diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2023-02-22 11:10:37 +0100 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2023-02-25 22:06:06 +0100 |
commit | 3bad1d0adb1c187f6611f4bed3d0ad16927d5d18 (patch) | |
tree | f678112542f3b7194e4b5e1dbca02c690f954260 | |
parent | 893ead2fe9b3cd21a522ba369a70d385b6b46a80 (diff) | |
download | vyos-1x-3bad1d0adb1c187f6611f4bed3d0ad16927d5d18.tar.gz vyos-1x-3bad1d0adb1c187f6611f4bed3d0ad16927d5d18.zip |
python: T5026: Replace deprecated Python modules crypt, spwd
DeprecationWarning: 'crypt' is deprecated and slated for removal in Python 3.13
DeprecationWarning: 'spwd' is deprecated and slated for removal in Python 3.13
-rw-r--r-- | debian/control | 1 | ||||
-rwxr-xr-x | src/conf_mode/system-login.py | 15 |
2 files changed, 11 insertions, 5 deletions
diff --git a/debian/control b/debian/control index fb29697d4..b486932c0 100644 --- a/debian/control +++ b/debian/control @@ -131,6 +131,7 @@ Depends: python3-netaddr, python3-netifaces, python3-paramiko, + python3-passlib, python3-psutil, python3-pyhumps, python3-pystache, diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 8fc18bc37..74e8827ef 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -16,12 +16,10 @@ import os -from crypt import crypt -from crypt import METHOD_SHA512 +from passlib.hosts import linux_context from psutil import users from pwd import getpwall from pwd import getpwnam -from spwd import getspnam from sys import exit from time import sleep @@ -55,6 +53,13 @@ def get_local_users(): return local_users +def get_shadow_password(username): + with open('/etc/shadow') as f: + for user in f.readlines(): + items = user.split(":") + if username == items[0]: + return items[1] + return None def get_config(config=None): if config: @@ -154,7 +159,7 @@ def generate(login): for user, user_config in login['user'].items(): tmp = dict_search('authentication.plaintext_password', user_config) if tmp: - encrypted_password = crypt(tmp, METHOD_SHA512) + encrypted_password = linux_context.hash(tmp) login['user'][user]['authentication']['encrypted_password'] = encrypted_password del login['user'][user]['authentication']['plaintext_password'] @@ -187,7 +192,7 @@ def generate(login): call(f"/opt/vyatta/sbin/my_set {add_user_encrypt}", env=env) else: try: - if getspnam(user).sp_pwdp == dict_search('authentication.encrypted_password', user_config): + if get_shadow_password(user) == dict_search('authentication.encrypted_password', user_config): # If the current encrypted bassword matches the encrypted password # from the config - do not update it. This will remove the encrypted # value from the system logs. |