Return-Path: 
 <dev-return-97088-apmail-tomcat-dev-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-dev-archive@www.apache.org
Received: (qmail 6169 invoked from network); 1 Jul 2009 22:13:53 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 1 Jul 2009 22:13:53 -0000
Received: (qmail 87144 invoked by uid 500); 1 Jul 2009 22:13:58 -0000
Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org
Received: (qmail 87078 invoked by uid 500); 1 Jul 2009 22:13:58 -0000
Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@tomcat.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@tomcat.apache.org>
List-Post: <mailto:dev@tomcat.apache.org>
List-Id: <dev.tomcat.apache.org>
Reply-To: "Tomcat Developers List" <dev@tomcat.apache.org>
Delivered-To: mailing list dev@tomcat.apache.org
Received: (qmail 87032 invoked by uid 99); 1 Jul 2009 22:13:58 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Jul 2009 22:13:58 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Jul 2009 22:13:55 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id 2D550238889D; Wed,  1 Jul 2009 22:13:34 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r790405 -
 /tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
Date: Wed, 01 Jul 2009 22:13:34 -0000
To: dev@tomcat.apache.org
From: markt@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20090701221334.2D550238889D@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: markt
Date: Wed Jul  1 22:13:33 2009
New Revision: 790405

URL: http://svn.apache.org/viewvc?rev=790405&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=37984
Strip {MD5} as well as {SHA} from digested passwords

Modified:
    tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java

Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=790405&r1=790404&r2=790405&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java Wed Jul  1 22:13:33 2009
@@ -1419,10 +1419,10 @@
 
         boolean validated = false;
         if (hasMessageDigest()) {
-            // iPlanet support if the values starts with {SHA1}
+            // Some directories prefix the password with the hash type
             // The string is in a format compatible with Base64.encode not
             // the Hex encoding of the parent class.
-            if (password.startsWith("{SHA}")) {
+            if (password.startsWith("{MD5}") || password.startsWith("{SHA}")) {
                 /* sync since super.digest() does this same thing */
                 synchronized (this) {
                     password = password.substring(5);



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org