summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Install
diff options
context:
space:
mode:
authorReed Loden <reed@reedloden.com>2012-12-31 22:51:11 +0100
committerReed Loden <reed@reedloden.com>2012-12-31 22:51:11 +0100
commit4663186fdcb2ac1142d3697e27a8f67ce3c92510 (patch)
treefe2720a0c265ca480cb425b83ff6585ec081df65 /Bugzilla/Install
parenta9fb9c4b84b21f01a9bfea6eea13ee1b27435ca6 (diff)
downloadbugzilla-4663186fdcb2ac1142d3697e27a8f67ce3c92510.tar.gz
bugzilla-4663186fdcb2ac1142d3697e27a8f67ce3c92510.tar.xz
Bug 785283 - Support increased values for PASSWORD_SALT_LENGTH without breaking compat with old hashes
[r=LpSolit a=LpSolit]
Diffstat (limited to 'Bugzilla/Install')
-rw-r--r--Bugzilla/Install/DB.pm37
1 files changed, 37 insertions, 0 deletions
diff --git a/Bugzilla/Install/DB.pm b/Bugzilla/Install/DB.pm
index abf57ac27..e1a3f3630 100644
--- a/Bugzilla/Install/DB.pm
+++ b/Bugzilla/Install/DB.pm
@@ -24,6 +24,7 @@ use Bugzilla::Field;
use Date::Parse;
use Date::Format;
+use Digest;
use IO::File;
use List::MoreUtils qw(uniq);
use URI;
@@ -701,6 +702,9 @@ sub update_table_definitions {
# 2012-08-01 koosha.khajeh@gmail.com - Bug 187753
_shorten_long_quips();
+ # 2012-12-29 reed@reedloden.com - Bug 785283
+ _add_password_salt_separator();
+
################################################################
# New --TABLE-- changes should go *** A B O V E *** this point #
################################################################
@@ -3776,6 +3780,39 @@ sub _shorten_long_quips {
$dbh->bz_alter_column('quips', 'quip', { TYPE => 'varchar(512)', NOTNULL => 1});
}
+sub _add_password_salt_separator {
+ my $dbh = Bugzilla->dbh;
+
+ $dbh->bz_start_transaction();
+
+ my $profiles = $dbh->selectall_arrayref("SELECT userid, cryptpassword FROM profiles WHERE ("
+ . $dbh->sql_regexp("cryptpassword", "'^[^,]+{'") . ")");
+
+ if (@$profiles) {
+ say "Adding salt separator to password hashes...";
+
+ my $query = $dbh->prepare("UPDATE profiles SET cryptpassword = ? WHERE userid = ?");
+ my %algo_sizes;
+
+ foreach my $profile (@$profiles) {
+ my ($userid, $hash) = @$profile;
+ my ($algorithm) = $hash =~ /{([^}]+)}$/;
+
+ $algo_sizes{$algorithm} ||= length(Digest->new($algorithm)->b64digest);
+
+ # Calculate the salt length by taking the stored hash and
+ # subtracting the combined lengths of the hash size, the
+ # algorithm name, and 2 for the {} surrounding the name.
+ my $not_salt_len = $algo_sizes{$algorithm} + length($algorithm) + 2;
+ my $salt_len = length($hash) - $not_salt_len;
+
+ substr($hash, $salt_len, 0, ',');
+ $query->execute($hash, $userid);
+ }
+ }
+ $dbh->bz_commit_transaction();
+}
+
1;
__END__