You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by bd...@apache.org on 2019/07/08 22:30:19 UTC

[cassandra] branch trunk updated (d0a207b -> 86812fa)

This is an automated email from the ASF dual-hosted git repository.

bdeggleston pushed a change to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra.git.


    from d0a207b  Merge branch 'cassandra-3.11' into trunk
     new 177a8e9  Prevent RuntimeException when username or password is empty/null
     new 7206ff5  Merge branch 'cassandra-3.0' into cassandra-3.11
     new 86812fa  Merge branch 'cassandra-3.11' into trunk

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 CHANGES.txt                                        |  1 +
 .../cassandra/auth/PasswordAuthenticator.java      | 11 +--
 .../cassandra/auth/PasswordAuthenticatorTest.java  | 82 +++++++++++++++++++++-
 3 files changed, 89 insertions(+), 5 deletions(-)


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org

[cassandra] 01/01: Merge branch 'cassandra-3.11' into trunk

Posted by bd...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

bdeggleston pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra.git

commit 86812fa5024d957e28f195b2c4db3813439fb2c5
Merge: d0a207b 7206ff5
Author: Blake Eggleston <bd...@gmail.com>
AuthorDate: Mon Jul 8 15:26:22 2019 -0700

    Merge branch 'cassandra-3.11' into trunk

 CHANGES.txt                                        |  1 +
 .../cassandra/auth/PasswordAuthenticator.java      | 11 +--
 .../cassandra/auth/PasswordAuthenticatorTest.java  | 82 +++++++++++++++++++++-
 3 files changed, 89 insertions(+), 5 deletions(-)

diff --cc CHANGES.txt
index 5e7d21b,018fced..e234df1
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@@ -367,7 -3,9 +367,8 @@@
   * Fixed nodetool cfstats printing index name twice (CASSANDRA-14903)
   * Add flag to disable SASI indexes, and warnings on creation (CASSANDRA-14866)
  Merged from 3.0:
+  * Prevent RuntimeException when username or password is empty/null (CASSANDRA-15198)
   * Multiget thrift query returns null records after digest mismatch (CASSANDRA-14812)
 - * Skipping illegal legacy cells can break reverse iteration of indexed partitions (CASSANDRA-15178)
   * Handle paging states serialized with a different version than the session's (CASSANDRA-15176)
   * Throw IOE instead of asserting on unsupporter peer versions (CASSANDRA-15066)
   * Update token metadata when handling MOVING/REMOVING_TOKEN events (CASSANDRA-15120)
diff --cc src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
index 89f765d,4bd3696..9da99a9
--- a/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
+++ b/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java
@@@ -65,9 -66,12 +65,9 @@@ public class PasswordAuthenticator impl
      public static final String USERNAME_KEY = "username";
      public static final String PASSWORD_KEY = "password";
  
-     private static final byte NUL = 0;
+     static final byte NUL = 0;
      private SelectStatement authenticateStatement;
  
 -    public static final String LEGACY_CREDENTIALS_TABLE = "credentials";
 -    private SelectStatement legacyAuthenticateStatement;
 -
      private CredentialsCache cache;
  
      // No anonymous access.
diff --cc test/unit/org/apache/cassandra/auth/PasswordAuthenticatorTest.java
index 37763d7,0dd75eb..fd79b6a
--- a/test/unit/org/apache/cassandra/auth/PasswordAuthenticatorTest.java
+++ b/test/unit/org/apache/cassandra/auth/PasswordAuthenticatorTest.java
@@@ -18,8 -18,22 +18,22 @@@
  package org.apache.cassandra.auth;
  
  
+ import java.nio.charset.StandardCharsets;
+ 
+ import com.google.common.collect.Iterables;
+ import org.junit.AfterClass;
+ import org.junit.BeforeClass;
  import org.junit.Test;
  
+ import com.datastax.driver.core.Authenticator;
+ import com.datastax.driver.core.PlainTextAuthProvider;
+ import org.apache.cassandra.SchemaLoader;
 -import org.apache.cassandra.config.CFMetaData;
 -import org.apache.cassandra.config.SchemaConstants;
+ import org.apache.cassandra.cql3.CQLTester;
+ import org.apache.cassandra.exceptions.AuthenticationException;
+ import org.apache.cassandra.schema.KeyspaceParams;
++import org.apache.cassandra.schema.SchemaConstants;
++import org.apache.cassandra.schema.TableMetadata;
+ 
  import static org.apache.cassandra.auth.CassandraRoleManager.*;
  import static org.apache.cassandra.auth.PasswordAuthenticator.*;
  import static org.junit.Assert.assertFalse;
@@@ -61,4 -78,67 +78,67 @@@ public class PasswordAuthenticatorTest 
          assertFalse(checkpw(DEFAULT_SUPERUSER_PASSWORD, "$2$6$abcdefghijklmnopqrstuvABCDEFGHIJKLMNOPQRSTUVWXYZ01234"));
          assertFalse(checkpw(DEFAULT_SUPERUSER_PASSWORD, "$2a$6$abcdefghijklmnopqrstuvABCDEFGHIJKLMNOPQRSTUVWXYZ01234"));
      }
+ 
+     @Test(expected = AuthenticationException.class)
+     public void testEmptyUsername()
+     {
+         testDecodeIllegalUserAndPwd("", "pwd");
+     }
+ 
+     @Test(expected = AuthenticationException.class)
+     public void testEmptyPassword()
+     {
+         testDecodeIllegalUserAndPwd("user", "");
+     }
+ 
+     @Test(expected = AuthenticationException.class)
+     public void testNULUsername0()
+     {
+         byte[] user = {'u', 's', PasswordAuthenticator.NUL, 'e', 'r'};
+         testDecodeIllegalUserAndPwd(new String(user, StandardCharsets.UTF_8), "pwd");
+     }
+ 
+     @Test(expected = AuthenticationException.class)
+     public void testNULUsername1()
+     {
+         testDecodeIllegalUserAndPwd(new String(new byte[4]), "pwd");
+     }
+ 
+     @Test(expected = AuthenticationException.class)
+     public void testNULPassword0()
+     {
+         byte[] pwd = {'p', 'w', PasswordAuthenticator.NUL, 'd'};
+         testDecodeIllegalUserAndPwd("user", new String(pwd, StandardCharsets.UTF_8));
+     }
+ 
+     @Test(expected = AuthenticationException.class)
+     public void testNULPassword1()
+     {
+         testDecodeIllegalUserAndPwd("user", new String(new byte[4]));
+     }
+ 
+     private void testDecodeIllegalUserAndPwd(String username, String password)
+     {
+         SaslNegotiator negotiator = authenticator.newSaslNegotiator(null);
+         Authenticator clientAuthenticator = (new PlainTextAuthProvider(username, password))
+                                             .newAuthenticator(null, null);
+ 
+         negotiator.evaluateResponse(clientAuthenticator.initialResponse());
+         negotiator.getAuthenticatedUser();
+     }
+ 
+     @BeforeClass
+     public static void setUp()
+     {
+         SchemaLoader.createKeyspace(SchemaConstants.AUTH_KEYSPACE_NAME,
+                                     KeyspaceParams.simple(1),
 -                                    Iterables.toArray(AuthKeyspace.metadata().tables, CFMetaData.class));
++                                    Iterables.toArray(AuthKeyspace.metadata().tables, TableMetadata.class));
+         authenticator.setup();
+     }
+ 
+     @AfterClass
+     public static void tearDown()
+     {
+         schemaChange("DROP KEYSPACE " + SchemaConstants.AUTH_KEYSPACE_NAME);
+     }
  }


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org