diff options
Diffstat (limited to 'rt/etc/upgrade/vulnerable-passwords')
| -rwxr-xr-x | rt/etc/upgrade/vulnerable-passwords | 139 |
1 files changed, 0 insertions, 139 deletions
diff --git a/rt/etc/upgrade/vulnerable-passwords b/rt/etc/upgrade/vulnerable-passwords deleted file mode 100755 index f0fed0cfe..000000000 --- a/rt/etc/upgrade/vulnerable-passwords +++ /dev/null @@ -1,139 +0,0 @@ -#!/usr/bin/perl -# BEGIN BPS TAGGED BLOCK {{{ -# -# COPYRIGHT: -# -# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC -# <sales@bestpractical.com> -# -# (Except where explicitly superseded by other copyright notices) -# -# -# LICENSE: -# -# This work is made available to you under the terms of Version 2 of -# the GNU General Public License. A copy of that license should have -# been provided with this software, but in any event can be snarfed -# from www.gnu.org. -# -# This work is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -# 02110-1301 or visit their web page on the internet at -# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. -# -# -# CONTRIBUTION SUBMISSION POLICY: -# -# (The following paragraph is not intended to limit the rights granted -# to you to modify and distribute this software under the terms of -# the GNU General Public License and is only of importance to you if -# you choose to contribute your changes and enhancements to the -# community by submitting them to Best Practical Solutions, LLC.) -# -# By intentionally submitting any modifications, corrections or -# derivatives to this work, or any other work intended for use with -# Request Tracker, to Best Practical Solutions, LLC, you confirm that -# you are the copyright holder for those contributions and you grant -# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, -# royalty-free, perpetual, license to use, copy, create derivative -# works based on those contributions, and sublicense and distribute -# those contributions and any derivatives thereof. -# -# END BPS TAGGED BLOCK }}} -use strict; -use warnings; - -use lib "local/lib"; -use lib "lib"; - -use RT; -RT::LoadConfig; -RT::Init; - -$| = 1; - -use Getopt::Long; -use Digest::SHA; -my $fix; -GetOptions("fix!" => \$fix); - -use RT::Users; -my $users = RT::Users->new( $RT::SystemUser ); -$users->Limit( - FIELD => 'Password', - OPERATOR => 'IS NOT', - VALUE => 'NULL', - ENTRYAGGREGATOR => 'AND', -); -$users->Limit( - FIELD => 'Password', - OPERATOR => '!=', - VALUE => '*NO-PASSWORD*', - ENTRYAGGREGATOR => 'AND', -); -$users->Limit( - FIELD => 'Password', - OPERATOR => 'NOT STARTSWITH', - VALUE => '!', - ENTRYAGGREGATOR => 'AND', -); -push @{$users->{'restrictions'}{ "main.Password" }}, "AND", { - field => 'LENGTH(main.Password)', - op => '<', - value => '40', -}; - -my $count = $users->Count; -if ($count == 0) { - print "No users with unsalted or weak cryptography found.\n"; - exit 0; -} - -if ($fix) { - print "Upgrading $count users...\n"; - while (my $u = $users->Next) { - my $stored = $u->__Value("Password"); - my $raw; - if (length $stored == 32) { - $raw = pack("H*",$stored); - } elsif (length $stored == 22) { - $raw = MIME::Base64::decode_base64($stored); - } elsif (length $stored == 13) { - printf "%20s => Old crypt() format, cannot upgrade\n", $u->Name; - } else { - printf "%20s => Unknown password format!\n", $u->Name; - } - next unless $raw; - - my $salt = pack("C4",map{int rand(256)} 1..4); - my $sha = Digest::SHA::sha256( - $salt . $raw - ); - $u->_Set( - Field => "Password", - Value => MIME::Base64::encode_base64( - $salt . substr($sha,0,26), ""), - ); - } - print "Done.\n"; - exit 0; -} else { - if ($count < 20) { - print "$count users found with unsalted or weak-cryptography passwords:\n"; - print " Id | Name\n", "-"x9, "+", "-"x9, "\n"; - while (my $u = $users->Next) { - printf "%8d | %s\n", $u->Id, $u->Name; - } - } else { - print "$count users found with unsalted or weak-cryptography passwords\n"; - } - - print "\n", "Run again with --fix to upgrade.\n"; - exit 1; -} |