From 75c10c513dcbcae61cdb4cac0c9a8e326f503578 Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Wed, 30 Jul 2014 13:04:55 +0200
Subject: [PATCH] broken: hash passwords using pbkdf2

This will require some more work:
 * the pbkdf2 gem does not get installed properly
 * pbkdf2 should only be used from couch 1.3 onwards

After installing couch1.6 and the gem it worked for me though.
---
 manifests/base.pp | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/manifests/base.pp b/manifests/base.pp
index 356fefb..61ac4c9 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -31,6 +31,14 @@
     provider => 'gem'
   }
 
+  # required for new passwords hashing in admin.ini
+  package { 'pbkdf2':
+    ensure   => installed,
+    provider => 'gem'
+  }
+
+  Package['pbkdf2'] -> File['/etc/couchdb/local.d/admin.ini']
+
   File['/usr/local/bin/couch-doc-update'] ->  Couchdb::Update <| |>
   File['/usr/local/bin/couch-doc-diff'] ->  Couchdb::Update <| |>
 
@@ -78,11 +86,12 @@
     $salt        = $::couchdb::admin_salt
     $pw_and_salt = [ $::couchdb::admin_pw, $salt ]
     $sha1        = str_and_salt2sha1($pw_and_salt)
+    $pbkdf2      = str_and_salt2pbkdf2($pw_and_salt)
   }
 
   file { '/etc/couchdb/local.d/admin.ini':
     content => "[admins]
-admin = -hashed-${sha1},${salt}
+admin = -pbkdf2-${pbkdf2[0]},${pbkdf2[1]},${pbkdf2[2]}
 ",
     mode    => '0600',
     owner   => $couchdb_user,