#! /bin/sh
# Automated password hashing regression tester
#
# Copyright (c) 2008 Red Hat, Inc. All rights reserved.
#
# This is free software; you can redistribute it and/or modify it under
# the terms of the GNU Library General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU Library General Public
# License along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
#
# Author: Miloslav Trmac <mitr@redhat.com>

srcdir=$srcdir/tests

workdir=$(pwd)/test_pwhash

trap 'status=$?; rm -rf "$workdir"; exit $status' 0
trap '(exit 1); exit 1' 1 2 13 15

rm -rf "$workdir"
mkdir "$workdir"

# Set up the environment
mkdir "$workdir"/files

touch "$workdir"/files/passwd "$workdir"/files/shadow
touch "$workdir"/files/group "$workdir"/files/gshadow

LIBUSER_CONF=$workdir/libuser.conf
export LIBUSER_CONF
sed "s|@WORKDIR@|$workdir|g; s|@TOP_BUILDDIR@|$(pwd)|g" \
    < "$srcdir"/pwhash.conf.in > "${LIBUSER_CONF}_"
# Ugly non-portable hacks
LD_LIBRARY_PATH=$(pwd)/lib/.libs
export LD_LIBRARY_PATH
PYTHONPATH=$(pwd)/python/.libs
export PYTHONPATH

cp "${LIBUSER_CONF}_" "$LIBUSER_CONF"
echo 'crypt_style = des' >> "$LIBUSER_CONF"
pw=$(workdir="$workdir" $VALGRIND $PYTHON "$srcdir"/pwhash.py)
if [ "x${pw#\$}" != "x$pw" ]; then
    echo "Invalid DES hash" >&2
    exit 1
fi

cp "${LIBUSER_CONF}_" "$LIBUSER_CONF"
echo 'crypt_style = md5' >> "$LIBUSER_CONF"
pw=$(workdir="$workdir" $VALGRIND $PYTHON "$srcdir"/pwhash.py)
if [ "x${pw#\$1\$}" = "x$pw" ]; then
    echo "Invalid MD5 hash" >&2
    exit 1
fi

cp "${LIBUSER_CONF}_" "$LIBUSER_CONF"
echo 'crypt_style = sha256' >> "$LIBUSER_CONF"
pw=$(workdir="$workdir" $VALGRIND $PYTHON "$srcdir"/pwhash.py)
if [ "x${pw#\$5\$}" = "x$pw" ]; then
    echo "Invalid SHA256 hash" >&2
    exit 1
fi

cp "${LIBUSER_CONF}_" "$LIBUSER_CONF"
echo 'crypt_style = sha512' >> "$LIBUSER_CONF"
pw=$(workdir="$workdir" $VALGRIND $PYTHON "$srcdir"/pwhash.py)
if [ "x${pw#\$6\$}" = "x$pw" ]; then
    echo "Invalid SHA512 hash" >&2
    exit 1
fi

cp "${LIBUSER_CONF}_" "$LIBUSER_CONF"
echo 'crypt_style = blowfish' >> "$LIBUSER_CONF"
pw=$(workdir="$workdir" $VALGRIND $PYTHON "$srcdir"/pwhash.py)
if [ "x${pw#\$2b\$}" = "x$pw" ]; then
    echo "Invalid BLOWFISH hash" >&2
    exit 1
fi

cp "${LIBUSER_CONF}_" "$LIBUSER_CONF"
echo 'crypt_style = yescrypt' >> "$LIBUSER_CONF"
pw=$(workdir="$workdir" $VALGRIND $PYTHON "$srcdir"/pwhash.py)
if [ "x${pw#\$y\$}" = "x$pw" ]; then
    echo "Invalid YESCRYPT hash" >&2
    exit 1
fi

cp "${LIBUSER_CONF}_" "$LIBUSER_CONF"
cat >> "$LIBUSER_CONF" <<\EOF
crypt_style = sha256
hash_rounds_min = 4242
EOF
pw=$(workdir="$workdir" $VALGRIND $PYTHON "$srcdir"/pwhash.py)
if [ "x${pw#\$5\$rounds=4242\$}" = "x$pw" ]; then
    echo "Invalid rounds value" >&2
    exit 1
fi

cp "${LIBUSER_CONF}_" "$LIBUSER_CONF"
cat >> "$LIBUSER_CONF" <<\EOF
crypt_style = sha256
hash_rounds_max = 4243
EOF
pw=$(workdir="$workdir" $VALGRIND $PYTHON "$srcdir"/pwhash.py)
if [ "x${pw#\$5\$rounds=4243\$}" = "x$pw" ]; then
    echo "Invalid rounds value" >&2
    exit 1
fi

cp "${LIBUSER_CONF}_" "$LIBUSER_CONF"
cat >> "$LIBUSER_CONF" <<\EOF
crypt_style = sha256
hash_rounds_min = 4244
hash_rounds_max = 4244
EOF
pw=$(workdir="$workdir" $VALGRIND $PYTHON "$srcdir"/pwhash.py)
if [ "x${pw#\$5\$rounds=4244\$}" = "x$pw" ]; then
    echo "Invalid rounds value" >&2
    exit 1
fi

cp "${LIBUSER_CONF}_" "$LIBUSER_CONF"
cat >> "$LIBUSER_CONF" <<\EOF
crypt_style = sha256
hash_rounds_min = 4246
hash_rounds_max = 4245
EOF
pw=$(workdir="$workdir" $VALGRIND $PYTHON "$srcdir"/pwhash.py)
if [ "x${pw#\$5\$rounds=4246\$}" = "x$pw" ]; then
    echo "Invalid rounds value" >&2
    exit 1
fi

cp "${LIBUSER_CONF}_" "$LIBUSER_CONF"
cat >> "$LIBUSER_CONF" <<\EOF
crypt_style = sha256
hash_rounds_min = 4247
hash_rounds_max = 4247
EOF
pw=$(workdir="$workdir" $VALGRIND $PYTHON "$srcdir"/pwhash.py)
if [ "x${pw#\$5\$rounds=4247\$}" = "x$pw" ]; then
    echo "Invalid rounds value" >&2
    exit 1
fi

cp "${LIBUSER_CONF}_" "$LIBUSER_CONF"
cat >> "$LIBUSER_CONF" <<\EOF
crypt_style = sha256
hash_rounds_min = 50000
hash_rounds_max = 59999
EOF
pw=$(workdir="$workdir" $VALGRIND $PYTHON "$srcdir"/pwhash.py)
if [ "x${pw#\$5\$rounds=5????\$}" = "x$pw" ]; then
    echo "Invalid rounds value" >&2
    exit 1
fi

