Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Remove use of crypt, removed module in py3.13 #67789

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Remove use of crypt, removed module in py3.13 #67789

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions requirements/base.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ looseversion
tornado>=6.3.3
aiohttp>=3.9.0
croniter>=0.3.0,!=0.3.22; sys_platform != 'win32'
passlib

# We need contextvars for salt-ssh.
# Even on python versions which ships with contextvars in the standard library!
Expand Down
41 changes: 3 additions & 38 deletions salt/utils/pycrypto.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,6 @@
except ImportError:
HAS_RANDOM = False

try:
import crypt

HAS_CRYPT = True
except (ImportError, PermissionError):
HAS_CRYPT = False

try:
import passlib.context

Expand Down Expand Up @@ -101,10 +94,6 @@ def secure_password(
raise CommandExecutionError(str(exc))


if HAS_CRYPT:
methods = {m.name.lower(): m for m in crypt.methods}
else:
methods = {}
known_methods = ["sha512", "sha256", "blowfish", "md5", "crypt"]


Expand All @@ -130,26 +119,6 @@ def _gen_hash_passlib(crypt_salt=None, password=None, algorithm=None):
return ctx.hash(**kwargs)


def _gen_hash_crypt(crypt_salt=None, password=None, algorithm=None):
"""
Generate /etc/shadow hash using the native crypt module
"""
if crypt_salt is None:
# setting crypt_salt to the algorithm makes crypt generate
# a salt compatible with the specified algorithm.
crypt_salt = methods[algorithm]
else:
if algorithm != "crypt":
# all non-crypt algorithms are specified as part of the salt
crypt_salt = f"${methods[algorithm].ident}${crypt_salt}"

try:
ret = crypt.crypt(password, crypt_salt)
except OSError:
ret = None
return ret


def gen_hash(crypt_salt=None, password=None, algorithm=None):
"""
Generate /etc/shadow hash
Expand All @@ -159,16 +128,12 @@ def gen_hash(crypt_salt=None, password=None, algorithm=None):

if algorithm is None:
# prefer the most secure natively supported method
algorithm = crypt.methods[0].name.lower() if HAS_CRYPT else known_methods[0]
algorithm = known_methods[0]

if algorithm == "crypt" and crypt_salt and len(crypt_salt) != 2:
log.warning("Hash salt is too long for 'crypt' hash.")

if HAS_CRYPT and algorithm in methods:
return _gen_hash_crypt(
crypt_salt=crypt_salt, password=password, algorithm=algorithm
)
elif HAS_PASSLIB and algorithm in known_methods:
if HAS_PASSLIB and algorithm in known_methods:
return _gen_hash_passlib(
crypt_salt=crypt_salt, password=password, algorithm=algorithm
)
Expand All @@ -177,6 +142,6 @@ def gen_hash(crypt_salt=None, password=None, algorithm=None):
"Cannot hash using '{}' hash algorithm. Natively supported "
"algorithms are: {}. If passlib is installed ({}), the supported "
"algorithms are: {}.".format(
algorithm, list(methods), HAS_PASSLIB, known_methods
algorithm, [], HAS_PASSLIB, known_methods
)
)
Loading