Cleanup logic and be more paranoid about passwords with spaces

This commit is contained in:
Toshio Kuratomi 2015-10-12 12:55:33 -07:00
parent 5c5806d669
commit b58d7470d4

View file

@ -134,22 +134,29 @@ class LookupModule(LookupBase):
f.write(content + '\n') f.write(content + '\n')
else: else:
content = open(path).read().rstrip() content = open(path).read().rstrip()
sep = content.find(' ')
if sep >= 0: if params['encrypt'] is not None:
password = content[:sep] try:
salt = content[sep + 1:].split('=')[1] sep = content.rindex(' ')
else: except ValueError:
password = content password = content
salt = None salt = None
else:
salt_field = content[sep + 1:]
if salt_field.startswith('salt='):
password = content[:sep]
salt = salt_field[len('salt=':]
else:
password = content
salt = None
# crypt requested, add salt if missing # crypt requested, add salt if missing
if (params['encrypt'] is not None and not salt): if not salt:
salt = self.random_salt() salt = self.random_salt()
content = '%s salt=%s' % (password, salt) content = '%s salt=%s' % (password, salt)
with open(path, 'w') as f: with open(path, 'w') as f:
os.chmod(path, 0o600) os.chmod(path, 0o600)
f.write(content + '\n') f.write(content + '\n')
if params['encrypt']: if params['encrypt']:
password = do_encrypt(password, params['encrypt'], salt=salt) password = do_encrypt(password, params['encrypt'], salt=salt)