def check_password(username, password, encrypted=False): ''' Check if passed password is the one assigned to user .. code-block: bash salt '*' nxos.cmd check_password username=admin password=admin salt '*' nxos.cmd check_password username=admin \ password='******' \ encrypted=True ''' hash_algorithms = { '1': 'md5', '2a': 'blowfish', '5': 'sha256', '6': 'sha512', } password_line = get_user(username) if not password_line: return None if '!!' in password_line: return False cur_hash = re.search(r'(\$[0-6](?:\$[^$ ]+)+)', password_line).group(0) if encrypted is False: hash_type, cur_salt, hashed_pass = re.search( r'^\$([0-6])\$([^$]+)\$(.*)$', cur_hash).groups() new_hash = gen_hash(crypt_salt=cur_salt, password=password, algorithm=hash_algorithms[hash_type]) else: new_hash = password if new_hash == cur_hash: return True return False
def set_password( username, password, encrypted=False, role=None, crypt_salt=None, algorithm="sha256", **kwargs ): """ Set users password on switch. username Username to configure password Password to configure for username encrypted Whether or not to encrypt the password Default: False role Configure role for the username Default: None crypt_salt Configure crypt_salt setting Default: None algorithm Encryption algorithm Default: sha256 save_config If False, don't save configuration commands to startup configuration. If True, save configuration to startup configuration. Default: True .. code-block:: bash salt '*' nxos.set_password admin TestPass salt '*' nxos.set_password admin \\ password='******' \\ encrypted=True """ if algorithm == "blowfish": raise SaltInvocationError("Hash algorithm requested isn't available on nxos") get_user(username, **kwargs) # verify user exists if encrypted is False: hashed_pass = gen_hash( crypt_salt=crypt_salt, password=password, algorithm=algorithm ) else: hashed_pass = password password_line = "username {} password 5 {}".format(username, hashed_pass) if role is not None: password_line += " role {}".format(role) kwargs = clean_kwargs(**kwargs) return config(password_line, **kwargs)
def set_password(username, password, encrypted=False, role=None, crypt_salt=None, algorithm='sha256'): ''' Set users password on switch .. code-block:: bash salt '*' nxos.cmd set_password admin TestPass salt '*' nxos.cmd set_password admin \\ password='******' \\ encrypted=True ''' password_line = get_user(username) if encrypted is False: if crypt_salt is None: # NXOS does not like non alphanumeric characters. Using the random module from pycrypto # can lead to having non alphanumeric characters in the salt for the hashed password. crypt_salt = secure_password(8, use_random=False) hashed_pass = gen_hash(crypt_salt=crypt_salt, password=password, algorithm=algorithm) else: hashed_pass = password password_line = 'username {0} password 5 {1}'.format(username, hashed_pass) if role is not None: password_line += ' role {0}'.format(role) try: sendline('config terminal') ret = sendline(password_line) sendline('end') sendline('copy running-config startup-config') return '\n'.join([password_line, ret]) except TerminalException as e: log.error(e) return 'Failed to set password'
def check_password(username, password, encrypted=False): ''' Check if passed password is the one assigned to user .. code-block: bash salt '*' nxos.cmd check_password username=admin password=admin salt '*' nxos.cmd check_password username=admin \\ password='******' \\ encrypted=True ''' hash_algorithms = {'1': 'md5', '2a': 'blowfish', '5': 'sha256', '6': 'sha512', } password_line = get_user(username) if not password_line: return None if '!!' in password_line: return False cur_hash = re.search(r'(\$[0-6](?:\$[^$ ]+)+)', password_line).group(0) if encrypted is False: hash_type, cur_salt, hashed_pass = re.search(r'^\$([0-6])\$([^$]+)\$(.*)$', cur_hash).groups() new_hash = gen_hash(crypt_salt=cur_salt, password=password, algorithm=hash_algorithms[hash_type]) else: new_hash = password if new_hash == cur_hash: return True return False
def check_password(username, password, encrypted=False): """ Check if passed password is the one assigned to user .. code-block:: bash salt '*' nxos.cmd check_password username=admin password=admin salt '*' nxos.cmd check_password username=admin \\ password='******' \\ encrypted=True """ hash_algorithms = { "1": "md5", "2a": "blowfish", "5": "sha256", "6": "sha512", } password_line = get_user(username) if not password_line: return None if "!!" in password_line: return False cur_hash = re.search(r"(\$[0-6](?:\$[^$ ]+)+)", password_line).group(0) if encrypted is False: hash_type, cur_salt, hashed_pass = re.search( r"^\$([0-6])\$([^$]+)\$(.*)$", cur_hash).groups() new_hash = gen_hash(crypt_salt=cur_salt, password=password, algorithm=hash_algorithms[hash_type]) else: new_hash = password if new_hash == cur_hash: return True return False
