Improve documentation and fail on Windows

elyscape · elyscape · commit b46be2dae2ac · 2015-03-06T17:13:37.000-08:00
diff --git a/README.markdown b/README.markdown
@@ -389,7 +389,7 @@ Calling the class or definition from outside the current module will fail. For e
   |5        |SHA-256              |
   |6        |SHA-512 (recommended)|
 
-  The third argument to this function is the sale to use.
+  The third argument to this function is the salt to use.
 
   Note: this uses the Puppet Master's implementation of crypt(3). If your environment contains several different operating systems, ensure that they are compatible before using this function.
 
diff --git a/lib/puppet/parser/functions/pw_hash.rb b/lib/puppet/parser/functions/pw_hash.rb
@@ -32,11 +32,18 @@
     password = args[0].to_s
     return nil if password.empty?
 
-    # work around JRuby bug in String#crypt for JRuby < 1.7.17
-    if RUBY_PLATFORM == 'java' and 'test'.crypt('$1$1') != '$1$1$Bp8CU9Oujr9SSEw53WV6G.'
-      def password.crypt(salt)
-        # puppetserver bundles Apache Commons Codec
-        org.apache.commons.codec.digest.Crypt.crypt(self.to_java_bytes, salt)
+    # handle weak implementations of String#crypt
+    if 'test'.crypt('$1$1') != '$1$1$Bp8CU9Oujr9SSEw53WV6G.'
+      # JRuby < 1.7.17
+      if RUBY_PLATFORM == 'java'
+        # override String#crypt for password variable
+        def password.crypt(salt)
+          # puppetserver bundles Apache Commons Codec
+          org.apache.commons.codec.digest.Crypt.crypt(self.to_java_bytes, salt)
+        end
+      else
+        # MS Windows and other systems that don't support enhanced salts
+        raise Puppet::ParseError, 'system does not support enhanced salts'
       end
     end
     password.crypt("$#{args[1]}$#{args[2]}")
diff --git a/spec/functions/pw_hash_spec.rb b/spec/functions/pw_hash_spec.rb
@@ -44,6 +44,11 @@
     expect { scope.function_pw_hash(['password', 6, '%']) }.to( raise_error(ArgumentError, /characters in salt must be in the set/) )
   end
 
+  it "should fail on platforms with weak implementations of String#crypt" do
+    String.any_instance.expects(:crypt).with('$1$1').returns('$1SoNol0Ye6Xk')
+    expect { scope.function_pw_hash(['password', 6, 'salt']) }.to( raise_error(Puppet::ParseError, /system does not support enhanced salts/) )
+  end
+
   it "should return a hashed password" do
     result = scope.function_pw_hash(['password', 6, 'salt'])
     expect(result).to eql('$6$salt$IxDD3jeSOb5eB1CX5LBsqZFVkJdido3OUILO5Ifz5iwMuTS4XMS130MTSuDDl3aCI6WouIL9AjRbLCelDCy.g.')
