Method: Puppet::Provider::NameService::DirectoryService.get_password
- Defined in:
- lib/puppet/provider/nameservice/directoryservice.rb
.get_password(guid, username) ⇒ Object
248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 |
# File 'lib/puppet/provider/nameservice/directoryservice.rb', line 248 def self.get_password(guid, username) plist_file = "#{users_plist_dir}/#{username}.plist" if Puppet::FileSystem.exist?(plist_file) # If a plist exists in /var/db/dslocal/nodes/Default/users, we will # extract the binary plist from the 'ShadowHashData' key, decode the # salted-SHA512 password hash, and then return it. users_plist = Puppet::Util::Plist.read_plist_file(plist_file) if users_plist['ShadowHashData'] # users_plist['ShadowHashData'][0] is actually a binary plist # that's nested INSIDE the user's plist (which itself is a binary # plist). password_hash_plist = users_plist['ShadowHashData'][0] converted_hash_plist = convert_binary_to_hash(password_hash_plist) # converted_hash_plist['SALTED-SHA512'] is a Base64 encoded # string. The password_hash provided as a resource attribute is a # hex value. We need to convert the Base64 encoded string to a # hex value and provide it back to Puppet. converted_hash_plist['SALTED-SHA512'].unpack1("H*") end end end |