def set_password(username, password, encrypted=False, role=None, crypt_salt=None, algorithm='sha256', **kwargs): ''' Set users password on switch. username Username to configure password Password to configure for username encrypted Whether or not to encrypt the password Default: False role Configure role for the username Default: None crypt_salt Configure crypt_salt setting Default: None alogrithm Encryption algorithm Default: sha256 no_save_config If True, don't save configuration commands to startup configuration. If False, save configuration to startup configuration. Default: False .. code-block:: bash salt '*' nxos.cmd set_password admin TestPass salt '*' nxos.cmd set_password admin \\ password='******' \\ encrypted=True ''' password_line = get_user(username, **kwargs) if encrypted is False: if crypt_salt is None: # NXOS does not like non alphanumeric characters. Using the random module from pycrypto # can lead to having non alphanumeric characters in the salt for the hashed password. crypt_salt = secure_password(8, use_random=False) hashed_pass = gen_hash(crypt_salt=crypt_salt, password=password, algorithm=algorithm) else: hashed_pass = password password_line = 'username {0} password 5 {1}'.format(username, hashed_pass) if role is not None: password_line += ' role {0}'.format(role) return config(password_line, **kwargs)
def gen_password(): """ generate a password and hash it """ password = "".join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) hashed_pwd = gen_hash("salt", password, "sha512") return password, hashed_pwd
def gen_password(): ''' generate a password and hash it ''' password = ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) hashed_pwd = gen_hash('salt', password, 'sha512') return password, hashed_pwd
def gen_password(): """ generate a password and hash it """ password = "".join( random.choice(string.ascii_letters + string.digits) for _ in range(20)) hashed_pwd = (password if salt.utils.platform.is_darwin() else gen_hash( "salt", password, "sha512")) return password, hashed_pwd
def check_password(username, password, encrypted=False, **kwargs): """ Verify user password. username Username on which to perform password check password Password to check encrypted Whether or not the password is encrypted Default: False .. code-block: bash salt '*' nxos.check_password username=admin password=admin salt '*' nxos.check_password username=admin \\ password='******' \\ encrypted=True """ hash_algorithms = { "1": "md5", "2a": "blowfish", "5": "sha256", "6": "sha512", } password_line = get_user(username, **kwargs) if not password_line: return None if "!" in password_line: return False cur_hash = re.search(r"(\$[0-6](?:\$[^$ ]+)+)", password_line).group(0) if encrypted is False: hash_type, cur_salt, hashed_pass = re.search( r"^\$([0-6])\$([^$]+)\$(.*)$", cur_hash ).groups() new_hash = gen_hash( crypt_salt=cur_salt, password=password, algorithm=hash_algorithms[hash_type], force=True, ) else: new_hash = password if new_hash == cur_hash: return True return False
def gen_password(): ''' generate a password and hash it ''' alphabet = ('abcdefghijklmnopqrstuvwxyz' '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ') password = '' # generate password for _ in range(20): next_index = random.randrange(len(alphabet)) password += alphabet[next_index] # hash the password hashed_pwd = gen_hash('salt', password, 'sha512') return (password, hashed_pwd)
def check_password(username, password, encrypted=False, **kwargs): ''' Verify user password. username Username on which to perform password check password Password to check encrypted Whether or not the password is encrypted Default: False .. code-block: bash salt '*' nxos.cmd check_password username=admin password=admin salt '*' nxos.cmd check_password username=admin \\ password='******' \\ encrypted=True ''' hash_algorithms = { '1': 'md5', '2a': 'blowfish', '5': 'sha256', '6': 'sha512', } password_line = get_user(username, **kwargs) if not password_line: return None if '!' in password_line: return False cur_hash = re.search(r'(\$[0-6](?:\$[^$ ]+)+)', password_line).group(0) if encrypted is False: hash_type, cur_salt, hashed_pass = re.search( r'^\$([0-6])\$([^$]+)\$(.*)$', cur_hash).groups() new_hash = gen_hash(crypt_salt=cur_salt, password=password, algorithm=hash_algorithms[hash_type]) else: new_hash = password if new_hash == cur_hash: return True return False
def test_pam_auth_valid_user(self): ''' test pam auth mechanism is working with a valid user ''' alphabet = ('abcdefghijklmnopqrstuvwxyz' '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ') self.password = '' # generate password for _ in range(20): next_index = random.randrange(len(alphabet)) self.password = self.password + alphabet[next_index] # hash the password from salt.utils.pycrypto import gen_hash pwd = gen_hash('salt', self.password, 'sha512') self.run_call("shadow.set_password saltdev '{0}'".format(pwd)) cmd = ('-a pam "*"' ' test.ping --username {0}' ' --password {1}'.format('saltdev', self.password)) resp = self.run_salt(cmd) self.assertTrue('minion:' in resp)