remove --stdin option use for passwd #1927

By substituting 'usermod -p' for 'passwd --stdin' when setting user pass we avoid potential future issues on passwd's deprication / removal of the --stdin option: as has been observed in more defensive / progressive implementations of passwd. Elements of commit/pr: - Drop 'passwd --stdin' in favour of 'usermod -p'. - Use crypt module for password pre-encrypt as required for above change, ensuring sha-512 (observed current system default). - Use random full length (16 chars) salt in above. - Add comments for post python3 move enhancements re crypt's use.
rockstor · May 24, 2018 · 1e4b949 · 1e4b949
1 parent 5a15dbe
commit 1e4b949
Showing 1 changed file with 15 additions and 5 deletions.
diff --git a/src/rockstor/system/users.py b/src/rockstor/system/users.py
@@ -28,6 +28,9 @@
 from shutil import move
 from tempfile import mkstemp
 import chardet
+import random
+import string
+import crypt
 
 import logging
 logger = logging.getLogger(__name__)
@@ -36,7 +39,6 @@
 GROUPADD = '/usr/sbin/groupadd'
 USERDEL = '/usr/sbin/userdel'
 GROUPDEL = '/usr/sbin/groupdel'
-PASSWD = '/usr/bin/passwd'
 USERMOD = '/usr/sbin/usermod'
 SMBPASSWD = '/usr/bin/smbpasswd'
 CHOWN = '/usr/bin/chown'
@@ -128,14 +130,22 @@ def get_epasswd(username):
 
 
 def usermod(username, passwd):
-    cmd = [PASSWD, '--stdin', username]
+    # TODO: 'salt = crypt.mksalt()' # Python 3.3 onwards provides system best.
+    # Salt starting "$6$" & of 19 chars signifies SHA-512 current system best.
+    # Salt must contain only [./a-zA-Z0-9] chars (bar first 3 if len > 2)
+    salt_header = '$6$'  # SHA-512
+    rnd = random.SystemRandom()
+    salt = ''.join([rnd.choice(string.ascii_letters + string.digits + './')
+                    for _ in range(16)])
+    crypted_passwd = crypt.crypt(passwd.encode('utf8'), salt_header + salt)
+    cmd = [USERMOD, '-p', crypted_passwd, username]
     p = subprocess.Popen(cmd, shell=False, stdout=subprocess.PIPE,
                          stderr=subprocess.PIPE, stdin=subprocess.PIPE)
-    out, err = p.communicate(input=passwd.encode('utf8'))
+    out, err = p.communicate(input=None)
     rc = p.returncode
-    if (rc != 0):
+    if rc != 0:
         raise CommandException(cmd, out, err, rc)
-    return (out, err, rc)
+    return out, err, rc
 
 
 def smbpasswd(username, passwd):