X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=3rdparty%2Fmodules%2Fstdlib%2Flib%2Fpuppet%2Fparser%2Ffunctions%2Fpw_hash.rb;h=ee008dd3e6ac3ec14ff3aa8214cb69f04762be5c;hb=30caaa85aed7015ca0d77216bff175eebd917eb7;hp=ad3e39375d7c4403b72e2113d91b53ee3ad815c7;hpb=ad88f67c13ae0f1a08936dad643f1e3509ab5f40;p=mirror%2Fdsa-puppet.git

diff --git a/3rdparty/modules/stdlib/lib/puppet/parser/functions/pw_hash.rb b/3rdparty/modules/stdlib/lib/puppet/parser/functions/pw_hash.rb
index ad3e39375..ee008dd3e 100644
--- a/3rdparty/modules/stdlib/lib/puppet/parser/functions/pw_hash.rb
+++ b/3rdparty/modules/stdlib/lib/puppet/parser/functions/pw_hash.rb
@@ -1,9 +1,14 @@
-Puppet::Parser::Functions::newfunction(
+#  Please note: This function is an implementation of a Ruby class and as such may not be entirely UTF8 compatible.
+#  To ensure compatibility please use this function with Ruby 2.4.0 or greater - https://bugs.ruby-lang.org/issues/10085.
+#
+Puppet::Parser::Functions.newfunction(
   :pw_hash,
   :type => :rvalue,
   :arity => 3,
-  :doc => "Hashes a password using the crypt function. Provides a hash
-  usable on most POSIX systems.
+  :doc => <<-DOC
+  @summary
+    Hashes a password using the crypt function. Provides a hash usable
+    on most POSIX systems.
 
   The first argument to this function is the password to hash. If it is
   undef or an empty string, this function returns undef.
@@ -20,37 +25,46 @@ Puppet::Parser::Functions::newfunction(
 
   The third argument to this function is the salt to use.
 
-  Note: this uses the Puppet Master's implementation of crypt(3). If your
-  environment contains several different operating systems, ensure that they
-  are compatible before using this function.") do |args|
-    raise ArgumentError, "pw_hash(): wrong number of arguments (#{args.size} for 3)" if args.size != 3
-    raise ArgumentError, "pw_hash(): first argument must be a string" unless args[0].is_a? String or args[0].nil?
-    raise ArgumentError, "pw_hash(): second argument must be a string" unless args[1].is_a? String
-    hashes = { 'md5'     => '1',
-               'sha-256' => '5',
-               'sha-512' => '6' }
-    hash_type = hashes[args[1].downcase]
-    raise ArgumentError, "pw_hash(): #{args[1]} is not a valid hash type" if hash_type.nil?
-    raise ArgumentError, "pw_hash(): third argument must be a string" unless args[2].is_a? String
-    raise ArgumentError, "pw_hash(): third argument must not be empty" if args[2].empty?
-    raise ArgumentError, "pw_hash(): characters in salt must be in the set [a-zA-Z0-9./]" unless args[2].match(/\A[a-zA-Z0-9.\/]+\z/)
-
-    password = args[0]
-    return nil if password.nil? or password.empty?
-
-    # handle weak implementations of String#crypt
-    if 'test'.crypt('$1$1') != '$1$1$Bp8CU9Oujr9SSEw53WV6G.'
-      # JRuby < 1.7.17
-      if RUBY_PLATFORM == 'java'
-        # override String#crypt for password variable
-        def password.crypt(salt)
-          # puppetserver bundles Apache Commons Codec
-          org.apache.commons.codec.digest.Crypt.crypt(self.to_java_bytes, salt)
-        end
-      else
-        # MS Windows and other systems that don't support enhanced salts
-        raise Puppet::ParseError, 'system does not support enhanced salts'
-      end
+  @return [Hash]
+    Provides a hash usable on most POSIX systems.
+
+  > *Note:*: this uses the Puppet Master's implementation of crypt(3). If your
+    environment contains several different operating systems, ensure that they
+    are compatible before using this function.
+  DOC
+) do |args|
+  raise ArgumentError, "pw_hash(): wrong number of arguments (#{args.size} for 3)" if args.size != 3
+  args.map! do |arg|
+    if (defined? Puppet::Pops::Types::PSensitiveType::Sensitive) && (arg.is_a? Puppet::Pops::Types::PSensitiveType::Sensitive)
+      arg.unwrap
+    else
+      arg
     end
-    password.crypt("$#{hash_type}$#{args[2]}")
+  end
+  raise ArgumentError, 'pw_hash(): first argument must be a string' unless args[0].is_a?(String) || args[0].nil?
+  raise ArgumentError, 'pw_hash(): second argument must be a string' unless args[1].is_a? String
+  hashes = { 'md5'     => '1',
+             'sha-256' => '5',
+             'sha-512' => '6' }
+  hash_type = hashes[args[1].downcase]
+  raise ArgumentError, "pw_hash(): #{args[1]} is not a valid hash type" if hash_type.nil?
+  raise ArgumentError, 'pw_hash(): third argument must be a string' unless args[2].is_a? String
+  raise ArgumentError, 'pw_hash(): third argument must not be empty' if args[2].empty?
+  raise ArgumentError, 'pw_hash(): characters in salt must be in the set [a-zA-Z0-9./]' unless args[2] =~ %r{\A[a-zA-Z0-9./]+\z}
+
+  password = args[0]
+  return nil if password.nil? || password.empty?
+
+  salt = "$#{hash_type}$#{args[2]}"
+
+  # handle weak implementations of String#crypt
+  if 'test'.crypt('$1$1') != '$1$1$Bp8CU9Oujr9SSEw53WV6G.'
+    # JRuby < 1.7.17
+    # MS Windows and other systems that don't support enhanced salts
+    raise Puppet::ParseError, 'system does not support enhanced salts' unless RUBY_PLATFORM == 'java'
+    # puppetserver bundles Apache Commons Codec
+    org.apache.commons.codec.digest.Crypt.crypt(password.to_java_bytes, salt)
+  else
+    password.crypt(salt)
+  end
 end