def test_validate_encrypted_password(self):
"""
test validation of encrypted password option for libvirt virt. backend
"""
self.mock_pwd_file()
self.init_virt_config_section()
# Validation with no encrypted_password option
result = self.virt_config._validate_encrypted_password('encrypted_password')
self.assertIsNone(result)
# RHSM password or RHSM proxy can be set
self.virt_config['rhsm_encrypted_password'] = hexlify(Password.encrypt('secret_password'))
result = self.virt_config._validate_encrypted_password('rhsm_encrypted_password')
self.assertIsNone(result)
self.virt_config['rhsm_encrypted_proxy_password'] = hexlify(Password.encrypt('secret_password'))
result = self.virt_config._validate_encrypted_password('rhsm_encrypted_proxy_password')
self.assertIsNone(result)
# When server is set, then setting password is useless
self.virt_config['encrypted_password'] = hexlify(Password.encrypt('another_secret_password'))
result = self.virt_config._validate_encrypted_password('encrypted_password')
self.assertIsNotNone(result)
# When server is not set, then setting password is useless too, but
# reason is different
del self.virt_config['server']
result = self.virt_config._validate_encrypted_password('encrypted_password')
self.assertIsNotNone(result)
self.unmock_pwd_file()
def test_validate_encrypted_password(self):
"""
test validation of encrypted password option for libvirt virt. backend
"""
self.mock_pwd_file()
self.init_virt_config_section()
# Validation with no encrypted_password option
result = self.virt_config._validate_encrypted_password(
'encrypted_password')
self.assertIsNone(result)
# RHSM password or RHSM proxy can be set
self.virt_config['rhsm_encrypted_password'] = hexlify(
Password.encrypt('secret_password'))
result = self.virt_config._validate_encrypted_password(
'rhsm_encrypted_password')
self.assertIsNone(result)
self.virt_config['rhsm_encrypted_proxy_password'] = hexlify(
Password.encrypt('secret_password'))
result = self.virt_config._validate_encrypted_password(
'rhsm_encrypted_proxy_password')
self.assertIsNone(result)
# When server is set, then setting password is useless
self.virt_config['encrypted_password'] = hexlify(
Password.encrypt('another_secret_password'))
result = self.virt_config._validate_encrypted_password(
'encrypted_password')
self.assertIsNotNone(result)
# When server is not set, then setting password is useless too, but
# reason is different
del self.virt_config['server']
result = self.virt_config._validate_encrypted_password(
'encrypted_password')
self.assertIsNotNone(result)
self.unmock_pwd_file()
def test_validate_wrong_encrypted_password(self):
"""
Test of validation of corrupted encrypted password
"""
self.init_virt_config_section()
self.mock_pwd_file()
# Safe current password
password = self.virt_config['password']
# Delete unencrypted password first
del self.virt_config['password']
# Set up corrupted encrypted password
encrypted_pwd = Password.encrypt(password)
corrupted_encrypted_pwd = b'S' + encrypted_pwd[1:]
self.virt_config['encrypted_password'] = hexlify(
corrupted_encrypted_pwd)
# Do own testing here
result = self.virt_config._validate_encrypted_password(
'encrypted_password')
# It is interesting that decryption of corrupted password is successful sometimes and sometimes not
if result is not None:
self.assertEqual(result, (
'warning',
'Option "encrypted_password" cannot be decrypted, possibly corrupted'
))
else:
decrypted_password = self.virt_config.get('password')
self.assertNotEqual(password, decrypted_password)
self.unmock_pwd_file()
def main():
options, _args = parseOptions()
if os.getuid() != 0:
print("Only root can encrypt passwords", file=sys.stderr)
sys.exit(1)
try:
pwd = options.password or getpass("Password: "******"Keyfile %s doesn't exist and can't be created, rerun as root" %
Password.KEYFILE,
file=sys.stderr)
sys.exit(1)
except InvalidKeyFile:
print("Can't access keyfile %s, rerun as root" % Password.KEYFILE,
file=sys.stderr)
sys.exit(1)
print(
"Use following as value for encrypted_password key in the configuration file:",
file=sys.stderr)
print(hexlify(enc).decode())
def main():
if len(sys.argv) == 2 and sys.argv[1] in ('-h', '--help'):
print """Utility that encrypts passwords for virt-who.
