From fc6209f398899f0211cfcedeb81a3cd65e04a941 Mon Sep 17 00:00:00 2001 From: ivan Date: Thu, 17 Feb 2011 00:25:23 +0000 Subject: import rt 3.8.9 --- rt/etc/RT_Config.pm | 80 +++++++++----- rt/etc/RT_Config.pm.in | 80 +++++++++----- rt/etc/acl.mysql | 6 +- rt/etc/initialdata | 8 +- rt/etc/upgrade/3.8-branded-queues-extension | 32 +++--- rt/etc/upgrade/3.8-branded-queues-extension.in | 30 +++--- rt/etc/upgrade/3.8-ical-extension | 32 +++--- rt/etc/upgrade/3.8-ical-extension.in | 30 +++--- rt/etc/upgrade/3.8.2/content | 8 +- rt/etc/upgrade/3.8.9/content | 63 +++++++++++ rt/etc/upgrade/generate-rtaddressregexp | 87 ++++++++++++++++ rt/etc/upgrade/generate-rtaddressregexp.in | 87 ++++++++++++++++ rt/etc/upgrade/shrink_cgm_table.pl | 54 +++++++++- rt/etc/upgrade/shrink_transactions_table.pl | 124 ++++++++++++++++++++++ rt/etc/upgrade/split-out-cf-categories | 32 +++--- rt/etc/upgrade/split-out-cf-categories.in | 30 +++--- rt/etc/upgrade/upgrade-mysql-schema.pl | 48 ++++++++- rt/etc/upgrade/vulnerable-passwords | 139 +++++++++++++++++++++++++ rt/etc/upgrade/vulnerable-passwords.in | 139 +++++++++++++++++++++++++ 19 files changed, 952 insertions(+), 157 deletions(-) create mode 100644 rt/etc/upgrade/3.8.9/content create mode 100755 rt/etc/upgrade/generate-rtaddressregexp create mode 100644 rt/etc/upgrade/generate-rtaddressregexp.in create mode 100644 rt/etc/upgrade/shrink_transactions_table.pl create mode 100755 rt/etc/upgrade/vulnerable-passwords create mode 100755 rt/etc/upgrade/vulnerable-passwords.in (limited to 'rt/etc') diff --git a/rt/etc/RT_Config.pm b/rt/etc/RT_Config.pm index a5dacd327..67d131319 100644 --- a/rt/etc/RT_Config.pm +++ b/rt/etc/RT_Config.pm @@ -284,6 +284,11 @@ regular expression that matches all addresses used by your RT. This lets RT avoid sending mail to itself. It will also hide RT addresses from the list of "One-time Cc" and Bcc lists on ticket reply. +If you have a number of addresses configured in your RT database already, you +can generate a naive first pass regexp by using + + perl etc/upgrade/generate-rtaddressregexp + =cut Set($RTAddressRegexp , undef); @@ -315,24 +320,6 @@ F Set($CanonicalizeOnCreate, 0); -=item C<$SenderMustExistInExternalDatabase> - -If C<$SenderMustExistInExternalDatabase> is true, RT will refuse to -create non-privileged accounts for unknown users if you are using -the C<$LookupSenderInExternalDatabase> option. -Instead, an error message will be mailed and RT will forward the -message to C<$RTOwner>. - -If you are not using C<$LookupSenderInExternalDatabase>, this option -has no effect. - -If you define an AutoRejectRequest template, RT will use this -template for the rejection message. - -=cut - -Set($SenderMustExistInExternalDatabase , undef); - =item C<$ValidateUserEmailAddresses> If C<$ValidateUserEmailAddresses> is true, RT will refuse to create users with @@ -388,6 +375,11 @@ or 'qmail'. Note that you should remove the '-t' from C<$SendmailArguments> if you use 'sendmail' rather than 'sendmailpipe' +For testing purposes, or to simply disable sending mail out into the world, you +can set C<$MailCommand> to 'testfile' which writes all mail to a temporary +file. RT will log the location of the temporary file so you can extract mail +from it afterwards. + =cut Set($MailCommand , 'sendmailpipe'); @@ -407,8 +399,11 @@ Set($SetOutgoingMailFrom, 0); =item C<$OverrideOutgoingMailFrom> C<$OverrideOutgoingMailFrom> is used for overwriting the Correspond -address of the queue. The option is a hash reference of queue name to -email address. +address of the queue as it is handed to sendmail -f. This helps force +the From_ header away from www-data or other email addresses that show +up in the "Sent by" line in Outlook. + +The option is a hash reference of queue name to email address. If there is no ticket involved, then the value of the C key will be used. @@ -616,7 +611,7 @@ Set($UseFriendlyToLine, 0); =item C<$FriendlyToLineFormat> -C format of the friendly 'From:' header; its arguments +C format of the friendly 'To:' header; its arguments are WatcherType and TicketId. =cut @@ -1102,6 +1097,16 @@ displayed in kilobytes. If set to C<'b'>, then sizes will be bytes. Set($AttachmentUnits, undef); +=item C<$EditCustomFieldsSingleColumn> + +When displaying a list of Ticket Custom Fields for editing, RT defaults +to a 2 column list. If you set this to 1, it will instead display the +Custom Fields in a single column. + +=cut + +Set($EditCustomFieldsSingleColumn, 0); + =item C<$RedistributeAutoGeneratedMessages> Should RT redistribute correspondence that it identifies as @@ -1282,6 +1287,29 @@ search results in RT. Choose from [0, 120, 300, 600, 1200, 3600, 7200]. Set($SearchResultsRefreshInterval, 0); +=item C<$ResolveDefaultUpdateType> + +Set the default Update Type when clicking the Resolve link in the Ticket +links tab. + + Comment Comments (Not sent to requestors) + Respond Reply to requestors + +=cut + +Set($ResolveDefaultUpdateType, 'Comment'); + +=item C<$SuppressAutoOpenOnUpdate> + +When users click Comment or Reply on a new ticket in the web UI, the default +status for the ticket gets set to 'open' if the status is currently 'new'. +Setting this option to 1 will suppress that behavior and leave the default +status as 'new'. This option can be overridden by users in their preferences. + +=cut + +Set($SuppressAutoOpenOnUpdate, 0); + =item C<$OldestTransactionsFirst> By default, RT shows newest transactions at the bottom of the ticket @@ -1476,12 +1504,14 @@ Set( =item C<$ChartsTimezonesInDB> -Dates are stored using UTC timezone in the DB, so charts groupped +RT stores dates using the UTC timezone in the DB, so charts grouped by dates and time are not