From 18128955b572a858bd1559b2568aba3fd8e93d69 Mon Sep 17 00:00:00 2001 From: Eli Collins Date: Wed, 27 Jun 2012 14:40:07 -0400 Subject: reworked platform_crypt_support test to be more granular, updated to account for FreeBSD 8.3+ supporting SHA512-Crypt --- CHANGES | 8 ++++ docs/modular_crypt_format.rst | 4 +- passlib/tests/test_handlers.py | 83 +++++++++++++++--------------------------- passlib/tests/utils.py | 35 +++++++++++------- 4 files changed, 60 insertions(+), 70 deletions(-) diff --git a/CHANGES b/CHANGES index af48dad..cf72a3d 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,14 @@ Release History =============== +**1.6.1** (NOT YET RELEASED) +============================ + + Minor bugfix release + + * FreeBSD 8.3+ has native support for SHA512-Crypt, + updated unittests and documentation accordingly (:issue:`35`) + **1.6** (2012-05-01) ==================== diff --git a/docs/modular_crypt_format.rst b/docs/modular_crypt_format.rst index 22a285a..bab73d1 100644 --- a/docs/modular_crypt_format.rst +++ b/docs/modular_crypt_format.rst @@ -135,8 +135,8 @@ Scheme Prefix Linux FreeBSD :class:`~passlib.hash.bcrypt` ``$2$``, ``$2a$``, ``$2x$``, ``$2y$`` y y y y :class:`~passlib.hash.bsd_nthash` ``$3$`` y -:class:`~passlib.hash.sha256_crypt` ``$5$`` y y -:class:`~passlib.hash.sha512_crypt` ``$6$`` y y +:class:`~passlib.hash.sha256_crypt` ``$5$`` y 8.3+ y +:class:`~passlib.hash.sha512_crypt` ``$6$`` y 8.3+ y :class:`~passlib.hash.sha1_crypt` ``$sha1$`` y ==================================== ==================== =========== =========== =========== =========== ======= ======= diff --git a/passlib/tests/test_handlers.py b/passlib/tests/test_handlers.py index f568b49..e71d842 100644 --- a/passlib/tests/test_handlers.py +++ b/passlib/tests/test_handlers.py @@ -179,14 +179,12 @@ class _bcrypt_test(HandlerCase): # but we can reliably correct & issue a warning for that. ] - platform_crypt_support = dict( - freebsd=True, - openbsd=True, - netbsd=True, - darwin=False, - # linux - some systems + platform_crypt_support = [ + ("freedbsd|openbsd|netbsd", True), + ("darwin", False), + # linux - may be present via addon, e.g. debian's libpam-unix2 # solaris - depends on policy - ) + ] #=============================================================== # override some methods @@ -458,14 +456,10 @@ class _bsdi_crypt_test(HandlerCase): "_K1.!crsmZxOLzfJH8iw" ] - platform_crypt_support = dict( - freebsd=True, - openbsd=True, - netbsd=True, - linux=False, - solaris=False, - darwin=True, - ) + platform_crypt_support = [ + ("freebsd|openbsd|netbsd|darwin", True), + ("linux|solaris", False), + ] def setUp(self): super(_bsdi_crypt_test, self).setUp() @@ -687,14 +681,9 @@ class _des_crypt_test(HandlerCase): 'OgAwTx2l6NADIj', ] - platform_crypt_support = dict( - freebsd=True, - openbsd=True, - netbsd=True, - linux=True, - solaris=True, - darwin=True, - ) + platform_crypt_support = [ + ("freebsd|openbsd|netbsd|linux|solaris|darwin", True), + ] des_crypt_os_crypt_test, des_crypt_builtin_test = \ _des_crypt_test.create_backend_cases(["os_crypt","builtin"]) @@ -1383,14 +1372,10 @@ class _md5_crypt_test(HandlerCase): '$1$dOHYPKoP$tnxS1T8Q6VVn3kpV8cN6o.