[jira] [Resolved] (QPID-7414) [Java Broker] File based authentication providers PlainPasswordFile and Base64MD5PasswordFile should guard against colons in usernames and passwords

Mon, 03 Oct 2016 06:56:33 -0700 

     [ 
https://issues.apache.org/jira/browse/QPID-7414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Keith Wall resolved QPID-7414.
------------------------------
    Resolution: Fixed

Change looks reasonable to me.

> [Java Broker] File based authentication providers PlainPasswordFile and 
> Base64MD5PasswordFile should guard against colons in usernames and passwords
> ----------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-7414
>                 URL: https://issues.apache.org/jira/browse/QPID-7414
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>    Affects Versions: 0.18, 0.20, 0.22, 0.24, 0.26, 0.28, 0.30, 0.32, 
> qpid-java-6.0, qpid-java-6.0.1, qpid-java-6.0.2, qpid-java-6.0.3, 
> qpid-java-6.0.4
>            Reporter: Alex Rudyy
>             Fix For: qpid-java-6.1
>
>
> Colon charcaters in user name for authentication providers of types 
> PlainPasswordFile and Base64MD5PasswordFile cause failures on opening of such 
> authentication providers on broker startup. As result,  authentication fails 
> for any user account belonging to the impacted authentication provider. The 
> user names with colons would need to be removed manually from the 
> configuration files in order to recover from the issue.
> Colons in user password for PlainPasswordFile results in the same issue.
> The exception similar to the one below is reported for the above:
> {noformat}
> ERROR [Broker-Config] (o.a.q.s.m.AbstractConfiguredObject) - Failed to open 
> object with name 'passwordFile'.  Object will be put into ERROR state.
> java.lang.IllegalArgumentException: User Data should be length 2, username, 
> password
>         at 
> org.apache.qpid.server.security.auth.database.PlainUser.<init>(PlainUser.java:37)
>  ~[classes/:na]
>         at 
> org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase.createUserFromFileData(PlainPasswordFilePrincipalDatabase.java:132)
>  ~[classes/:na]
>         at 
> org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase.createUserFromFileData(PlainPasswordFilePrincipalDatabase.java:56)
>  ~[classes/:na]
>         at 
> org.apache.qpid.server.security.auth.database.AbstractPasswordFilePrincipalDatabase.loadPasswordFile(AbstractPasswordFilePrincipalDatabase.java:213)
>  ~[classes/:na]
>         at 
> org.apache.qpid.server.security.auth.database.AbstractPasswordFilePrincipalDatabase.open(AbstractPasswordFilePrincipalDatabase.java:82)
>  ~[classes/:na]
>         at 
> org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager.initialise(PrincipalDatabaseAuthenticationManager.java:143)
>  ~[classes/:na]
>         at 
> org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager.onOpen(PrincipalDatabaseAuthenticationManager.java:120)
>  ~[classes/:na]
>         at 
> org.apache.qpid.server.model.AbstractConfiguredObject.doOpening(AbstractConfiguredObject.java:1095)
>  [classes/:na]
>         at 
> org.apache.qpid.server.model.AbstractConfiguredObject$9.performAction(AbstractConfiguredObject.java:1110)
>  [classes/:na]
>         at 
> org.apache.qpid.server.model.AbstractConfiguredObject$9.performAction(AbstractConfiguredObject.java:1098)
>  [classes/:na]
>         at 
> org.apache.qpid.server.model.AbstractConfiguredObject.applyToChildren(AbstractConfiguredObject.java:1269)
>  [classes/:na]
>         at 
> org.apache.qpid.server.model.AbstractConfiguredObject.doOpening(AbstractConfiguredObject.java:1097)
>  [classes/:na]
>         at 
> org.apache.qpid.server.model.AbstractConfiguredObject$1.execute(AbstractConfiguredObject.java:583)
>  [classes/:na]
>         at 
> org.apache.qpid.server.model.AbstractConfiguredObject$1.execute(AbstractConfiguredObject.java:571)
>  [classes/:na]
>         at 
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:632)
>  [classes/:na]
>         at 
> org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:625)
>  [classes/:na]
>         at 
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl$TaskLoggingWrapper.execute(TaskExecutorImpl.java:240)
>  [classes/:na]
>         at 
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submitWrappedTask(TaskExecutorImpl.java:157)
>  [classes/:na]
>         at 
> org.apache.qpid.server.configuration.updater.TaskExecutorImpl.submit(TaskExecutorImpl.java:145)
>  [classes/:na]
>         at 
> org.apache.qpid.server.model.AbstractConfiguredObject.doOnConfigThread(AbstractConfiguredObject.java:624)
>  [classes/:na]
>         at 
> org.apache.qpid.server.model.AbstractConfiguredObject.openAsync(AbstractConfiguredObject.java:570)
>  [classes/:na]
>         at 
> org.apache.qpid.server.model.AbstractSystemConfig.activate(AbstractSystemConfig.java:237)
>  [classes/:na]
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to