cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chiradeep Vittal <Chiradeep.Vit...@citrix.com>
Subject Re: Bug in updateUser API in CS 4.1.0
Date Mon, 10 Jun 2013 22:10:00 GMT
Please see the recommendations in Prasanna's email in the thread I linked
to earlier.

On 6/10/13 12:26 PM, "Anoop Rajendra" <anoop.rajendra@gmail.com> wrote:

>Hi Chiradeep,
>
>My componentContext.xml has the following entries for the security
>adapter section
>
><bean id="userAuthenticators"
>class="com.cloud.utils.component.AdapterList">
>    <property name="Adapters">
>      <list>
>          <ref bean="MD5UserAuthenticator"/>
>          <ref bean="LDAPUserAuthenticator"/>
>          <ref bean="PlainTextUserAuthenticator"/>
>      </list>
>    </property>
>  </bean>
>
>
>So clearly MD5UserAuthenticator is present, and being used.
>
>However the updateUser api isn't working as documentation states.
>
>Here's proof of this.
>
>1. password is "password". md5sum hash of the password is
>""5f4dcc3b5aa765d61d8327deb882cf99"
>
>If I craft the updateUser api call as the following url,
>
>http://localhost:8080/client/api?apiKey=68jXaZIv0O42n1h2C_KmGtHpD7YRvrYGJs
>zs-d0T1pPxxxP91EYuY-gjz7pCD3pEl8x2lyLzF-WeEdupxAIUkQ&id=1723cb29-8dfd-4211
>-8ca1-212e1f192455&command=updateUser&signature=AM8rwempktibzYro%2B%2FmHEH
>bnKng%3D&password=5f4dcc3b5aa765d61d8327deb882cf99&response=json
>
>the MD5 password stored in the database is
>"696d29e0940a4957748fe3fc9efd22a3" which is actually the md5 hash of
>the hashed password.
>
>However if I craft the URL to read,
>
>http://localhost:8080/client/api?apiKey=68jXaZIv0O42n1h2C_KmGtHpD7YRvrYGJs
>zs-d0T1pPxxxP91EYuY-gjz7pCD3pEl8x2lyLzF-WeEdupxAIUkQ&id=1723cb29-8dfd-4211
>-8ca1-212e1f192455&command=updateUser&signature=sms6kd0LlAsZyqOFlFE%2FROsB
>lyw%3D&password=password&response=json
>
>then the md5 password stored in the database is
>"5f4dcc3b5aa765d61d8327deb882cf99", which is what I want.
>
>As you can see, the updateUser api requires the password to be
>cleartext, and not an MD5 hash (as stated in the documentation, and as
>used to work previously).
>
>By the way, the login API correctly requires the MD5 hashed password,
>and will not work with a clear text password.
>
>-a
>
>On Mon, Jun 10, 2013 at 10:03 AM, Chiradeep Vittal
><Chiradeep.Vittal@citrix.com> wrote:
>> There should be a configuration file called componentContext.xml in your
>> install path. Search for Authenticator in the file. The order of the
>> Authenticators matter.
>>
>> On 6/9/13 10:59 PM, "Anoop Rajendra" <anoop.rajendra@gmail.com> wrote:
>>
>>>How would I install the MD5Authenticator as the default
>>>authenticator?
>>>
>>>Thanks,
>>>-a
>>>On Jun 7, 2013 5:56 PM, "Chiradeep Vittal" <Chiradeep.Vittal@citrix.com>
>>>wrote:
>>>
>>>> See this discussion
>>>> http://markmail.org/thread/7r6ia3ckkt6fzlic
>>>>
>>>> You might have to install the MD5Authenticator as the default
>>>> authenticator.
>>>>
>>>> On 6/7/13 3:44 PM, "Anoop Rajendra" <anoop.rajendra@gmail.com> wrote:
>>>>
>>>> >Hi, When I try to run the updateUser API for the admin user, the
>>>> >password field requires a cleartext unhashed password.
>>>> >
>>>> >With previous versions I could provide the hashed  MD5 password, and
>>>> >the admin password would get updated.
>>>> >
>>>> >-a
>>>>
>>>>
>>


Mime
View raw message