diff options
-rw-r--r-- | .mailmap | 1 | ||||
-rw-r--r-- | AUTHORS | 2 | ||||
-rw-r--r-- | keystone/backends/backendutils.py | 6 | ||||
-rw-r--r-- | keystone/test/unit/test_backendutils.py | 33 |
4 files changed, 41 insertions, 1 deletions
@@ -1,3 +1,4 @@ +<dprince@redhat.com> <dan.prince@rackspace.com> <dolph.mathews@rackspace.com> <dolph.mathews@gmail.com> <jeblair@hp.com> <corvus@gnu.org> <jeblair@hp.com> <james.blair@rackspace.com> @@ -3,7 +3,7 @@ Alex Silva <alex.silva@M1BPAGY.(none)> Anne Gentle <anne@openstack.org> Anthony Young <sleepsonthefloor@gmail.com> Brian Lamar <brian.lamar@gmail.com> -Dan Prince <dan.prince@rackspace.com> +Dan Prince <dprince@redhat.com> Dolph Mathews <dolph.mathews@gmail.com> gholt <gholt@brim.net> jabdul <abdulkader.j@hcl.com> diff --git a/keystone/backends/backendutils.py b/keystone/backends/backendutils.py index 02970b35f..54dd496f5 100644 --- a/keystone/backends/backendutils.py +++ b/keystone/backends/backendutils.py @@ -2,6 +2,8 @@ from keystone.backends import models import keystone.backends as backends from passlib.hash import sha512_crypt as sc +MAX_PASSWORD_LENGTH = 4096 + def __get_hashed_password(password): if password != None and len(password) > 0: @@ -28,6 +30,8 @@ def check_password(raw_password, enc_password): if not raw_password: return False if backends.SHOULD_HASH_PASSWORD: + if len(raw_password) > MAX_PASSWORD_LENGTH: + raw_password = raw_password[:MAX_PASSWORD_LENGTH] return sc.verify(raw_password, enc_password) else: return enc_password == raw_password @@ -39,6 +43,8 @@ def __make_password(raw_password): """ if raw_password is None: return None + if len(raw_password) > MAX_PASSWORD_LENGTH: + raw_password = raw_password[:MAX_PASSWORD_LENGTH] hsh = __get_hexdigest(raw_password) return '%s' % (hsh) diff --git a/keystone/test/unit/test_backendutils.py b/keystone/test/unit/test_backendutils.py new file mode 100644 index 000000000..c90a47f4e --- /dev/null +++ b/keystone/test/unit/test_backendutils.py @@ -0,0 +1,33 @@ +# vim: tabstop=4 shiftwidth=4 softtabstop=4 +# Copyright (c) 2010-2011 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import unittest2 as unittest +import keystone.backends.backendutils as backendutils +import keystone.backends as backends + + +class BackendUtilsTest(unittest.TestCase): + + def setUp(self): + backends.SHOULD_HASH_PASSWORD = True + + def test_check_long_password(self): + bigboy = '0' * 9999999 + values = {'password': bigboy} + backendutils.set_hashed_password(values) + hashed_pw = values['password'] + self.assertTrue(backendutils.check_password(bigboy, hashed_pw)) |