diff options
author | Gary Larizza <gary@puppetlabs.com> | 2012-01-09 11:30:47 -0800 |
---|---|---|
committer | Gary Larizza <gary@puppetlabs.com> | 2012-01-09 11:30:47 -0800 |
commit | 02e85b965111f61af978a80a7326e07acf7dff01 (patch) | |
tree | 63f5a5aae532f93f8186401975cc704d39bb9025 /lib | |
parent | a0e27cd5a3bfd2fe55c9be64a435e93853815667 (diff) |
New str2saltedsha512 function for OS X Passwords
OS X 10.7 introduced salted-SHA512 password hashes as opposed to the
older LANMAN + SHA1 hashes. To assist in generating properly-formatted
password hashes, this commit adds the str2saltedsha512() function which
accepts a single string argument (the password) and returns a
salted-SHA512 password hash which can be fed as the password attribute
of a user resource in OS X 10.7.
Spec tests are also added to ensure that functionality isn't broken with
future commits.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/puppet/parser/functions/str2saltedsha512.rb | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/lib/puppet/parser/functions/str2saltedsha512.rb b/lib/puppet/parser/functions/str2saltedsha512.rb new file mode 100644 index 0000000..7fe7b01 --- /dev/null +++ b/lib/puppet/parser/functions/str2saltedsha512.rb @@ -0,0 +1,32 @@ +# +# str2saltedsha512.rb +# + +module Puppet::Parser::Functions + newfunction(:str2saltedsha512, :type => :rvalue, :doc => <<-EOS +This converts a string to a salted-SHA512 password hash (which is used for +OS X versions >= 10.7). Given any simple string, you will get a hex version +of a salted-SHA512 password hash that can be inserted into your Puppet +manifests as a valid password attribute. + EOS + ) do |arguments| + require 'digest/sha2' + + raise(Puppet::ParseError, "str2saltedsha512(): Wrong number of arguments " + + "passed (#{arguments.size} but we require 1)") if arguments.size != 1 + + password = arguments[0] + + unless password.is_a?(String) + raise(Puppet::ParseError, 'str2saltedsha512(): Requires a ' + + "String argument, you passed: #{password.class}") + end + + seedint = rand(2**31 - 1) + seedstring = Array(seedint).pack("L") + saltedpass = Digest::SHA512.digest(seedstring + password) + (seedstring + saltedpass).unpack('H*')[0] + end +end + +# vim: set ts=2 sw=2 et : |