representative. Set C<$ChartsTimezonesInDB> -to a true value to enable timezones conversions using DB's -capabilities. You may need to do some work on DB side to use this +to a true value to enable timezone conversions using your DB's +capabilities. You may need to do some work on the DB side to use this feature, read more in F. +At this time, this feature only applies to MySQL and PostgreSQL. + =cut Set( $ChartsTimezonesInDB, 0 ); @@ -1664,7 +1694,7 @@ Set($AmbiguousDayInFuture, 0); =head1 Approval Configuration -Configration for the approvl system +Configuration for the approval system =over 4 diff --git a/rt/etc/RT_Config.pm.in b/rt/etc/RT_Config.pm.in index 9bd809acc..ea64a2e01 100644 --- a/rt/etc/RT_Config.pm.in +++ b/rt/etc/RT_Config.pm.in @@ -284,6 +284,11 @@ regular expression that matches all addresses used by your RT. This lets RT avoid sending mail to itself. It will also hide RT addresses from the list of "One-time Cc" and Bcc lists on ticket reply. +If you have a number of addresses configured in your RT database already, you +can generate a naive first pass regexp by using + + perl etc/upgrade/generate-rtaddressregexp + =cut Set($RTAddressRegexp , undef); @@ -315,24 +320,6 @@ F Set($CanonicalizeOnCreate, 0); -=item C<$SenderMustExistInExternalDatabase> - -If C<$SenderMustExistInExternalDatabase> is true, RT will refuse to -create non-privileged accounts for unknown users if you are using -the C<$LookupSenderInExternalDatabase> option. -Instead, an error message will be mailed and RT will forward the -message to C<$RTOwner>. - -If you are not using C<$LookupSenderInExternalDatabase>, this option -has no effect. - -If you define an AutoRejectRequest template, RT will use this -template for the rejection message. - -=cut - -Set($SenderMustExistInExternalDatabase , undef); - =item C<$ValidateUserEmailAddresses> If C<$ValidateUserEmailAddresses> is true, RT will refuse to create users with @@ -388,6 +375,11 @@ or 'qmail'. Note that you should remove the '-t' from C<$SendmailArguments> if you use 'sendmail' rather than 'sendmailpipe' +For testing purposes, or to simply disable sending mail out into the world, you +can set C<$MailCommand> to 'testfile' which writes all mail to a temporary +file. RT will log the location of the temporary file so you can extract mail +from it afterwards. + =cut Set($MailCommand , 'sendmailpipe'); @@ -407,8 +399,11 @@ Set($SetOutgoingMailFrom, 0); =item C<$OverrideOutgoingMailFrom> C<$OverrideOutgoingMailFrom> is used for overwriting the Correspond -address of the queue. The option is a hash reference of queue name to -email address. +address of the queue as it is handed to sendmail -f. This helps force +the From_ header away from www-data or other email addresses that show +up in the "Sent by" line in Outlook. + +The option is a hash reference of queue name to email address. If there is no ticket involved, then the value of the C key will be used. @@ -616,7 +611,7 @@ Set($UseFriendlyToLine, 0); =item C<$FriendlyToLineFormat> -C format of the friendly 'From:' header; its arguments +C format of the friendly 'To:' header; its arguments are WatcherType and TicketId. =cut @@ -1102,6 +1097,16 @@ displayed in kilobytes. If set to C<'b'>, then sizes will be bytes. Set($AttachmentUnits, undef); +=item C<$EditCustomFieldsSingleColumn> + +When displaying a list of Ticket Custom Fields for editing, RT defaults +to a 2 column list. If you set this to 1, it will instead display the +Custom Fields in a single column. + +=cut + +Set($EditCustomFieldsSingleColumn, 0); + =item C<$RedistributeAutoGeneratedMessages> Should RT redistribute correspondence that it identifies as @@ -1282,6 +1287,29 @@ search results in RT. Choose from [0, 120, 300, 600, 1200, 3600, 7200]. Set($SearchResultsRefreshInterval, 0); +=item C<$ResolveDefaultUpdateType> + +Set the default Update Type when clicking the Resolve link in the Ticket +links tab. + + Comment Comments (Not sent to requestors) + Respond Reply to requestors + +=cut + +Set($ResolveDefaultUpdateType, 'Comment'); + +=item C<$SuppressAutoOpenOnUpdate> + +When users click Comment or Reply on a new ticket in the web UI, the default +status for the ticket gets set to 'open' if the status is currently 'new'. +Setting this option to 1 will suppress that behavior and leave the default +status as 'new'. This option can be overridden by users in their preferences. + +=cut + +Set($SuppressAutoOpenOnUpdate, 0); + =item C<$OldestTransactionsFirst> By default, RT shows newest transactions at the bottom of the ticket @@ -1476,12 +1504,14 @@ Set( =item C<$ChartsTimezonesInDB> -Dates are stored using UTC timezone in the DB, so charts groupped +RT stores dates using the UTC timezone in the DB, so charts grouped by dates and time are not representative. Set C<$ChartsTimezonesInDB> -to a true value to enable timezones conversions using DB's -capabilities. You may need to do some work on DB side to use this +to a true value to enable timezone conversions using your DB's +capabilities. You may need to do some work on the DB side to use this feature, read more in F. +At this time, this feature only applies to MySQL and PostgreSQL. + =cut Set( $ChartsTimezonesInDB, 0 ); @@ -1664,7 +1694,7 @@ Set($AmbiguousDayInFuture, 0); =head1 Approval Configuration -Configration for the approvl system +Configuration for the approval system =over 4 diff --git a/rt/etc/acl.mysql b/rt/etc/acl.mysql index 0982ca228..16882378e 100755 --- a/rt/etc/acl.mysql +++ b/rt/etc/acl.mysql @@ -13,12 +13,10 @@ sub acl { return; } print "Granting access to $db_user\@'$db_rthost' on $db_name.