diff options
| author | varac <varacanero@zeromail.org> | 2013-04-24 00:30:40 +0200 |
|---|---|---|
| committer | varac <varacanero@zeromail.org> | 2013-04-24 00:30:40 +0200 |
| commit | ec9d3c4629586caa910323c7cd5ffe769843ad42 (patch) | |
| tree | 531475f2d446bfed2c15c5857341a6690c7e6ac8 /manifests/add_user.pp | |
| parent | 321278b3805ce74b6869ec070e083c8a91849d6f (diff) | |
Use pre-salted+hashed user pw for couchdb (Feature #2324)
Diffstat (limited to 'manifests/add_user.pp')
| -rw-r--r-- | manifests/add_user.pp | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/manifests/add_user.pp b/manifests/add_user.pp index cd72530..9c8e5d4 100644 --- a/manifests/add_user.pp +++ b/manifests/add_user.pp @@ -1,15 +1,32 @@ -define couchdb::add_user ( $roles, $pw ) { +define couchdb::add_user ( $roles, $pw, $salt = '' ) { + # Couchdb < 1.2 needs a pre-hashed pw and salt + # If you provide a salt, couchdb::add_user will assume that + # $pw is prehashed and pass both parameters to couchdb::update + # If $salt is empty, couchdb::add_user will assume that the pw + # is plaintext and will pass it to couchdb::update if $::couchdb::bigcouch == true { $port = 5986 } else { $port = 5984 -} + } + + if $salt == '' { + # unhashed, plaintext pw, no salt. For couchdb >= 1.2 + $data = "{\"type\": \"user\", \"name\": \"${name}\", \"roles\": ${roles}, \"password\": \"${pw}\"}" + } else { + # prehashed pw with salt, for couchdb < 1.2 + # salt and encrypt pw + # str_and_salt2sha1 is a function from leap's stdlib module + $pw_and_salt = [ $pw, $salt ] + $sha = str_and_salt2sha1($pw_and_salt) + $data = "{\"type\": \"user\", \"name\": \"${name}\", \"roles\": ${roles}, \"password_sha\": \"${sha}\", \"salt\": \"${salt}\"}" + } couchdb::update { "update_user_${name}": port => $port, db => '_users', id => "org.couchdb.user:${name}", - data => "{\"type\": \"user\", \"name\": \"${name}\", \"roles\": ${roles}, \"password\": \"${pw}\"}", + data => $data } } |