From 7cdc6db5c05589a87b2a46da96fbdc5977eb16ca Mon Sep 17 00:00:00 2001
From: Aaron LI <aly@aaronly.me>
Date: Mon, 9 Apr 2018 14:22:39 +0800
Subject: Add filter_plugins/passwd.py with cryptpass() method

---
 filter_plugins/passwd.py | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 filter_plugins/passwd.py

diff --git a/filter_plugins/passwd.py b/filter_plugins/passwd.py
new file mode 100644
index 0000000..252cd6e
--- /dev/null
+++ b/filter_plugins/passwd.py
@@ -0,0 +1,29 @@
+# Copyright (c) 2018 Aaron LI <aly@aaronly.me>
+# MIT License
+
+"""
+Custom Ansible template filters to crypt/hash passwords.
+"""
+
+import os
+import base64
+import crypt
+
+
+def cryptpass(p):
+    """
+    Crypt the given plaintext password with salted SHA512 scheme,
+    which is supported by Linux/BSDs.
+    """
+    hashtype = "$6$"
+    saltlen = 16
+    salt = os.urandom(saltlen)
+    salt = base64.b64encode(salt)[:saltlen]
+    return crypt.crypt(p, hashtype+salt)
+
+
+class FilterModule(object):
+    def filters(self):
+        return {
+            "cryptpass": cryptpass,
+        }
-- 
cgit v1.2.2