Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/zabbix/zabbix.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartins Krisjanis <martins.krisjanis@zabbix.com>2022-02-25 12:11:21 +0300
committerMartins Krisjanis <martins.krisjanis@zabbix.com>2022-02-25 12:11:21 +0300
commit128565f28f16efa7ea48b639060bdeb753132d78 (patch)
treef92134f3483ae744ad4b484a08c862355a0c51d9
parent81524b8a4ae13e6fee7fa2770759f6a2f95f9b57 (diff)
parent68f45efae725771a1935d2b6d4ec2e9289614782 (diff)
..F.I..... [ZBXNEXT-7397] removed support for md5 user passwords
* commit '68f45efae725771a1935d2b6d4ec2e9289614782': .D........ [ZBXNEXT-7397] updated changelog .......... [ZBXNEXT-7397] converted test data user passwords to bcrypt hashes ........S. [ZBXNEXT-7397] added db patch to delete md5 user passwords from database ..F....... [ZBXNEXT-7397] removed support for md5 user passwords
Diffstat
-rw-r--r--ChangeLog.d/feature/ZBXNEXT-73971
-rw-r--r--create/src/schema.tmpl2
-rw-r--r--src/libs/zbxdbupgrade/dbupgrade.c4
-rw-r--r--src/libs/zbxdbupgrade/dbupgrade_6010.c16
-rw-r--r--ui/include/classes/api/services/CUser.php27
-rw-r--r--ui/include/defines.inc.php3
-rw-r--r--ui/tests/api_json/data/data_test.sql32
7 files changed, 34 insertions, 51 deletions
diff --git a/ChangeLog.d/feature/ZBXNEXT-7397 b/ChangeLog.d/feature/ZBXNEXT-7397
new file mode 100644
index 00000000000..b2419e1c88a
--- /dev/null
+++ b/ChangeLog.d/feature/ZBXNEXT-7397
@@ -0,0 +1 @@
+..F.I..... [ZBXNEXT-7397] removed support for md5 user passwords (asestakovs, mkrisjanis)
diff --git a/create/src/schema.tmpl b/create/src/schema.tmpl
index ef300d065fa..cef0f31b4ce 100644
--- a/create/src/schema.tmpl
+++ b/create/src/schema.tmpl
@@ -1936,4 +1936,4 @@ TABLE|dbversion|dbversionid|
FIELD |dbversionid |t_id | |NOT NULL |0
FIELD |mandatory |t_integer |'0' |NOT NULL |
FIELD |optional |t_integer |'0' |NOT NULL |
-ROW |1 |6000000 |6000000
+ROW |1 |6010001 |6010001
diff --git a/src/libs/zbxdbupgrade/dbupgrade.c b/src/libs/zbxdbupgrade/dbupgrade.c
index 80fb4470831..e1a454d2d47 100644
--- a/src/libs/zbxdbupgrade/dbupgrade.c
+++ b/src/libs/zbxdbupgrade/dbupgrade.c
@@ -782,7 +782,7 @@ extern zbx_dbpatch_t DBPATCH_VERSION(5030)[];
extern zbx_dbpatch_t DBPATCH_VERSION(5040)[];
extern zbx_dbpatch_t DBPATCH_VERSION(5050)[];
extern zbx_dbpatch_t DBPATCH_VERSION(6000)[];
-/*extern zbx_dbpatch_t DBPATCH_VERSION(6010)[];*/
+extern zbx_dbpatch_t DBPATCH_VERSION(6010)[];
static zbx_db_version_t dbversions[] = {
{DBPATCH_VERSION(2010), "2.2 development"},
@@ -809,7 +809,7 @@ static zbx_db_version_t dbversions[] = {
{DBPATCH_VERSION(5040), "5.4 maintenance"},
{DBPATCH_VERSION(5050), "6.0 development"},
{DBPATCH_VERSION(6000), "6.0 maintenance"},
-/* {DBPATCH_VERSION(6010), "6.2 development"},*/
+ {DBPATCH_VERSION(6010), "6.2 development"},
{NULL}
};
diff --git a/src/libs/zbxdbupgrade/dbupgrade_6010.c b/src/libs/zbxdbupgrade/dbupgrade_6010.c
index fe3e568a8a6..3394e58ed0e 100644
--- a/src/libs/zbxdbupgrade/dbupgrade_6010.c
+++ b/src/libs/zbxdbupgrade/dbupgrade_6010.c
@@ -29,10 +29,18 @@ extern unsigned char program_type;
#ifndef HAVE_SQLITE3
-/*static int DBpatch_6010000(void)
+static int DBpatch_6010001(void)
{
- *** put first upgrade patch here ***
-}*/
+#define ZBX_MD5_SIZE 32
+ if (0 == (program_type & ZBX_PROGRAM_TYPE_SERVER))
+ return SUCCEED;
+
+ if (ZBX_DB_OK > DBexecute("update users set passwd='' where length(passwd)=%d", ZBX_MD5_SIZE))
+ return FAIL;
+
+ return SUCCEED;
+#undef ZBX_MD5_SIZE
+}
#endif
@@ -40,6 +48,6 @@ DBPATCH_START(6010)
/* version, duplicates flag, mandatory flag */
-/*DBPATCH_ADD(6010001, 0, 1)*/
+DBPATCH_ADD(6010001, 0, 1)
DBPATCH_END()
diff --git a/ui/include/classes/api/services/CUser.php b/ui/include/classes/api/services/CUser.php
index ade7db03260..ebaf6f959ca 100644
--- a/ui/include/classes/api/services/CUser.php
+++ b/ui/include/classes/api/services/CUser.php
@@ -1539,7 +1539,7 @@ class CUser extends CApiService {
break;
case ZBX_AUTH_INTERNAL:
- if (!self::verifyPassword($user['password'], $db_user)) {
+ if (!password_verify($user['password'], $db_user['passwd'])) {
self::exception(ZBX_API_ERROR_PERMISSIONS,
_('Incorrect user name or password or account is temporarily blocked.')
