When uploading a shadow file with disabled accounts the saved hashes are incorrect:
[29] pry> hash
"!$6$6koxvdtpg9ujf2$vdxh4nxxuqwzaqvmh2oxrmrz4p02rw4g8fpq.2tkwuyderil5fndrwin0qcx.daj6szqaox//e7f5d2nymglt."
[30] pry> hash =~ %r{^\$6\$[\.\/0-9A-Za-z]{4,9}\$[\.\/0-9A-Za-z]{86}$}
=> nil # because {4, 9} is too small and the hash starts with !
## Fixed
[33] pry> hash "$6$6koxvdtpg9ujf2$vdxh4nxxuqwzaqvmh2oxrmrz4p02rw4g8fpq.2tkwuyderil5fndrwin0qcx.daj6szqaox//e7f5d2nymglt."
[34] pry> %r{^\$6\$(rounds=\d+\$)?[a-z\d\/\.]{0,16}\$[a-z\d\/\.]{86}$}.match?(hash)
=> true
In order for this to work properly disabled accounts should be ignored in the shadow file and change the {4,9} to {4,16} in the sha512crypt regex. Adding an optional (rounds=\d+\$) should prevent parsing hashs that contain this pattern.
When uploading a shadow file with disabled accounts the saved hashes are incorrect:
In order for this to work properly disabled accounts should be ignored in the shadow file and change the
{4,9}to{4,16}in the sha512crypt regex. Adding an optional(rounds=\d+\$)should prevent parsing hashs that contain this pattern.I'll send a PR!