Enter password that should be encrypted. This encrypted password then can be
supplied to virt-who configuration.
This command must be executed as root!
WARNING: root user can still decrypt encrypted passwords!
"""
sys.exit(0)
if os.getuid() != 0:
print >> sys.stderr, "Only root can encrypt passwords"
sys.exit(1)
try:
pwd = getpass("Password: "******"Keyfile %s doesn't exist and can't be created, rerun as root" % Password.KEYFILE
sys.exit(1)
except InvalidKeyFile:
print >> sys.stderr, "Can't access keyfile %s, rerun as root" % Password.KEYFILE
sys.exit(1)
print >> sys.stderr, "Use following as value for encrypted_password key in the configuration file:"
print hexlify(enc)
def test_decrypt(self):
self.assertEqual(
Password._crypt(Password.DECRYPT,
'06a9214036b8a15b512e03d534120006',
'3dafba429d9eb430b422da802c9fac41',
unhexlify('e353779c1079aeb82708942dbe77181a')),
b'Single block msg')
def main():
if len(sys.argv) == 2 and sys.argv[1] in ('-h', '--help'):
print """Utility that encrypts passwords for virt-who.
Enter password that should be encrypted. This encrypted password then can be
supplied to virt-who configuration.
This command must be executed as root!
WARNING: root user can still decrypt encrypted passwords!
"""
sys.exit(0)
if os.getuid() != 0:
print >>sys.stderr, "Only root can encrypt passwords"
sys.exit(1)
try:
pwd = getpass("Password: "******"Keyfile %s doesn't exist and can't be created, rerun as root" % Password.KEYFILE
sys.exit(1)
except InvalidKeyFile:
print >>sys.stderr, "Can't access keyfile %s, rerun as root" % Password.KEYFILE
sys.exit(1)
print >>sys.stderr, "Use following as value for encrypted_password key in the configuration file:"
print hexlify(enc)
def testDecrypt(self):
self.assertEqual(
Password._crypt(
Password.DECRYPT,
'06a9214036b8a15b512e03d534120006',
'3dafba429d9eb430b422da802c9fac41',
unhexlify('e353779c1079aeb82708942dbe77181a')),
'Single block msg')
def testCryptedPassword(self, password):
password.return_value = (hexlify(Password._generate_key()), hexlify(Password._generate_key()))
passwd = "TestSecretPassword!"
crypted = hexlify(Password.encrypt(passwd)).decode('utf-8')
filename = os.path.join(self.config_dir, "test.conf")
with open(filename, "w") as f:
f.write("""
[test]
type=esx
server=1.2.3.4
username=admin
encrypted_password=%s
owner=root
""" % crypted)
manager = DestinationToSourceMapper(init_config({}, {}, config_dir=self.config_dir))
self.assertEqual(len(manager.configs), 1)
self.assertEqual(manager.configs[0][1]['password'], passwd)
def testCryptedPassword(self, password):
password.return_value = (hexlify(Password._generate_key()), hexlify(Password._generate_key()))
passwd = "TestSecretPassword!"
crypted = hexlify(Password.encrypt(passwd))
filename = os.path.join(self.config_dir, "test.conf")
with open(filename, "w") as f:
f.write("""
[test]
type=esx
server=1.2.3.4
username=admin
encrypted_password=%s
owner=root
env=staging
""" % crypted)
manager = ConfigManager(self.logger, self.config_dir)
self.assertEqual(len(manager.configs), 1)
self.assertEqual(manager.configs[0].password, passwd)
def testCryptedPassword(self, password):
password.return_value = (hexlify(Password._generate_key()),
hexlify(Password._generate_key()))
passwd = "TestSecretPassword!"
crypted = hexlify(Password.encrypt(passwd))
filename = os.path.join(self.config_dir, "test.conf")
with open(filename, "w") as f:
f.write("""
[test]
type=esx
server=1.2.3.4
username=admin
encrypted_password=%s
owner=root
env=staging
""" % crypted)
manager = ConfigManager(self.logger, self.config_dir)
self.assertEqual(len(manager.configs), 1)
self.assertEqual(manager.configs[0].password, passwd)
def _encrypt_password(self, field, password, encrypt_password=True):
# Make sure the encrypt password field is resetted because we don't want to
# store old encrypted password if the password has changed.
setattr(self, field, None)
# Encrypt the password only if the user want to do so
if not password or not encrypt_password:
return
setattr(self, field, hexlify(Password.encrypt(password)))
getattr(self, field)
def testCryptedPassword(self, password):
password.return_value = (hexlify(Password._generate_key()),
hexlify(Password._generate_key()))
passwd = "TestSecretPassword!"