\n"; + $db_name =~ s/([_%])/\\$1/g; return ( - "USE mysql;", - "DELETE FROM user WHERE user = '$db_user';", - "DELETE FROM db where db = '$db_name';", "GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE - ON $db_name.* + ON `$db_name`.* TO '$db_user'\@'$db_rthost' IDENTIFIED BY '$db_pass';", ); diff --git a/rt/etc/initialdata b/rt/etc/initialdata index 89db2cc64..9b5506b02 100644 --- a/rt/etc/initialdata +++ b/rt/etc/initialdata @@ -270,7 +270,7 @@ you may reply to this message. Name => 'Admin Comment', # loc Description => 'Default admin comment template', # loc Content => -'Subject: [Comment] {my $s=($Transaction->Subject||$Ticket->Subject); $s =~ s/\\[Comment\\]//g; $s =~ s/^Re//i; $s;} +'Subject: [Comment] {my $s=($Transaction->Subject||$Ticket->Subject); $s =~ s/\\[Comment\\]\\s*//g; $s =~ s/^Re:\\s*//i; $s;} RT-Attach-Message: yes @@ -331,7 +331,7 @@ batch-process all your pending approvals. Greetings, -Your ticket has been approved by { eval { $Approval->OwnerObj->Name } }. +Your ticket has been approved by { eval { $Approver->Name } }. Other approvals may be pending. Approver\'s notes: { $Notes } @@ -345,7 +345,7 @@ Approver\'s notes: { $Notes } Greetings, -Your ticket has been approved by { eval { $Approval->OwnerObj->Name } }. +Your ticket has been approved by { eval { $Approver->Name } }. Its Owner may now start to act on it. Approver\'s notes: { $Notes } @@ -359,7 +359,7 @@ Approver\'s notes: { $Notes } Greetings, -Your ticket has been rejected by { eval { $Approval->OwnerObj->Name } }. +Your ticket has been rejected by { eval { $Approver->Name } }. Approver\'s notes: { $Notes } ' diff --git a/rt/etc/upgrade/3.8-branded-queues-extension b/rt/etc/upgrade/3.8-branded-queues-extension index 6a0ea48b6..e594fc756 100755 --- a/rt/etc/upgrade/3.8-branded-queues-extension +++ b/rt/etc/upgrade/3.8-branded-queues-extension @@ -1,41 +1,41 @@ -#!/usr/bin/perl +#!/Users/falcone/perl5/perlbrew/bin/perl # BEGIN BPS TAGGED BLOCK {{{ -# +# # COPYRIGHT: -# -# This software is Copyright (c) 1996-2008 Best Practical Solutions, LLC -# -# +# +# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC +# +# # (Except where explicitly superseded by other copyright notices) -# -# +# +# # LICENSE: -# +# # This work is made available to you under the terms of Version 2 of # the GNU General Public License. A copy of that license should have # been provided with this software, but in any event can be snarfed # from www.gnu.org. -# +# # This work is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 or visit their web page on the internet at # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. -# -# +# +# # CONTRIBUTION SUBMISSION POLICY: -# +# # (The following paragraph is not intended to limit the rights granted # to you to modify and distribute this software under the terms of # the GNU General Public License and is only of importance to you if # you choose to contribute your changes and enhancements to the # community by submitting them to Best Practical Solutions, LLC.) -# +# # By intentionally submitting any modifications, corrections or # derivatives to this work, or any other work intended for use with # Request Tracker, to Best Practical Solutions, LLC, you confirm that @@ -44,7 +44,7 @@ # royalty-free, perpetual, license to use, copy, create derivative # works based on those contributions, and sublicense and distribute # those contributions and any derivatives thereof. -# +# # END BPS TAGGED BLOCK }}} use strict; use warnings; diff --git a/rt/etc/upgrade/3.8-branded-queues-extension.in b/rt/etc/upgrade/3.8-branded-queues-extension.in index 2f07d6e60..dece470d4 100755 --- a/rt/etc/upgrade/3.8-branded-queues-extension.in +++ b/rt/etc/upgrade/3.8-branded-queues-extension.in @@ -1,41 +1,41 @@ #!@PERL@ # BEGIN BPS TAGGED BLOCK {{{ -# +# # COPYRIGHT: -# -# This software is Copyright (c) 1996-2008 Best Practical Solutions, LLC -# -# +# +# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC +# +# # (Except where explicitly superseded by other copyright notices) -# -# +# +# # LICENSE: -# +# # This work is made available to you under the terms of Version 2 of # the GNU General Public License. A copy of that license should have # been provided with this software, but in any event can be snarfed # from www.gnu.org. -# +# # This work is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 or visit their web page on the internet at # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. -# -# +# +# # CONTRIBUTION SUBMISSION POLICY: -# +# # (The following paragraph is not intended to limit the rights granted # to you to modify and distribute this software under the terms of # the GNU General Public License and is only of importance to you if # you choose to contribute your changes and enhancements to the # community by submitting them to Best Practical Solutions, LLC.) -# +# # By intentionally submitting any modifications, corrections or # derivatives to this work, or any other work intended for use with # Request Tracker, to Best Practical Solutions, LLC, you confirm that @@ -44,7 +44,7 @@ # royalty-free, perpetual, license to use, copy, create derivative # works based on those contributions, and sublicense and distribute # those contributions and any derivatives thereof. -# +# # END BPS TAGGED BLOCK }}} use strict; use warnings; diff --git a/rt/etc/upgrade/3.8-ical-extension b/rt/etc/upgrade/3.8-ical-extension index 9561b9735..e4a72489d 100755 --- a/rt/etc/upgrade/3.8-ical-extension +++ b/rt/etc/upgrade/3.8-ical-extension @@ -1,41 +1,41 @@ -#!/usr/bin/perl +#!