You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2009/07/07 15:59:39 UTC

svn commit: r791839 - in /tomcat/container/tc5.5.x: catalina/src/share/org/apache/catalina/realm/JNDIRealm.java webapps/docs/changelog.xml

Author: markt
Date: Tue Jul  7 13:59:39 2009
New Revision: 791839

URL: http://svn.apache.org/viewvc?rev=791839&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=37984
Strip {MD5} as well as {SHA} from digested passwords

Modified:
    tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
    tomcat/container/tc5.5.x/webapps/docs/changelog.xml

Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java?rev=791839&r1=791838&r2=791839&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java (original)
+++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java Tue Jul  7 13:59:39 2009
@@ -1179,10 +1179,10 @@
 
         boolean validated = false;
         if (hasMessageDigest()) {
-            // iPlanet support if the values starts with {SHA1}
+            // Some directories prefix the password with the hash type
             // The string is in a format compatible with Base64.encode not
             // the Hex encoding of the parent class.
-            if (password.startsWith("{SHA}")) {
+            if (password.startsWith("{MD5}") || password.startsWith("{SHA}")) {
                 /* sync since super.digest() does this same thing */
                 synchronized (this) {
                     password = password.substring(5);

Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=791839&r1=791838&r2=791839&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Tue Jul  7 13:59:39 2009
@@ -93,6 +93,10 @@
         encoding. (markt)
       </fix>
       <fix>
+        <bug>37984</bug>: Strip {MD5} as well as {SHA} if present in digest
+        passwords in LDAP directories. (markt)
+      </fix>
+      <fix>
         <bug>38553</bug>: A lack of certificates is normal if a user doesn't
         have a certificate. Return a 401 rather than a 400 in this case. (markt)
       </fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org