From 21632972df034c200578e1fbc121a07f20bb8774 Mon Sep 17 00:00:00 2001
From: "Tore S. Lonoy" <tore.lonoy@gmail.com>
Date: Fri, 4 Nov 2016 11:38:31 +0100
Subject: Add support for setting hashed passwords

This change will add support for hashed passwords in cc_set_passwords.
It checks if a password is a hash with by checking that it matches
in fairly safe way, and also that the password does not have a ":" in it.

chpasswd needs to know if the password is hashed or not, so two lists
is created so chpasswd is feed with the correct one.

LP: #1570325
---
 tests/cloud_tests/configs/modules/set_password_list.yaml        | 3 +++
 tests/cloud_tests/configs/modules/set_password_list_string.yaml | 3 +++
 tests/cloud_tests/testcases/base.py                             | 4 ++++
 3 files changed, 10 insertions(+)

(limited to 'tests')

diff --git a/tests/cloud_tests/configs/modules/set_password_list.yaml b/tests/cloud_tests/configs/modules/set_password_list.yaml
index a1eadd75..a2a89c9d 100644
--- a/tests/cloud_tests/configs/modules/set_password_list.yaml
+++ b/tests/cloud_tests/configs/modules/set_password_list.yaml
@@ -21,11 +21,14 @@ cloud_config: |
       # sha256 gojanego
       passwd: "$5$iW$XsxmWCdpwIW8Yhv.Jn/R3uk6A4UaicfW5Xp7C9p9pg."
       lock_passwd: false
+    - name: "mikey"
+      lock_passwd: false
   chpasswd:
     list:
       - tom:mypassword123!
       - dick:RANDOM
       - harry:RANDOM
+      - mikey:$5$xZ$B2YGGEx2AOf4PeW48KC6.QyT1W2B4rZ9Qbltudtha89
 collect_scripts:
   shadow: |
     #!/bin/bash
diff --git a/tests/cloud_tests/configs/modules/set_password_list_string.yaml b/tests/cloud_tests/configs/modules/set_password_list_string.yaml
index cbb71bee..c2a0f631 100644
--- a/tests/cloud_tests/configs/modules/set_password_list_string.yaml
+++ b/tests/cloud_tests/configs/modules/set_password_list_string.yaml
@@ -21,11 +21,14 @@ cloud_config: |
       # sha256 gojanego
       passwd: "$5$iW$XsxmWCdpwIW8Yhv.Jn/R3uk6A4UaicfW5Xp7C9p9pg."
       lock_passwd: false
+    - name: "mikey"
+      lock_passwd: false
   chpasswd:
     list: |
       tom:mypassword123!
       dick:RANDOM
       harry:RANDOM
+      mikey:$5$xZ$B2YGGEx2AOf4PeW48KC6.QyT1W2B4rZ9Qbltudtha89
 collect_scripts:
   shadow: |
     #!/bin/bash
diff --git a/tests/cloud_tests/testcases/base.py b/tests/cloud_tests/testcases/base.py
index 51ce2b41..64d5507a 100644
--- a/tests/cloud_tests/testcases/base.py
+++ b/tests/cloud_tests/testcases/base.py
@@ -98,6 +98,9 @@ class PasswordListTest(CloudTestCase):
         self.assertEqual([], dupes)
         self.assertEqual(jane_enc, users['jane'])
 
+        mikey_enc = "$5$xZ$B2YGGEx2AOf4PeW48KC6.QyT1W2B4rZ9Qbltudtha89"
+        self.assertEqual(mikey_enc, users['mikey'])
+
         # shadow entry is $N$salt$, so we encrypt with the same format
         # and salt and expect the result.
         tom = "mypassword123!"
@@ -124,6 +127,7 @@ class PasswordListTest(CloudTestCase):
         self.assertIn('dick:', out)
         self.assertIn('harry:', out)
         self.assertIn('jane:', out)
+        self.assertIn('mikey:', out)
 
     def test_sshd_config(self):
         """Test sshd config allows passwords"""
-- 
cgit v1.2.3