[Rt-commit] rt branch 4.4.5-releng updated. rt-4.4.5beta1-14-g37bdf40721
BPS Git Server
git at git.bestpractical.com
Tue Sep 14 20:37:38 UTC 2021
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".
The branch, 4.4.5-releng has been updated
via 37bdf407216099d86cb3ee2c2ae09918711fe563 (commit)
via 8d461472f0e236fefcd29373f2f284de51a51e54 (commit)
via 3a60727601c94556ec90cdc65874f31a7e149eb2 (commit)
via 1fd0c7614d6a204878f01f7c9b3578812df2faae (commit)
via d16f8cf13c2af517ee55a85e7b91a0267477189f (commit)
via 6b3f75f80b5f7b2b8d59f0259de696e8ebed25d3 (commit)
via ece459fa43170ddfdd228a3a44ed526e42236827 (commit)
via 39bd2a88b3dde66735ae46bc2656364da5d8ded0 (commit)
via 3f4f89ee599134f6b062215fc97b0bc6473fabaf (commit)
via c7d1c70fbbe820eea26bf36716a47c9069e6ff26 (commit)
via ac92dfecd9e9376faefa1243cdfb0dad6346f526 (commit)
via cc03b490af32328d1d3d7e805383ace89420f456 (commit)
from f0ae3f3e4058cba2fe076b462b52dd26dfde561e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 37bdf407216099d86cb3ee2c2ae09918711fe563
Merge: f0ae3f3e40 8d461472f0
Author: sunnavy <sunnavy at bestpractical.com>
Date: Wed Sep 15 04:25:15 2021 +0800
Merge branch '4.4-trunk' into 4.4.5-releng
commit 8d461472f0e236fefcd29373f2f284de51a51e54
Merge: 149512f69a 3a60727601
Author: sunnavy <sunnavy at bestpractical.com>
Date: Wed Sep 15 04:20:41 2021 +0800
Merge branch '4.2-trunk' into 4.4-trunk
diff --cc lib/RT/Handle.pm
index bfdd84cbe8,172fabab43..ad7e26588c
--- a/lib/RT/Handle.pm
+++ b/lib/RT/Handle.pm
@@@ -855,72 -835,17 +858,74 @@@ sub InsertData
);
# Slurp in stuff to insert from the datafile. Possible things to go in here:-
- our (@Groups, @Users, @Members, @ACL, @Queues, @ScripActions, @ScripConditions,
- @Templates, @CustomFields, @Scrips, @Attributes, @Initial, @Final);
- local (@Groups, @Users, @Members, @ACL, @Queues, @ScripActions, @ScripConditions,
- @Templates, @CustomFields, @Scrips, @Attributes, @Initial, @Final);
+ our (@Groups, @Users, @Members, @ACL, @Queues, @Classes, @ScripActions, @ScripConditions,
+ @Templates, @CustomFields, @CustomRoles, @Scrips, @Attributes, @Initial, @Final,
+ @Catalogs, @Assets);
+ local (@Groups, @Users, @Members, @ACL, @Queues, @Classes, @ScripActions, @ScripConditions,
+ @Templates, @CustomFields, @CustomRoles, @Scrips, @Attributes, @Initial, @Final,
+ @Catalogs, @Assets);
local $@;
+
+ # Get the full path since . is no longer in @INC after perl 5.24
+ $datafile = Cwd::abs_path($datafile);
$RT::Logger->debug("Going to load '$datafile' data file");
- eval { require $datafile }
- or return (0, "Couldn't load data from '$datafile' for import:\n\nERROR:". $@);
+
+ my $datafile_content = do {
+ local $/;
+ open (my $f, '<:encoding(UTF-8)', $datafile)
+ or die "Cannot open initialdata file '$datafile' for read: $@";
+ <$f>;
+ };
+
+ my $format_handler;
+ my $handlers = RT->Config->Get('InitialdataFormatHandlers');
+
+ foreach my $handler_candidate (@$handlers) {
+ next if $handler_candidate eq 'perl';
+ $handler_candidate->require
+ or die "Config option InitialdataFormatHandlers lists '$handler_candidate', but it failed to load:\n$@\n";
+
+ if ($handler_candidate->CanLoad($datafile_content)) {
+ $RT::Logger->debug("Initialdata file '$datafile' can be loaded by $handler_candidate");
+ $format_handler = $handler_candidate;
+ last;
+ } else {
+ $RT::Logger->debug("Initialdata file '$datafile' can not be loaded by $handler_candidate");
+ }
+ }
+
+ if ( $format_handler ) {
+ $format_handler->Load(
+ $datafile_content,
+ {
+ Groups => \@Groups,
+ Users => \@Users,
+ Members => \@Members,
+ ACL => \@ACL,
+ Queues => \@Queues,
+ Classes => \@Classes,
+ ScripActions => \@ScripActions,
+ ScripConditions => \@ScripConditions,
+ Templates => \@Templates,
+ CustomFields => \@CustomFields,
+ CustomRoles => \@CustomRoles,
+ Scrips => \@Scrips,
+ Attributes => \@Attributes,
+ Initial => \@Initial,
+ Final => \@Final,
+ Catalogs => \@Catalogs,
+ Assets => \@Assets,
+ },
+ ) or return (0, "Couldn't load data from '$datafile' for import:\n\nERROR:" . $@);
+ }
+
+ if ( !$format_handler and grep(/^perl$/, @$handlers) ) {
+ # Use perl-style initialdata
+ # Note: eval of perl initialdata should only be done once
+ eval { require $datafile }
+ or return (0, "Couldn't load data from '$datafile':\nERROR:" . $@ . "\n\nDo you have the correct initialdata handler in RT_Config for this type of file?");
+ }
if ( @Initial ) {
$RT::Logger->debug("Running initial actions...");
diff --cc lib/RT/Interface/Web.pm
index 295f61bd25,1d59a2f235..8db5b7b32b
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@@ -829,11 -804,18 +829,19 @@@ sub AttemptPasswordAuthentication
my $user_obj = RT::CurrentUser->new();
$user_obj->Load( $ARGS->{user} );
+ # Load the RT system user as well to avoid timing side channel
+ my $system_user = RT::CurrentUser->new();
+ $system_user->Load(1); # User with ID 1 should always exist!
+
my $m = $HTML::Mason::Commands::m;
+ my $remote_addr = RequestENV('REMOTE_ADDR');
unless ( $user_obj->id && $user_obj->IsPassword( $ARGS->{pass} ) ) {
+ if (!$user_obj->id) {
+ # Avoid timing side channel... always run IsPassword
+ $system_user->IsPassword( $ARGS->{pass} );
+ }
- $RT::Logger->error("FAILED LOGIN for @{[$ARGS->{user}]} from $ENV{'REMOTE_ADDR'}");
+ $RT::Logger->error("FAILED LOGIN for @{[$ARGS->{user}]} from $remote_addr");
$m->callback( %$ARGS, CallbackName => 'FailedLogin', CallbackPage => '/autohandler' );
return (0, HTML::Mason::Commands::loc('Your username or password is incorrect'));
}
commit 3a60727601c94556ec90cdc65874f31a7e149eb2
Merge: 6b3f75f80b 1fd0c7614d
Author: sunnavy <sunnavy at bestpractical.com>
Date: Wed Sep 15 04:17:08 2021 +0800
Merge branch '4.2.17-releng' into 4.2-trunk
-----------------------------------------------------------------------
Summary of changes:
lib/RT/Handle.pm | 5 +++++
1 file changed, 5 insertions(+)
hooks/post-receive
--
rt
More information about the rt-commit
mailing list