directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andreas Oberritter (JIRA)" <>
Subject [jira] Created: (DIRSERVER-1540) Login possible using password hash
Date Fri, 13 Aug 2010 19:39:19 GMT
Login possible using password hash

                 Key: DIRSERVER-1540
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: ldap
    Affects Versions: 2.0.0-RC1
            Reporter: Andreas Oberritter
             Fix For: 2.0.0-RC1

from IRC:

file: core/src/main/java/org/apache/directory/server/core/authn/
method: public LdapPrincipal authenticate( BindOperationContext bindContext )

you can see a code block starting with:

         // Short circuit for PLAIN TEXT passwords : we compare the byte array directly
         // Are the passwords equal ?
         if ( Arrays.equals( credentials, storedPassword ) )

i think you should move this block to the algorithm == null case some lines below

the test case would be:
1) store a password with any hashed algorithm.
2) base64 decode it.
3) use the result to bind to the ldap server

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message