/Users/falcone/perl5/perlbrew/bin/perl # BEGIN BPS TAGGED BLOCK {{{ -# +# # COPYRIGHT: -# -# This software is Copyright (c) 1996-2008 Best Practical Solutions, LLC -# -# +# +# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC +# +# # (Except where explicitly superseded by other copyright notices) -# -# +# +# # LICENSE: -# +# # This work is made available to you under the terms of Version 2 of # the GNU General Public License. A copy of that license should have # been provided with this software, but in any event can be snarfed # from www.gnu.org. -# +# # This work is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 or visit their web page on the internet at # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. -# -# +# +# # CONTRIBUTION SUBMISSION POLICY: -# +# # (The following paragraph is not intended to limit the rights granted # to you to modify and distribute this software under the terms of # the GNU General Public License and is only of importance to you if # you choose to contribute your changes and enhancements to the # community by submitting them to Best Practical Solutions, LLC.) -# +# # By intentionally submitting any modifications, corrections or # derivatives to this work, or any other work intended for use with # Request Tracker, to Best Practical Solutions, LLC, you confirm that @@ -44,7 +44,7 @@ # royalty-free, perpetual, license to use, copy, create derivative # works based on those contributions, and sublicense and distribute # those contributions and any derivatives thereof. -# +# # END BPS TAGGED BLOCK }}} use strict; use warnings; diff --git a/rt/etc/upgrade/3.8-ical-extension.in b/rt/etc/upgrade/3.8-ical-extension.in index 510419c5a..45b14a6eb 100644 --- a/rt/etc/upgrade/3.8-ical-extension.in +++ b/rt/etc/upgrade/3.8-ical-extension.in @@ -1,41 +1,41 @@ #!@PERL@ # BEGIN BPS TAGGED BLOCK {{{ -# +# # COPYRIGHT: -# -# This software is Copyright (c) 1996-2008 Best Practical Solutions, LLC -# -# +# +# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC +# +# # (Except where explicitly superseded by other copyright notices) -# -# +# +# # LICENSE: -# +# # This work is made available to you under the terms of Version 2 of # the GNU General Public License. A copy of that license should have # been provided with this software, but in any event can be snarfed # from www.gnu.org. -# +# # This work is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 or visit their web page on the internet at # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. -# -# +# +# # CONTRIBUTION SUBMISSION POLICY: -# +# # (The following paragraph is not intended to limit the rights granted # to you to modify and distribute this software under the terms of # the GNU General Public License and is only of importance to you if # you choose to contribute your changes and enhancements to the # community by submitting them to Best Practical Solutions, LLC.) -# +# # By intentionally submitting any modifications, corrections or # derivatives to this work, or any other work intended for use with # Request Tracker, to Best Practical Solutions, LLC, you confirm that @@ -44,7 +44,7 @@ # royalty-free, perpetual, license to use, copy, create derivative # works based on those contributions, and sublicense and distribute # those contributions and any derivatives thereof. -# +# # END BPS TAGGED BLOCK }}} use strict; use warnings; diff --git a/rt/etc/upgrade/3.8.2/content b/rt/etc/upgrade/3.8.2/content index 9bd92be21..d8f54e9ba 100644 --- a/rt/etc/upgrade/3.8.2/content +++ b/rt/etc/upgrade/3.8.2/content @@ -1,10 +1,10 @@ @Initial = ( sub { $RT::Logger->warning( - "Going to add [OLD] prefix to all temlates in approvals queue." - ." If you never used approvals then you can delete all these" - ." templates with [OLD] prefix. Leave new there may be you will" - ." want to use approvals some time." + "Going to add [OLD] prefix to all templates in approvals queue." + ." If you have never used approvals, you can safely delete all the" + ." templates with the [OLD] prefix. Leave the new Approval templates because" + ." you may eventually want to start using approvals." ); my $approvals_q = RT::Queue->new( $RT::SystemUser ); diff --git a/rt/etc/upgrade/3.8.9/content b/rt/etc/upgrade/3.8.9/content new file mode 100644 index 000000000..8a28f7dce --- /dev/null +++ b/rt/etc/upgrade/3.8.9/content @@ -0,0 +1,63 @@ +@Initial = ( + sub { + use strict; + $RT::Logger->debug('Make sure local links are local'); + + use RT::URI::fsck_com_rt; + my $prefix = RT::URI::fsck_com_rt->LocalURIPrefix . '/ticket/'; + + foreach my $dir (qw(Target Base)) { + my $found; + do { + $found = 0; + my $links = RT::Links->new( $RT::SystemUser ); + $links->Limit( FIELD => $dir, OPERATOR => 'STARTSWITH', VALUE => $prefix ); + $links->Limit( FIELD => 'Local'.$dir, VALUE => 0 ); + $links->Limit( + ENTRYAGGREGATOR => 'OR', + FIELD => 'Local'.$dir, + OPERATOR => 'IS', + VALUE => 'NULL', + ); + $links->RowsPerPage( 1000 ); + while ( my $link = $links->Next ) { + $found++; + my $uri = $link->$dir(); + $uri =~ s/^\Q$prefix//; + if ( int($uri) eq $uri && $uri > 0 ) { + my $method = 'SetLocal'. $dir; + my ($status, $msg) = $link->$method( $uri ); + unless ( $status ) { + die "Couldn't change local $dir: $msg"; + } + } else { + die "$dir URI looks like local, but is not parseable"; + } + } + } while $found == 1000; + } + }, + sub { + my $queue = RT::Queue->new( $RT::SystemUser ); + $queue->Load('___Approvals'); + return unless $queue->id; + + for my $name ( + 'All Approvals Passed', 'Approval Passed', 'Approval Rejected' + ) + { + my $template = RT::Template->new($RT::SystemUser); + $template->LoadQueueTemplate( Name => $name, Queue => $queue->id ); + next unless $template->id; + my $content = $template->Content; + + # there is only one OwnerObj->Name normally, so no need /g + if ( $content =~ +s!(?<=Your ticket has been (?:approved|rejected) by { eval { )\$Approval->OwnerObj->Name!