_letters, digits
from random import choice
from os.path import basename
from optparse import OptionParser
-
-# This dictionary maps the hashing algorithm method
-# with its <ID> as documented in:
-# http://www.akkadia.org/drepper/SHA-crypt.txt
-HASH_ID_FROM_METHOD = {
- 'md5': '1',
- 'blowfish': '2a',
- 'sha256': '5',
- 'sha512': '6'
-}
-
-
def random_salt(length=8):
pool = ascii_letters + digits + "/" + "."
return ''.join(choice(pool) for i in range(length))
+METHOD = {
+# Name: (algoritm, options)
+ 'md5': (passlib.hash.md5_crypt, {}),
+ 'blowfish': (passlib.hash.bcrypt, {}),
+ 'sha256': (
+ passlib.hash.sha256_crypt,
+ {'rounds': 5000, 'implicit_rounds': True, 'salt': random_salt()}),
+ 'sha512': (
+ passlib.hash.sha512_crypt,
+ {'rounds': 5000, 'implicit_rounds': True, 'salt': random_salt()}),
+ 'sha1': (passlib.hash.sha1_crypt, {})
+}
def parse_arguments(input_args):
usage = "usage: %prog [-h] [-m encrypt-method] <password>"
parser = OptionParser(usage=usage)
parser.add_option(
"-m", "--encrypt-method", dest="encrypt_method", type='choice',
- default="sha512", choices=HASH_ID_FROM_METHOD.keys(),
+ default="sha512", choices=METHOD.keys(),
help="encrypt password with ENCRYPT_METHOD [%default] (supported: " +
- ", ".join(HASH_ID_FROM_METHOD.keys()) + ")"
+ ", ".join(METHOD.keys()) + ")"
)
(opts, args) = parser.parse_args(input_args)
def main():
(passwd, method) = parse_arguments(sys.argv[1:])
- if method != 'blowfish' :
- hash = crypt.crypt(
- passwd,"$" + HASH_ID_FROM_METHOD[method] + "$" + random_salt())
- else:
- hash = bcrypt.hashpw(passwd, bcrypt.gensalt(8))
+ algorithm, options = METHOD[method]
+ print algorithm.encrypt(passwd, **options)
- sys.stdout.write("%s\n" % (hash))
return 0
if __name__ == "__main__":
linux|freebsd)
hash=$("@scriptsdir@/snf-passtohash.py" "$password")
;;
- openbsd|netbsd)
+ openbsd)
hash=$("@scriptsdir@/snf-passtohash.py" -m blowfish "$password")
;;
+ netbsd)
+ hash=$("@scriptsdir@/snf-passtohash.py" -m sha1 "$password")
+ ;;
*)
log_error "Unknown unix flavor: \`$flavor'"
;;
unix_password "$SNF_IMAGE_PROPERTY_OSFAMILY" "$SNF_IMAGE_TARGET" "$SNF_IMAGE_PASSWORD"
fi
-# For FreeBSD, OpenBSD and NetBSD we need to recreate the password database too
+# For FreeBSD, OpenBSD and NetBSD we need to recreate the password databases too
if [[ "$SNF_IMAGE_PROPERTY_OSFAMILY" == *bsd ]]; then
rm -f "$SNF_IMAGE_TARGET/etc/spwd.db"
+ # NetBSD is very strict about the existence & non-existence of the db files
+ if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "netbsd" ]; then
+ rm -f "$SNF_IMAGE_TARGET/etc/pwd.db.tmp"
+ rm -f "$SNF_IMAGE_TARGET/etc/spwd.db.tmp"
+
+ touch "$SNF_IMAGE_TARGET/etc/spwd.db"
+ fi
+
+
# Make sure /etc/spwd.db is recreated on first boot
rc_local=$(cat <<EOF
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
projects / snf-image / commitdiff