SimpleAuthenticator.java

jbellis Sat, 25 Sep 2010 16:59:27 -0700

Author: jbellis
Date: Sat Sep 25 23:59:03 2010
New Revision: 1001333

URL: http://svn.apache.org/viewvc?rev=1001333&view=rev
Log:
fix SimpleAuthenticator MD5 support
patch by Nirmal Ranganathan; reviewed by jbellis for CASSANDRA-1447


Modified:
    cassandra/trunk/CHANGES.txt
    cassandra/trunk/src/java/org/apache/cassandra/auth/SimpleAuthenticator.java

Modified: cassandra/trunk/CHANGES.txt
URL: 
http://svn.apache.org/viewvc/cassandra/trunk/CHANGES.txt?rev=1001333&r1=1001332&r2=1001333&view=diff
==============================================================================
--- cassandra/trunk/CHANGES.txt (original)
+++ cassandra/trunk/CHANGES.txt Sat Sep 25 23:59:03 2010
@@ -90,6 +90,8 @@
  * treat expired columns as deleted (CASSANDRA-1539)
  * make IndexInterval configurable (CASSANDRA-1488)
  * add describe_snitch to Thrift API (CASSANDRA-1490)
+ * MD5 authenticator compares plain text submitted password with MD5'd
+   saved property, instead of vice versa (CASSANDRA-1447)
 
 
 0.7-beta1

Modified: 
cassandra/trunk/src/java/org/apache/cassandra/auth/SimpleAuthenticator.java
URL: 
http://svn.apache.org/viewvc/cassandra/trunk/src/java/org/apache/cassandra/auth/SimpleAuthenticator.java?rev=1001333&r1=1001332&r2=1001333&view=diff
==============================================================================
--- cassandra/trunk/src/java/org/apache/cassandra/auth/SimpleAuthenticator.java 
(original)
+++ cassandra/trunk/src/java/org/apache/cassandra/auth/SimpleAuthenticator.java 
Sat Sep 25 23:59:03 2010
@@ -29,6 +29,7 @@ import java.util.Map;
 
 import org.apache.cassandra.config.ConfigurationException;
 import org.apache.cassandra.thrift.AuthenticationException;
+import org.apache.cassandra.utils.FBUtilities;
 
 public class SimpleAuthenticator implements IAuthenticator
 {
@@ -106,7 +107,7 @@ public class SimpleAuthenticator impleme
                     authenticated = 
password.equals(props.getProperty(username));
                     break;
                 case MD5:
-                    authenticated = MessageDigest.isEqual(password.getBytes(), 
MessageDigest.getInstance("MD5").digest(props.getProperty(username).getBytes()));
+                    authenticated = 
MessageDigest.isEqual(MessageDigest.getInstance("MD5").digest(password.getBytes()),
 FBUtilities.hexToBytes(props.getProperty(username)));
                     break;
                 default:
                     throw new RuntimeException("Unknown PasswordMode " + mode);

svn commit: r1001333 - in /cassandra/trunk: CHANGES.txt src/java/org/apache/cassandra/auth/SimpleAuthenticator.java

Reply via email to