$', ] - platform_crypt_support = dict( - freebsd=True, - openbsd=True, - netbsd=True, - linux=True, - solaris=True, - darwin=False, - ) + platform_crypt_support = [ + ("freebsd|openbsd|netbsd|linux|solaris", True), + ("darwin", False), + ] md5_crypt_os_crypt_test, md5_crypt_builtin_test = \ _md5_crypt_test.create_backend_cases(["os_crypt","builtin"]) @@ -2348,14 +2333,10 @@ class _sha1_crypt_test(HandlerCase): '$sha1$$uV7PTeux$I9oHnvwPZHMO0Nq6/WgyGV/tDJIH$', ] - platform_crypt_support = dict( - freebsd=False, - openbsd=False, - netbsd=True, - linux=False, - solaris=False, - darwin=False, - ) + platform_crypt_support = [ + ("netbsd", True), + ("freebsd|openbsd|linux|solaris|darwin", False), + ] sha1_crypt_os_crypt_test, sha1_crypt_builtin_test = \ _sha1_crypt_test.create_backend_cases(["os_crypt","builtin"]) @@ -2488,14 +2469,12 @@ class _sha256_crypt_test(HandlerCase): filter_config_warnings = True # rounds too low, salt too small - platform_crypt_support = dict( - freebsd=False, - openbsd=False, - netbsd=False, - linux=True, + platform_crypt_support = [ + ("freebsd(9|1\d)|linux", True), + ("freebsd8", None), # added in freebsd 8.3 + ("freebsd|openbsd|netbsd|darwin", False), # solaris - depends on policy - darwin=False, - ) + ] sha256_crypt_os_crypt_test, sha256_crypt_builtin_test = \ _sha256_crypt_test.create_backend_cases(["os_crypt","builtin"]) @@ -2687,14 +2666,10 @@ class sun_md5_crypt_test(HandlerCase): ] - platform_crypt_support = dict( - freebsd=False, - openbsd=False, - netbsd=False, - linux=False, - solaris=True, - darwin=False, - ) + platform_crypt_support = [ + ("solaris", True), + ("freebsd|openbsd|netbsd|linux|darwin", False), + ] def do_verify(self, secret, hash): # override to fake error for "$..." hash strings listed in known_config. diff --git a/passlib/tests/utils.py b/passlib/tests/utils.py index 5c62dce..38c7a0b 100644 --- a/passlib/tests/utils.py +++ b/passlib/tests/utils.py @@ -1894,8 +1894,8 @@ class OsCryptMixin(HandlerCase): # option flags #========================================================= # platforms that are known to support / not support this hash natively. - # encodeds as os.platform prefixes. - platform_crypt_support = dict() + # list of (platform_regex, True|False|None) entries. + platform_crypt_support = [] #========================================================= # instance attrs @@ -1994,21 +1994,28 @@ class OsCryptMixin(HandlerCase): def test_82_crypt_support(self): "test platform-specific crypt() support detection" + # NOTE: this is mainly just a sanity check to ensure the runtime + # detection is functioning correctly on some known platforms, + # so that I can feel more confident it'll work right on unknown ones. if hasattr(self.handler, "orig_prefix"): raise self.skipTest("not applicable to wrappers") platform = sys.platform - for name, flag in self.platform_crypt_support.items(): - if not platform.startswith(name): - continue - if flag != self.using_patched_crypt: - return - if flag: - self.fail("expected %r platform would have native support " - "for %r" % (platform, self.handler.name)) - else: - self.fail("expected %r platform would NOT have native support " - "for %r" % (platform, self.handler.name)) - raise self.skipTest("no data for %r platform" % platform) + for pattern, state in self.platform_crypt_support: + if re.match(pattern, platform): + break + else: + raise self.skipTest("no data for %r platform" % platform) + if state is None: + # e.g. platform='freebsd8' ... sha256_crypt not added until 8.3 + raise self.skipTest("varied support on %r platform" % platform) + elif state != self.using_patched_crypt: + return + elif state: + self.fail("expected %r platform would have native support " + "for %r" % (platform, self.handler.name)) + else: + self.fail("did not expect %r platform would have native support " + "for %r" % (platform, self.handler.name)) #========================================================= # eoc -- cgit v1.2.1