crypted = hexlify(Password.encrypt(passwd)).decode('utf-8')
filename = os.path.join(self.config_dir, "test.conf")
with open(filename, "w") as f:
f.write("""
[test]
type=esx
server=1.2.3.4
username=admin
encrypted_password=%s
owner=root
""" % crypted)
manager = DestinationToSourceMapper(
init_config({}, config_dir=self.config_dir))
self.assertEqual(len(manager.configs), 1)
self.assertEqual(manager.configs[0][1]['password'], passwd)
def test_validate_encrypted_password_missing_key(self):
"""
Test of validation of encrypted password
"""
self.init_virt_config_section()
self.mock_pwd_file()
# Safe current password
password = self.virt_config['password']
# Delete unencrypted password first
del self.virt_config['password']
# Set up encrypted password
self.virt_config['encrypted_password'] = hexlify(Password.encrypt(password))
# Simulate deleting of key file
Password.KEYFILE = '/path/to/file/that/does/not/exists'
# Do own testing here
result = self.virt_config._validate_encrypted_password('encrypted_password')
self.assertIsNotNone(result)
def test_validate_encrypted_password(self):
"""
Test of validation of encrypted password
"""
self.init_virt_config_section()
self.mock_pwd_file()
# Safe current password
password = self.virt_config['password']
# Delete unencrypted password first
del self.virt_config['password']
# Set up encrypted password
self.virt_config['encrypted_password'] = hexlify(Password.encrypt(password))
# Do own testing here
result = self.virt_config._validate_encrypted_password('encrypted_password')
self.assertIsNone(result)
decrypted_password = self.virt_config.get('password')
self.assertEqual(password, decrypted_password)
self.unmock_pwd_file()
def test_validate_encrypted_password(self):
"""
Test of validation of encrypted password
"""
self.init_virt_config_section()
self.mock_pwd_file()
# Safe current password
password = self.virt_config['password']
# Delete unencrypted password first
del self.virt_config['password']
# Set up encrypted password
self.virt_config['encrypted_password'] = hexlify(Password.encrypt(password))
# Do own testing here
result = self.virt_config._validate_encrypted_password('encrypted_password')
self.assertIsNone(result)
decrypted_password = self.virt_config.get('password')
self.assertEqual(password, decrypted_password)
self.unmock_pwd_file()
def test_unicode(self):
self.mock_pwd_file()
pwd = u'‣'
self.assertEqual(Password.decrypt(Password.encrypt(pwd)), pwd)
def testBackslash(self):
self.mock_pwd_file()
pwd = 'abc\\def'
self.assertEqual(
Password.decrypt(Password.encrypt(pwd)),
pwd)
def testPercent(self):
self.mock_pwd_file()
pwd = 'abc%%def'
self.assertEqual(
Password.decrypt(Password.encrypt(pwd)),
pwd)
def testUnpad(self):
self.assertEqual(hexlify(Password._unpad(unhexlify("00010203040506070809060606060606"))), "00010203040506070809")
def testBoth(self):
self.mock_pwd_file()
pwd = "Test password"
encrypted = Password.encrypt(pwd)
self.assertEqual(pwd, Password.decrypt(encrypted))
def testCryptedPasswordWithoutKey(self):
Password.KEYFILE = "/some/nonexistant/file"
# passwd = "TestSecretPassword!"
with self.assertRaises(InvalidKeyFile):
Password.decrypt(unhexlify("06a9214036b8a15b512e03d534120006"))
def test_unicode(self):
self.mock_pwd_file()
pwd = u'‣'
self.assertEqual(Password.decrypt(Password.encrypt(pwd)), pwd)
def _encrypt_password(self, field, password):
if not password:
return None
setattr(self, field, hexlify(Password.encrypt(password)))
getattr(self, field)
def testCryptedPasswordWithoutKey(self):
Password.KEYFILE = "/some/nonexistant/file"
# passwd = "TestSecretPassword!"
with self.assertRaises(InvalidKeyFile):
Password.decrypt(unhexlify("06a9214036b8a15b512e03d534120006"))