\$Approver->Name! + ) + { + $template->SetContent($content); + } + } + }, +); diff --git a/rt/etc/upgrade/generate-rtaddressregexp b/rt/etc/upgrade/generate-rtaddressregexp new file mode 100755 index 000000000..6c671454d --- /dev/null +++ b/rt/etc/upgrade/generate-rtaddressregexp @@ -0,0 +1,87 @@ +#!/Users/falcone/perl5/perlbrew/bin/perl +# BEGIN BPS TAGGED BLOCK {{{ +# +# COPYRIGHT: +# +# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC +# +# +# (Except where explicitly superseded by other copyright notices) +# +# +# LICENSE: +# +# This work is made available to you under the terms of Version 2 of +# the GNU General Public License. A copy of that license should have +# been provided with this software, but in any event can be snarfed +# from www.gnu.org. +# +# This work is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301 or visit their web page on the internet at +# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +# +# +# CONTRIBUTION SUBMISSION POLICY: +# +# (The following paragraph is not intended to limit the rights granted +# to you to modify and distribute this software under the terms of +# the GNU General Public License and is only of importance to you if +# you choose to contribute your changes and enhancements to the +# community by submitting them to Best Practical Solutions, LLC.) +# +# By intentionally submitting any modifications, corrections or +# derivatives to this work, or any other work intended for use with +# Request Tracker, to Best Practical Solutions, LLC, you confirm that +# you are the copyright holder for those contributions and you grant +# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +# royalty-free, perpetual, license to use, copy, create derivative +# works based on those contributions, and sublicense and distribute +# those contributions and any derivatives thereof. +# +# END BPS TAGGED BLOCK }}} +use strict; +use warnings; + +use lib "local/lib"; +use lib "lib"; + +use RT; +RT::LoadConfig(); +RT->Config->Set('LogToScreen' => 'debug'); +RT::Init(); + +$| = 1; + +if (my $re = RT->Config->Get('RTAddressRegexp')) { + print "No need to use this script, you already have RTAddressRegexp set to $re\n"; + exit; +} + +use RT::Queues; +my $queues = RT::Queues->new( $RT::SystemUser ); +$queues->UnLimit; +$queues->RowsPerPage(100); + +my @addresses = (RT->Config->Get('CorrespondAddress'), RT->Config->Get('CommentAddress')); +while ( my $queue = $queues->Next ) { + push @addresses, $queue->CorrespondAddress, $queue->CommentAddress; +} + +my %seen; +my $re = join '|', map "\Q$_\E", + grep defined && length && !$seen{ lc $_ }++, + @addresses; + +print < +# +# (Except where explicitly superseded by other copyright notices) +# +# +# LICENSE: +# +# This work is made available to you under the terms of Version 2 of +# the GNU General Public License. A copy of that license should have +# been provided with this software, but in any event can be snarfed +# from www.gnu.org. +# +# This work is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301 or visit their web page on the internet at +# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +# +# +# CONTRIBUTION SUBMISSION POLICY: +# +# (The following paragraph is not intended to limit the rights granted +# to you to modify and distribute this software under the terms of +# the GNU General Public License and is only of importance to you if +# you choose to contribute your changes and enhancements to the +# community by submitting them to Best Practical Solutions, LLC.) +# +# By intentionally submitting any modifications, corrections or +# derivatives to this work, or any other work intended for use with +# Request Tracker, to Best Practical Solutions, LLC, you confirm that +# you are the copyright holder for those contributions and you grant +# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +# royalty-free, perpetual, license to use, copy, create derivative +# works based on those contributions, and sublicense and distribute +# those contributions and any derivatives thereof. +# +# END BPS TAGGED BLOCK }}} +use strict; +use warnings; + +use lib "@LOCAL_LIB_PATH@"; +use lib "@RT_LIB_PATH@"; + +use RT; +RT::LoadConfig(); +RT->Config->Set('LogToScreen' => 'debug'); +RT::Init(); + +$| = 1; + +if (my $re = RT->Config->Get('RTAddressRegexp')) { + print "No need to use this script, you already have RTAddressRegexp set to $re\n"; + exit; +} + +use RT::Queues; +my $queues = RT::Queues->new( $RT::SystemUser ); +$queues->UnLimit; +$queues->RowsPerPage(100); + +my @addresses = (RT->Config->Get('CorrespondAddress'), RT->Config->Get('CommentAddress')); +while ( my $queue = $queues->Next ) { + push @addresses, $queue->CorrespondAddress, $queue->CommentAddress; +} + +my %seen; +my $re = join '|', map "\Q$_\E", + grep defined && length && !$seen{ lc $_ }++, + @addresses; + +print < +# +# (Except where explicitly superseded by other copyright notices) +# +# +# LICENSE: +# +# This work is made available to you under the terms of Version 2 of +# the GNU General Public License. A copy of that license should have +# been provided with this software, but in any event can be snarfed +# from www.gnu.org. +# +# This work is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301 or visit their web page on the internet at +# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +# +# +# CONTRIBUTION SUBMISSION POLICY: +# +# (The following paragraph is not intended to limit the rights granted +# to you to modify and distribute this software under the terms of +# the GNU General Public License and is only of importance to you if +# you choose to contribute your changes and enhancements to the +# community by submitting them to Best Practical Solutions, LLC.) +# +# By intentionally