Merge pull request #474 from a-courteille/master

Fix PBKDF2 implementation to use Adapted Base64 encoding

Author: smortex

lib/puppet/functions/openldap_password.rb

@@ -35,6 +35,10 @@
     return_type 'String'
   end
 
+  def ab64_encode(data)
+    Base64.strict_encode64(data).tr('+', '.').delete('=')
+  end
+
   def generate_password(secret, scheme = 'SSHA', iterations = 60_000, hash_type = 'SHA512')
     case scheme[%r{([A-Z,0-9]+)}, 1]
     when 'PBKDF2'
@@ -55,13 +59,7 @@ def generate_password(secret, scheme = 'SSHA', iterations = 60_000, hash_type =
         config[:obj]
       )
 
-      value = [
-        salt,
-        iterations.to_s,
-        derived_key
-      ].join('$')
-
-      password = "{PBKDF2-#{config[:name]}}#{Base64.strict_encode64(value)}"
+      password = "{PBKDF2-#{config[:name]}}#{iterations}$#{ab64_encode(salt)}$#{ab64_encode(derived_key)}"
     when 'CRYPT'
       salt = call_function('fqdn_rand_string', 2)
       password = "{CRYPT}#{secret.crypt(salt)}"