From 292e9a631ebec94138bd4f3b1f5a1a9faea9cb38 Mon Sep 17 00:00:00 2001 From: bwarsaw <> Date: Thu, 30 Dec 2004 20:49:31 +0000 Subject: From the NEWS file: - Added the ability for Mailman generated passwords (both member and list admin) to be more cryptographically secure. See new configuration variables USER_FRIENDLY_PASSWORDS, MEMBER_PASSWORD_LENGTH, and ADMIN_PASSWORD_LENGTH. Also added a new bin/withlist script called reset_pw which can be used to reset all member passwords. Passwords generated by Mailman are now 8 characters by default for members, and 10 characters for list administrators. --- bin/Makefile.in | 11 ++++---- bin/change_pw | 15 +++++----- bin/reset_pw | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 100 insertions(+), 12 deletions(-) create mode 100644 bin/reset_pw (limited to 'bin') diff --git a/bin/Makefile.in b/bin/Makefile.in index 00a5dca8..daf4faff 100644 --- a/bin/Makefile.in +++ b/bin/Makefile.in @@ -1,17 +1,17 @@ -# Copyright (C) 1998-2003 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2004 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. -# +# # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software +# along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # NOTE: Makefile.in is converted into Makefile by the configure script @@ -48,7 +48,8 @@ SCRIPTS= mmsitepass newlist rmlist add_members \ version config_list list_lists dumpdb cleanarch \ list_admins genaliases change_pw mailmanctl qrunner inject \ unshunt fix_url.py convert.py transcheck b4b5-archfix \ - list_owners msgfmt.py show_qfiles discard rb-archfix + list_owners msgfmt.py show_qfiles discard rb-archfix \ + reset_pw BUILDDIR= ../build/bin diff --git a/bin/change_pw b/bin/change_pw index 0e365e08..20e821ca 100644 --- a/bin/change_pw +++ b/bin/change_pw @@ -1,19 +1,19 @@ #! @PYTHON@ # -# Copyright (C) 2001,2002 by the Free Software Foundation, Inc. +# Copyright (C) 2001-2004 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. -# +# # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software +# along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. """Change a list's password. @@ -123,7 +123,7 @@ def main(): domains = {} password = None quiet = 0 - + for opt, arg in opts: if opt in ('-h', '--help'): usage(0) @@ -142,7 +142,7 @@ def main(): if args: strargs = SPACE.join(args) usage(1, _('Bad arguments: %(strargs)s')) - + if password is not None: if not password: usage(1, _('Empty list passwords are not allowed')) @@ -164,7 +164,8 @@ def main(): mlist.Lock() try: if password is None: - randompw = Utils.MakeRandomPassword(8) + randompw = Utils.MakeRandomPassword( + mm_cfg.ADMIN_PASSWORD_LENGTH) shapassword = sha.new(randompw).hexdigest() notifypassword = randompw else: diff --git a/bin/reset_pw b/bin/reset_pw new file mode 100644 index 00000000..d7e5527a --- /dev/null +++ b/bin/reset_pw @@ -0,0 +1,86 @@ +#! @PYTHON@ +# +# Copyright (C) 2004 by the Free Software Foundation, Inc. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +# Inspired by Florian Weimer. + +"""Reset the passwords for members of a mailing list. + +This script resets all the passwords of a mailing list's members. It can also +be used to reset the lists of all members of all mailing lists, but it is your +responsibility to let the users know that their passwords have been changed. + +This script is intended to be run as a bin/withlist script, i.e. + +% bin/withlist -l -r reset_pw [options] + +Options: + -v / --verbose + Print what the script is doing. +""" + +import sys +import getopt + +import paths +from Mailman import Utils +from Mailman.i18n import _ + + +try: + True, False +except NameError: + True = 1 + False = 0 + + + +def usage(code, msg=''): + if code: + fd = sys.stderr + else: + fd = sys.stdout + print >> fd, _(__doc__.replace('%', '%%')) + if msg: + print >> fd, msg + sys.exit(code) + + + +def reset_pw(mlist, *args): + try: + opts, args = getopt.getopt(args, 'v', ['verbose']) + except getopt.error, msg: + usage(1, msg) + + verbose = False + for opt, args in opts: + if opt in ('-v', '--verbose'): + verbose = True + + listname = mlist.listname() + if verbose: + print _('Changing passwords for list: %(listname)s') + + for member in mlist.getMembers(): + randompw = Utils.MakeRandomPassword() + mlist.setMemberPassword(member, randompw) + + + +if __name__ == '__main__': + usage(0) -- cgit v1.2.3