From: Jeroen van der Heijden <jeroen@transceptor.technology>
Date: Wed, 10 Oct 2018 08:34:29 +0000 (+0200)
Subject: Make sure user passwords are migrated if required
X-Git-Tag: archive/raspbian/2.0.44-1+rpi1~1^2~3^2~8^2~17
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=efafad197d5090b71f9770146c6807464f226779;p=siridb-server.git

Make sure user passwords are migrated if required
---

diff --git a/include/siri/db/users.h b/include/siri/db/users.h
index f93433fe..c48d2b15 100644
--- a/include/siri/db/users.h
+++ b/include/siri/db/users.h
@@ -28,7 +28,7 @@ int siridb_users_drop_user(
         const char * username,
         char * err_msg);
 siridb_user_t * siridb_users_get_user(
-        llist_t * users,
+        siridb_t * siridb,
         const char * username,
         const char * password);
 int siridb_users_save(siridb_t * siridb);
diff --git a/src/siri/db/auth.c b/src/siri/db/auth.c
index 274a683c..749a35b7 100644
--- a/src/siri/db/auth.c
+++ b/src/siri/db/auth.c
@@ -50,7 +50,7 @@ cproto_server_t siridb_auth_user_request(
     }
 
     if ((user = siridb_users_get_user(
-            siridb->users,
+            siridb,
             username,
             password)) == NULL)
     {
diff --git a/src/siri/db/listener.c b/src/siri/db/listener.c
index e9f33c3a..98b0c8ed 100644
--- a/src/siri/db/listener.c
+++ b/src/siri/db/listener.c
@@ -617,7 +617,7 @@ static void enter_alter_user(uv_async_t * handle)
     char name[user_node->len - 1];
     strx_extract_string(name, user_node->str, user_node->len);
 
-    if ((user = siridb_users_get_user(siridb->users, name, NULL)) == NULL)
+    if ((user = siridb_users_get_user(siridb, name, NULL)) == NULL)
     {
         snprintf(query->err_msg,
                 SIRIDB_MAX_SIZE_ERR_MSG,
@@ -744,7 +744,7 @@ static void enter_grant_user(uv_async_t * handle)
     char username[user_node->len - 1];
     strx_extract_string(username, user_node->str, user_node->len);
 
-    if ((user = siridb_users_get_user(siridb->users, username, NULL)) == NULL)
+    if ((user = siridb_users_get_user(siridb, username, NULL)) == NULL)
     {
         snprintf(query->err_msg, SIRIDB_MAX_SIZE_ERR_MSG,
                 "Cannot find user: '%s'", username);
@@ -964,7 +964,7 @@ static void enter_revoke_user(uv_async_t * handle)
     char username[user_node->len - 1];
     strx_extract_string(username, user_node->str, user_node->len);
 
-    if ((user = siridb_users_get_user(siridb->users, username, NULL)) == NULL)
+    if ((user = siridb_users_get_user(siridb, username, NULL)) == NULL)
     {
         snprintf(query->err_msg,
                 SIRIDB_MAX_SIZE_ERR_MSG,
diff --git a/src/siri/db/user.c b/src/siri/db/user.c
index 5a0f1ed8..25870c7d 100644
--- a/src/siri/db/user.c
+++ b/src/siri/db/user.c
@@ -89,23 +89,34 @@ int siridb_user_set_password(
 
     if (strlen(password) < SIRIDB_MIN_PASSWORD_LEN)
     {
-        sprintf(err_msg, "Password should be at least %d characters.",
-                SIRIDB_MIN_PASSWORD_LEN);
+        if (err_msg != NULL)
+        {
+            sprintf(err_msg,
+                    "Password should be at least %d characters.",
+                    SIRIDB_MIN_PASSWORD_LEN);
+        }
         return -1;
     }
 
     if (strlen(password) > SIRIDB_MAX_PASSWORD_LEN)
     {
-        sprintf(err_msg, "Password should be at most %d characters.",
-                SIRIDB_MAX_PASSWORD_LEN);
+        if (err_msg != NULL)
+        {
+            sprintf(err_msg,
+                    "Password should be at most %d characters.",
+                    SIRIDB_MAX_PASSWORD_LEN);
+        }
         return -1;
     }
 
     if (!strx_is_graph(password))
     {
-        sprintf(err_msg,
-                "Password contains illegal characters. (only graphical "
-                "characters are allowed, no spaces, tabs etc.)");
+        if (err_msg != NULL)
+        {
+            sprintf(err_msg,
+                    "Password contains illegal characters. (only graphical "
+                    "characters are allowed, no spaces, tabs etc.)");
+        }
         return -1;
     }
 
@@ -162,7 +173,7 @@ int siridb_user_set_name(
         return 1;
     }
 
-    if (siridb_users_get_user(siridb->users, name, NULL) != NULL)
+    if (siridb_users_get_user(siridb, name, NULL) != NULL)
     {
         snprintf(err_msg,
                 SIRIDB_MAX_SIZE_ERR_MSG,
diff --git a/src/siri/db/users.c b/src/siri/db/users.c
index c960c211..bd061587 100644
--- a/src/siri/db/users.c
+++ b/src/siri/db/users.c
@@ -207,10 +207,11 @@ int siridb_users_add_user(
  * the user will be returned when found.
  */
 siridb_user_t * siridb_users_get_user(
-        llist_t * users,
+        siridb_t * siridb,
         const char * name,
         const char * password)
 {
+    llist_t * users = siridb->users;
     siridb_user_t * user;
     char pw[OWCRYPT_SZ];
 
@@ -220,7 +221,6 @@ siridb_user_t * siridb_users_get_user(
     struct crypt_data fallback_data;
 #endif
 
-
     if ((user = llist_get(
             users,
             (llist_cb) USERS_cmp,
@@ -243,9 +243,15 @@ siridb_user_t * siridb_users_get_user(
     /* Required for compatibility with version < 2.0.14 */
     else if (user->password[0] == '$')
     {
+        /* this will migrate as soon as a user logs in */
+        _Bool is_valid;
         fallback_data.initialized = 0;
         fallback_pw = crypt_r(password, user->password, &fallback_data);
-        return (strcmp(fallback_pw, user->password) == 0) ? user : NULL;
+        is_valid = strcmp(fallback_pw, user->password) == 0;
+        (void) (is_valid && \
+                siridb_user_set_password(user, password, NULL) == 0 && \
+                siridb_users_save(siridb));
+        return is_valid ? user : NULL;
     }
 #endif
     return NULL;