+++ /dev/null
-#!/usr/bin/perl
-# BEGIN BPS TAGGED BLOCK {{{
-#
-# COPYRIGHT:
-#
-# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC
-# <sales@bestpractical.com>
-#
-# (Except where explicitly superseded by other copyright notices)
-#
-#
-# LICENSE:
-#
-# This work is made available to you under the terms of Version 2 of
-# the GNU General Public License. A copy of that license should have
-# been provided with this software, but in any event can be snarfed
-# from www.gnu.org.
-#
-# This work is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-# 02110-1301 or visit their web page on the internet at
-# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
-#
-#
-# CONTRIBUTION SUBMISSION POLICY:
-#
-# (The following paragraph is not intended to limit the rights granted
-# to you to modify and distribute this software under the terms of
-# the GNU General Public License and is only of importance to you if
-# you choose to contribute your changes and enhancements to the
-# community by submitting them to Best Practical Solutions, LLC.)
-#
-# By intentionally submitting any modifications, corrections or
-# derivatives to this work, or any other work intended for use with
-# Request Tracker, to Best Practical Solutions, LLC, you confirm that
-# you are the copyright holder for those contributions and you grant
-# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
-# royalty-free, perpetual, license to use, copy, create derivative
-# works based on those contributions, and sublicense and distribute
-# those contributions and any derivatives thereof.
-#
-# END BPS TAGGED BLOCK }}}
-use strict;
-use warnings;
-
-use lib "local/lib";
-use lib "lib";
-
-use RT;
-RT::LoadConfig;
-RT::Init;
-
-$| = 1;
-
-use Getopt::Long;
-use Digest::SHA;
-my $fix;
-GetOptions("fix!" => \$fix);
-
-use RT::Users;
-my $users = RT::Users->new( $RT::SystemUser );
-$users->Limit(
- FIELD => 'Password',
- OPERATOR => 'IS NOT',
- VALUE => 'NULL',
- ENTRYAGGREGATOR => 'AND',
-);
-$users->Limit(
- FIELD => 'Password',
- OPERATOR => '!=',
- VALUE => '*NO-PASSWORD*',
- ENTRYAGGREGATOR => 'AND',
-);
-$users->Limit(
- FIELD => 'Password',
- OPERATOR => 'NOT STARTSWITH',
- VALUE => '!',
- ENTRYAGGREGATOR => 'AND',
-);
-push @{$users->{'restrictions'}{ "main.Password" }}, "AND", {
- field => 'LENGTH(main.Password)',
- op => '<',
- value => '40',
-};
-
-my $count = $users->Count;
-if ($count == 0) {
- print "No users with unsalted or weak cryptography found.\n";
- exit 0;
-}
-
-if ($fix) {
- print "Upgrading $count users...\n";
- while (my $u = $users->Next) {
- my $stored = $u->__Value("Password");
- my $raw;
- if (length $stored == 32) {
- $raw = pack("H*",$stored);
- } elsif (length $stored == 22) {
- $raw = MIME::Base64::decode_base64($stored);
- } elsif (length $stored == 13) {
- printf "%20s => Old crypt() format, cannot upgrade\n", $u->Name;
- } else {
- printf "%20s => Unknown password format!\n", $u->Name;
- }
- next unless $raw;
-
- my $salt = pack("C4",map{int rand(256)} 1..4);
- my $sha = Digest::SHA::sha256(
- $salt . $raw
- );
- $u->_Set(
- Field => "Password",
- Value => MIME::Base64::encode_base64(
- $salt . substr($sha,0,26), ""),
- );
- }
- print "Done.\n";
- exit 0;
-} else {
- if ($count < 20) {
- print "$count users found with unsalted or weak-cryptography passwords:\n";
- print " Id | Name\n", "-"x9, "+", "-"x9, "\n";
- while (my $u = $users->Next) {
- printf "%8d | %s\n", $u->Id, $u->Name;
- }
- } else {
- print "$count users found with unsalted or weak-cryptography passwords\n";
- }
-
- print "\n", "Run again with --fix to upgrade.\n";
- exit 1;
-}