submitting any modifications, corrections or +# derivatives to this work, or any other work intended for use with +# Request Tracker, to Best Practical Solutions, LLC, you confirm that +# you are the copyright holder for those contributions and you grant +# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +# royalty-free, perpetual, license to use, copy, create derivative +# works based on those contributions, and sublicense and distribute +# those contributions and any derivatives thereof. +# +# END BPS TAGGED BLOCK }}} use 5.8.3; use strict; use warnings; @@ -43,8 +89,14 @@ $cgms->Limit( ENTRYAGGREGATOR => 'AND', ); +$| = 1; +my $total = $cgms->Count; +my $i = 0; + FetchNext( $cgms, 'init' ); while ( my $rec = FetchNext( $cgms ) ) { + $i++; + printf("\r%0.2f %%", 100 * $i / $total); $RT::Handle->BeginTransaction; my ($status) = $rec->Delete; unless ($status) { diff --git a/rt/etc/upgrade/shrink_transactions_table.pl b/rt/etc/upgrade/shrink_transactions_table.pl new file mode 100644 index 000000000..b4f2e1907 --- /dev/null +++ b/rt/etc/upgrade/shrink_transactions_table.pl @@ -0,0 +1,124 @@ +#!/usr/bin/perl +# BEGIN BPS TAGGED BLOCK {{{ +# +# COPYRIGHT: +# +# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC +# +# +# (Except where explicitly superseded by other copyright notices) +# +# +# LICENSE: +# +# This work is made available to you under the terms of Version 2 of +# the GNU General Public License. A copy of that license should have +# been provided with this software, but in any event can be snarfed +# from www.gnu.org. +# +# This work is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301 or visit their web page on the internet at +# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +# +# +# CONTRIBUTION SUBMISSION POLICY: +# +# (The following paragraph is not intended to limit the rights granted +# to you to modify and distribute this software under the terms of +# the GNU General Public License and is only of importance to you if +# you choose to contribute your changes and enhancements to the +# community by submitting them to Best Practical Solutions, LLC.) +# +# By intentionally submitting any modifications, corrections or +# derivatives to this work, or any other work intended for use with +# Request Tracker, to Best Practical Solutions, LLC, you confirm that +# you are the copyright holder for those contributions and you grant +# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +# royalty-free, perpetual, license to use, copy, create derivative +# works based on those contributions, and sublicense and distribute +# those contributions and any derivatives thereof. +# +# END BPS TAGGED BLOCK }}} +use 5.8.3; +use strict; +use warnings; + +use RT; +RT::LoadConfig(); +RT->Config->Set('LogToScreen' => 'debug'); +RT::Init(); + +use RT::Transactions; +my $txns = RT::Transactions->new( $RT::SystemUser ); +$txns->Limit( + FIELD => 'ObjectType', + OPERATOR => '=', + VALUE => 'RT::Group', + QUOTEVALUE => 1, + ENTRYAGGREGATOR => 'AND', +); + +my $alias = $txns->Join( + TYPE => 'LEFT', + FIELD1 => 'ObjectId', + TABLE2 => 'Groups', + FIELD2 => 'Id', +); +$txns->Limit( + ALIAS => $alias, + FIELD => 'Domain', + OPERATOR => '=', + VALUE => 'ACLEquivalence', + QUOTEVALUE => 1, + ENTRYAGGREGATOR => 'AND', +); + +$txns->Limit( + ALIAS => $alias, + FIELD => 'Type', + OPERATOR => '=', + VALUE => 'UserEquiv', + QUOTEVALUE => 1, + ENTRYAGGREGATOR => 'AND', +); + +$| = 1; +my $total = $txns->Count; +my $i = 0; + +FetchNext( $txns, 'init' ); +while ( my $rec = FetchNext( $txns ) ) { + $i++; + printf("\r%0.2f %%", 100 * $i / $total); + $RT::Handle->BeginTransaction; + my ($status) = $rec->Delete; + unless ($status) { + print STDERR "Couldn't delete TXN #". $rec->id; + exit 1; + } + $RT::Handle->Commit; +} + +use constant PAGE_SIZE => 1000; +sub FetchNext { + my ($objs, $init) = @_; + if ( $init ) { + $objs->RowsPerPage( PAGE_SIZE ); + $objs->FirstPage; + return; + } + + my $obj = $objs->Next; + return $obj if $obj; + $objs->RedoSearch; + $objs->FirstPage; + return $objs->Next; +} + diff --git a/rt/etc/upgrade/split-out-cf-categories b/rt/etc/upgrade/split-out-cf-categories index d4077ce54..7feacbf0b 100755 --- a/rt/etc/upgrade/split-out-cf-categories +++ b/rt/etc/upgrade/split-out-cf-categories @@ -1,41 +1,41 @@ -#!/usr/bin/perl +#!/Users/falcone/perl5/perlbrew/bin/perl # BEGIN BPS TAGGED BLOCK {{{ -# +# # COPYRIGHT: -# -# This software is Copyright (c) 1996-2008 Best Practical Solutions, LLC -# -# +# +# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC +# +# # (Except where explicitly superseded by other copyright notices) -# -# +# +# # LICENSE: -# +# # This work is made available to you under the terms of Version 2 of # the GNU General Public License. A copy of that license should have # been provided with this software, but in any event can be snarfed # from www.gnu.org. -# +# # This work is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 or visit their web page on the internet at # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. -# -# +# +# # CONTRIBUTION SUBMISSION POLICY: -# +# # (The following paragraph is not intended to limit the rights granted # to you to modify and distribute this software under the terms of # the GNU General Public License and is only of importance to you if # you choose to contribute your changes and enhancements to the # community by submitting them to Best Practical Solutions, LLC.) -# +# # By intentionally submitting any modifications, corrections or # derivatives to this work, or any other work intended for use with # Request Tracker, to Best Practical Solutions, LLC, you confirm that @@ -44,7 +44,7 @@ # royalty-free, perpetual, license to use, copy, create derivative # works based on those contributions, and sublicense and distribute # those contributions and any derivatives thereof. -# +# # END BPS TAGGED BLOCK }}} use strict; use warnings; diff --git a/rt/etc/upgrade/split-out-cf-categories.in b/rt/etc/upgrade/split-out-cf-categories.in index f34a1b616..9d157b4f5 100644 --- a/rt/etc/upgrade/split-out-cf-categories.in +++ b/rt/etc/upgrade/split-out-cf-categories.in @@ -1,41 +1,41 @@ #!