ASF Bugzilla – Attachment 13885 Details for
Bug 32938
SSHA passwords in JNDIRealm
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
The patch to make it work.
JNDIRealmSSHAPassword.patch (text/plain), 2.63 KB, created by
Andrey Polozov
on 2005-01-04 17:53:08 UTC
(
hide
)
Description:
The patch to make it work.
Filename:
MIME Type:
Creator:
Andrey Polozov
Created:
2005-01-04 17:53:08 UTC
Size:
2.63 KB
patch
obsolete
>*** orig/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Tue Jan 4 11:34:07 2005 >--- jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Tue Jan 4 11:16:54 2005 >*************** import javax.naming.directory.SearchCont >*** 43,48 **** >--- 43,50 ---- > import javax.naming.directory.SearchResult; > import org.apache.catalina.LifecycleException; > import org.apache.catalina.util.Base64; >+ import org.apache.tomcat.util.buf.ByteChunk; >+ import org.apache.tomcat.util.buf.CharChunk; > > > /** >*************** public class JNDIRealm extends RealmBase >*** 1191,1196 **** >--- 1193,1231 ---- > new String(Base64.encode(md.digest())); > validated = password.equals(digestedPassword); > } >+ } else if (password.startsWith("{SSHA}")) { >+ /* sync since super.digest() does this same thing */ >+ synchronized (this) { >+ password = password.substring(6); >+ >+ md.reset(); >+ md.update(credentials.getBytes()); >+ //Decode stored password. >+ ByteChunk pwbc = new ByteChunk(password.length()); >+ try { >+ pwbc.append(password.getBytes(), 0, password.length()); >+ } catch (java.io.IOException e) { >+ e.printStackTrace(); //Hopefully will never happen. >+ } >+ CharChunk decoded = new CharChunk(); >+ Base64.decode(pwbc, decoded); >+ char[] pwarray = decoded.getBuffer(); >+ // Split decoded password into hash and salt. >+ final int saltpos = 20; >+ byte[] hash = new byte[saltpos]; >+ for (int i=0; i< hash.length; i++) >+ hash[i] = (byte)pwarray[i]; >+ >+ byte[] salt = new byte[pwarray.length - saltpos]; >+ for (int i=0; i< salt.length; i++) >+ salt[i] = (byte)pwarray[i+saltpos]; >+ >+ md.update(salt); >+ >+ byte[] dp = md.digest(); >+ >+ validated = java.util.Arrays.equals(dp, hash); >+ } > } else { > // Hex hashes should be compared case-insensitive > validated = (digest(credentials).equalsIgnoreCase(password)); >*************** public class JNDIRealm extends RealmBase >*** 1202,1208 **** > } > > >- > /** > * Check credentials by binding to the directory as the user > * >--- 1237,1242 ----
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=13885">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 32938
: 13885