don't warn about using a yescrypt hash as user password (#82071)

* dont warn about using a yescrypt hash as password Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * add changelog Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * add yescrypt test Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> --------- Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
author: Thomas Sjögren <konstruktoid@users.noreply.github.com> 2023-10-26 21:03:49 +0200
committer: GitHub <noreply@github.com> 2023-10-26 21:03:49 +0200
commit: fb8ede22e1641c0df37a31cba569841fdcc529c3 (patch)
tree: 15836e0cce508797c56ed3c788bdb2d4757a7aaa
parent: Consolidate systemd detection logic (#81809) (diff)
download: ansible-fb8ede22e1641c0df37a31cba569841fdcc529c3.tar.xz
ansible-fb8ede22e1641c0df37a31cba569841fdcc529c3.zip
3 files changed, 18 insertions, 1 deletions
diff --git a/changelogs/fragments/user-accept-yescrypt-hash.yml b/changelogs/fragments/user-accept-yescrypt-hash.yml
new file mode 100644
index 0000000000..2588fd4ade
--- /dev/null
+++ b/changelogs/fragments/user-accept-yescrypt-hash.yml
@@ -0,0 +1,2 @@
+minor_changes:
+- user - accept yescrypt hash as user password
diff --git a/lib/ansible/modules/user.py b/lib/ansible/modules/user.py
index 0ad20e4890..27c8afa09a 100644
--- a/lib/ansible/modules/user.py
+++ b/lib/ansible/modules/user.py
@@ -631,6 +631,9 @@ class User(object):
                         # sha512
                         if fields[1] == '6' and len(fields[-1]) != 86:
                             maybe_invalid = True
+                        # yescrypt
+                        if fields[1] == 'y' and len(fields[-1]) != 43:
+                            maybe_invalid = True
                     else:
                         maybe_invalid = True
             if maybe_invalid:
diff --git a/test/integration/targets/user/tasks/test_create_user_password.yml b/test/integration/targets/user/tasks/test_create_user_password.yml
index 02aae00399..fccdbab043 100644
--- a/test/integration/targets/user/tasks/test_create_user_password.yml
+++ b/test/integration/targets/user/tasks/test_create_user_password.yml
@@ -1,5 +1,5 @@
 # test user add with password
-- name: add an encrypted password for user
+- name: add an sha512 password for user
   user:
     name: ansibulluser
     password: "$6$rounds=656000$TT4O7jz2M57npccl$33LF6FcUMSW11qrESXL1HX0BS.bsiT6aenFLLiVpsQh6hDtI9pJh5iY7x8J7ePkN4fP8hmElidHXaeD51pbGS."
@@ -88,3 +88,15 @@
           - "'warnings' not in test_user_encrypt3"
           - "'warnings' not in test_user_encrypt4"
           - "'warnings' not in test_user_encrypt5"
+
+- name: add an yescrypt password for user
+  user:
+    name: ansibulluser
+    password: "$y$jCT$ZiF3ZV39/maUl9Lzt2Hk80$Ih6bI4OXU52OnWWqt3T1BAmVn8eH.4qlcP.8/NOjGN5"
+    state: present
+    update_password: always
+  register: test_user_encrypt6
+
+- name: there should not be warnings
+  assert:
+    that: "'warnings' not in test_user_encrypt6"
author	Thomas Sjögren <konstruktoid@users.noreply.github.com>	2023-10-26 21:03:49 +0200
committer	GitHub <noreply@github.com>	2023-10-26 21:03:49 +0200
commit	fb8ede22e1641c0df37a31cba569841fdcc529c3 (patch)
tree	15836e0cce508797c56ed3c788bdb2d4757a7aaa
parent	Consolidate systemd detection logic (#81809) (diff)
download	ansible-fb8ede22e1641c0df37a31cba569841fdcc529c3.tar.xz ansible-fb8ede22e1641c0df37a31cba569841fdcc529c3.zip