From 4b0cd484e68a806e60a32a6d611333d41ec845aa Mon Sep 17 00:00:00 2001 From: asq Date: Thu, 3 Apr 2014 17:15:37 +0200 Subject: add option to generate shell-safe passwords basically excludes characters that might be dangerous if used in shell. many passwords generated by trocla may end up in some sort of bash scripts (initscripts, sourced shell variables, etc) which may yeld problems with default trocla random generator. this can be now changed either in troclarc (with "shellsafe: true") or on (ie. "trocla create foo plain '{ length: 32, shellsafe: true}'"). --- lib/trocla.rb | 2 +- lib/trocla/util.rb | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/lib/trocla.rb b/lib/trocla.rb index 4e7bedb..7755149 100644 --- a/lib/trocla.rb +++ b/lib/trocla.rb @@ -22,7 +22,7 @@ class Trocla plain_pwd = get_password(key,'plain') if options['random'] && plain_pwd.nil? - plain_pwd = Trocla::Util.random_str(options['length']) + plain_pwd = Trocla::Util.random_str(options['length'],options['shellsafe']) set_password(key,'plain',plain_pwd) unless format == 'plain' elsif !options['random'] && plain_pwd.nil? raise "Password must be present as plaintext if you don't want a random password" diff --git a/lib/trocla/util.rb b/lib/trocla/util.rb index 2b1c6c6..ff7e3ce 100644 --- a/lib/trocla/util.rb +++ b/lib/trocla/util.rb @@ -2,8 +2,12 @@ require 'securerandom' class Trocla class Util class << self - def random_str(length=12) - (1..length).collect{|a| chars[SecureRandom.random_number(chars.size)] }.join.to_s + def random_str(length=12,shellsafe=:undef) + if shellsafe + (1..length).collect{|a| safechars[SecureRandom.random_number(safechars.size)] }.join.to_s + else + (1..length).collect{|a| chars[SecureRandom.random_number(chars.size)] }.join.to_s + end end def salt(length=8) @@ -14,12 +18,18 @@ class Trocla def chars @chars ||= normal_chars + special_chars end + def safechars + @chars ||= normal_chars + shellsafe_chars + end def normal_chars @normal_chars ||= ('a'..'z').to_a + ('A'..'Z').to_a + ('0'..'9').to_a end def special_chars @special_chars ||= "+*%/()@&=?![]{}-_.,;:".split(//) end + def shellsafe_chars + @shellsafe_chars ||= "+%/@=?_.,:".split(//) + end end end end -- cgit v1.2.3 From cc2b09eb2a24f71d5ec29860f182588b32a254a6 Mon Sep 17 00:00:00 2001 From: asq Date: Thu, 3 Apr 2014 19:02:02 +0200 Subject: puppet will convert all values to string, so we need to convert it back to integer for ranges ie. for this to work: $short_and_safe = { 'shellsafe' => 'true', 'length' => 6, # THIS WILL BE STRING! } $x = trocla('foo', 'plain', $short_and_safe) notify { "test: $x": } --- lib/trocla.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/trocla.rb b/lib/trocla.rb index 7755149..74825aa 100644 --- a/lib/trocla.rb +++ b/lib/trocla.rb @@ -22,7 +22,7 @@ class Trocla plain_pwd = get_password(key,'plain') if options['random'] && plain_pwd.nil? - plain_pwd = Trocla::Util.random_str(options['length'],options['shellsafe']) + plain_pwd = Trocla::Util.random_str(options['length'].to_i,options['shellsafe']) set_password(key,'plain',plain_pwd) unless format == 'plain' elsif !options['random'] && plain_pwd.nil? raise "Password must be present as plaintext if you don't want a random password" -- cgit v1.2.3