);
@@ -1594,31 +1594,6 @@ class CUser extends CApiService {
}
/**
- * @param string $password User-specified password.
- * @param array $db_user Saved user profile.
- * @param string $db_user['passwd'] Saved password hash.
- * @param int $db_user['userid'] User id.
- *
- * @return bool
- */
- private static function verifyPassword($password, array $db_user) {
- if (strlen($db_user['passwd']) > ZBX_MD5_SIZE) {
- return password_verify($password, $db_user['passwd']);
- }
-
- if (hash_equals($db_user['passwd'], md5($password))) {
- DB::update('users', [
- 'values' => ['passwd' => password_hash($password, PASSWORD_BCRYPT, ['cost' => ZBX_BCRYPT_COST])],
- 'where' => ['userid' => $db_user['userid']]
- ]);
-
- return true;
- }
-
- return false;
- }
-
- /**
* Method is ONLY for internal use!
* Login user by username. Return array with user data.
*
diff --git a/ui/include/defines.inc.php b/ui/include/defines.inc.php
index f27aceec582..3076f526b26 100644
--- a/ui/include/defines.inc.php
+++ b/ui/include/defines.inc.php
@@ -22,7 +22,7 @@ define('ZABBIX_VERSION', '6.2.0alpha1');
define('ZABBIX_API_VERSION', '6.2.0');
define('ZABBIX_EXPORT_VERSION', '6.2');
-define('ZABBIX_DB_VERSION', 6000000);
+define('ZABBIX_DB_VERSION', 6010001);
define('DB_VERSION_SUPPORTED', 0);
define('DB_VERSION_LOWER_THAN_MINIMUM', 1);
@@ -35,7 +35,6 @@ define('ZABBIX_COPYRIGHT_FROM', '2001');
define('ZABBIX_COPYRIGHT_TO', '2022');
define('ZBX_BCRYPT_COST', 10);
-define('ZBX_MD5_SIZE', 32);
define('ZBX_SESSION_NAME', 'zbx_session'); // Session cookie name for Zabbix front-end.
