You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2016/02/15 19:04:29 UTC
svn commit: r1730584 - in /qpid/java/branches/6.0.x: ./
broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java
Author: kwall
Date: Mon Feb 15 18:04:29 2016
New Revision: 1730584
URL: http://svn.apache.org/viewvc?rev=1730584&view=rev
Log:
QPID-7067: Scram SHA upgrader loses the original password
Merged from trunk with command:
svn merge -c 1730547,1730578 ^/qpid/java/trunk
Modified:
qpid/java/branches/6.0.x/ (props changed)
qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java
Propchange: qpid/java/branches/6.0.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Feb 15 18:04:29 2016
@@ -9,5 +9,5 @@
/qpid/branches/java-broker-vhost-refactor/java:1493674-1494547
/qpid/branches/java-network-refactor/qpid/java:805429-821809
/qpid/branches/qpid-2935/qpid/java:1061302-1072333
-/qpid/java/trunk:1715445-1715447,1715586,1715940,1716086-1716087,1716127-1716128,1716141,1716153,1716155,1716194,1716204,1716209,1716227,1716277,1716357,1716368,1716370,1716374,1716432,1716444-1716445,1716455,1716461,1716474,1716489,1716497,1716515,1716555,1716602,1716606-1716610,1716619,1716636,1717269,1717299,1717401,1717446,1717449,1717626,1717691,1717735,1717780,1718744,1718889,1718893,1718918,1718922,1719026,1719028,1719033,1719037,1719047,1719051,1720340,1720664,1721151,1721198,1722019-1722020,1722246,1722339,1722416,1722674,1722678,1722683,1722711,1723064,1723194,1723563,1724216,1724251,1724257,1724292,1724375,1724397,1724432,1724582,1724603,1724780,1724843-1724844,1725295,1725569,1725760,1726176,1726244-1726246,1726249,1726358,1726436,1726449,1726456,1726646,1726653,1726755,1726778,1727532,1727555,1727608,1727951,1727954,1728089,1728167,1728302,1728497,1728501,1728524,1728639,1728772,1729215,1729297,1729347,1729356,1729406,1729408,1729412,1729515,1729638,1729656-1729657,1729
783,1729828,1729832,1729841,1729851,1729904,1729973,1730019,1730025,1730052,1730072,1730494,1730499,1730559
+/qpid/java/trunk:1715445-1715447,1715586,1715940,1716086-1716087,1716127-1716128,1716141,1716153,1716155,1716194,1716204,1716209,1716227,1716277,1716357,1716368,1716370,1716374,1716432,1716444-1716445,1716455,1716461,1716474,1716489,1716497,1716515,1716555,1716602,1716606-1716610,1716619,1716636,1717269,1717299,1717401,1717446,1717449,1717626,1717691,1717735,1717780,1718744,1718889,1718893,1718918,1718922,1719026,1719028,1719033,1719037,1719047,1719051,1720340,1720664,1721151,1721198,1722019-1722020,1722246,1722339,1722416,1722674,1722678,1722683,1722711,1723064,1723194,1723563,1724216,1724251,1724257,1724292,1724375,1724397,1724432,1724582,1724603,1724780,1724843-1724844,1725295,1725569,1725760,1726176,1726244-1726246,1726249,1726358,1726436,1726449,1726456,1726646,1726653,1726755,1726778,1727532,1727555,1727608,1727951,1727954,1728089,1728167,1728302,1728497,1728501,1728524,1728639,1728772,1729215,1729297,1729347,1729356,1729406,1729408,1729412,1729515,1729638,1729656-1729657,1729
783,1729828,1729832,1729841,1729851,1729904,1729973,1730019,1730025,1730052,1730072,1730494,1730499,1730547,1730559,1730578
/qpid/trunk/qpid:796646-796653
Modified: qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java?rev=1730584&r1=1730583&r2=1730584&view=diff
==============================================================================
--- qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java (original)
+++ qpid/java/branches/6.0.x/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java Mon Feb 15 18:04:29 2016
@@ -64,6 +64,7 @@ public abstract class AbstractScramAuthe
public static final int DEFAULT_ITERATION_COUNT = 4096;
private int _iterationCount = DEFAULT_ITERATION_COUNT;
+ private boolean _doNotCreateStoredPasswordBecauseItIsBeingUpgraded;
protected AbstractScramAuthenticationManager(final Map<String, Object> attributes, final Broker broker)
@@ -173,8 +174,7 @@ public abstract class AbstractScramAuthe
+ DatatypeConverter.printBase64Binary(storedKey) + ","
+ DatatypeConverter.printBase64Binary(serverKey) + ","
+ oldDefaultIterationCount;
-
- user.setPassword(password);
+ upgradeUserPassword(user, password);
}
catch (NoSuchAlgorithmException e)
{
@@ -188,7 +188,7 @@ public abstract class AbstractScramAuthe
+ passwordFields[PasswordField.STORED_KEY.ordinal()] + ","
+ passwordFields[PasswordField.SERVER_KEY.ordinal()] + ","
+ oldDefaultIterationCount;
- user.setPassword(password);
+ upgradeUserPassword(user, password);
}
else if (passwordFields.length != 5)
{
@@ -196,6 +196,19 @@ public abstract class AbstractScramAuthe
}
}
+ private void upgradeUserPassword(final ManagedUser user, final String password)
+ {
+ try
+ {
+ _doNotCreateStoredPasswordBecauseItIsBeingUpgraded = true;
+ user.setPassword(password);
+ }
+ finally
+ {
+ _doNotCreateStoredPasswordBecauseItIsBeingUpgraded = false;
+ }
+ }
+
private byte[] createSaltedPassword(byte[] salt, String password, int iterationCount)
{
Mac mac = createShaHmac(password.getBytes(ASCII));
@@ -246,6 +259,11 @@ public abstract class AbstractScramAuthe
@Override
protected String createStoredPassword(final String password)
{
+ if (_doNotCreateStoredPasswordBecauseItIsBeingUpgraded)
+ {
+ return password;
+ }
+
try
{
final int iterationCount = getIterationCount();
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org