added str2saltedsha1.rb
authorvarac <varacanero@zeromail.org>
Fri, 8 Mar 2013 15:26:42 +0000 (16:26 +0100)
committervarac <varacanero@zeromail.org>
Fri, 8 Mar 2013 15:26:42 +0000 (16:26 +0100)
lib/puppet/parser/functions/str2saltedsha1.rb [new file with mode: 0644]
spec/unit/puppet/parser/functions/str2saltedsha1_spec.rb [new file with mode: 0644]

diff --git a/lib/puppet/parser/functions/str2saltedsha1.rb b/lib/puppet/parser/functions/str2saltedsha1.rb
new file mode 100644 (file)
index 0000000..e51a861
--- /dev/null
@@ -0,0 +1,32 @@
+#
+# str2saltedsha1.rb
+#
+
+module Puppet::Parser::Functions
+  newfunction(:str2saltedsha1, :type => :rvalue, :doc => <<-EOS
+This converts a string to a salted-SHA1 password hash (which is used for
+OS X versions >= 10.7). Given any simple string, you will get a hex version
+of a salted-SHA1 password hash that can be inserted into your Puppet
+manifests as a valid password attribute.
+    EOS
+  ) do |arguments|
+    require 'digest/sha2'
+
+    raise(Puppet::ParseError, "str2saltedsha1(): Wrong number of arguments " +
+      "passed (#{arguments.size} but we require 1)") if arguments.size != 1
+
+    password = arguments[0]
+
+    unless password.is_a?(String)
+      raise(Puppet::ParseError, 'str2saltedsha1(): Requires a ' +
+        "String argument, you passed: #{password.class}")
+    end
+
+    seedint    = rand(2**31 - 1)
+    seedstring = Array(seedint).pack("L")
+    saltedpass = Digest::SHA1.digest(seedstring + password)
+    (seedstring + saltedpass).unpack('H*')[0]
+  end
+end
+
+# vim: set ts=2 sw=2 et :
diff --git a/spec/unit/puppet/parser/functions/str2saltedsha1_spec.rb b/spec/unit/puppet/parser/functions/str2saltedsha1_spec.rb
new file mode 100644 (file)
index 0000000..753cb24
--- /dev/null
@@ -0,0 +1,45 @@
+#! /usr/bin/env ruby -S rspec
+require 'spec_helper'
+
+describe "the str2saltedsha1 function" do
+  let(:scope) { PuppetlabsSpec::PuppetInternals.scope }
+
+  it "should exist" do
+    Puppet::Parser::Functions.function("str2saltedsha1").should == "function_str2saltedsha1"
+  end
+
+  it "should raise a ParseError if there is less than 1 argument" do
+    expect { scope.function_str2saltedsha1([]) }.should( raise_error(Puppet::ParseError) )
+  end
+
+  it "should raise a ParseError if there is more than 1 argument" do
+    expect { scope.function_str2saltedsha1(['foo', 'bar', 'baz']) }.should( raise_error(Puppet::ParseError) )
+  end
+
+  it "should return a salted-sha1 password hash 136 characters in length" do
+    result = scope.function_str2saltedsha1(["password"])
+    result.length.should(eq(136))
+  end
+
+  it "should raise an error if you pass a non-string password" do
+    expect { scope.function_str2saltedsha1([1234]) }.should( raise_error(Puppet::ParseError) )
+  end
+
+  it "should generate a valid password" do
+    # Allow the function to generate a password based on the string 'password'
+    password_hash = scope.function_str2saltedsha1(["password"])
+
+    # Separate the Salt and Password from the Password Hash
+    salt     = password_hash[0..7]
+    password = password_hash[8..-1]
+
+    # Convert the Salt and Password from Hex to Binary Data
+    str_salt     = Array(salt.lines).pack('H*')
+    str_password = Array(password.lines).pack('H*')
+
+    # Combine the Binary Salt with 'password' and compare the end result
+    saltedpass    = Digest::SHA1.digest(str_salt + 'password')
+    result        = (str_salt + saltedpass).unpack('H*')[0]
+    result.should == password_hash
+  end
+end