From dfc0b76f2c4db0f470010519a9cd47bcb6a974b9 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Thu, 11 Jun 2015 14:48:31 +0200
Subject: Use pbkdf2 instead of sha1 as hashing algorithm for newer couchdb
 versions

couchdb v1.3 changed the default pw hashing algorithm from
sha1 to pbkdf2, see http://docs.couchdb.org/en/1.4.x/configuring.html
---
 manifests/base.pp | 35 ++++++++++++++++++-----------------
 manifests/init.pp |  3 ++-
 2 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/manifests/base.pp b/manifests/base.pp
index 356fefb..9f87565 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -1,3 +1,4 @@
+# configure couchdb
 class couchdb::base {
 
   if $::couchdb::bigcouch == true {
@@ -66,24 +67,26 @@ class couchdb::base {
       require => Package['couchdb'];
   }
 
-  if $::couchdb::admin_salt == '' {
-    # unhashed, plaintext pw, no salt. For couchdb >= 1.2
-    $sha1_and_salt = str2sha1_and_salt($::couchdb::admin_pw)
-    $sha1          = $sha1_and_salt[0]
-    $salt          = $sha1_and_salt[1]
-  } else {
-    # prehashed pw with salt, for couchdb < 1.2
-    # salt and encrypt pw
-    # str_and_salt2sha1 is a function from leap's stdlib module
-    $salt        = $::couchdb::admin_salt
-    $pw_and_salt = [ $::couchdb::admin_pw, $salt ]
-    $sha1        = str_and_salt2sha1($pw_and_salt)
+  $alg  = $::couchdb::pwhash_alg
+  $salt = $::couchdb::admin_salt
+  notice ($salt)
+  case $alg {
+    'sha1': {
+      # str_and_salt2sha1 is a function from leap's stdlib module
+      $pw_and_salt = [ $::couchdb::admin_pw, $salt ]
+      $sha1        = str_and_salt2sha1($pw_and_salt)
+      $admin_hash  = "-hashed-${sha1},${salt}"
+    }
+    'pbkdf2': {
+      $pbkdf2      = pbkdf2($::couchdb::admin_pw, $::couchdb::admin_salt, 10)
+      $sha1        = $pbkdf2['sha1']
+      $admin_hash  = "-pbkdf2-${sha1},${salt},10"
+    }
+    default:  { fail ("Unknown fact couchdb_pwhash_alg ${::couchdb_pwhash_alg} - Exiting.") }
   }
 
   file { '/etc/couchdb/local.d/admin.ini':
-    content => "[admins]
-admin = -hashed-${sha1},${salt}
-",
+    content => "[admins]\nadmin = ${admin_hash}\n",
     mode    => '0600',
     owner   => $couchdb_user,
     group   => $couchdb_user,
@@ -103,6 +106,4 @@ admin = -hashed-${sha1},${salt}
                         '/etc/couchdb/local.ini'],
     refreshonly => true
   }
-
-
 }
diff --git a/manifests/init.pp b/manifests/init.pp
index dbd75f8..066f429 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -4,7 +4,8 @@ class couchdb (
   $bigcouch = false,
   $bigcouch_cookie = '',
   $ednp_port = '9001',
-  $chttpd_bind_address = '0.0.0.0' )
+  $chttpd_bind_address = '0.0.0.0',
+  $pwhash_alg = 'sha1' )
 {
 
   if $admin_pw == '' {
-- 
cgit v1.2.3