[jira] [Updated] (CASSANDRA-13626) Check hashed password matches expected bcrypt hash format before checking

2017-08-30 Thread Jeff Jirsa (JIRA) 

 [ 
https://issues.apache.org/jira/browse/CASSANDRA-13626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jeff Jirsa updated CASSANDRA-13626:
---
Resolution: Fixed
Status: Resolved  (was: Ready to Commit)

Nice. Dtest environment looks pretty messy today, some of the slaves are acting 
up. I've read through some of the console logs and even on the aborted runs, 
there's nothing auth related, so I'm proceeding (since it's a fairly trivial 
patch). Added those tests and committed as 
{{5e7f60f6bf5da386076faa08cefb3970a6ba5cc0}}



> Check hashed password matches expected bcrypt hash format before checking
> -
>
> Key: CASSANDRA-13626
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13626
> Project: Cassandra
>  Issue Type: Bug
>  Components: Auth
>Reporter: Jeff Jirsa
>Assignee: Jeff Jirsa
>Priority: Minor
> Fix For: 3.0.15, 3.11.1, 4.0
>
>
> We use {{Bcrypt.checkpw}} in the auth subsystem, but do a reasonably poor job 
> of guaranteeing that the hashed password we send to it is really a hashed 
> password, and {{checkpw}} does an even worse job of failing nicely. We should 
> at least sanity check the hash complies with the expected format prior to 
> validating.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Updated] (CASSANDRA-13626) Check hashed password matches expected bcrypt hash format before checking

2017-08-30 Thread Jeff Jirsa (JIRA) 

 [ 
https://issues.apache.org/jira/browse/CASSANDRA-13626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jeff Jirsa updated CASSANDRA-13626:
---
Status: Ready to Commit  (was: Patch Available)

> Check hashed password matches expected bcrypt hash format before checking
> -
>
> Key: CASSANDRA-13626
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13626
> Project: Cassandra
>  Issue Type: Bug
>  Components: Auth
>Reporter: Jeff Jirsa
>Assignee: Jeff Jirsa
>Priority: Minor
> Fix For: 3.0.15, 3.11.1, 4.0
>
>
> We use {{Bcrypt.checkpw}} in the auth subsystem, but do a reasonably poor job 
> of guaranteeing that the hashed password we send to it is really a hashed 
> password, and {{checkpw}} does an even worse job of failing nicely. We should 
> at least sanity check the hash complies with the expected format prior to 
> validating.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Updated] (CASSANDRA-13626) Check hashed password matches expected bcrypt hash format before checking

2017-08-30 Thread Jeff Jirsa (JIRA) 

 [ 
https://issues.apache.org/jira/browse/CASSANDRA-13626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jeff Jirsa updated CASSANDRA-13626:
---
Fix Version/s: (was: 3.11.x)
   (was: 4.x)
   (was: 3.0.x)
   4.0
   3.11.1
   3.0.15

> Check hashed password matches expected bcrypt hash format before checking
> -
>
> Key: CASSANDRA-13626
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13626
> Project: Cassandra
>  Issue Type: Bug
>  Components: Auth
>Reporter: Jeff Jirsa
>Assignee: Jeff Jirsa
>Priority: Minor
> Fix For: 3.0.15, 3.11.1, 4.0
>
>
> We use {{Bcrypt.checkpw}} in the auth subsystem, but do a reasonably poor job 
> of guaranteeing that the hashed password we send to it is really a hashed 
> password, and {{checkpw}} does an even worse job of failing nicely. We should 
> at least sanity check the hash complies with the expected format prior to 
> validating.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Updated] (CASSANDRA-13626) Check hashed password matches expected bcrypt hash format before checking

2017-08-30 Thread Sam Tunnicliffe (JIRA) 

 [ 
https://issues.apache.org/jira/browse/CASSANDRA-13626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sam Tunnicliffe updated CASSANDRA-13626:

Reviewer: Sam Tunnicliffe

> Check hashed password matches expected bcrypt hash format before checking
> -
>
> Key: CASSANDRA-13626
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13626
> Project: Cassandra
>  Issue Type: Bug
>  Components: Auth
>Reporter: Jeff Jirsa
>Assignee: Jeff Jirsa
>Priority: Minor
> Fix For: 3.0.x, 3.11.x, 4.x
>
>
> We use {{Bcrypt.checkpw}} in the auth subsystem, but do a reasonably poor job 
> of guaranteeing that the hashed password we send to it is really a hashed 
> password, and {{checkpw}} does an even worse job of failing nicely. We should 
> at least sanity check the hash complies with the expected format prior to 
> validating.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Updated] (CASSANDRA-13626) Check hashed password matches expected bcrypt hash format before checking

2017-08-29 Thread Jeff Jirsa (JIRA) 

 [ 
https://issues.apache.org/jira/browse/CASSANDRA-13626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jeff Jirsa updated CASSANDRA-13626:
---
Status: Patch Available  (was: Open)

|| branch || utest || dtest ||
| [3.0|https://github.com/jeffjirsa/cassandra/tree/cassandra-3.0-13626] | [3.0 
circle|https://circleci.com/gh/jeffjirsa/cassandra/tree/cassandra-3.0-13626] | 
[3.0 
dtest|https://builds.apache.org/view/A-D/view/Cassandra/job/Cassandra-devbranch-dtest/233/]
 |
| [3.11|https://github.com/jeffjirsa/cassandra/tree/cassandra-3.11-13626] | 
[3.11 
circle|https://circleci.com/gh/jeffjirsa/cassandra/tree/cassandra-3.11-13626] | 
[3.11 
dtest|https://builds.apache.org/view/A-D/view/Cassandra/job/Cassandra-devbranch-dtest/234/]
 |
| [trunk|https://github.com/jeffjirsa/cassandra/tree/cassandra-13626] | [trunk 
circle|https://circleci.com/gh/jeffjirsa/cassandra/tree/cassandra-13626] | 
[trunk 
dtest|https://builds.apache.org/view/A-D/view/Cassandra/job/Cassandra-devbranch-dtest/235/]
 |


> Check hashed password matches expected bcrypt hash format before checking
> -
>
> Key: CASSANDRA-13626
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13626
> Project: Cassandra
>  Issue Type: Bug
>  Components: Auth
>Reporter: Jeff Jirsa
>Assignee: Jeff Jirsa
>Priority: Minor
> Fix For: 3.0.x, 3.11.x, 4.x
>
>
> We use {{Bcrypt.checkpw}} in the auth subsystem, but do a reasonably poor job 
> of guaranteeing that the hashed password we send to it is really a hashed 
> password, and {{checkpw}} does an even worse job of failing nicely. We should 
> at least sanity check the hash complies with the expected format prior to 
> validating.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org