From 17818549b3dda58a907ef44ed7de9f837ad66c3c Mon Sep 17 00:00:00 2001
From: Chad Smith <chad.smith@canonical.com>
Date: Mon, 14 Feb 2022 08:51:03 -0700
Subject: tests: when generating crypted password, generate in target env
 (#1252)

There are inconsistencies for cryptographic libraries across
major distribution releases.

From a bionic host, which doesn't support yescrypt hashing scheme,
attempting run run crypt.crypt locally using a yescrypt hash
from a Jammmy /etc/shadow file will result in failure to produce an
encrypted password. For "unsupported" hash schemes, crypt.crypt
returns None.

To avoid inconsistencies of python cryptographic libs across Linux
releases, perform the password encryption on the system under test.
---
 tests/integration_tests/modules/test_set_password.py | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'tests/integration_tests/modules')

diff --git a/tests/integration_tests/modules/test_set_password.py b/tests/integration_tests/modules/test_set_password.py
index e0f8b692..0e35cd26 100644
--- a/tests/integration_tests/modules/test_set_password.py
+++ b/tests/integration_tests/modules/test_set_password.py
@@ -8,8 +8,6 @@ other tests chpasswd's list being a string.  Both expect the same results, so
 they use a mixin to share their test definitions, because we can (of course)
 only specify one user-data per instance.
 """
-import crypt
-
 import pytest
 import yaml
 
@@ -162,9 +160,13 @@ class Mixin:
         shadow_users, _ = self._fetch_and_parse_etc_shadow(class_client)
 
         fmt_and_salt = shadow_users["tom"].rsplit("$", 1)[0]
-        expected_value = crypt.crypt("mypassword123!", fmt_and_salt)
-
-        assert expected_value == shadow_users["tom"]
+        GEN_CRYPT_CONTENT = (
+            "import crypt\n"
+            f"print(crypt.crypt('mypassword123!', '{fmt_and_salt}'))\n"
+        )
+        class_client.write_to_file("/gen_crypt.py", GEN_CRYPT_CONTENT)
+        result = class_client.execute("python3 /gen_crypt.py")
+        assert result.stdout == shadow_users["tom"]
 
     def test_shadow_expected_users(self, class_client):
         """Test that the right set of users is in /etc/shadow."""
-- 
cgit v1.2.3