summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2023-02-22 11:10:37 +0100
committerChristian Breunig <christian@breunig.cc>2023-02-25 22:06:06 +0100
commit3bad1d0adb1c187f6611f4bed3d0ad16927d5d18 (patch)
treef678112542f3b7194e4b5e1dbca02c690f954260
parent893ead2fe9b3cd21a522ba369a70d385b6b46a80 (diff)
downloadvyos-1x-3bad1d0adb1c187f6611f4bed3d0ad16927d5d18.tar.gz
vyos-1x-3bad1d0adb1c187f6611f4bed3d0ad16927d5d18.zip
python: T5026: Replace deprecated Python modules crypt, spwd
DeprecationWarning: 'crypt' is deprecated and slated for removal in Python 3.13 DeprecationWarning: 'spwd' is deprecated and slated for removal in Python 3.13
-rw-r--r--debian/control1
-rwxr-xr-xsrc/conf_mode/system-login.py15
2 files changed, 11 insertions, 5 deletions
diff --git a/debian/control b/debian/control
index fb29697d4..b486932c0 100644
--- a/debian/control
+++ b/debian/control
@@ -131,6 +131,7 @@ Depends:
python3-netaddr,
python3-netifaces,
python3-paramiko,
+ python3-passlib,
python3-psutil,
python3-pyhumps,
python3-pystache,
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py
index 8fc18bc37..74e8827ef 100755
--- a/src/conf_mode/system-login.py
+++ b/src/conf_mode/system-login.py
@@ -16,12 +16,10 @@
import os
-from crypt import crypt
-from crypt import METHOD_SHA512
+from passlib.hosts import linux_context
from psutil import users
from pwd import getpwall
from pwd import getpwnam
-from spwd import getspnam
from sys import exit
from time import sleep
@@ -55,6 +53,13 @@ def get_local_users():
return local_users
+def get_shadow_password(username):
+ with open('/etc/shadow') as f:
+ for user in f.readlines():
+ items = user.split(":")
+ if username == items[0]:
+ return items[1]
+ return None
def get_config(config=None):
if config:
@@ -154,7 +159,7 @@ def generate(login):
for user, user_config in login['user'].items():
tmp = dict_search('authentication.plaintext_password', user_config)
if tmp:
- encrypted_password = crypt(tmp, METHOD_SHA512)
+ encrypted_password = linux_context.hash(tmp)
login['user'][user]['authentication']['encrypted_password'] = encrypted_password
del login['user'][user]['authentication']['plaintext_password']
@@ -187,7 +192,7 @@ def generate(login):
call(f"/opt/vyatta/sbin/my_set {add_user_encrypt}", env=env)
else:
try:
- if getspnam(user).sp_pwdp == dict_search('authentication.encrypted_password', user_config):
+ if get_shadow_password(user) == dict_search('authentication.encrypted_password', user_config):
# If the current encrypted bassword matches the encrypted password
# from the config - do not update it. This will remove the encrypted
# value from the system logs.