diff options
author | varac <varacanero@zeromail.org> | 2016-06-09 17:32:31 +0200 |
---|---|---|
committer | varac <varacanero@zeromail.org> | 2016-06-14 12:05:18 +0200 |
commit | 1a18586f60291405af739fc787506566cf63e79c (patch) | |
tree | fa5300de6fa9ec990b965d789aa3b75f3b7a3dd2 /puppet/modules/couchdb/lib/puppet/parser/functions/pbkdf2.rb | |
parent | 6087aa329ff92ce02107792faf233279e6a77d55 (diff) |
git subrepo clone https://leap.se/git/puppet_couchdb puppet/modules/couchdb
subrepo:
subdir: "puppet/modules/couchdb"
merged: "76ff149"
upstream:
origin: "https://leap.se/git/puppet_couchdb"
branch: "master"
commit: "76ff149"
git-subrepo:
version: "0.3.0"
origin: "https://github.com/ingydotnet/git-subrepo.git"
commit: "cb2995b"
Diffstat (limited to 'puppet/modules/couchdb/lib/puppet/parser/functions/pbkdf2.rb')
-rw-r--r-- | puppet/modules/couchdb/lib/puppet/parser/functions/pbkdf2.rb | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/puppet/modules/couchdb/lib/puppet/parser/functions/pbkdf2.rb b/puppet/modules/couchdb/lib/puppet/parser/functions/pbkdf2.rb new file mode 100644 index 00000000..46400c9c --- /dev/null +++ b/puppet/modules/couchdb/lib/puppet/parser/functions/pbkdf2.rb @@ -0,0 +1,62 @@ +# +# pbkdf2.rb +# + +module Puppet::Parser::Functions + newfunction(:pbkdf2, :type => :rvalue, :doc => <<-EOS +This converts a password and a salt (and optional iterations and keylength +parameters) to a hash containing the salted SHA1 password hash, salt, +iterations and keylength. +pbkdf2 is used i.e. for couchdb passwords since v1.3. + +Example usage: + $pbkdf2 = pbkdf2($::couchdb::admin_pw, $::couchdb::admin_salt) + $sha1 = $pbkdf2['sha1'] +EOS + ) do |arguments| + require 'openssl' + require 'base64' + + raise(Puppet::ParseError, "pbkdf2(): Wrong number of arguments " + + "passed (#{arguments.size} but we require at least 2)") if arguments.size < 2 + + unless arguments.is_a?(Array) + raise(Puppet::ParseError, 'pbkdf2(): Requires a ' + + "Array argument, you passed: #{password.class}") + end + + password = arguments[0] + salt = arguments[1] + + if arguments.size > 2 + iterations = arguments[2].to_i + else + iterations = 1000 + end + + if arguments.size > 3 + keylength = arguments[3].to_i + else + keylength = 20 + end + + pbkdf2 = OpenSSL::PKCS5::pbkdf2_hmac_sha1( + password, + salt, + iterations, + keylength + ) + + return_hash = Hash.new() + # return hex encoded string + return_hash['sha1'] = pbkdf2.unpack('H*')[0] + return_hash['password'] = password + return_hash['salt'] = salt + return_hash['iterations'] = iterations + return_hash['keylength'] = keylength + + return return_hash + end +end + +# vim: set ts=2 sw=2 et : |