yoavs 2005/03/23 07:17:17
Modified: catalina/src/share/org/apache/catalina/realm JNDIRealm.java
webapps/docs changelog.xml
Log:
Bugzilla 32938.
Revision Changes Path
1.21 +43 -1
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
Index: JNDIRealm.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- JNDIRealm.java 23 Feb 2005 19:27:56 -0000 1.20
+++ JNDIRealm.java 23 Mar 2005 15:17:17 -0000 1.21
@@ -16,9 +16,11 @@
package org.apache.catalina.realm;
+import java.io.IOException;
import java.security.Principal;
import java.text.MessageFormat;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Hashtable;
import java.util.List;
@@ -40,6 +42,8 @@
import javax.naming.directory.SearchResult;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.util.Base64;
+import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.buf.CharChunk;
/**
* <p>Implementation of <strong>Realm</strong> that works with a directory
@@ -1190,6 +1194,44 @@
new String(Base64.encode(md.digest()));
validated = password.equals(digestedPassword);
}
+ } else if (password.startsWith("{SSHA}")) {
+ // Bugzilla 32938
+ /* sync since super.digest() does this same thing */
+ synchronized (this) {
+ password = password.substring(6);
+
+ md.reset();
+ md.update(credentials.getBytes());
+
+ // Decode stored password.
+ ByteChunk pwbc = new ByteChunk(password.length());
+ try {
+ pwbc.append(password.getBytes(), 0,
password.length());
+ } catch (IOException e) {
+ // Should never happen
+ containerLog.error("Could not append password bytes
to chunk: ", e);
+ }
+
+ CharChunk decoded = new CharChunk();
+ Base64.decode(pwbc, decoded);
+ char[] pwarray = decoded.getBuffer();
+
+ // Split decoded password into hash and salt.
+ final int saltpos = 20;
+ byte[] hash = new byte[saltpos];
+ for (int i=0; i< hash.length; i++) {
+ hash[i] = (byte) pwarray[i];
+ }
+
+ byte[] salt = new byte[pwarray.length - saltpos];
+ for (int i=0; i< salt.length; i++)
+ salt[i] = (byte)pwarray[i+saltpos];
+
+ md.update(salt);
+ byte[] dp = md.digest();
+
+ validated = Arrays.equals(dp, hash);
+ } // End synchronized(this) block
} else {
// Hex hashes should be compared case-insensitive
validated = (digest(credentials).equalsIgnoreCase(password));
1.246 +3 -0 jakarta-tomcat-catalina/webapps/docs/changelog.xml
Index: changelog.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/changelog.xml,v
retrieving revision 1.245
retrieving revision 1.246
diff -u -r1.245 -r1.246
--- changelog.xml 23 Mar 2005 15:02:58 -0000 1.245
+++ changelog.xml 23 Mar 2005 15:17:17 -0000 1.246
@@ -81,6 +81,9 @@
<update>
<bug>33636</bug>: Set lastModified attribute when expanding WAR
files. (yoavs)
</update>
+ <update>
+ <bug>32938</bug>: Allow Salted SHA (SSHA) passwords in JNDIRealm.
(yoavs)
+ </update>
</changelog>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
