Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Allow plaintext password to be used #23

Closed
wants to merge 3 commits into from

2 participants

@patcon

Databag encryption is dealt with elsewhere, so it seems alright that some folks might not care that the non-shadowhashed password is used from the databag.

Thinking maybe we could check:

Would regenerate each time chef runs, but don't think that would be an issue?

I'll try to test it out

@patcon

This is absolutely ugly and not a final solution, but just wanted to get it working for now. In reality, this needs to go into the LWRP

@patcon

Let me know if this looks alright, and I'll send in a patch for the README before merging :)

@ranjib
Collaborator

@patcon this can be implemented outside as a helper library and the resultant hash can be passed in to the lwrp. Sorry for getting back so late. I'm trying to get all the PRs reviewed and cut a release. Feel free to reopen if you have other suggestion
thanks

@ranjib ranjib closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Oct 29, 2012
  1. @patcon
Commits on Oct 30, 2012
  1. @patcon
Commits on Nov 20, 2012
  1. @patcon
This page is out of date. Refresh to see the latest.
View
16 providers/account.rb
@@ -23,11 +23,23 @@ def load_current_resource
@my_home = new_resource.home ||
"#{node['user']['home_root']}/#{new_resource.username}"
@my_shell = new_resource.shell || node['user']['default_shell']
+ @my_password = if bool(new_resource.use_plaintext, node['user']['use_plaintext'])
+ generate_hash_from_plaintext(new_resource.password || node['user']['password'])
+ else
+ new_resource.password || node['user']['password']
+ end
@manage_home = bool(new_resource.manage_home, node['user']['manage_home'])
@create_group = bool(new_resource.create_group, node['user']['create_group'])
@ssh_keygen = bool(new_resource.ssh_keygen, node['user']['ssh_keygen'])
end
+def generate_hash_from_plaintext(plaintext_password)
+ require 'digest/sha2'
+ salt = rand(36**8).to_s(36)
+ shadow_hash = plaintext_password.crypt("$6$" + salt)
+ return shadow_hash
+end
+
action :create do
user_resource :create
dir_resource :create
@@ -89,7 +101,7 @@ def normalize_bool(val)
def user_resource(exec_action)
# avoid variable scoping issues in resource block
- my_home, my_shell, manage_home = @my_home, @my_shell, @manage_home
+ my_home, my_shell, manage_home, my_password = @my_home, @my_shell, @manage_home, @my_password
r = user new_resource.username do
comment new_resource.comment if new_resource.comment
@@ -97,7 +109,7 @@ def user_resource(exec_action)
gid new_resource.gid if new_resource.gid
home my_home if my_home
shell my_shell if my_shell
- password new_resource.password if new_resource.password
+ password my_password if my_password
system new_resource.system_user
supports :manage_home => manage_home
action :nothing
View
2  recipes/data_bag.rb
@@ -34,7 +34,7 @@
username = u['username'] || u['id']
user_account username do
- %w{comment uid gid home shell password system_user manage_home create_group
+ %w{comment uid gid home shell password use_plaintext system_user manage_home create_group
ssh_keys ssh_keygen}.each do |attr|
send(attr, u[attr]) if u[attr]
end
View
1  resources/account.rb
@@ -28,6 +28,7 @@
attribute :home, :kind_of => String
attribute :shell, :kind_of => String
attribute :password, :kind_of => String
+attribute :use_plaintext, :default => nil
attribute :system_user, :default => false
attribute :manage_home, :default => nil
attribute :create_group, :default => nil
Something went wrong with that request. Please try again.