aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--modules/base_installation/lib/puppet/functions/generate_password.rb49
-rw-r--r--modules/base_installation/lib/puppet/parser/functions/generate_password.rb31
2 files changed, 49 insertions, 31 deletions
diff --git a/modules/base_installation/lib/puppet/functions/generate_password.rb b/modules/base_installation/lib/puppet/functions/generate_password.rb
new file mode 100644
index 0000000..0ccd4d6
--- /dev/null
+++ b/modules/base_installation/lib/puppet/functions/generate_password.rb
@@ -0,0 +1,49 @@
1require "base64"
2require "openssl"
3
4Puppet::Functions.create_function(:generate_password) do
5 dispatch :generate_password do
6 param 'Integer', :size
7 param 'String', :seed_file
8 param 'String', :password_key
9 optional_param 'String', :method
10 optional_param 'Boolean', :encode
11 return_type 'String'
12 end
13
14 def generate_password(size, seed_file, password_key, method = nil, encode = false)
15 key = get_key(seed_file, password_key)
16 case method
17 when nil
18 pass = generate_string(size, key)
19 when "curve25519"
20 pass = generate_string(32, key, binary = true)
21 pass[0] = (pass[0].ord & 248).chr
22 pass[31] = ((pass[31].ord & 127) | 64).chr
23 else
24 raise "Unknown method"
25 end
26
27 if encode
28 Base64.strict_encode64(pass).strip
29 else
30 pass
31 end
32 end
33
34 def generate_string(size, key, binary = false)
35 if binary
36 set = (0 .. 255).map { |i| i.chr }
37 else
38 set = ('a' .. 'z').to_a + ('A' .. 'Z').to_a + ('0' .. '9').to_a
39 end
40
41 size.times.collect do |i|
42 set[OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), key, i.to_s).to_i(16) % set.size]
43 end.join
44 end
45
46 def get_key(seed_file, password_key)
47 "#{File.open(seed_file).read}:#{password_key}"
48 end
49end
diff --git a/modules/base_installation/lib/puppet/parser/functions/generate_password.rb b/modules/base_installation/lib/puppet/parser/functions/generate_password.rb
deleted file mode 100644
index 384d81b..0000000
--- a/modules/base_installation/lib/puppet/parser/functions/generate_password.rb
+++ /dev/null
@@ -1,31 +0,0 @@
1module Puppet::Parser::Functions
2 newfunction(:generate_password, :type => :rvalue, :doc => <<-EOS
3Returns a semi-random string based on a seed and a value. Will always generate the same value with the same entry.
4Prototype:
5 generate_password(length, seed_file, password_key)
6EOS
7) do |*arguments|
8 arguments = arguments.shift if arguments.first.is_a?(Array)
9
10 raise Puppet::ParseError, "generate_password(): Wrong number of arguments " +
11 "given (#{arguments.size} for 3)" if arguments.size != 3
12
13 size = arguments.shift
14 seed_file = arguments.shift
15 password_key = arguments.shift
16
17 unless size.class.ancestors.include?(Numeric) or size.is_a?(String)
18 raise Puppet::ParseError, 'generate_password(): Requires a numeric first argument'
19 end
20
21 size = size.to_i
22
23 set = ('a' .. 'z').to_a + ('A' .. 'Z').to_a + ('0' .. '9').to_a
24
25 key = "#{File.open(seed_file).read}:#{password_key}"
26
27 size.times.collect do |i|
28 set[OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), key, i.to_s).to_i(16) % set.size]
29 end.join
30end
31end