Re: [otrs] Unify Joomla and OTRS customer users

[emigo...@gmail.com]

These patches convert also users in Joomla password form:
-------------------------------------------------------------------------------------

diff -c /opt/otrs/Kernel/System/User.pm.orig /opt/otrs/Kernel/System/User.pm
------------------------------------------------

*** /opt/otrs/Kernel/System/User.pm.orig        2010-07-10 19:53:42.034580633 
-0300
--- /opt/otrs/Kernel/System/User.pm     2010-07-10 19:57:26.201369700 -0300
***************
*** 15,21 ****
  use warnings;

  use Crypt::PasswdMD5 qw(unix_md5_crypt);
!
  use Kernel::System::CheckItem;
  use Kernel::System::Valid;

--- 15,21 ----
  use warnings;

  use Crypt::PasswdMD5 qw(unix_md5_crypt);
! use Digest::MD5 qw(md5_hex);
  use Kernel::System::CheckItem;
  use Kernel::System::Valid;

***************
*** 616,627 ****

      # crypt with md5
      else {
!
          # encode output, needed by unix_md5_crypt() only non utf8 signs
          $Self->{EncodeObject}->EncodeOutput( \$Pw );
!         $Self->{EncodeObject}->EncodeOutput( \$Param{UserLogin} );

!         $CryptedPw = unix_md5_crypt( $Pw, $Param{UserLogin} );
      }

      # md5 sum of pw, needed for password history
--- 616,629 ----

      # crypt with md5
      else {
!         my $Salt = md5_hex(rand());
          # encode output, needed by unix_md5_crypt() only non utf8 signs
          $Self->{EncodeObject}->EncodeOutput( \$Pw );
!         #$Self->{EncodeObject}->EncodeOutput( \$Param{UserLogin} );
!         $Self->{EncodeObject}->EncodeOutput( \$Salt );

!         #$CryptedPw = unix_md5_crypt( $Pw, $Param{UserLogin} );
!         $CryptedPw = md5_hex($Pw.$Salt).":".$Salt;
      }

      # md5 sum of pw, needed for password history

----------------------------------------------------------------------------------
 diff -c /opt/otrs/Kernel/System/Auth/DB.pm.orig
/opt/otrs/Kernel/System/Auth/DB.pm
-----------------------------------

*** /opt/otrs/Kernel/System/Auth/DB.pm.orig     2010-07-10 19:53:50.634576892 
-0300
--- /opt/otrs/Kernel/System/Auth/DB.pm  2010-07-10 20:03:23.920604245 -0300
***************
*** 15,21 ****
  use warnings;

  use Crypt::PasswdMD5 qw(unix_md5_crypt);
!
  use Kernel::System::Valid;

  use vars qw($VERSION);
--- 15,21 ----
  use warnings;

  use Crypt::PasswdMD5 qw(unix_md5_crypt);
! use Digest::MD5 qw(md5_hex);
  use Kernel::System::Valid;

  use vars qw($VERSION);
***************
*** 112,144 ****
      elsif ( $GetPw !~ /^.{13}$/ ) {

          # strip Salt
!         $Salt =~ s/^\$.+?\$(.+?)\$.*$/$1/;

          # encode output, needed by unix_md5_crypt() only non utf8 signs
          $Self->{EncodeObject}->EncodeOutput( \$Pw );
          $Self->{EncodeObject}->EncodeOutput( \$Salt );

!         $CryptedPw = unix_md5_crypt( $Pw, $Salt );
      }

      # crypt pw
      else {

          # strip Salt only for (Extended) DES, not for any of Modular crypt's
!         if ( $Salt !~ /^\$\d\$/ ) {
!             $Salt =~ s/^(..).*/$1/;
!         }

          # and do this check only in such case (unfortunately there
is a mod_perl2
          # bug on RH8 - check if crypt() is working correctly) :-/
!         if ( ( $Salt =~ /^\$\d\$/ ) || ( crypt( 'root',
'r...@localhost' ) eq 'roK20XGbWEsSM' ) ) {

