Squashed 'puppet/modules/couchdb/' content from commit 76ff149

git-subtree-dir: puppet/modules/couchdb
git-subtree-split: 76ff149a095023611c05bbb00157d06f87b07c05

1 files changed, 62 insertions, 0 deletions

diff --git a/lib/puppet/parser/functions/pbkdf2.rb b/lib/puppet/parser/functions/pbkdf2.rb
new file mode 100644
index 00000000..46400c9c
--- /dev/null
+++ b/lib/puppet/parser/functions/pbkdf2.rb
@@ -0,0 +1,62 @@
+#
+# pbkdf2.rb
+#
+
+module Puppet::Parser::Functions
+  newfunction(:pbkdf2, :type => :rvalue, :doc => <<-EOS
+This converts a password and a salt (and optional iterations and keylength
+parameters) to a hash containing the salted SHA1 password hash, salt,
+iterations and keylength.
+pbkdf2 is used i.e. for couchdb passwords since v1.3.
+
+Example usage:
+  $pbkdf2 = pbkdf2($::couchdb::admin_pw, $::couchdb::admin_salt)
+  $sha1   = $pbkdf2['sha1']
+EOS
+  ) do |arguments|
+    require 'openssl'
+    require 'base64'
+
+    raise(Puppet::ParseError, "pbkdf2(): Wrong number of arguments " +
+      "passed (#{arguments.size} but we require at least 2)") if arguments.size < 2
+
+    unless arguments.is_a?(Array)
+      raise(Puppet::ParseError, 'pbkdf2(): Requires a ' +
+        "Array argument, you passed: #{password.class}")
+    end
+
+    password   = arguments[0]
+    salt       = arguments[1]
+
+    if arguments.size > 2
+      iterations = arguments[2].to_i
+    else
+      iterations = 1000
+    end
+
+    if arguments.size > 3
+      keylength  = arguments[3].to_i
+    else
+      keylength  = 20
+    end
+
+    pbkdf2 = OpenSSL::PKCS5::pbkdf2_hmac_sha1(
+      password,
+      salt,
+      iterations,
+      keylength
+    )
+
+    return_hash = Hash.new()
+    # return hex encoded string
+    return_hash['sha1']       = pbkdf2.unpack('H*')[0]
+    return_hash['password']   = password
+    return_hash['salt']       = salt
+    return_hash['iterations'] = iterations
+    return_hash['keylength']  = keylength
+
+    return return_hash
+  end
+end
+
+# vim: set ts=2 sw=2 et :