summaryrefslogtreecommitdiff
path: root/lib/puppet
diff options
context:
space:
mode:
authorGary Larizza <gary@puppetlabs.com>2012-01-09 11:30:47 -0800
committerGary Larizza <gary@puppetlabs.com>2012-01-09 11:30:47 -0800
commit02e85b965111f61af978a80a7326e07acf7dff01 (patch)
tree63f5a5aae532f93f8186401975cc704d39bb9025 /lib/puppet
parenta0e27cd5a3bfd2fe55c9be64a435e93853815667 (diff)
New str2saltedsha512 function for OS X Passwords
OS X 10.7 introduced salted-SHA512 password hashes as opposed to the older LANMAN + SHA1 hashes. To assist in generating properly-formatted password hashes, this commit adds the str2saltedsha512() function which accepts a single string argument (the password) and returns a salted-SHA512 password hash which can be fed as the password attribute of a user resource in OS X 10.7. Spec tests are also added to ensure that functionality isn't broken with future commits.
Diffstat (limited to 'lib/puppet')
-rw-r--r--lib/puppet/parser/functions/str2saltedsha512.rb32
1 files changed, 32 insertions, 0 deletions
diff --git a/lib/puppet/parser/functions/str2saltedsha512.rb b/lib/puppet/parser/functions/str2saltedsha512.rb
new file mode 100644
index 0000000..7fe7b01
--- /dev/null
+++ b/lib/puppet/parser/functions/str2saltedsha512.rb
@@ -0,0 +1,32 @@
+#
+# str2saltedsha512.rb
+#
+
+module Puppet::Parser::Functions
+ newfunction(:str2saltedsha512, :type => :rvalue, :doc => <<-EOS
+This converts a string to a salted-SHA512 password hash (which is used for
+OS X versions >= 10.7). Given any simple string, you will get a hex version
+of a salted-SHA512 password hash that can be inserted into your Puppet
+manifests as a valid password attribute.
+ EOS
+ ) do |arguments|
+ require 'digest/sha2'
+
+ raise(Puppet::ParseError, "str2saltedsha512(): Wrong number of arguments " +
+ "passed (#{arguments.size} but we require 1)") if arguments.size != 1
+
+ password = arguments[0]
+
+ unless password.is_a?(String)
+ raise(Puppet::ParseError, 'str2saltedsha512(): Requires a ' +
+ "String argument, you passed: #{password.class}")
+ end
+
+ seedint = rand(2**31 - 1)
+ seedstring = Array(seedint).pack("L")
+ saltedpass = Digest::SHA512.digest(seedstring + password)
+ (seedstring + saltedpass).unpack('H*')[0]
+ end
+end
+
+# vim: set ts=2 sw=2 et :