This repository has been archived by the owner on Feb 8, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
Fixes #8765: Add new password type 'pre-hashed' and 'script' #88
Merged
Normation-Quality-Assistant
merged 1 commit into
Normation:branches/rudder/3.1
from
VinceMacBuche:ust_8765/add_new_password_type_pre_hashed_and_script
Jul 27, 2016
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -72,11 +72,20 @@ object HashAlgoConstraint { | |
/* | ||
* Actually do not hash the result | ||
*/ | ||
object PLAIN extends HashAlgoConstraint { | ||
object PLAIN extends HashAlgoConstraint { | ||
override def hash(input:Array[Byte]) : String = new String(input, "UTF-8") | ||
override val prefix = "plain" | ||
} | ||
|
||
object PreHashed extends HashAlgoConstraint { | ||
override def hash(input:Array[Byte]) : String = new String(input, "UTF-8") | ||
override val prefix = "pre-hashed" | ||
} | ||
|
||
object SCRIPT extends HashAlgoConstraint { | ||
override def hash(input:Array[Byte]) : String = new String(input, "UTF-8") | ||
override val prefix = "script" | ||
} | ||
/* | ||
* Simple standard hash: MD5, SHA-1,256,512 | ||
*/ | ||
|
@@ -136,7 +145,6 @@ object HashAlgoConstraint { | |
override val prefix = "linux-shadow-sha512" | ||
} | ||
|
||
|
||
/* | ||
* AIX /etc/security/user hash, as explained here: | ||
* | ||
|
@@ -177,18 +185,17 @@ object HashAlgoConstraint { | |
override val prefix = "unix-crypt-des" | ||
} | ||
|
||
|
||
sealed trait DerivedPasswordType { | ||
//name, for ex for unserialisation | ||
def name: String ; | ||
def name: String | ||
//the total mapping from a hashalgo to another | ||
def hash(h: HashAlgoConstraint): HashAlgoConstraint | ||
} | ||
|
||
final object DerivedPasswordType { | ||
|
||
final case object AIX extends DerivedPasswordType { | ||
final val name = "aix" | ||
final val name = "AIX" | ||
|
||
def hash(h: HashAlgoConstraint) = h match { | ||
case LinuxShadowMD5 => AixMD5 | ||
|
@@ -199,7 +206,7 @@ object HashAlgoConstraint { | |
} | ||
|
||
final case object Linux extends DerivedPasswordType { | ||
final val name = "linux" | ||
final val name = "Unix" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. doesn't it break something ? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I kept the constructor that use 'Linux', name is only used a display |
||
|
||
def hash(h: HashAlgoConstraint) = h match { | ||
case AixMD5 => LinuxShadowMD5 | ||
|
@@ -211,12 +218,10 @@ object HashAlgoConstraint { | |
//solaris, etc: todo | ||
} | ||
|
||
|
||
///// | ||
///// Generic methods on algos | ||
///// | ||
|
||
|
||
def algorithms = values[HashAlgoConstraint] | ||
|
||
/** | ||
|
@@ -228,6 +233,8 @@ object HashAlgoConstraint { | |
def sort(algos: Set[HashAlgoConstraint]): Seq[HashAlgoConstraint] = { | ||
def order(algo: HashAlgoConstraint): Int = algo match { | ||
case PLAIN => 1 | ||
case PreHashed => 1 | ||
case SCRIPT => 1 | ||
case LinuxShadowMD5 => 21 | ||
case LinuxShadowSHA256 => 22 | ||
case LinuxShadowSHA512 => 23 | ||
|
@@ -263,7 +270,7 @@ object HashAlgoConstraint { | |
private[this] val format = """([\w-]+):(.*)""".r | ||
def unserializeIn(algos: Set[HashAlgoConstraint], value:String): Box[(HashAlgoConstraint, String)] = value match { | ||
case format(algo,h) => HashAlgoConstraint.fromStringIn(algos, algo) match { | ||
case None => Failure(s"Unknown algorithm ${algo}. List of know algorithme: ${algoNames(algos)}") | ||
case None => Failure(s"Unknown algorithm ${algo}. List of know algorithm: ${algoNames(algos)}") | ||
case Some(a) => Full((a,h)) | ||
} | ||
case _ => Failure(s"Bad format of serialized hashed value, expected format is: 'algorithme:hash', with algorithm among: ${algoNames(algos)}") | ||
|
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
doesn't it have other impact in term of code ?
what is it expected to do when it's a script ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To evaluate this variable as a script.
But the main goal is to provide a way to identify that the user would like to do a script, and ease it's usability
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but there is nothing in code to change behaviour if it's a script ...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll let the evaluation do it for me.
Not a problem to me if it does nothing but i can identify and help the user to enter a script
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not a problem either if other hashes containing script are evalutated.
In fact that's a plain text that indicate that you want to save a script, but maybe it's not containing one.
In fact It does not indicate that the values should be evaluated as a script, but only that the user wanted to enter a script in there
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok