[jira] [Resolved] (QPID-7414) [Java Broker] File based authentication providers PlainPasswordFile and Base64MD5PasswordFile should guard against colons in usernames and passwords

["Keith Wall (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/QPID-7414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Keith Wall resolved QPID-7414.
------------------------------
    Resolution: Fixed

Change looks reasonable to me.

> [Java Broker] File based authentication providers PlainPasswordFile and Base64MD5PasswordFile should guard against colons in usernames and passwords
> ----------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-7414
>                 URL: https://issues.apache.org/jira/browse/QPID-7414
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>    Affects Versions: 0.18, 0.20, 0.22, 0.24, 0.26, 0.28, 0.30, 0.32, qpid-java-6.0, qpid-java-6.0.1, qpid-java-6.0.2, qpid-java-6.0.3, qpid-java-6.0.4
>            Reporter: Alex Rudyy
>             Fix For: qpid-java-6.1
>
>
> Colon charcaters in user name for authentication providers of types PlainPasswordFile and Base64MD5PasswordFile cause failures on opening of such authentication providers on broker startup. As result,  authentication fails for any user account belonging to the impacted authentication provider. The user names with colons would need to be removed manually from the configuration files in order to recover from the issue.
> Colons in user password for PlainPasswordFile results in the same issue.
> The exception similar to the one below is reported for the above:
> {noformat}
> ERROR [Broker-Config] (o.a.q.s.m.AbstractConfiguredObject) - Failed to open object with name 'passwordFile'.  Object will be put into ERROR state.
> java.lang.IllegalArgumentException: User Data should be length 2, username, password
>         at org.apache.qpid.server.security.auth.database.PlainUser.<init>(PlainUser.java:37) ~[classes/:na]
>         at org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase.createUserFromFileData(PlainPasswordFilePrincipalDatabase.java:132) ~[classes/:na]
>         at org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase.createUserFromFileData(PlainPasswordFilePrincipalDatabase.java:56) ~[classes/:na]
>         at org.apache.qpid.server.security.auth.database.AbstractPasswordFilePrincipalDatabase.loadPasswordFile(AbstractPasswordFilePrincipalDatabase.java:213) ~[classes/:na]
>         at org.apache.qpid.server.security.auth.database.AbstractPasswordFilePrincipalDatabase.open(AbstractPasswordFilePrincipalDatabase.java:82) ~[classes/:na]
>         at org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager.initialise(PrincipalDatabaseAuthenticationManager.java:143) ~[classes/:na]
>         at org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager.onOpen(PrincipalDatabaseAuthenticationManager.java:120) ~[classes/:na]
>         at org.apache.qpid.server.model.AbstractConfiguredObject.doOpening(AbstractConfiguredObject.java:1095) [classes/:na]
>         at org.apache.qpid.server.model.AbstractConfiguredObject$9.performAction(AbstractConfiguredObject.java:1110) [classes/:na]
>         at org.apache.qpid.server.model.AbstractConfiguredObject$9.performAction(AbstractConfiguredObject.java:1098) [classes/:na]
>         at org.apache.qpid.server.model.AbstractConfiguredObject.applyToChildren(AbstractConfiguredObject.java:1269) [classes/:na]
>         at org.apache.qpid.server.model.AbstractConfiguredObject.doOpening(AbstractConfiguredObject.java:1097) [classes/:na]
>         at org.apache.qpid.server.model.AbstractConfiguredObject$1.execute(AbstractConfiguredObject.java:583) [classes/:na]
>         at org.apache.qpid.server.model.AbstractConfiguredObject$1.execute(AbstractConfiguredObject.java:571) [classes/:na]
>         at org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:632) [classes/:na]
>         at org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:625) [classes/:na]
>         at org.apache.qpid.server.configuration.updater.TaskExecutorImpl$TaskLoggingWrapper.execute(TaskExecutorImpl.java:240) [classes/:na]
>         at org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submitWrappedTask(TaskExecutorImpl.java:157) [classes/:na]
>         at org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submit(TaskExecutorImpl.java:145) [classes/:na]
>         at org.apache.qpid.server.model.AbstractConfiguredObject.doOnConfigThread(AbstractConfiguredObject.java:624) [classes/:na]
>         at org.apache.qpid.server.model.AbstractConfiguredObject.openAsync(AbstractConfiguredObject.java:570) [classes/:na]
>         at org.apache.qpid.server.model.AbstractSystemConfig.activate(AbstractSystemConfig.java:237) [classes/:na]
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org