Skip to content
Browse files

Fix password file churn on each run for basic auth

The webrick basic auth modules uses a random seed to generate the crypt
key. This meant the password would be updated every single puppet ran.
Instead we use crypt directly and grab the seed from the existing
password.
  • Loading branch information...
1 parent 3e8fc54 commit 3eb79465f5c702b216b7fc442558d48968f2c1ab @johnf committed May 6, 2010
Showing with 8 additions and 11 deletions.
  1. +8 −11 lib/puppet/provider/httpauth/httpauth.rb
View
19 lib/puppet/provider/httpauth/httpauth.rb
@@ -24,16 +24,12 @@ def exists?
if File.exists?(resource[:file])
# If it does exist open the file
mech(resource[:file])
-
+
# Check if the user exists in the file
cp = @htauth.get_passwd(resource[:realm], resource[:name], false)
-
+
# Check if the current password matches the proposed password
- if cp == make_passwd(resource[:realm], resource[:name], resource[:password])
- return true
- else
- return false
- end
+ return check_passwd(resource[:realm], resource[:name], resource[:password], cp)
else
# If the file doesn't exist then create it
File.new(resource[:file], "w")
@@ -51,12 +47,13 @@ def mech(file)
end
end
- # Create a password
- def make_passwd(realm, user, password)
+ # Check password matches
+ def check_passwd(realm, user, password, cp)
if resource[:mechanism] == :digest
- WEBrick::HTTPAuth::DigestAuth.make_passwd(realm, user, password)
+ WEBrick::HTTPAuth::DigestAuth.make_passwd(realm, user, password) == cp
elsif resource[:mechanism] == :basic
- WEBrick::HTTPAuth::BasicAuth.make_passwd(realm, user, password)
+ # Can't ask webbrick as it uses a random seed
+ password.crypt(cp[0,2]) == cp
end
end
end

0 comments on commit 3eb7946

Please sign in to comment.
Something went wrong with that request. Please try again.