You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2015/03/16 10:47:59 UTC
git commit: updated refs/heads/master to a69780b
Repository: cloudstack
Updated Branches:
refs/heads/master 843f6b169 -> a69780b69
user-authenticators: don't allow empty usernames or passwords
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit 16e5f5d7d335ec325d995d91234461e99c695ed7)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/a69780b6
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/a69780b6
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/a69780b6
Branch: refs/heads/master
Commit: a69780b69b11004cf981db8d72a97301c2b46847
Parents: 843f6b1
Author: Rohit Yadav <ro...@shapeblue.com>
Authored: Mon Mar 16 15:00:08 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Mon Mar 16 15:17:23 2015 +0530
----------------------------------------------------------------------
.../cloudstack/ldap/LdapAuthenticator.java | 16 +++++++-----
.../cloud/server/auth/MD5UserAuthenticator.java | 25 ++++++++++--------
.../server/auth/PBKDF2UserAuthenticator.java | 6 +++++
.../server/auth/PlainTextUserAuthenticator.java | 18 ++++++++-----
.../cloudstack/saml/SAML2UserAuthenticator.java | 7 +++++
.../auth/SHA256SaltedUserAuthenticator.java | 27 ++++++++++++--------
6 files changed, 65 insertions(+), 34 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a69780b6/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
index afba272..8c6820f 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
@@ -16,16 +16,15 @@
// under the License.
package org.apache.cloudstack.ldap;
-import java.util.Map;
-
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
import com.cloud.server.auth.DefaultUserAuthenticator;
import com.cloud.user.UserAccount;
import com.cloud.user.dao.UserAccountDao;
import com.cloud.utils.Pair;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+
+import javax.inject.Inject;
+import java.util.Map;
public class LdapAuthenticator extends DefaultUserAuthenticator {
private static final Logger s_logger = Logger.getLogger(LdapAuthenticator.class.getName());
@@ -48,6 +47,11 @@ public class LdapAuthenticator extends DefaultUserAuthenticator {
@Override
public Pair<Boolean, ActionOnFailedAuthentication> authenticate(final String username, final String password, final Long domainId, final Map<String, Object[]> requestParameters) {
+ if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
+ s_logger.debug("Username or Password cannot be empty");
+ return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
+ }
+
final UserAccount user = _userAccountDao.getUserAccount(username, domainId);
if (user == null) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a69780b6/plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java b/plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java
index d478df6..f08ec37 100644
--- a/plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java
+++ b/plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java
@@ -15,20 +15,19 @@
package com.cloud.server.auth;
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Map;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
import com.cloud.user.UserAccount;
import com.cloud.user.dao.UserAccountDao;
import com.cloud.utils.Pair;
import com.cloud.utils.exception.CloudRuntimeException;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+import java.math.BigInteger;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Map;
/**
* Simple UserAuthenticator that performs a MD5 hash of the password before
@@ -47,6 +46,12 @@ public class MD5UserAuthenticator extends DefaultUserAuthenticator {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Retrieving user: " + username);
}
+
+ if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
+ s_logger.debug("Username or Password cannot be empty");
+ return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
+ }
+
UserAccount user = _userAccountDao.getUserAccount(username, domainId);
if (user == null) {
s_logger.debug("Unable to find user with " + username + " in domain " + domainId);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a69780b6/plugins/user-authenticators/pbkdf2/src/org/apache/cloudstack/server/auth/PBKDF2UserAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/pbkdf2/src/org/apache/cloudstack/server/auth/PBKDF2UserAuthenticator.java b/plugins/user-authenticators/pbkdf2/src/org/apache/cloudstack/server/auth/PBKDF2UserAuthenticator.java
index 58f5ea2..130950d 100644
--- a/plugins/user-authenticators/pbkdf2/src/org/apache/cloudstack/server/auth/PBKDF2UserAuthenticator.java
+++ b/plugins/user-authenticators/pbkdf2/src/org/apache/cloudstack/server/auth/PBKDF2UserAuthenticator.java
@@ -53,6 +53,12 @@ public class PBKDF2UserAuthenticator extends DefaultUserAuthenticator {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Retrieving user: " + username);
}
+
+ if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
+ s_logger.debug("Username or Password cannot be empty");
+ return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
+ }
+
boolean isValidUser = false;
UserAccount user = this._userAccountDao.getUserAccount(username, domainId);
if (user != null) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a69780b6/plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java b/plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java
index 0afbbfc..aaff27e 100644
--- a/plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java
+++ b/plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java
@@ -15,16 +15,15 @@
package com.cloud.server.auth;
-import java.util.Map;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
import com.cloud.user.UserAccount;
import com.cloud.user.dao.UserAccountDao;
import com.cloud.utils.Pair;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
+import java.util.Map;
@Local(value = {UserAuthenticator.class})
public class PlainTextUserAuthenticator extends DefaultUserAuthenticator {
@@ -39,6 +38,11 @@ public class PlainTextUserAuthenticator extends DefaultUserAuthenticator {
s_logger.debug("Retrieving user: " + username);
}
+ if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
+ s_logger.debug("Username or Password cannot be empty");
+ return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
+ }
+
UserAccount user = _userAccountDao.getUserAccount(username, domainId);
if (user == null) {
s_logger.debug("Unable to find user with " + username + " in domain " + domainId);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a69780b6/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java
index 31a93a4..68bd81c 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java
@@ -22,6 +22,7 @@ import com.cloud.user.dao.UserAccountDao;
import com.cloud.user.dao.UserDao;
import com.cloud.utils.Pair;
import org.apache.cloudstack.utils.auth.SAMLUtils;
+import org.apache.cxf.common.util.StringUtils;
import org.apache.log4j.Logger;
import javax.ejb.Local;
@@ -42,6 +43,12 @@ public class SAML2UserAuthenticator extends DefaultUserAuthenticator {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Trying SAML2 auth for user: " + username);
}
+
+ if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
+ s_logger.debug("Username or Password cannot be empty");
+ return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
+ }
+
final UserAccount userAccount = _userAccountDao.getUserAccount(username, domainId);
if (userAccount == null) {
s_logger.debug("Unable to find user with " + username + " in domain " + domainId);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a69780b6/plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java b/plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java
index 36305f1..e35c29d 100644
--- a/plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java
+++ b/plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java
@@ -16,23 +16,22 @@
// under the License.
package com.cloud.server.auth;
+import com.cloud.user.UserAccount;
+import com.cloud.user.dao.UserAccountDao;
+import com.cloud.utils.Pair;
+import com.cloud.utils.exception.CloudRuntimeException;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+import org.bouncycastle.util.encoders.Base64;
+
+import javax.ejb.Local;
+import javax.inject.Inject;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Map;
-import javax.ejb.Local;
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-import org.bouncycastle.util.encoders.Base64;
-
-import com.cloud.user.UserAccount;
-import com.cloud.user.dao.UserAccountDao;
-import com.cloud.utils.Pair;
-import com.cloud.utils.exception.CloudRuntimeException;
-
@Local(value = {UserAuthenticator.class})
public class SHA256SaltedUserAuthenticator extends DefaultUserAuthenticator {
public static final Logger s_logger = Logger.getLogger(SHA256SaltedUserAuthenticator.class);
@@ -50,6 +49,12 @@ public class SHA256SaltedUserAuthenticator extends DefaultUserAuthenticator {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Retrieving user: " + username);
}
+
+ if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
+ s_logger.debug("Username or Password cannot be empty");
+ return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
+ }
+
boolean realUser = true;
UserAccount user = _userAccountDao.getUserAccount(username, domainId);
if (user == null) {