On Tuesday, September 5, 2017 at 3:09:40 PM UTC-7, Nicolas MARTIN wrote:
>
> From the information we have the hashes must not have the proper prefix.
>
> $ grep -o ':\$[^$]*' ~/auth/trac.passwd | sort | uniq -c
> 1428 :$1
> 182 :$6
> 3 :$apr1
>
> '$1' hash passwords are from the previous process with Apache
> authentication, '$apr1' few testing accounts before we realized with the
> server administrator that the default hash type 'apr_md5_crypt' will not
> work to access our SVN repository controlled by a Perl script with crypt()
> function. Thus we set the hash type to sha512 so '$6' represents new or
> updated passwords.
>
> I still have a backup of my passwords file just before the switch with all
> former '$1' hash passwords. Just in case...
>
> $ grep -o ':\$[^$]*' ~/auth/save/trac.passwd.save | sort | uniq -c
> 1598 :$1
>
I assume you wouldn't see the traceback if you changed your password to
sha512 and then tried to change it again. That is, the issue is only seen
when changing from a MD5 to sha512 password.
You could try the following patch:
Index: acct_mgr/pwhash.py
===================================================================
--- acct_mgr/pwhash.py (revision 16783)
+++ acct_mgr/pwhash.py (working copy)
@@ -113,6 +113,8 @@
if hash.startswith('$apr1$'):
return md5crypt(password, hash[6:].split('$')[0], '$apr1$')
+ elif hash.startswith('$1$'):
+ return md5crypt(password, hash[3:].split('$')[0])
elif hash.startswith('{SHA}'):
return '{SHA}' +
hashlib.sha1(password).digest().encode('base64')[:-1]
elif passlib_ctxt is not None and hash.startswith('$5$') and \
- Ryan
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.