@PERL@ # BEGIN BPS TAGGED BLOCK {{{ -# +# # COPYRIGHT: -# -# This software is Copyright (c) 1996-2008 Best Practical Solutions, LLC -# -# +# +# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC +# +# # (Except where explicitly superseded by other copyright notices) -# -# +# +# # LICENSE: -# +# # This work is made available to you under the terms of Version 2 of # the GNU General Public License. A copy of that license should have # been provided with this software, but in any event can be snarfed # from www.gnu.org. -# +# # This work is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 or visit their web page on the internet at # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. -# -# +# +# # CONTRIBUTION SUBMISSION POLICY: -# +# # (The following paragraph is not intended to limit the rights granted # to you to modify and distribute this software under the terms of # the GNU General Public License and is only of importance to you if # you choose to contribute your changes and enhancements to the # community by submitting them to Best Practical Solutions, LLC.) -# +# # By intentionally submitting any modifications, corrections or # derivatives to this work, or any other work intended for use with # Request Tracker, to Best Practical Solutions, LLC, you confirm that @@ -44,7 +44,7 @@ # royalty-free, perpetual, license to use, copy, create derivative # works based on those contributions, and sublicense and distribute # those contributions and any derivatives thereof. -# +# # END BPS TAGGED BLOCK }}} use strict; use warnings; diff --git a/rt/etc/upgrade/upgrade-mysql-schema.pl b/rt/etc/upgrade/upgrade-mysql-schema.pl index bc59c97a1..4a104b60f 100755 --- a/rt/etc/upgrade/upgrade-mysql-schema.pl +++ b/rt/etc/upgrade/upgrade-mysql-schema.pl @@ -1,5 +1,51 @@ #!/usr/bin/perl - +# BEGIN BPS TAGGED BLOCK {{{ +# +# COPYRIGHT: +# +# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC +# +# +# (Except where explicitly superseded by other copyright notices) +# +# +# LICENSE: +# +# This work is made available to you under the terms of Version 2 of +# the GNU General Public License. A copy of that license should have +# been provided with this software, but in any event can be snarfed +# from www.gnu.org. +# +# This work is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301 or visit their web page on the internet at +# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +# +# +# CONTRIBUTION SUBMISSION POLICY: +# +# (The following paragraph is not intended to limit the rights granted +# to you to modify and distribute this software under the terms of +# the GNU General Public License and is only of importance to you if +# you choose to contribute your changes and enhancements to the +# community by submitting them to Best Practical Solutions, LLC.) +# +# By intentionally submitting any modifications, corrections or +# derivatives to this work, or any other work intended for use with +# Request Tracker, to Best Practical Solutions, LLC, you confirm that +# you are the copyright holder for those contributions and you grant +# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +# royalty-free, perpetual, license to use, copy, create derivative +# works based on those contributions, and sublicense and distribute +# those contributions and any derivatives thereof. +# +# END BPS TAGGED BLOCK }}} use strict; use warnings; diff --git a/rt/etc/upgrade/vulnerable-passwords b/rt/etc/upgrade/vulnerable-passwords new file mode 100755 index 000000000..e5b69d069 --- /dev/null +++ b/rt/etc/upgrade/vulnerable-passwords @@ -0,0 +1,139 @@ +#!/Users/falcone/perl5/perlbrew/bin/perl +# BEGIN BPS TAGGED BLOCK {{{ +# +# COPYRIGHT: +# +# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC +# +# +# (Except where explicitly superseded by other copyright notices) +# +# +# LICENSE: +# +# This work is made available to you under the terms of Version 2 of +# the GNU General Public License. A copy of that license should have +# been provided with this software, but in any event can be snarfed +# from www.gnu.org. +# +# This work is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301 or visit their web page on the internet at +# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +# +# +# CONTRIBUTION SUBMISSION POLICY: +# +# (The following paragraph is not intended to limit the rights granted +# to you to modify and distribute this software under the terms of +# the GNU General Public License and is only of importance to you if +# you choose to contribute your changes and enhancements to the +# community by submitting them to Best Practical Solutions, LLC.) +# +# By intentionally submitting any modifications, corrections or +# derivatives to this work, or any other work intended for use with +# Request Tracker, to Best Practical Solutions, LLC, you confirm that +# you are the copyright holder for those contributions and you grant +# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +# royalty-free, perpetual, license to use, copy, create derivative +# works based on those contributions, and sublicense and distribute +# those contributions and any derivatives thereof. +# +# END BPS TAGGED BLOCK }}} +use strict; +use warnings; + +use lib "local/lib"; +use lib "lib"; + +use RT; +RT::LoadConfig; +RT::Init; + +$| = 1; + +use Getopt::Long; +use Digest::SHA; +my $fix; +GetOptions("fix!" => \$fix); + +use RT::Users; +my $users = RT::Users->new( $RT::SystemUser ); +$users->Limit( + FIELD => 'Password', + OPERATOR => 'IS NOT', + VALUE => 'NULL', + ENTRYAGGREGATOR => 'AND', +); +$users->Limit( + FIELD => 'Password', + OPERATOR => '!