[SERVER-211] jruby String::crypt gives the wrong hash Created: 2014/11/27
Updated:
2015/12/30 Resolved: 2015/04/07
Status:
Project:
Component/s:
Affects
Version/s:
Fix Version/s:
Resolved
Puppet Server
Puppet Server
SERVER 0.4.0
Type:
Reporter:
Resolution:
Labels:
Remaining
Estimate:
Time Spent:
Original
Estimate:
Environment:
Bug
Pierre-Francois Carpentier
Fixed
None
Not Specified
Issue Links:
Duplicate
duplicates SERVER-102 follow jruby gem path bug, and consid... Resolved
Template:
QA Contact:
QA Status:
QA Risk
Assessment:
customfield_10700 true
Erik Dasher
Reviewed
Low
SERVER 2.0.0, SERVER 1.0.8
Priority:
Assignee:
Votes:
Normal
Unassigned
2
Not Specified
Not Specified


CentOS 7 x86_64
puppetserver-0.4.0-1.el7.noarch
Description
String::crypt permits to calculate the hash of a given password and salt (http://www.rubydoc.org/core-2.1.5/String.html#method-i-crypt).
It's very useful and probably very common when creating users with their password in puppet
(usage example: https://gist.github.com/pschyska/26002d5f8ee0da2a9ea0).
However String::crypt is broken in jruby (https://github.com/jruby/jruby/issues/1035), and,
consequently, in puppetserver.
A possible work around is to call the equivalent function in java as shown in
https://gist.github.com/kakwa/6244f3336b8d65cdbb91
Comments
Comment by Pierre-Francois Carpentier [ 2014/11/27 ]
From the jruby source code:
# Note: MRI's documentation just says that the C stdlib function crypt() is
# called.
#
# I'm not sure if crypt() is guaranteed to produce the same result across
# different platforms. It seems that there is one standard UNIX implementation
# of crypt(), but that alternative implementations are possible. See
# http://www.unix.org.ua/orelly/networking/puis/ch08_06.htm
It means that the jruby developers have decided to only implement a platform independent
"crypt" implementing the historical crypt function (which uses DES).
Comment by Christopher Price [ 2014/12/01 ]
According to the jruby github issue, it looks like they are targeting a fix for this at JRuby 1.7.17.
Comment by Eli Young [ 2014/12/09 ]
JRuby 1.7.17 hit today and uses the native implementation of crypt(3), like MRI does.
Comment by Eli Young [ 2014/12/15 ]
Any chance of this getting into the 1.0 release? The fix is to update the bundled version of
JRuby from 1.7.15 to 1.7.17.
Comment by Eli Young [ 2014/12/15 ]
I've written a pull request that fixes this.
Comment by Christopher Price [ 2014/12/15 ]
Eli Young thanks for the heads up, and for the PR! We plan on updating to 1.7.17 very soon, but
not for 1.0. We have to do a lot of memory testing whenever we bump to a new version of
JRuby, so it's a pretty risky change to do this late.
We'll get it in the next point release, though, assuming the memory tests go OK.
Comment by Eli Young [ 2014/12/15 ]
Sounds good. Thanks for the update.
Comment by Teran McKinney [ 2015/02/23 ]
I just ran into this myself, looking forward to when this is made in a public release. Will it be
coming in 1.0.3?
Thank you!
Comment by Christopher Price [ 2015/02/23 ]
The next release in the 1.x series will probably be 1.1, but yes I think we are now leaning
towards upgrading the JRuby version in that release.
Comment by Jeff McCune [ 2015/04/07 ]
Fixed in: 292b8f6: Update JRuby to 1.7.17 and fix String::crypt
Generated at Tue Feb 09 20:15:38 PST 2016 using JIRA 6.4.12#64027sha1:e3691cc1283c0f3cef6d65d3ea82d47743692b57.