opuppet/puppetlabs-stdlib
4
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
puppetlabs-stdlib/spec/unit/puppet/parser/functions/str2saltedsha512_spec.rb
Gary Larizza 02e85b9651 New str2saltedsha512 function for OS X Passwords 
OS X 10.7 introduced salted-SHA512 password hashes as opposed to the
older LANMAN + SHA1 hashes. To assist in generating properly-formatted
password hashes, this commit adds the str2saltedsha512() function which
accepts a single string argument (the password) and returns a
salted-SHA512 password hash which can be fed as the password attribute
of a user resource in OS X 10.7.

Spec tests are also added to ensure that functionality isn't broken with
future commits.
2012-01-09 11:30:47 -08:00

51 lines
1.7 KiB
Ruby
Raw Blame History

#!/usr/bin/env rspec
require 'spec_helper'
describe "the str2saltedsha512 function" do
before :all do
Puppet::Parser::Functions.autoloader.loadall
end
before :each do
@scope = Puppet::Parser::Scope.new
end
it "should exist" do
Puppet::Parser::Functions.function("str2saltedsha512").should == "function_str2saltedsha512"
end
it "should raise a ParseError if there is less than 1 argument" do
expect { @scope.function_str2saltedsha512([]) }.should( raise_error(Puppet::ParseError) )
end
it "should raise a ParseError if there is more than 1 argument" do
expect { @scope.function_str2saltedsha512(['foo', 'bar', 'baz']) }.should( raise_error(Puppet::ParseError) )
end
it "should return a salted-sha512 password hash 136 characters in length" do
result = @scope.function_str2saltedsha512(["password"])
result.length.should(eq(136))
end
it "should raise an error if you pass a non-string password" do
expect { @scope.function_str2saltedsha512([1234]) }.should( raise_error(Puppet::ParseError) )
end
it "should generate a valid password" do
# Allow the function to generate a password based on the string 'password'
password_hash = @scope.function_str2saltedsha512(["password"])
# Separate the Salt and Password from the Password Hash
salt = password_hash[0..7]
password = password_hash[8..-1]
# Convert the Salt and Password from Hex to Binary Data
str_salt = Array(salt.lines).pack('H*')
str_password = Array(password.lines).pack('H*')
# Combine the Binary Salt with 'password' and compare the end result
saltedpass = Digest::SHA512.digest(str_salt + 'password')
result = (str_salt + saltedpass).unpack('H*')[0]
result.should == password_hash
end
end
Reference in a new issue View git blame Copy permalink