From e000b12c9452223a9d62aef23a686287b8b7ee69 Mon Sep 17 00:00:00 2001 From: Simon Effenberg Date: Thu, 30 Apr 2015 09:37:22 +0200 Subject: [PATCH 1/3] fixes apache::htpasswd encrypted passwords (crypt_password) were encrypted again whereas unencrypted passwords (plain_password) weren't encrypted at all --- manifests/htpasswd.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/htpasswd.pp b/manifests/htpasswd.pp index 1a5ae88..06807bd 100644 --- a/manifests/htpasswd.pp +++ b/manifests/htpasswd.pp @@ -23,7 +23,7 @@ # Default: false (either crypt_password or clear_password must be set) # # [*clear_password*] -# Clear password (as it appears in htpasswd) +# Clear password (will be encrypted before storing in htpasswd) # Default: false (either crypt_password or clear_password must be set) # # @@ -78,14 +78,14 @@ } if $crypt_password { - exec { "test -f ${real_htpasswd_file} || OPT='-c'; htpasswd -b \${OPT} ${real_htpasswd_file} ${username} '${crypt_password}'": + exec { "test -f ${real_htpasswd_file} || OPT='-c'; htpasswd -bp \${OPT} ${real_htpasswd_file} ${username} '${crypt_password}'": unless => "grep -q '${username}:${crypt_password}' ${real_htpasswd_file}", path => '/bin:/sbin:/usr/bin:/usr/sbin', } } if $clear_password { - exec { "test -f ${real_htpasswd_file} || OPT='-c'; htpasswd -bp \$OPT ${real_htpasswd_file} ${username} ${clear_password}": + exec { "test -f ${real_htpasswd_file} || OPT='-c'; htpasswd -b \$OPT ${real_htpasswd_file} ${username} '${clear_password}'": unless => "egrep '^${username}:' ${real_htpasswd_file} && grep ${username}:\$(mkpasswd -S \$(egrep '^${username}:' ${real_htpasswd_file} |cut -d : -f 2 |cut -c-2) ${clear_password}) ${real_htpasswd_file}", path => '/bin:/sbin:/usr/bin:/usr/sbin', } From 0dc7a9915272d3bce3aa0a90479a8e64654d849a Mon Sep 17 00:00:00 2001 From: Simon Effenberg Date: Mon, 4 May 2015 01:14:44 +0200 Subject: [PATCH 2/3] be backward compatible now the behavior is like before but the documentation should be a little bit more clear also using an encrypted password in combination with `clear_password` should work now as long as no single quote is being used in it.. --- manifests/htpasswd.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/htpasswd.pp b/manifests/htpasswd.pp index 06807bd..0b8d144 100644 --- a/manifests/htpasswd.pp +++ b/manifests/htpasswd.pp @@ -19,11 +19,11 @@ # Default: $name # # [*crypt_password*] -# Crypted password (as it appears in htpasswd) +# Plain password which will be stored encrypted in the htpasswd file # Default: false (either crypt_password or clear_password must be set) # # [*clear_password*] -# Clear password (will be encrypted before storing in htpasswd) +# Clear password which will be stored 'as is' in the htpasswd file # Default: false (either crypt_password or clear_password must be set) # # @@ -78,14 +78,14 @@ } if $crypt_password { - exec { "test -f ${real_htpasswd_file} || OPT='-c'; htpasswd -bp \${OPT} ${real_htpasswd_file} ${username} '${crypt_password}'": + exec { "test -f ${real_htpasswd_file} || OPT='-c'; htpasswd -b \${OPT} ${real_htpasswd_file} ${username} '${crypt_password}'": unless => "grep -q '${username}:${crypt_password}' ${real_htpasswd_file}", path => '/bin:/sbin:/usr/bin:/usr/sbin', } } if $clear_password { - exec { "test -f ${real_htpasswd_file} || OPT='-c'; htpasswd -b \$OPT ${real_htpasswd_file} ${username} '${clear_password}'": + exec { "test -f ${real_htpasswd_file} || OPT='-c'; htpasswd -bp \$OPT ${real_htpasswd_file} ${username} '${clear_password}'": unless => "egrep '^${username}:' ${real_htpasswd_file} && grep ${username}:\$(mkpasswd -S \$(egrep '^${username}:' ${real_htpasswd_file} |cut -d : -f 2 |cut -c-2) ${clear_password}) ${real_htpasswd_file}", path => '/bin:/sbin:/usr/bin:/usr/sbin', } From 0f1651be0475856d68ce48bdacdb45aede2ef612 Mon Sep 17 00:00:00 2001 From: Simon Effenberg Date: Mon, 4 May 2015 01:28:11 +0200 Subject: [PATCH 3/3] added missing single quotes in the 'test' section --- manifests/htpasswd.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/htpasswd.pp b/manifests/htpasswd.pp index 0b8d144..3f10a58 100644 --- a/manifests/htpasswd.pp +++ b/manifests/htpasswd.pp @@ -86,7 +86,7 @@ if $clear_password { exec { "test -f ${real_htpasswd_file} || OPT='-c'; htpasswd -bp \$OPT ${real_htpasswd_file} ${username} '${clear_password}'": - unless => "egrep '^${username}:' ${real_htpasswd_file} && grep ${username}:\$(mkpasswd -S \$(egrep '^${username}:' ${real_htpasswd_file} |cut -d : -f 2 |cut -c-2) ${clear_password}) ${real_htpasswd_file}", + unless => "egrep '^${username}:' ${real_htpasswd_file} && grep ${username}:\$(mkpasswd -S \$(egrep '^${username}:' ${real_htpasswd_file} |cut -d : -f 2 |cut -c-2) '${clear_password}') ${real_htpasswd_file}", path => '/bin:/sbin:/usr/bin:/usr/sbin', } }