Merge "Add MAX_PASSWORD_LENGTH check in backendutils." into stable/diablo

2012-03-28 15:17:54 +00:00 · 2012-03-28 15:17:54 +00:00 · 79a9fde506
parent 7a1c186142 7b07f87070
commit 79a9fde506
4 changed files with 41 additions and 1 deletions
--- a/.mailmap
+++ b/.mailmap
@ -1,3 +1,4 @@
+<dprince@redhat.com> <dan.prince@rackspace.com>
 <dolph.mathews@rackspace.com> <dolph.mathews@gmail.com>
 <jeblair@hp.com> <corvus@gnu.org>
 <jeblair@hp.com> <james.blair@rackspace.com>
--- a/2
+++ b/2
@ -3,7 +3,7 @@ Alex Silva <alex.silva@M1BPAGY.(none)>
 Anne Gentle <anne@openstack.org>
 Anthony Young <sleepsonthefloor@gmail.com>
 Brian Lamar <brian.lamar@gmail.com>
-Dan Prince <dan.prince@rackspace.com>
+Dan Prince <dprince@redhat.com>
 Dolph Mathews <dolph.mathews@gmail.com>
 gholt <gholt@brim.net>
 jabdul <abdulkader.j@hcl.com>
--- a/keystone/backends/backendutils.py
+++ b/keystone/backends/backendutils.py
@ -2,6 +2,8 @@ from keystone.backends import models
 import keystone.backends as backends
 from passlib.hash import sha512_crypt as sc

+MAX_PASSWORD_LENGTH = 4096
+

 def __get_hashed_password(password):
    if password != None and len(password) > 0:
@ -28,6 +30,8 @@ def check_password(raw_password, enc_password):
    if not raw_password:
        return False
    if backends.SHOULD_HASH_PASSWORD:
+        if len(raw_password) > MAX_PASSWORD_LENGTH:
+            raw_password = raw_password[:MAX_PASSWORD_LENGTH]
        return sc.verify(raw_password, enc_password)
    else:
        return enc_password == raw_password
@ -39,6 +43,8 @@ def __make_password(raw_password):
    """
    if raw_password is None:
        return None
+    if len(raw_password) > MAX_PASSWORD_LENGTH:
+        raw_password = raw_password[:MAX_PASSWORD_LENGTH]
    hsh = __get_hexdigest(raw_password)
    return '%s' % (hsh)

--- a/keystone/test/unit/test_backendutils.py
+++ b/keystone/test/unit/test_backendutils.py
@ -0,0 +1,33 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+# Copyright (c) 2010-2011 OpenStack, LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+import unittest2 as unittest
+import keystone.backends.backendutils as backendutils
+import keystone.backends as backends
+
+
+class BackendUtilsTest(unittest.TestCase):
+
+    def setUp(self):
+        backends.SHOULD_HASH_PASSWORD = True
+
+    def test_check_long_password(self):
+        bigboy = '0' * 9999999
+        values = {'password': bigboy}
+        backendutils.set_hashed_password(values)
+        hashed_pw = values['password']
+        self.assertTrue(backendutils.check_password(bigboy, hashed_pw))