diff options
author | Joey Hess <joey@kodama.kitenet.net> | 2008-05-30 17:35:34 -0400 |
---|---|---|
committer | Joey Hess <joey@kodama.kitenet.net> | 2008-05-30 17:35:34 -0400 |
commit | e943812dc9802d134f2d9627a6c4fc94fe9c26f9 (patch) | |
tree | 1701440755ca77c14ee59c03f3b025fe6c3d6c88 /ikiwiki-transition | |
parent | a436a064d2cb04e328bbd391fe3eb1c3a79d25bb (diff) |
hashed password support, and empty password security fix
This implements the previously documented hashed password support.
While implementing that, I noticed a security hole, which this commit
also fixes..
Diffstat (limited to 'ikiwiki-transition')
-rwxr-xr-x | ikiwiki-transition | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/ikiwiki-transition b/ikiwiki-transition index 0177f98a9..e02c3aaed 100755 --- a/ikiwiki-transition +++ b/ikiwiki-transition @@ -57,6 +57,8 @@ sub indexdb { usage(); } + # Note: No lockwiki here because ikiwiki already locks it + # before calling this. if (! IkiWiki::oldloadindex()) { die "failed to load index\n"; } @@ -71,11 +73,38 @@ sub indexdb { } } +sub hashpassword { + $config{wikistatedir}=shift()."/.ikiwiki"; + + if (! defined $config{wikistatedir}) { + usage(); + } + + eval q{use IkiWiki::UserInfo}; + eval q{use Authen::Passphrase::BlowfishCrypt}; + if ($@) { + error("ikiwiki-transition hashpassword: failed to load Authen::Passphrase, passwords not hashed"); + } + + IkiWiki::lockwiki(); + IkiWiki::loadplugin("passwordauth"); + my $userinfo = IkiWiki::userinfo_retrieve(); + foreach my $user (keys %{$userinfo}) { + if (ref $userinfo->{$user} && + exists $userinfo->{$user}->{password} && + length $userinfo->{$user}->{password} && + ! exists $userinfo->{$user}->{cryptpassword}) { + IkiWiki::Plugin::passwordauth::setpassword($user, $userinfo->{$user}->{password}); + } + } +} + sub usage { print STDERR "Usage: ikiwiki-transition type ...\n"; print STDERR "Currently supported transition subcommands:\n"; print STDERR " prefix_directives file\n"; print STDERR " indexdb srcdir\n"; + print STDERR " hashpassword srcdir\n"; exit 1; } @@ -85,6 +114,9 @@ my $mode=shift; if ($mode eq 'prefix_directives') { prefix_directives(@ARGV); } +if ($mode eq 'hashpassword') { + hashpassword(@ARGV); +} elsif ($mode eq 'indexdb') { indexdb(@ARGV); } |