diff --git a/ui/tests/api_json/data/data_test.sql b/ui/tests/api_json/data/data_test.sql
index 5141b249a37..cd673582f05 100644
--- a/ui/tests/api_json/data/data_test.sql
+++ b/ui/tests/api_json/data/data_test.sql
@@ -56,11 +56,11 @@ INSERT INTO usrgrp (usrgrpid, name) VALUES (19, 'API user group delete3');
INSERT INTO usrgrp (usrgrpid, name) VALUES (20, 'API user group in actions');
INSERT INTO usrgrp (usrgrpid, name) VALUES (21, 'API user group in scripts');
INSERT INTO usrgrp (usrgrpid, name) VALUES (22, 'API user group in configuration');
-INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (4, 'zabbix-admin', '5fce1b3e34b520afeffb37ce08c7cd66', 0, 0, 'en_US', '30s', 2, 'default', 0, 0, 50);
-INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (5, 'zabbix-user', '5fce1b3e34b520afeffb37ce08c7cd66', 0, 0, 'en_US', '30s', 1, 'default', 0, 0, 50);
-INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (6, 'user-in-one-group', '5fce1b3e34b520afeffb37ce08c7cd66', 0, 0, 'en_US', '30s', 2, 'default', 0, 0, 50);
-INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (7, 'user-in-two-groups', '5fce1b3e34b520afeffb37ce08c7cd66', 0, 0, 'en_US', '30s', 2, 'default', 0, 0, 50);
-INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (8, 'api-user', '5fce1b3e34b520afeffb37ce08c7cd66', 0, 0, 'en_US', '30s', 2, 'default', 0, 0, 50);
+INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (4, 'zabbix-admin', '$2a$10$PmEcvov/w84R3sShOV4rX.xJd81bwgaK4o0SfoiSxop2ol7PPGsOi', 0, 0, 'en_US', '30s', 2, 'default', 0, 0, 50);
+INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (5, 'zabbix-user', '$2a$10$w8oiYEgP3Fy4XuPIE5VCiO2j5snJEopKfTCYa3DC7bNL83ldKlPRS', 0, 0, 'en_US', '30s', 1, 'default', 0, 0, 50);
+INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (6, 'user-in-one-group', '$2a$10$mTYvfZskz3369zQaYLogHuSUMQ11YSEOZtua2NFSL3/.T6kQ/bNaG', 0, 0, 'en_US', '30s', 2, 'default', 0, 0, 50);
+INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (7, 'user-in-two-groups', '$2a$10$GiBCQXAPeTCPR9rEQ/YodOmE7mqvXjYwbEkZLGP7iWU/fzKcB9yF6', 0, 0, 'en_US', '30s', 2, 'default', 0, 0, 50);
+INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (8, 'api-user', '$2a$10$NyZQvuelvUVqpCDYb7cOy.pEewNe9U0MK0ZIdjJeupYbgHU6G7Iea', 0, 0, 'en_US', '30s', 2, 'default', 0, 0, 50);
INSERT INTO users_groups (id, usrgrpid, userid) VALUES (6, 8, 4);
INSERT INTO users_groups (id, usrgrpid, userid) VALUES (8, 14, 4);
INSERT INTO users_groups (id, usrgrpid, userid) VALUES (9, 15, 6);
@@ -75,13 +75,13 @@ INSERT INTO scripts (scriptid, name, command, host_access, usrgrpid, groupid, de
UPDATE config SET alert_usrgrpid = 22 WHERE configid = 1;
-- users
-INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (9, 'api-user-for-update', '5fce1b3e34b520afeffb37ce08c7cd66', 0, '15m', 'en_US', '30s', 2, 'default', 0, 0, 50);
-INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (10, 'api-user-delete', '5fce1b3e34b520afeffb37ce08c7cd66', 0, '15m', 'en_US', '30s', 2, 'default', 0, 0, 50);
-INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (11, 'api-user-delete1', '5fce1b3e34b520afeffb37ce08c7cd66', 0, '15m', 'en_US', '30s', 2, 'default', 0, 0, 50);
-INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (12, 'api-user-delete2', '5fce1b3e34b520afeffb37ce08c7cd66', 0, '15m', 'en_US', '30s', 2, 'default', 0, 0, 50);
-INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (13, 'api-user-action', '5fce1b3e34b520afeffb37ce08c7cd66', 0, '15m', 'en_US', '30s', 2, 'default', 0, 0, 50);
-INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (14, 'api-user-map', '5fce1b3e34b520afeffb37ce08c7cd66', 0, '15m', 'en_US', '30s', 2, 'default', 0, 0, 50);
-INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (15, 'api-user-for-unblock', '5fce1b3e34b520afeffb37ce08c7cd66', 0, '15m', 'en_US', '30s', 2, 'default', 5, 0, 50);
+INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (9, 'api-user-for-update', '$2a$10$dP76CSji4ozQxSxLQeUGc.sJgSPuwN8b4pjnKIoOeQXts2Wm86ige', 0, '15m', 'en_US', '30s', 2, 'default', 0, 0, 50);
+INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (10, 'api-user-delete', '$2a$10$8ioYyO/Xkyhx64W.z0B3YONQ7.s2zqMRqhkYt/z6S9.MkqEYsWCOq', 0, '15m', 'en_US', '30s', 2, 'default', 0, 0, 50);
+INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (11, 'api-user-delete1', '$2a$10$NU0MhxghxIbvCen5pBY.WuC9eYpqYS2mE8P6dQIMC00yhlalXhUWO', 0, '15m', 'en_US', '30s', 2, 'default', 0, 0, 50);
+INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (12, 'api-user-delete2', '$2a$10$t.cDXioxmkgwEigzPU0aQejc8rAfjt6ZxY6WIllrN0IpEH4pp3I/K', 0, '15m', 'en_US', '30s', 2, 'default', 0, 0, 50);
+INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (13, 'api-user-action', '$2a$10$w6u3jruB673s5A/Qrg7VZOFof/yuARrPQYpZk7xbSTw7O/wgSw9Sq', 0, '15m', 'en_US', '30s', 2, 'default', 0, 0, 50);
+INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (14, 'api-user-map', '$2a$10$1uCgmg.SoVtN98NTt/815./E/mFIdJH2r3aF1RFY1QwmFVlnbCXTK', 0, '15m', 'en_US', '30s', 2, 'default', 0, 0, 50);
+INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (15, 'api-user-for-unblock', '$2a$10$/a5lFsoEm56b01q1uAoM8ecSmazNhrYbidYeBibtRzUxbIgmIAvR.', 0, '15m', 'en_US', '30s', 2, 'default', 5, 0, 50);
INSERT INTO users_groups (id, usrgrpid, userid) VALUES (12, 14, 9);
INSERT INTO users_groups (id, usrgrpid, userid) VALUES (13, 14, 10);
INSERT INTO users_groups (id, usrgrpid, userid) VALUES (14, 14, 11);
@@ -202,7 +202,7 @@ INSERT INTO opcommand (operationid, scriptid) VALUES (33, 11);
-- scripts / inherited hostgroups
INSERT INTO usrgrp (usrgrpid,name) VALUES (90000,'90000 Eur group write except one');
-INSERT INTO users (userid,username,passwd,roleid) VALUES (90000,'90000','5fce1b3e34b520afeffb37ce08c7cd66',2);
+INSERT INTO users (userid,username,passwd,roleid) VALUES (90000,'90000','$2a$10$Hr7Z1FX/x9OPhdUu9.5CL.XyL9IKPiVcoxJgGbtIHc3.Svk/awB5q',2);
INSERT INTO users_groups (id,usrgrpid,userid) VALUES (90000,90000,90000);
INSERT INTO hosts (hostid,host,name,status,description) VALUES (90020,'90020','90020',0,'');
INSERT INTO hosts (hostid,host,name,status,description) VALUES (90021,'90021','90021',0,'');
@@ -345,8 +345,8 @@ INSERT INTO interface_snmp (interfaceid, version, bulk, community) values (99004
-- autoregistration action
INSERT INTO usrgrp (usrgrpid, name) VALUES (47, 'User group for action delete');
-INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (53, 'action-user', '5fce1b3e34b520afeffb37ce08c7cd66', 0, 0, 'en_US', '30s', 1, 'default', 0, 0, 50);
-INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (54, 'action-admin', '5fce1b3e34b520afeffb37ce08c7cd66', 0, 0, 'en_US', '30s', 2, 'default', 0, 0, 50);
+INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (53, 'action-user', '$2a$10$gFL5ORa/Ml0VBDGraHI3tuE1WuiKOX8ef497bAfzNiSXUx4Vrrn.y', 0, 0, 'en_US', '30s', 1, 'default', 0, 0, 50);
+INSERT INTO users (userid, username, passwd, autologin, autologout, lang, refresh, roleid, theme, attempt_failed, attempt_clock, rows_per_page) VALUES (54, 'action-admin', '$2a$10$P8CZ/rs94pLp177hh27KheWKAKa6GXZLFhOE8ymd/QlEKT2FDngZe', 0, 0, 'en_US', '30s', 2, 'default', 0, 0, 50);
INSERT INTO users_groups (id, usrgrpid, userid) VALUES (87, 47, 53);
INSERT INTO users_groups (id, usrgrpid, userid) VALUES (88, 47, 54);
INSERT INTO actions (actionid, name, eventsource, evaltype, status, esc_period) VALUES (91, 'API Autoregistration action', 2, 0, 0, '1h');
@@ -1516,7 +1516,7 @@ INSERT INTO token (tokenid, userid, name, description) VALUES (19, 5, 'update-us
INSERT INTO token (tokenid, userid, name, description) VALUES (20, 5, 'update-user-4', '');
INSERT INTO token (tokenid, userid, name, description) VALUES (21, 5, 'update-user-5', '');
INSERT INTO token (tokenid, userid, name, description) VALUES (22, 5, 'update-user-6', '');
-INSERT INTO users (userid,username,passwd,roleid) VALUES (20,'token-creator','5fce1b3e34b520afeffb37ce08c7cd66',2);
+INSERT INTO users (userid,username,passwd,roleid) VALUES (20,'token-creator','$2a$10$tskhDKjeMa8h8zRCHkVSk.CPbZg./ERPgxsuwbFFP8HVh3oIbUo42',2);
INSERT INTO users_groups (id,usrgrpid,userid) VALUES (90020,90000,20);
INSERT INTO token (tokenid, userid, creator_userid, name, description) VALUES (23, 5, 20, 'delete-user-6', '');
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-09 19:37:18 +0300