Using a union of a string with pattern and crypt-hash

I have written a YANG file to store the passwords of type MD5 and also the crypted hash passwords in a single leaf.
We are reading the MD5 values from a different location and trying to set the same in CDB.
But when we set the value of the password using
cli> set users password MD5:Validmd5sumvalue
then it is converting the MD5: to crypt hash and storing it in CDB.
grouping auth{
container users {
leaf password {
type union {
type ianach:crypt-hash;
type string {
pattern ‘MD5:[\da-f]{32}’;
}
}
mandatory true;
}
}
}
It is always taking the crypt hash value even if the password matches the pattern of ‘MD5:[\da-f]{32}’

Can you please help me in resolving this?

This is because in ConfD the type ianach:crypt-hash generally accepts any string and if it does not start with the $<id>$ prefix it is interpreted as a cleartext password. You can fix the problem by switching the order of the two union types:

      leaf password {
        type union {
          type string {
            pattern 'MD5:[\da-f]{32}';
          }
          type ianach:crypt-hash;
        }
        mandatory true;
      }

This way, any string that matches the pattern is used as the first union member type.

1 Like