diff options
| author | Scott Moser <smoser@ubuntu.com> | 2013-08-15 13:16:01 -0400 |
|---|---|---|
| committer | Scott Moser <smoser@ubuntu.com> | 2013-08-15 13:16:01 -0400 |
| commit | e668da729a0f9cd5d93d909a9b44d74cf6925dd5 (patch) | |
| tree | bb62740b8419b24d7a424cf6034679cb34763596 | |
| parent | c09cb99dbee54745f06583d9ff0ea4b91e8b087e (diff) | |
| download | vyos-cloud-init-e668da729a0f9cd5d93d909a9b44d74cf6925dd5.tar.gz vyos-cloud-init-e668da729a0f9cd5d93d909a9b44d74cf6925dd5.zip | |
do not set 'password', but set 'passwd' to crypt'd value
'password' was the wrong key. It should have been setting the default
user's "plain_text_password".
Instead of doing that, though, we're encrypting the value and putting it in
'passwd', which will then be passed on to useradd. The key value in doing
this is that the plain text password will not be stored in obj.pkl.
(admittedly it is still in plain text in the ovf-env.xml file).
| -rw-r--r-- | cloudinit/sources/DataSourceAzure.py | 7 | ||||
| -rw-r--r-- | tests/unittests/test_datasource/test_azure.py | 11 |
2 files changed, 14 insertions, 4 deletions
diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py index 1a74de21..7ec622bf 100644 --- a/cloudinit/sources/DataSourceAzure.py +++ b/cloudinit/sources/DataSourceAzure.py @@ -17,6 +17,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import base64 +import crypt import os import os.path import time @@ -424,7 +425,7 @@ def read_azure_ovf(contents): if username: defuser['name'] = username if password: - defuser['password'] = password + defuser['passwd'] = encrypt_pass(password) defuser['lock_passwd'] = False if defuser: @@ -436,6 +437,10 @@ def read_azure_ovf(contents): return (md, ud, cfg) +def encrypt_pass(password, salt_id="$6$"): + return crypt.crypt(password, salt_id + util.rand_str(strlen=16)) + + def list_possible_azure_ds_devs(): # return a sorted list of devices that might have a azure datasource devlist = [] diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py index 06f8a5d2..1ca6a79d 100644 --- a/tests/unittests/test_datasource/test_azure.py +++ b/tests/unittests/test_datasource/test_azure.py @@ -2,6 +2,7 @@ from cloudinit import helpers from cloudinit.sources import DataSourceAzure from tests.unittests.helpers import populate_dir +import crypt import base64 from mocker import MockerTestCase import os @@ -207,11 +208,15 @@ class TestAzureDataSource(MockerTestCase): self.assertTrue('default_user' in dsrc.cfg['system_info']) defuser = dsrc.cfg['system_info']['default_user'] - # default user shoudl be updated for password and username - # and should not be locked. + # default user should be updated username and should not be locked. self.assertEqual(defuser['name'], odata['UserName']) - self.assertEqual(defuser['password'], odata['UserPassword']) self.assertFalse(defuser['lock_passwd']) + # passwd is crypt formated string $id$salt$encrypted + # encrypting plaintext with salt value of everything up to final '$' + # should equal that after the '$' + pos = defuser['passwd'].rfind("$") + 1 + self.assertEqual(defuser['passwd'], + crypt.crypt(odata['UserPassword'], defuser['passwd'][0:pos])) def test_userdata_found(self): mydata = "FOOBAR" |