You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by Brian Demers <br...@gmail.com> on 2016/03/25 22:00:06 UTC
Re: Implementation of SaltStyle.CRYPT
Thanks!
Can you put this in a github pull request and add test ?
(using github isn't required, but it makes chatting about the patch easier)
On Thu, Mar 24, 2016 at 11:52 PM, Andreas Reichel <
andreas@manticore-projects.com> wrote:
> Dear All,
>
> we would like to adopt Shiro and to use the JDBC Realm.
> Our database schema however uses the CRYPT like password hash with no
> separate SALT column. We found SaltStyle.CRYPT unimplemented, so please
> find a small patch attached.
>
>
> Any issues, please let us know.
> Cheers
> Andreas
>
> From 3cbc5b40c095872b80f52323c2585ea46e58067e Mon Sep 17 00:00:00 2001
> From: Andreas Reichel <an...@manticore-projects.com>
> Date: Mar 25, 2016 10:48:43 AM
>
> Implement SaltStyle.CRYPT
>
> diff --git
> a/core/src/main/java/org/apache/shiro/realm/jdbc/JdbcRealm.java
> b/core/src/main/java/org/apache/shiro/realm/jdbc/JdbcRealm.java
> index 646875c..c34a5fe 100644
> --- a/core/src/main/java/org/apache/shiro/realm/jdbc/JdbcRealm.java
> +++ b/core/src/main/java/org/apache/shiro/realm/jdbc/JdbcRealm.java
> @@ -38,6 +38,11 @@
> import java.util.Collection;
> import java.util.LinkedHashSet;
> import java.util.Set;
> +import org.apache.shiro.authc.credential.CredentialsMatcher;
> +import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
> +import org.apache.shiro.crypto.hash.Md5Hash;
> +import org.apache.shiro.crypto.hash.Sha256Hash;
> +import org.apache.shiro.crypto.hash.Sha512Hash;
>
>
> /**
> @@ -221,9 +226,50 @@
> password = getPasswordForUser(conn, username)[0];
> break;
> case CRYPT:
> - // TODO: separate password and hash from
> getPasswordForUser[0]
> - throw new ConfigurationException("Not implemented
> yet");
> - //break;
> + /*
> + http://www.slashroot.in/how-are-passwords-stored-linux
> -understanding-hashing-shadow-utils
> +
> + Example: $1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1
> +
> + The above shown encoded hash value can be further
> classified into three different fields as below.
> + 1. The first field is a numerical number that tell's
> you the hashing algorithm that's being used.
> +
> + $1 = MD5 hashing algorithm.
> + $2 =Blowfish Algorithm is in use.
> + $2a=eksblowfish Algorithm
> + $5 =SHA-256 Algorithm
> + $6 =SHA-512 Algorithm
> +
> + 2. The second field is the salt value
> + Salt value is nothing but a random data that's
> generated to combine with the original password, inorder to increase
> the strength of the hash..
> +
> + 3.The last field is the hash value of salt+user
> password (we will be discussing this shortly).
> +
> + */
> +
> + String[] crypt=getPasswordForUser(conn,
> username)[0].split("\\$");
> + String hashAlgorithm=crypt[0];
> +
> + //@todo: set the credential matcher hash algorithm?!
> + CredentialsMatcher credentialsMatcher =
> getCredentialsMatcher();
> + if (credentialsMatcher instanceof
> HashedCredentialsMatcher) {
> + HashedCredentialsMatcher
> hashedCredentialsMatcher=(HashedCredentialsMatcher) credentialsMatcher;
> + if (hashAlgorithm.equals("$6"))
> + hashedCredentialsMatcher.setHashAlgorithmName(
> Sha512Hash.ALGORITHM_NAME);
> + else if (hashAlgorithm.equals("$5"))
> + hashedCredentialsMatcher.setHashAlgorithmName(
> Sha256Hash.ALGORITHM_NAME);
> + else if (hashAlgorithm.equals("$1"))
> + hashedCredentialsMatcher.setHashAlgorithmName(
> Md5Hash.ALGORITHM_NAME);
> + else if (hashAlgorithm.equals("$2"))
> + throw new AuthenticationException("Requested
> 'Blowfish' algorithm is not supported. Can not validate the token.");
> + else if (hashAlgorithm.equals("$2a"))
> + throw new AuthenticationException("Requested
> 'eksblowfish' algorithm is not supported. Can not validate the
> token.");
> + }
> +
> + salt=crypt[1];
> + password=crypt[2];
> +
> + break;
> case COLUMN:
> String[] queryResults = getPasswordForUser(conn,
> username);
> password = queryResults[0];
> @@ -265,7 +311,6 @@
> boolean returningSeparatedSalt = false;
> switch (saltStyle) {
> case NO_SALT:
> - case CRYPT:
> case EXTERNAL:
> result = new String[1];
> break;