tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yo...@apache.org
Subject cvs commit: jakarta-tomcat-catalina/webapps/docs changelog.xml
Date Wed, 23 Mar 2005 15:17:17 GMT
yoavs       2005/03/23 07:17:17

  Modified:    catalina/src/share/org/apache/catalina/realm JNDIRealm.java
               webapps/docs changelog.xml
  Log:
  Bugzilla 32938.
  
  Revision  Changes    Path
  1.21      +43 -1     jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
  
  Index: JNDIRealm.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -u -r1.20 -r1.21
  --- JNDIRealm.java	23 Feb 2005 19:27:56 -0000	1.20
  +++ JNDIRealm.java	23 Mar 2005 15:17:17 -0000	1.21
  @@ -16,9 +16,11 @@
   
   package org.apache.catalina.realm;
   
  +import java.io.IOException;
   import java.security.Principal;
   import java.text.MessageFormat;
   import java.util.ArrayList;
  +import java.util.Arrays;
   import java.util.Hashtable;
   import java.util.List;
   
  @@ -40,6 +42,8 @@
   import javax.naming.directory.SearchResult;
   import org.apache.catalina.LifecycleException;
   import org.apache.catalina.util.Base64;
  +import org.apache.tomcat.util.buf.ByteChunk;
  +import org.apache.tomcat.util.buf.CharChunk;
   
   /**
    * <p>Implementation of <strong>Realm</strong> that works with a directory
  @@ -1190,6 +1194,44 @@
                           new String(Base64.encode(md.digest()));
                       validated = password.equals(digestedPassword);
                   }
  +            } else if (password.startsWith("{SSHA}")) {
  +                // Bugzilla 32938
  +                /* sync since super.digest() does this same thing */
  +                synchronized (this) {
  +                    password = password.substring(6);
  +
  +                    md.reset();
  +                    md.update(credentials.getBytes());
  +
  +                    // Decode stored password.
  +                    ByteChunk pwbc = new ByteChunk(password.length());
  +                    try {
  +                        pwbc.append(password.getBytes(), 0, password.length());
  +                    } catch (IOException e) {
  +                        // Should never happen
  +                        containerLog.error("Could not append password bytes to chunk: ",
e);
  +                    }
  +
  +                    CharChunk decoded = new CharChunk();
  +                    Base64.decode(pwbc, decoded);
  +                    char[] pwarray = decoded.getBuffer();
  +
  +                    // Split decoded password into hash and salt.
  +                    final int saltpos = 20;
  +                    byte[] hash = new byte[saltpos];
  +                    for (int i=0; i< hash.length; i++) {
  +                        hash[i] = (byte) pwarray[i];
  +                    }
  +
  +                    byte[] salt = new byte[pwarray.length - saltpos];
  +                    for (int i=0; i< salt.length; i++)
  +                        salt[i] = (byte)pwarray[i+saltpos];
  +
  +                    md.update(salt);
  +                    byte[] dp = md.digest();
  +
  +                    validated = Arrays.equals(dp, hash);
  +                } // End synchronized(this) block
               } else {
                   // Hex hashes should be compared case-insensitive
                   validated = (digest(credentials).equalsIgnoreCase(password));
  
  
  
  1.246     +3 -0      jakarta-tomcat-catalina/webapps/docs/changelog.xml
  
  Index: changelog.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/changelog.xml,v
  retrieving revision 1.245
  retrieving revision 1.246
  diff -u -r1.245 -r1.246
  --- changelog.xml	23 Mar 2005 15:02:58 -0000	1.245
  +++ changelog.xml	23 Mar 2005 15:17:17 -0000	1.246
  @@ -81,6 +81,9 @@
         <update>
           <bug>33636</bug>: Set lastModified attribute when expanding WAR files.
(yoavs)
         </update>
  +      <update>
  +        <bug>32938</bug>: Allow Salted SHA (SSHA) passwords in JNDIRealm. (yoavs)
  +      </update>
       </changelog>
      </subsection>
      
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message