1 18 19 package org.apache.roller.business.utils; 20 21 import java.io.FileInputStream ; 22 import java.io.FileOutputStream ; 23 import java.sql.Connection ; 24 import java.sql.DriverManager ; 25 import java.sql.PreparedStatement ; 26 import java.sql.ResultSet ; 27 import java.util.Enumeration ; 28 import java.util.Properties ; 29 import org.apache.roller.util.Utilities; 30 31 54 public class PasswordUtility 55 { 56 public static void main(String [] args) throws Exception 57 { 58 Properties props = new Properties (); 59 props.load(new FileInputStream ("rollerdb.properties")); 60 61 String algorithm = props.getProperty("algorithm"); 62 63 Connection con = ConsistencyCheck.createConnection(props,""); 64 65 if (args.length == 2 && args[0].equals("-save")) 66 { 67 savePasswords(con, args[1]); 68 } 69 else if (args.length == 1 && args[0].equals("-encrypt")) 70 { 71 encryptionOn(con, algorithm); 72 } 73 else if (args.length == 2 && args[0].equals("-restore")) 74 { 75 encryptionOff(con, args[1]); 76 } 77 else if (args.length == 3 && args[0].equals("-reset")) 78 { 79 resetPassword(con, args[1], args[2], algorithm); 80 } 81 else if (args.length == 2 && args[0].equals("-grant_admin")) 82 { 83 grantAdmin(con, args[1]); 84 } 85 else if (args.length == 2 && args[0].equals("-revoke_admin")) 86 { 87 revokeAdmin(con, args[1]); 88 } 89 else 90 { 91 System.out.println(""); 92 System.out.println("USAGE: save passwords to a properties file"); 93 System.out.println(" rollerpw -save <file-name>"); 94 System.out.println(""); 95 System.out.println("USAGE: turn ON password encryption and encrypt existing passwords"); 96 System.out.println(" rollerpw -encrypt"); 97 System.out.println(""); 98 System.out.println("USAGE: turn OFF password encryption and restore saved passwords"); 99 System.out.println(" rollerpw -restore <file-name>"); 100 System.out.println(""); 101 System.out.println("USAGE: reset a user password"); 102 System.out.println(" rollerpw -password <username> <new-password>"); 103 System.out.println(""); 104 System.out.println("USAGE: grant admin rights to user"); 105 System.out.println(" rollerpw -grant_admin <username>"); 106 System.out.println(""); 107 System.out.println("USAGE: revoke admin right from user"); 108 System.out.println(" rollerpw -revoke_admin <username>"); 109 System.out.println(""); 110 } 111 } 112 113 116 private static void savePasswords( 117 Connection con, String fileName) throws Exception 118 { 119 Properties newprops = new Properties (); 120 PreparedStatement userquery = con.prepareStatement( 121 "select username,passphrase from rolleruser"); 122 ResultSet users = userquery.executeQuery(); 123 while (users.next()) 124 { 125 String username = users.getString(1); 126 String passphrase = users.getString(2); 127 newprops.put(username, passphrase); 128 } 129 FileOutputStream fos = new FileOutputStream (fileName); 130 newprops.save(fos, "Generated by Roller Password Utility"); 131 fos.close(); 132 } 133 134 137 private static void encryptionOn( 138 Connection con, String algorithm) throws Exception 139 { 140 PreparedStatement userQuery = con 141 .prepareStatement("select username,passphrase from rolleruser"); 142 PreparedStatement userUpdate = con 143 .prepareStatement("update rolleruser set passphrase=? where username=?"); 144 PreparedStatement configUpdate = con 145 .prepareStatement("update rollerconfig set encryptpasswords=?"); 146 147 Properties props = new Properties (); 148 ResultSet users = userQuery.executeQuery(); 149 while (users.next()) 150 { 151 String username = users.getString(1); 152 String passphrase = users.getString(2); 153 props.put(username, passphrase); 154 } 155 Enumeration usernames = props.keys(); 156 while (usernames.hasMoreElements()) 157 { 158 String username = (String )usernames.nextElement(); 159 String passphrase = (String )props.get(username); 160 userUpdate.clearParameters(); 161 userUpdate.setString(1, Utilities.encodePassword(passphrase, algorithm)); 162 userUpdate.setString(2, username); 163 userUpdate.executeUpdate(); 164 System.out.println("Encrypted password for user: " + username); 165 } 166 167 configUpdate.setBoolean(1, true); 168 configUpdate.executeUpdate(); 169 } 170 171 174 private static void encryptionOff( 175 Connection con, String fileName) throws Exception 176 { 177 PreparedStatement userUpdate = con 178 .prepareStatement("update rolleruser set passphrase=? where username=?"); 179 PreparedStatement configUpdate = con 180 .prepareStatement("update rollerconfig set encryptpasswords=?"); 181 182 Properties props = new Properties (); 183 props.load(new FileInputStream (fileName)); 184 Enumeration usernames = props.keys(); 185 while (usernames.hasMoreElements()) 186 { 187 String username = (String )usernames.nextElement(); 188 String password = (String )props.get(username); 189 userUpdate.clearParameters(); 190 userUpdate.setString(1, password); 191 userUpdate.setString(2, username); 192 userUpdate.executeUpdate(); 193 } 194 195 configUpdate.setBoolean(1, false); 196 configUpdate.executeUpdate(); 197 } 198 199 202 private static void resetPassword( 203 Connection con, String username, String password, String algorithm) 204 throws Exception 205 { 206 PreparedStatement encryptionQuery = 207 con.prepareStatement("select encryptpasswords from rollerconfig"); 208 PreparedStatement userUpdate = 209 con.prepareStatement("update rolleruser set passphrase=? where username=?"); 210 211 ResultSet rs = encryptionQuery.executeQuery(); 212 rs.next(); 213 boolean encryption = rs.getBoolean(1); 214 215 String newpassword = 216 encryption ? Utilities.encodePassword(password, algorithm) : password; 217 userUpdate.setString(1, newpassword); 218 userUpdate.setString(2, username); 219 userUpdate.executeUpdate(); 220 } 221 222 225 private static void grantAdmin(Connection con, String userName) throws Exception 226 { 227 String userid = null; 229 PreparedStatement userQuery = con.prepareStatement( 230 "select id from rolleruser where username=?"); 231 userQuery.setString(1, userName); 232 ResultSet userRS = userQuery.executeQuery(); 233 if (!userRS.next()) 234 { 235 System.err.println("ERROR: username not found in database"); 236 return; 237 } 238 else 239 { 240 userid = userRS.getString(1); 241 } 242 243 PreparedStatement roleQuery = con.prepareStatement( 245 "select username from userrole where username=? and rolename='admin'"); 246 roleQuery.setString(1, userName); 247 ResultSet roleRS = roleQuery.executeQuery(); 248 if (!roleRS.next()) { 250 PreparedStatement adminInsert = con.prepareStatement( 252 "insert into userrole (id,rolename,username,userid) values (?,?,?,?)"); 253 adminInsert.setString(1, userName); 254 adminInsert.setString(2, "admin"); 255 adminInsert.setString(3, userName); 256 adminInsert.setString(4, userid); 257 adminInsert.executeUpdate(); 258 System.out.println("User granted admin role"); 259 } 260 else 261 { 262 System.out.println("User was already an admin"); 263 } 264 } 265 266 269 private static void revokeAdmin(Connection con, String userName) throws Exception 270 { 271 String userid = null; 273 PreparedStatement userQuery = con.prepareStatement( 274 "select id from rolleruser where username=?"); 275 userQuery.setString(1, userName); 276 ResultSet userRS = userQuery.executeQuery(); 277 if (!userRS.next()) 278 { 279 System.err.println("ERROR: username not found in database"); 280 return; 281 } 282 else 283 { 284 userid = userRS.getString(1); 285 } 286 287 PreparedStatement roleDelete = con.prepareStatement( 289 "delete from userrole where userid=? and rolename='admin'"); 290 roleDelete.setString(1, userid); 291 roleDelete.executeUpdate(); 292 } 293 } 294 | Popular Tags |