I'm working to integrate OTRS in Joomla and my first problem was unify the user.
OTRS use a very ugly method with crypt and Joomla use pass in the form
"md5_hex(pass+salt):salt" where salt is a 32 bytes random number in
hex (a md5hex of a rand)
This patch convert de passwd of customer users in Joomla form.
------------------------------------------------------------------------------------------
diff -c /opt/otrs/Kernel/System/CustomerAuth/DB.pm.orig
/opt/otrs/Kernel/System/CustomerAuth/DB.pm
----------------------------------------------------------------
*** /opt/otrs/Kernel/System/CustomerAuth/DB.pm.orig 2010-07-09
22:46:03.775934414 -0300
--- /opt/otrs/Kernel/System/CustomerAuth/DB.pm 2010-07-10
12:20:26.468579343 -0300
***************
*** 13,19 ****
use strict;
use warnings;
!
use Crypt::PasswdMD5 qw(unix_md5_crypt);
use vars qw($VERSION);
--- 13,19 ----
use strict;
use warnings;
! use Digest::MD5 qw(md5_hex);
use Crypt::PasswdMD5 qw(unix_md5_crypt);
use vars qw($VERSION);
***************
*** 132,146 ****
$CryptedPw = $Pw;
}
elsif ( $GetPw !~ /^.{13}$/ ) {
-
# strip salt
! $Salt =~ s/^\$.+?\$(.+?)\$.*$/$1/;
!
# encode output, needed by unix_md5_crypt() only non utf8 signs
$Self->{EncodeObject}->EncodeOutput( \$Pw );
$Self->{EncodeObject}->EncodeOutput( \$Salt );
! $CryptedPw = unix_md5_crypt( $Pw, $Salt );
$Self->{EncodeObject}->Encode( \$CryptedPw );
}
--- 132,146 ----
$CryptedPw = $Pw;
}
elsif ( $GetPw !~ /^.{13}$/ ) {
# strip salt
! #$Salt =~ s/^\$.+?\$(.+?)\$.*$/$1/;
! $Salt =~ s/^.*:/$1/;
# encode output, needed by unix_md5_crypt() only non utf8 signs
$Self->{EncodeObject}->EncodeOutput( \$Pw );
$Self->{EncodeObject}->EncodeOutput( \$Salt );
! #$CryptedPw = unix_md5_crypt( $Pw, $Salt );
! $CryptedPw = md5_hex($Pw.$Salt).":".$Salt;
$Self->{EncodeObject}->Encode( \$CryptedPw );
}
***************
*** 148,168 ****
else {
# strip salt only for (Extended) DES, not for any of modular crypt's
! if ( $Salt !~ /^\$\d\$/ ) {
! $Salt =~ s/^(..).*/$1/;
! }
# and do this check only in such case (unfortunately there is a mod_perl2
# bug on RH8 - check if crypt() is working correctly) :-/
! if ( $Salt =~ /^\$\d\$/ || ( crypt( 'root', 'r...@localhost' ) eq
'roK20XGbWEsSM' ) ) {
! $Self->{EncodeObject}->EncodeOutput( \$Pw );
! $Self->{EncodeObject}->EncodeOutput( \$Salt );
# encode output, needed by crypt() only non utf8 signs
! $CryptedPw = crypt( $Pw, $Salt );
! $Self->{EncodeObject}->Encode( \$CryptedPw );
! }
! else {
$Self->{LogObject}->Log(
Priority => 'notice',
Message =>
--- 148,168 ----
else {
# strip salt only for (Extended) DES, not for any of modular crypt's
! #if ( $Salt !~ /^\$\d\$/ ) {
! # $Salt =~ s/^(..).*/$1/;
! #}
# and do this check only in such case (unfortunately there is a mod_perl2
# bug on RH8 - check if crypt() is working correctly) :-/
! #if ( $Salt =~ /^\$\d\$/ || ( crypt( 'root', 'r...@localhost' ) eq
'roK20XGbWEsSM' ) ) {
! # $Self->{EncodeObject}->EncodeOutput( \$Pw );
! # $Self->{EncodeObject}->EncodeOutput( \$Salt );
# encode output, needed by crypt() only non utf8 signs
! # $CryptedPw = crypt( $Pw, $Salt );
! # $Self->{EncodeObject}->Encode( \$CryptedPw );
! #}
! #else {
$Self->{LogObject}->Log(
Priority => 'notice',
Message =>
***************
*** 177,183 ****
}
close(IO);
chomp $CryptedPw;
