diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/base_installation/lib/puppet/functions/generate_password.rb | 49 | ||||
-rw-r--r-- | modules/base_installation/lib/puppet/parser/functions/generate_password.rb | 31 |
2 files changed, 49 insertions, 31 deletions
diff --git a/modules/base_installation/lib/puppet/functions/generate_password.rb b/modules/base_installation/lib/puppet/functions/generate_password.rb new file mode 100644 index 0000000..0ccd4d6 --- /dev/null +++ b/modules/base_installation/lib/puppet/functions/generate_password.rb | |||
@@ -0,0 +1,49 @@ | |||
1 | require "base64" | ||
2 | require "openssl" | ||
3 | |||
4 | Puppet::Functions.create_function(:generate_password) do | ||
5 | dispatch :generate_password do | ||
6 | param 'Integer', :size | ||
7 | param 'String', :seed_file | ||
8 | param 'String', :password_key | ||
9 | optional_param 'String', :method | ||
10 | optional_param 'Boolean', :encode | ||
11 | return_type 'String' | ||
12 | end | ||
13 | |||
14 | def generate_password(size, seed_file, password_key, method = nil, encode = false) | ||
15 | key = get_key(seed_file, password_key) | ||
16 | case method | ||
17 | when nil | ||
18 | pass = generate_string(size, key) | ||
19 | when "curve25519" | ||
20 | pass = generate_string(32, key, binary = true) | ||
21 | pass[0] = (pass[0].ord & 248).chr | ||
22 | pass[31] = ((pass[31].ord & 127) | 64).chr | ||
23 | else | ||
24 | raise "Unknown method" | ||
25 | end | ||
26 | |||
27 | if encode | ||
28 | Base64.strict_encode64(pass).strip | ||
29 | else | ||
30 | pass | ||
31 | end | ||
32 | end | ||
33 | |||
34 | def generate_string(size, key, binary = false) | ||
35 | if binary | ||
36 | set = (0 .. 255).map { |i| i.chr } | ||
37 | else | ||
38 | set = ('a' .. 'z').to_a + ('A' .. 'Z').to_a + ('0' .. '9').to_a | ||
39 | end | ||
40 | |||
41 | size.times.collect do |i| | ||
42 | set[OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), key, i.to_s).to_i(16) % set.size] | ||
43 | end.join | ||
44 | end | ||
45 | |||
46 | def get_key(seed_file, password_key) | ||
47 | "#{File.open(seed_file).read}:#{password_key}" | ||
48 | end | ||
49 | end | ||
diff --git a/modules/base_installation/lib/puppet/parser/functions/generate_password.rb b/modules/base_installation/lib/puppet/parser/functions/generate_password.rb deleted file mode 100644 index 384d81b..0000000 --- a/modules/base_installation/lib/puppet/parser/functions/generate_password.rb +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | module Puppet::Parser::Functions | ||
2 | newfunction(:generate_password, :type => :rvalue, :doc => <<-EOS | ||
3 | Returns a semi-random string based on a seed and a value. Will always generate the same value with the same entry. | ||
4 | Prototype: | ||
5 | generate_password(length, seed_file, password_key) | ||
6 | EOS | ||
7 | ) do |*arguments| | ||
8 | arguments = arguments.shift if arguments.first.is_a?(Array) | ||
9 | |||
10 | raise Puppet::ParseError, "generate_password(): Wrong number of arguments " + | ||
11 | "given (#{arguments.size} for 3)" if arguments.size != 3 | ||
12 | |||
13 | size = arguments.shift | ||
14 | seed_file = arguments.shift | ||
15 | password_key = arguments.shift | ||
16 | |||
17 | unless size.class.ancestors.include?(Numeric) or size.is_a?(String) | ||
18 | raise Puppet::ParseError, 'generate_password(): Requires a numeric first argument' | ||
19 | end | ||
20 | |||
21 | size = size.to_i | ||
22 | |||
23 | set = ('a' .. 'z').to_a + ('A' .. 'Z').to_a + ('0' .. '9').to_a | ||
24 | |||
25 | key = "#{File.open(seed_file).read}:#{password_key}" | ||
26 | |||
27 | size.times.collect do |i| | ||
28 | set[OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), key, i.to_s).to_i(16) % set.size] | ||
29 | end.join | ||
30 | end | ||
31 | end | ||