archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

password_hash - fix bcrypt algorithm when passlib is not installed (#81385)

Browse Source
pull/81423/head
Sloane Hertel 1 year ago committed by GitHub
parent dbb3feddaf
commit f5431321a2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File

2
changelogs/fragments/password_hash-fix-crypt-salt-bcrypt.yml
Unescape Escape View File

@ -0,0 +1,2 @@
bugfixes:
- password_hash - fix salt format for ``crypt`` (only used if ``passlib`` is not installed) for the ``bcrypt`` algorithm.

9
lib/ansible/utils/encrypt.py
Unescape Escape View File

@ -128,7 +128,10 @@ class CryptHash(BaseHash):
return ret return ret
def _rounds(self, rounds): def _rounds(self, rounds):
if rounds == self.algo_data.implicit_rounds: if self.algorithm == 'bcrypt':
# crypt requires 2 digits for rounds
return rounds or self.algo_data.implicit_rounds
elif rounds == self.algo_data.implicit_rounds:
# Passlib does not include the rounds if it is the same as implicit_rounds. # Passlib does not include the rounds if it is the same as implicit_rounds.
# Make crypt lib behave the same, by not explicitly specifying the rounds in that case. # Make crypt lib behave the same, by not explicitly specifying the rounds in that case.
return None return None
@ -148,6 +151,9 @@ class CryptHash(BaseHash):
saltstring = "$%s" % ident saltstring = "$%s" % ident
if rounds: if rounds:
if self.algorithm == 'bcrypt':
saltstring += "$%d" % rounds
else:
saltstring += "$rounds=%d" % rounds saltstring += "$rounds=%d" % rounds
saltstring += "$%s" % salt saltstring += "$%s" % salt
@ -177,6 +183,7 @@ class PasslibHash(BaseHash):
if not PASSLIB_AVAILABLE: if not PASSLIB_AVAILABLE:
raise AnsibleError("passlib must be installed and usable to hash with '%s'" % algorithm, orig_exc=PASSLIB_E) raise AnsibleError("passlib must be installed and usable to hash with '%s'" % algorithm, orig_exc=PASSLIB_E)
display.vv("Using passlib to hash input with '%s'" % algorithm)
try: try:
self.crypt_algo = getattr(passlib.hash, algorithm) self.crypt_algo = getattr(passlib.hash, algorithm)

8
test/integration/targets/filter_core/tasks/main.yml
Unescape Escape View File

@ -478,6 +478,14 @@
vars: vars:
msg: "msdcc is not in the list of supported passlib algorithms: md5, blowfish, sha256, sha512" msg: "msdcc is not in the list of supported passlib algorithms: md5, blowfish, sha256, sha512"
- name: test password_hash can work with bcrypt without passlib installed
debug:
msg: "{{ 'somestring'|password_hash('bcrypt') }}"
register: crypt_bcrypt
# Some implementations of crypt do not fail outright and return some short value.
failed_when: crypt_bcrypt is failed or (crypt_bcrypt.msg|length|int) != 60
when: ansible_facts.os_family in ['RedHat', 'Debian']
- name: Verify to_uuid throws on weird namespace - name: Verify to_uuid throws on weird namespace
set_fact: set_fact:
foo: '{{"hey"|to_uuid(namespace=22)}}' foo: '{{"hey"|to_uuid(namespace=22)}}'

Write Preview
Loading…
Cancel
Save