realm JDBCRealm.java JNDIRealm.java MemoryRealm.java

Christopher Cain Fri, 07 Sep 2001 12:44:13 -0700
You're right ... d'oh! I assumed that a method called "digest" returned 
a digest. I guess I should not assume so often =)

My bad ... but in some slight manor of defense, that method call is 
poorly named :)

I'll repair this immediately.

- Christopher

Ignacio J. Ortega wrote:
> Hola Christopher:
> 
> I think this change is not good, as it does *all* passwords case
> insensitive, regardles of the use of digest or not.., i think plain
> passwords need to be case sensitive ..
> 
> 
> Saludos ,
> Ignacio J. Ortega
> 
> 
> 
>>-----Mensaje original-----
>>De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>>Enviado el: viernes 7 de septiembre de 2001 20:52
>>Para: [EMAIL PROTECTED]
>>Asunto: cvs commit:
>>jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm
>>JDBCRealm.java JNDIRealm.java MemoryRealm.java
>>
>>
>>ccain       01/09/07 11:51:36
>>
>>  Modified:    catalina/src/share/org/apache/catalina/realm 
>>JDBCRealm.java
>>                        JNDIRealm.java MemoryRealm.java
>>  Log:
>>  Change comparison of hex digests (in authentication) to be
>>  case-insensitive, as base16 values themselves are case-insensitive.
>>  
>>  Revision  Changes    Path
>>  1.18      +2 -2      
>>jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/real
>>m/JDBCRealm.java
>>  
>>  Index: JDBCRealm.java
>>  ===================================================================
>>  RCS file: 
>>/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/cat
>>alina/realm/JDBCRealm.java,v
>>  retrieving revision 1.17
>>  retrieving revision 1.18
>>  diff -u -r1.17 -r1.18
>>  --- JDBCRealm.java  2001/09/06 03:43:11     1.17
>>  +++ JDBCRealm.java  2001/09/07 18:51:36     1.18
>>  @@ -95,7 +95,7 @@
>>   * @author Craig R. McClanahan
>>   * @author Carson McDonald
>>   * @author Ignacio Ortega
>>  -* @version $Revision: 1.17 $ $Date: 2001/09/06 03:43:11 $
>>  +* @version $Revision: 1.18 $ $Date: 2001/09/07 18:51:36 $
>>   */
>>   
>>   public class JDBCRealm
>>  @@ -384,7 +384,7 @@
>>           }
>>   
>>           // Validate the user's credentials
>>  -        if (digest(credentials).equals(dbCredentials)) {
>>  +        if (digest(credentials).equalsIgnoreCase(dbCredentials)) {
>>               if (debug >= 2)
>>                   log(sm.getString("jdbcRealm.authenticateSuccess",
>>                                    username));
>>  
>>  
>>  
>>  1.4       +2 -2      
>>jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/real
>>m/JNDIRealm.java
>>  
>>  Index: JNDIRealm.java
>>  ===================================================================
>>  RCS file: 
>>/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/cat
>>alina/realm/JNDIRealm.java,v
>>  retrieving revision 1.3
>>  retrieving revision 1.4
>>  diff -u -r1.3 -r1.4
>>  --- JNDIRealm.java  2001/09/06 03:43:11     1.3
>>  +++ JNDIRealm.java  2001/09/07 18:51:36     1.4
>>  @@ -144,7 +144,7 @@
>>    *
>>    * @author John Holman
>>    * @author Craig R. McClanahan
>>  - * @version $Revision: 1.3 $ $Date: 2001/09/06 03:43:11 $
>>  + * @version $Revision: 1.4 $ $Date: 2001/09/07 18:51:36 $
>>    */
>>   
>>   public class JNDIRealm extends RealmBase {
>>  @@ -750,7 +750,7 @@
>>           // Validate the credentials specified by the user
>>           if (debug >= 3)
>>               log("  validating credentials");
>>  -        if (digest(credentials).equals(valueString)) {
>>  +        if (digest(credentials).equalsIgnoreCase(valueString)) {
>>               if (debug >= 2)
>>                   log(sm.getString("jndiRealm.authenticateSuccess",
>>                                    username));
>>  
>>  
>>  
>>  1.8       +5 -5      
>>jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/real
>>m/MemoryRealm.java
>>  
>>  Index: MemoryRealm.java
>>  ===================================================================
>>  RCS file: 
>>/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/cat
>>alina/realm/MemoryRealm.java,v
>>  retrieving revision 1.7
>>  retrieving revision 1.8
>>  diff -u -r1.7 -r1.8
>>  --- MemoryRealm.java        2001/08/27 19:10:25     1.7
>>  +++ MemoryRealm.java        2001/09/07 18:51:36     1.8
>>  @@ -1,7 +1,7 @@
>>   /*
>>  - * $Header: 
>>/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/cat
>>alina/realm/MemoryRealm.java,v 1.7 2001/08/27 19:10:25 craigmcc Exp $
>>  - * $Revision: 1.7 $
>>  - * $Date: 2001/08/27 19:10:25 $
>>  + * $Header: 
>>/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/cat
>>alina/realm/MemoryRealm.java,v 1.8 2001/09/07 18:51:36 ccain Exp $
>>  + * $Revision: 1.8 $
>>  + * $Date: 2001/09/07 18:51:36 $
>>    *
>>    * 
>>====================================================================
>>    *
>>  @@ -95,7 +95,7 @@
>>    * synchronization is performed around accesses to the 
>>principals collection.
>>    *
>>    * @author Craig R. McClanahan
>>  - * @version $Revision: 1.7 $ $Date: 2001/08/27 19:10:25 $
>>  + * @version $Revision: 1.8 $ $Date: 2001/09/07 18:51:36 $
>>    */
>>   
>>   public final class MemoryRealm
>>  @@ -205,7 +205,7 @@
>>           GenericPrincipal principal =
>>               (GenericPrincipal) principals.get(username);
>>           if ((principal != null) &&
>>  -            
>>(digest(credentials).equals(principal.getPassword()))) {
>>  +            
>>(digest(credentials).equalsIgnoreCase(principal.getPassword()))) {
>>               if (debug >= 2)
>>                   
>>log(sm.getString("memoryRealm.authenticateSuccess", username));
>>               return (principal);
>>  
>>  
>>  
>>
>>


-- 
- Christopher

/**
  * Pleurez, pleurez, mes yeux, et fondez vous en eau!
  * La moitié de ma vie a mis l'autre au tombeau.
  *    ---Corneille
  */
Re: cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/ catalina/realm JDBCRealm.java JNDIRealm.java MemoryRealm.java

Reply via email to