! }
}
# just in case!
--- 177,183 ----
}
close(IO);
chomp $CryptedPw;
! #}
}
# just in case!
-------------------------------------------------------------------------------------------
diff -c /opt/otrs/Kernel/System/CustomerUser/DB.pm.orig
/opt/otrs/Kernel/System/CustomerUser/DB.pm
-----------------------------------------------
*** /opt/otrs/Kernel/System/CustomerUser/DB.pm.orig 2010-07-09
22:53:15.815936292 -0300
--- /opt/otrs/Kernel/System/CustomerUser/DB.pm 2010-07-10
12:20:48.126330149 -0300
***************
*** 13,19 ****
use strict;
use warnings;
!
use Crypt::PasswdMD5 qw(unix_md5_crypt);
use Kernel::System::CheckItem;
--- 13,19 ----
use strict;
use warnings;
! use Digest::MD5 qw(md5_hex);
use Crypt::PasswdMD5 qw(unix_md5_crypt);
use Kernel::System::CheckItem;
***************
*** 786,797 ****
# crypt with md5 crypt
else {
!
# encode output, needed by unix_md5_crypt() only non utf8 signs
$Self->{EncodeObject}->EncodeOutput( \$Pw );
! $Self->{EncodeObject}->EncodeOutput( \$Login );
!
! $CryptedPw = unix_md5_crypt( $Pw, $Login );
$Self->{EncodeObject}->Encode( \$CryptedPw );
}
--- 786,798 ----
# crypt with md5 crypt
else {
! my $Salt = md5_hex(rand());
# encode output, needed by unix_md5_crypt() only non utf8 signs
$Self->{EncodeObject}->EncodeOutput( \$Pw );
! #$Self->{EncodeObject}->EncodeOutput( \$Login );
! $Self->{EncodeObject}->EncodeOutput( \$Salt );
! #$CryptedPw = unix_md5_crypt( $Pw, $Login );
! $CryptedPw = md5_hex($Pw.$Salt).":".$Salt;
$Self->{EncodeObject}->Encode( \$CryptedPw );
}
-------------------------------------------------------------------------------
diff -c /opt/otrs/scripts/database/otrs-schema.mysql.sql.orig
/opt/otrs/scripts/database/otrs-schema.mysql.sql
-------------------------------------------------------
*** /opt/otrs/scripts/database/otrs-schema.mysql.sql.orig 2010-02-05
20:42:17.000000000 -0300
--- /opt/otrs/scripts/database/otrs-schema.mysql.sql 2010-07-10
12:44:07.190580174 -0300
***************
*** 62,68 ****
CREATE TABLE users (
id INTEGER NOT NULL AUTO_INCREMENT,
login VARCHAR (100) NOT NULL,
! pw VARCHAR (50) NOT NULL,
salutation VARCHAR (50) NULL,
first_name VARCHAR (100) NOT NULL,
last_name VARCHAR (100) NOT NULL,
--- 62,68 ----
CREATE TABLE users (
id INTEGER NOT NULL AUTO_INCREMENT,
login VARCHAR (100) NOT NULL,
! pw VARCHAR (65) NOT NULL,
salutation VARCHAR (50) NULL,
first_name VARCHAR (100) NOT NULL,
last_name VARCHAR (100) NOT NULL,
***************
*** 908,914 ****
login VARCHAR (100) NOT NULL,
email VARCHAR (150) NOT NULL,
customer_id VARCHAR (200) NOT NULL,
! pw VARCHAR (50) NULL,
salutation VARCHAR (50) NULL,
first_name VARCHAR (100) NOT NULL,
last_name VARCHAR (100) NOT NULL,
--- 908,914 ----
login VARCHAR (100) NOT NULL,
email VARCHAR (150) NOT NULL,
customer_id VARCHAR (200) NOT NULL,
! pw VARCHAR (65) NULL,
salutation VARCHAR (50) NULL,
first_name VARCHAR (100) NOT NULL,
last_name VARCHAR (100) NOT NULL,
--
---------------------------------------------
--- Timeo Danaos et dona ferentes ---
---------------------------------------------
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/
