From commits-return-22138-apmail-directory-commits-archive=directory.apache.org@directory.apache.org Sat Jun 13 09:47:39 2009 Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 16561 invoked from network); 13 Jun 2009 09:47:39 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 13 Jun 2009 09:47:39 -0000 Received: (qmail 95794 invoked by uid 500); 13 Jun 2009 09:47:51 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 95731 invoked by uid 500); 13 Jun 2009 09:47:51 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 95722 invoked by uid 99); 13 Jun 2009 09:47:50 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 13 Jun 2009 09:47:50 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 13 Jun 2009 09:47:48 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id BB1E623888CD; Sat, 13 Jun 2009 09:47:28 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r784354 - /directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java Date: Sat, 13 Jun 2009 09:47:28 -0000 To: commits@directory.apache.org From: elecharny@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20090613094728.BB1E623888CD@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: elecharny Date: Sat Jun 13 09:47:27 2009 New Revision: 784354 URL: http://svn.apache.org/viewvc?rev=784354&view=rev Log: Fix SSHA and SMD5 authent to accept shortest salt. (DIRSERVER-1375) Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=784354&r1=784353&r2=784354&view=diff ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java Sat Jun 13 09:47:27 2009 @@ -80,6 +80,12 @@ /** A speedup for logger in debug mode */ private static final boolean IS_DEBUG = LOG.isDebugEnabled(); + + /** The SHA1 hash length */ + private static final int SHA1_LENGTH = 20; + + /** The MD5 hash length */ + private static final int MD5_LENGTH = 16; /** * A cache to store passwords. It's a speedup, we will be able to avoid backend lookups. @@ -163,7 +169,7 @@ * format : * {} * where the encrypted password format can be : - * - MD5/SHA : base64([]) + * - MD5/SHA : base64([]) * - crypt : * * Algorithm are currently MD5, SMD5, SHA, SSHA, CRYPT and empty @@ -299,7 +305,7 @@ // be able to encrypt the submitted user password in the next step byte[] encryptedStored = splitCredentials( storedPassword, encryptionMethod ); - // Reuse the slatedPassword informations to construct the encrypted + // Reuse the saltedPassword informations to construct the encrypted // password given by the user. byte[] userPassword = encryptPassword( credentials, encryptionMethod ); @@ -339,7 +345,7 @@ /** - * Decopose the stored password in an algorithm, an eventual salt + * Decompose the stored password in an algorithm, an eventual salt * and the password itself. * * If the algorithm is SHA, SSHA, MD5 or SMD5, the part following the algorithm @@ -351,7 +357,7 @@ */ private byte[] splitCredentials( byte[] credentials, EncryptionMethod encryptionMethod ) { - int pos = encryptionMethod.algorithm.getName().length() + 2; + int algoLength = encryptionMethod.algorithm.getName().length() + 2; switch ( encryptionMethod.algorithm ) { @@ -361,7 +367,7 @@ { // We just have the password just after the algorithm, base64 encoded. // Just decode the password and return it. - return Base64.decode( new String( credentials, pos, credentials.length - pos, "UTF-8" ).toCharArray() ); + return Base64.decode( new String( credentials, algoLength, credentials.length - algoLength, "UTF-8" ).toCharArray() ); } catch ( UnsupportedEncodingException uee ) { @@ -370,6 +376,28 @@ } case HASH_METHOD_SMD5 : + try + { + // The password is associated with a salt. Decompose it + // in two parts, after having decoded the password. + // The salt will be stored into the EncryptionMethod structure + // The salt is at the end of the credentials, and is 8 bytes long + byte[] passwordAndSalt = Base64.decode( new String( credentials, algoLength, credentials.length - algoLength, "UTF-8" ). + toCharArray() ); + + int saltLength = passwordAndSalt.length - MD5_LENGTH; + encryptionMethod.salt = new byte[saltLength]; + byte[] password = new byte[MD5_LENGTH]; + split( passwordAndSalt, 0, password, encryptionMethod.salt ); + + return password; + } + catch ( UnsupportedEncodingException uee ) + { + // do nothing + return credentials; + } + case HASH_METHOD_SSHA : try { @@ -377,11 +405,12 @@ // in two parts, after having decoded the password. // The salt will be stored into the EncryptionMethod structure // The salt is at the end of the credentials, and is 8 bytes long - byte[] passwordAndSalt = Base64.decode( new String( credentials, pos, credentials.length - pos, "UTF-8" ). + byte[] passwordAndSalt = Base64.decode( new String( credentials, algoLength, credentials.length - algoLength, "UTF-8" ). toCharArray() ); - encryptionMethod.salt = new byte[8]; - byte[] password = new byte[passwordAndSalt.length - encryptionMethod.salt.length]; + int saltLength = passwordAndSalt.length - SHA1_LENGTH; + encryptionMethod.salt = new byte[saltLength]; + byte[] password = new byte[SHA1_LENGTH]; split( passwordAndSalt, 0, password, encryptionMethod.salt ); return password; @@ -397,8 +426,8 @@ // in two parts, storing the salt into the EncryptionMethod structure. // The salt comes first, not like for SSHA and SMD5, and is 2 bytes long encryptionMethod.salt = new byte[2]; - byte[] password = new byte[credentials.length - encryptionMethod.salt.length - pos]; - split( credentials, pos, encryptionMethod.salt, password ); + byte[] password = new byte[credentials.length - encryptionMethod.salt.length - algoLength]; + split( credentials, algoLength, encryptionMethod.salt, password ); return password;