summaryrefslogtreecommitdiff
path: root/spec/unit/puppet
diff options
context:
space:
mode:
authorGary Larizza <gary@puppetlabs.com>2012-01-09 11:30:47 -0800
committerGary Larizza <gary@puppetlabs.com>2012-01-09 11:30:47 -0800
commit02e85b965111f61af978a80a7326e07acf7dff01 (patch)
tree63f5a5aae532f93f8186401975cc704d39bb9025 /spec/unit/puppet
parenta0e27cd5a3bfd2fe55c9be64a435e93853815667 (diff)
downloadpuppet-stdlib-02e85b965111f61af978a80a7326e07acf7dff01.tar.gz
puppet-stdlib-02e85b965111f61af978a80a7326e07acf7dff01.tar.bz2
New str2saltedsha512 function for OS X Passwords
OS X 10.7 introduced salted-SHA512 password hashes as opposed to the older LANMAN + SHA1 hashes. To assist in generating properly-formatted password hashes, this commit adds the str2saltedsha512() function which accepts a single string argument (the password) and returns a salted-SHA512 password hash which can be fed as the password attribute of a user resource in OS X 10.7. Spec tests are also added to ensure that functionality isn't broken with future commits.
Diffstat (limited to 'spec/unit/puppet')
-rw-r--r--spec/unit/puppet/parser/functions/str2saltedsha512_spec.rb51
1 files changed, 51 insertions, 0 deletions
diff --git a/spec/unit/puppet/parser/functions/str2saltedsha512_spec.rb b/spec/unit/puppet/parser/functions/str2saltedsha512_spec.rb
new file mode 100644
index 0000000..11485aa
--- /dev/null
+++ b/spec/unit/puppet/parser/functions/str2saltedsha512_spec.rb
@@ -0,0 +1,51 @@
+#!/usr/bin/env rspec
+require 'spec_helper'
+
+describe "the str2saltedsha512 function" do
+ before :all do
+ Puppet::Parser::Functions.autoloader.loadall
+ end
+
+ before :each do
+ @scope = Puppet::Parser::Scope.new
+ end
+
+ it "should exist" do
+ Puppet::Parser::Functions.function("str2saltedsha512").should == "function_str2saltedsha512"
+ end
+
+ it "should raise a ParseError if there is less than 1 argument" do
+ expect { @scope.function_str2saltedsha512([]) }.should( raise_error(Puppet::ParseError) )
+ end
+
+ it "should raise a ParseError if there is more than 1 argument" do
+ expect { @scope.function_str2saltedsha512(['foo', 'bar', 'baz']) }.should( raise_error(Puppet::ParseError) )
+ end
+
+ it "should return a salted-sha512 password hash 136 characters in length" do
+ result = @scope.function_str2saltedsha512(["password"])
+ result.length.should(eq(136))
+ end
+
+ it "should raise an error if you pass a non-string password" do
+ expect { @scope.function_str2saltedsha512([1234]) }.should( raise_error(Puppet::ParseError) )
+ end
+
+ it "should generate a valid password" do
+ # Allow the function to generate a password based on the string 'password'
+ password_hash = @scope.function_str2saltedsha512(["password"])
+
+ # Separate the Salt and Password from the Password Hash
+ salt = password_hash[0..7]
+ password = password_hash[8..-1]
+
+ # Convert the Salt and Password from Hex to Binary Data
+ str_salt = Array(salt.lines).pack('H*')
+ str_password = Array(password.lines).pack('H*')
+
+ # Combine the Binary Salt with 'password' and compare the end result
+ saltedpass = Digest::SHA512.digest(str_salt + 'password')
+ result = (str_salt + saltedpass).unpack('H*')[0]
+ result.should == password_hash
+ end
+end