Require passlib over crypt in password_hash for Mac OS X/Darwin. Fixes #11244

pull/11251/head
Matt Martz 10 years ago
parent f1e4ae5fc3
commit a4e2d1eb62

@ -42,6 +42,12 @@ from ansible.parsing.yaml.dumper import AnsibleDumper
from ansible.utils.hashing import md5s, checksum_s from ansible.utils.hashing import md5s, checksum_s
from ansible.utils.unicode import unicode_wrap, to_unicode from ansible.utils.unicode import unicode_wrap, to_unicode
try:
import passlib.hash
HAS_PASSLIB = True
except:
HAS_PASSLIB = False
UUID_NAMESPACE_ANSIBLE = uuid.UUID('361E6D51-FAEC-444A-9079-341386DA8E2E') UUID_NAMESPACE_ANSIBLE = uuid.UUID('361E6D51-FAEC-444A-9079-341386DA8E2E')
@ -266,8 +272,15 @@ def get_encrypted_password(password, hashtype='sha512', salt=None):
r = SystemRandom() r = SystemRandom()
salt = ''.join([r.choice(string.ascii_letters + string.digits) for _ in range(16)]) salt = ''.join([r.choice(string.ascii_letters + string.digits) for _ in range(16)])
saltstring = "$%s$%s" % (cryptmethod[hashtype],salt) if not HAS_PASSLIB:
encrypted = crypt.crypt(password,saltstring) if sys.platform.startswith('darwin'):
raise errors.AnsibleFilterError('|password_hash requires the passlib python module to generate password hashes on Mac OS X/Darwin')
saltstring = "$%s$%s" % (cryptmethod[hashtype],salt)
encrypted = crypt.crypt(password, saltstring)
else:
cls = getattr(passlib.hash, '%s_crypt' % hashtype)
encrypted = cls.encrypt(password, salt=salt)
return encrypted return encrypted
return None return None

Loading…
Cancel
Save