              # encode output, needed by crypt() only non utf8 signs
!             $Self->{EncodeObject}->EncodeOutput( \$Pw );
!             $Self->{EncodeObject}->EncodeOutput( \$Salt );
!             $CryptedPw = crypt( $Pw, $Salt );
!         }
!         else {
              $Self->{LogObject}->Log(
                  Priority => 'notice',
                  Message =>
--- 112,146 ----
      elsif ( $GetPw !~ /^.{13}$/ ) {

          # strip Salt
!         #$Salt =~ s/^\$.+?\$(.+?)\$.*$/$1/;
!         $Salt =~ s/^.*:/$1/;

          # encode output, needed by unix_md5_crypt() only non utf8 signs
          $Self->{EncodeObject}->EncodeOutput( \$Pw );
          $Self->{EncodeObject}->EncodeOutput( \$Salt );

!         #$CryptedPw = unix_md5_crypt( $Pw, $Salt );
!         $CryptedPw = md5_hex($Pw.$Salt).":".$Salt;
      }

      # crypt pw
      else {

          # strip Salt only for (Extended) DES, not for any of Modular crypt's
!         #if ( $Salt !~ /^\$\d\$/ ) {
!         #    $Salt =~ s/^(..).*/$1/;
!         #}

          # and do this check only in such case (unfortunately there
is a mod_perl2
          # bug on RH8 - check if crypt() is working correctly) :-/
!         #if ( ( $Salt =~ /^\$\d\$/ ) || ( crypt( 'root',
'r...@localhost' ) eq 'roK20XGbWEsSM' ) ) {

              # encode output, needed by crypt() only non utf8 signs
!             #$Self->{EncodeObject}->EncodeOutput( \$Pw );
!             #$Self->{EncodeObject}->EncodeOutput( \$Salt );
!             #$CryptedPw = crypt( $Pw, $Salt );
!         #}
!         #else {
              $Self->{LogObject}->Log(
                  Priority => 'notice',
                  Message =>
***************
*** 153,159 ****
              }
              close(IO);
              chomp $CryptedPw;
!         }
      }

      # just in case for debug!
--- 155,161 ----
              }
              close(IO);
              chomp $CryptedPw;
!         #}
      }

      # just in case for debug!

-----------------------------------------------------------------------------------

diff -c /opt/otrs/scripts/database/otrs-initial_insert.mysql.sql.orig
/opt/otrs/scripts/database/otrs-initial_insert.mysql.sql
---------------------------------

*** /opt/otrs/scripts/database/otrs-initial_insert.mysql.sql.orig       
2010-02-05
20:42:17.000000000 -0300
--- /opt/otrs/scripts/database/otrs-initial_insert.mysql.sql    2010-07-10
20:05:58.569580719 -0300
***************
*** 24,30 ****
  # ----------------------------------------------------------
  INSERT INTO users (id, first_name, last_name, login, pw, valid_id,
create_by, create_time, change_by, change_time)
      VALUES
!     (1, 'Admin', 'OTRS', 'r...@localhost', 'roK20XGbWEsSM', 1, 1,
current_timestamp, 1, current_timestamp);
  # ----------------------------------------------------------
  #  insert into table groups
  # ----------------------------------------------------------
--- 24,30 ----
  # ----------------------------------------------------------
  INSERT INTO users (id, first_name, last_name, login, pw, valid_id,
create_by, create_time, change_by, change_time)
      VALUES
!     (1, 'Admin', 'OTRS', 'r...@localhost',
'73876873b6e0c23bc90b24227f7784e5:ff10491742010de973a1a11737a6ed0c',
1, 1, current_timestamp, 1, current_timestamp);
  # ----------------------------------------------------------
  #  insert into table groups
  # ----------------------------------------------------------





2010/7/10 emigo...@gmail.com <emigo...@gmail.com>:
> I'm working to integrate OTRS in Joomla and my first problem was unify the 
> user.
>
> OTRS use a very ugly method with crypt and Joomla use pass in the form
> "md5_hex(pass+salt):salt" where salt is a 32 bytes random number in
> hex (a md5hex of a rand)
>
> This patch convert de passwd of customer users in Joomla form.
> ------------------------------------------------------------------------------------------
>
---------------------------------------------
--- Timeo Danaos et dona ferentes ---
---------------------------------------------
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/