Add support for setting hashed passwords

This change will add support for hashed passwords in cc_set_passwords. It checks if a password is a hash with by checking that it matches in fairly safe way, and also that the password does not have a ":" in it. chpasswd needs to know if the password is hashed or not, so two lists is created so chpasswd is feed with the correct one. LP: #1570325
author: Tore S. Lonoy <tore.lonoy@gmail.com> 2016-11-04 11:38:31 +0100
committer: Scott Moser <smoser@brickies.net> 2017-03-24 16:45:24 -0400
commit: 21632972df034c200578e1fbc121a07f20bb8774 (patch)
tree: 7e090adbe9bf31418e7f752e455342a0be5f9ed3 /tests/cloud_tests
parent: 4a2b2f87ec48c227eb8fb2091dba604457cf8de8 (diff)
download: vyos-cloud-init-21632972df034c200578e1fbc121a07f20bb8774.tar.gz
vyos-cloud-init-21632972df034c200578e1fbc121a07f20bb8774.zip
3 files changed, 10 insertions, 0 deletions
diff --git a/tests/cloud_tests/configs/modules/set_password_list.yaml b/tests/cloud_tests/configs/modules/set_password_list.yaml
index a1eadd75..a2a89c9d 100644
--- a/tests/cloud_tests/configs/modules/set_password_list.yaml
+++ b/tests/cloud_tests/configs/modules/set_password_list.yaml
@@ -21,11 +21,14 @@ cloud_config: |
       # sha256 gojanego
       passwd: "$5$iW$XsxmWCdpwIW8Yhv.Jn/R3uk6A4UaicfW5Xp7C9p9pg."
       lock_passwd: false
+    - name: "mikey"
+      lock_passwd: false
   chpasswd:
     list:
       - tom:mypassword123!
       - dick:RANDOM
       - harry:RANDOM
+      - mikey:$5$xZ$B2YGGEx2AOf4PeW48KC6.QyT1W2B4rZ9Qbltudtha89
 collect_scripts:
   shadow: |
     #!/bin/bash
diff --git a/tests/cloud_tests/configs/modules/set_password_list_string.yaml b/tests/cloud_tests/configs/modules/set_password_list_string.yaml
index cbb71bee..c2a0f631 100644
--- a/tests/cloud_tests/configs/modules/set_password_list_string.yaml
+++ b/tests/cloud_tests/configs/modules/set_password_list_string.yaml
@@ -21,11 +21,14 @@ cloud_config: |
       # sha256 gojanego
       passwd: "$5$iW$XsxmWCdpwIW8Yhv.Jn/R3uk6A4UaicfW5Xp7C9p9pg."
       lock_passwd: false
+    - name: "mikey"
+      lock_passwd: false
   chpasswd:
     list: |
       tom:mypassword123!
       dick:RANDOM
       harry:RANDOM
+      mikey:$5$xZ$B2YGGEx2AOf4PeW48KC6.QyT1W2B4rZ9Qbltudtha89
 collect_scripts:
   shadow: |
     #!/bin/bash
diff --git a/tests/cloud_tests/testcases/base.py b/tests/cloud_tests/testcases/base.py
index 51ce2b41..64d5507a 100644
--- a/tests/cloud_tests/testcases/base.py
+++ b/tests/cloud_tests/testcases/base.py
@@ -98,6 +98,9 @@ class PasswordListTest(CloudTestCase):
         self.assertEqual([], dupes)
         self.assertEqual(jane_enc, users['jane'])
 
+        mikey_enc = "$5$xZ$B2YGGEx2AOf4PeW48KC6.QyT1W2B4rZ9Qbltudtha89"
+        self.assertEqual(mikey_enc, users['mikey'])
+
         # shadow entry is $N$salt$, so we encrypt with the same format
         # and salt and expect the result.
         tom = "mypassword123!"
@@ -124,6 +127,7 @@ class PasswordListTest(CloudTestCase):
         self.assertIn('dick:', out)
         self.assertIn('harry:', out)
         self.assertIn('jane:', out)
+        self.assertIn('mikey:', out)
 
     def test_sshd_config(self):
         """Test sshd config allows passwords"""
author	Tore S. Lonoy <tore.lonoy@gmail.com>	2016-11-04 11:38:31 +0100
committer	Scott Moser <smoser@brickies.net>	2017-03-24 16:45:24 -0400
commit	21632972df034c200578e1fbc121a07f20bb8774 (patch)
tree	7e090adbe9bf31418e7f752e455342a0be5f9ed3 /tests/cloud_tests
parent	4a2b2f87ec48c227eb8fb2091dba604457cf8de8 (diff)
download	vyos-cloud-init-21632972df034c200578e1fbc121a07f20bb8774.tar.gz vyos-cloud-init-21632972df034c200578e1fbc121a07f20bb8774.zip