=', + VALUE => '*NO-PASSWORD*', + ENTRYAGGREGATOR => 'AND', +); +$users->Limit( + FIELD => 'Password', + OPERATOR => 'NOT STARTSWITH', + VALUE => '!', + ENTRYAGGREGATOR => 'AND', +); +push @{$users->{'restrictions'}{ "main.Password" }}, "AND", { + field => 'LENGTH(main.Password)', + op => '<', + value => '40', +}; + +my $count = $users->Count; +if ($count == 0) { + print "No users with unsalted or weak cryptography found.\n"; + exit 0; +} + +if ($fix) { + print "Upgrading $count users...\n"; + while (my $u = $users->Next) { + my $stored = $u->__Value("Password"); + my $raw; + if (length $stored == 32) { + $raw = pack("H*",$stored); + } elsif (length $stored == 22) { + $raw = MIME::Base64::decode_base64($stored); + } elsif (length $stored == 13) { + printf "%20s => Old crypt() format, cannot upgrade\n", $u->Name; + } else { + printf "%20s => Unknown password format!\n", $u->Name; + } + next unless $raw; + + my $salt = pack("C4",map{int rand(256)} 1..4); + my $sha = Digest::SHA::sha256( + $salt . $raw + ); + $u->_Set( + Field => "Password", + Value => MIME::Base64::encode_base64( + $salt . substr($sha,0,26), ""), + ); + } + print "Done.\n"; + exit 0; +} else { + if ($count < 20) { + print "$count users found with unsalted or weak-cryptography passwords:\n"; + print " Id | Name\n", "-"x9, "+", "-"x9, "\n"; + while (my $u = $users->Next) { + printf "%8d | %s\n", $u->Id, $u->Name; + } + } else { + print "$count users found with unsalted or weak-cryptography passwords\n"; + } + + print "\n", "Run again with --fix to upgrade.\n"; + exit 1; +} diff --git a/rt/etc/upgrade/vulnerable-passwords.in b/rt/etc/upgrade/vulnerable-passwords.in new file mode 100755 index 000000000..0af2b6423 --- /dev/null +++ b/rt/etc/upgrade/vulnerable-passwords.in @@ -0,0 +1,139 @@ +#!@PERL@ +# BEGIN BPS TAGGED BLOCK {{{ +# +# COPYRIGHT: +# +# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC +# +# +# (Except where explicitly superseded by other copyright notices) +# +# +# LICENSE: +# +# This work is made available to you under the terms of Version 2 of +# the GNU General Public License. A copy of that license should have +# been provided with this software, but in any event can be snarfed +# from www.gnu.org. +# +# This work is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301 or visit their web page on the internet at +# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +# +# +# CONTRIBUTION SUBMISSION POLICY: +# +# (The following paragraph is not intended to limit the rights granted +# to you to modify and distribute this software under the terms of +# the GNU General Public License and is only of importance to you if +# you choose to contribute your changes and enhancements to the +# community by submitting them to Best Practical Solutions, LLC.) +# +# By intentionally submitting any modifications, corrections or +# derivatives to this work, or any other work intended for use with +# Request Tracker, to Best Practical Solutions, LLC, you confirm that +# you are the copyright holder for those contributions and you grant +# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +# royalty-free, perpetual, license to use, copy, create derivative +# works based on those contributions, and sublicense and distribute +# those contributions and any derivatives thereof. +# +# END BPS TAGGED BLOCK }}} +use strict; +use warnings; + +use lib "@LOCAL_LIB_PATH@"; +use lib "@RT_LIB_PATH@"; + +use RT; +RT::LoadConfig; +RT::Init; + +$| = 1; + +use Getopt::Long; +use Digest::SHA; +my $fix; +GetOptions("fix!" => \$fix); + +use RT::Users; +my $users = RT::Users->new( $RT::SystemUser ); +$users->Limit( + FIELD => 'Password', + OPERATOR => 'IS NOT', + VALUE => 'NULL', + ENTRYAGGREGATOR => 'AND', +); +$users->Limit( + FIELD => 'Password', + OPERATOR => '!=', + VALUE => '*NO-PASSWORD*', + ENTRYAGGREGATOR => 'AND', +); +$users->Limit( + FIELD => 'Password', + OPERATOR => 'NOT STARTSWITH', + VALUE => '!', + ENTRYAGGREGATOR => 'AND', +); +push @{$users->{'restrictions'}{ "main.Password" }}, "AND", { + field => 'LENGTH(main.Password)', + op => '<', + value => '40', +}; + +my $count = $users->Count; +if ($count == 0) { + print "No users with unsalted or weak cryptography found.\n"; + exit 0; +} + +if ($fix) { + print "Upgrading $count users...\n"; + while (my $u = $users->Next) { + my $stored = $u->__Value("Password"); + my $raw; + if (length $stored == 32) { + $raw = pack("H*",$stored); + } elsif (length $stored == 22) { + $raw = MIME::Base64::decode_base64($stored); + } elsif (length $stored == 13) { + printf "%20s => Old crypt() format, cannot upgrade\n", $u->Name; + } else { + printf "%20s => Unknown password format!\n", $u->Name; + } + next unless $raw; + + my $salt = pack("C4",map{int rand(256)} 1..4); + my $sha = Digest::SHA::sha256( + $salt . $raw + ); + $u->_Set( + Field => "Password", + Value => MIME::Base64::encode_base64( + $salt . substr($sha,0,26), ""), + ); + } + print "Done.\n"; + exit 0; +} else { + if ($count < 20) { + print "$count users found with unsalted or weak-cryptography passwords:\n"; + print " Id | Name\n", "-"x9, "+", "-"x9, "\n"; + while (my $u = $users->Next) { + printf "%8d | %s\n", $u->Id, $u->Name; + } + } else { + print "$count users found with unsalted or weak-cryptography passwords\n"; + } + + print "\n", "Run again with --fix to upgrade.\n"; + exit 1; +} -- cgit v1.2.1