cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm JNDIRealm.java

Thu, 14 Aug 2003 11:28:49 -0700 

funkman     2003/08/06 11:43:00

  Modified:    catalina/src/share/org/apache/catalina/realm JNDIRealm.java
  Log:
  Fix bug 14817 - JNDIRealm SHA digest implementation incorrect
  Add Javadoc note for bug 11210
  
  Revision  Changes    Path
  1.13      +28 -7     
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
  
  Index: JNDIRealm.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -u -r1.12 -r1.13
  --- JNDIRealm.java    5 Aug 2003 00:54:26 -0000       1.12
  +++ JNDIRealm.java    6 Aug 2003 18:43:00 -0000       1.13
  @@ -86,7 +86,7 @@
   import org.apache.catalina.LifecycleException;
   import org.apache.catalina.Realm;
   import org.apache.catalina.util.StringManager;
  -
  +import org.apache.catalina.util.Base64;
   
   /**
    * <p>Implementation of <strong>Realm</strong> that works with a directory
  @@ -183,6 +183,13 @@
    * format objects) so that <code>authenticate()</code> does not have to be
    * synchronized.</p>
    *
  + * <p><strong>WARNING</strong> - There is a reported bug against the Netscape
  + * provider code (com.netscape.jndi.ldap.LdapContextFactory) with respect to
  + * successfully authenticated a non-existing user. The
  + * report is here: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11210 .
  + * With luck, Netscape has updated their provider code and this is not an
  + * issue. </p>
  + *
    * @author John Holman
    * @author Craig R. McClanahan
    * @version $Revision$ $Date$
  @@ -1144,8 +1151,22 @@
   
           boolean validated = false;
           if (hasMessageDigest()) {
  -            // Hex hashes should be compared case-insensitive
  -            validated = (digest(credentials).equalsIgnoreCase(password));
  +            // iPlanet support if the values starts with {SHA1}
  +            // The string is in a format compatible with Base64.encode not
  +            // the Hex encoding of the parent class.
  +            if (password.startsWith("{SHA}")) {
  +                /* sync since super.digest() does this same thing */
  +                synchronized (this) {
  +                    password = password.substring(5);
  +                    md.reset();
  +                    md.update(credentials.getBytes());
  +                    String digestedPassword = new 
String(Base64.encode(md.digest()));
  +                    validated = password.equals(digestedPassword);
  +                }
  +            } else {
  +                // Hex hashes should be compared case-insensitive
  +                validated = (digest(credentials).equalsIgnoreCase(password));
  +            }
           } else
               validated = (digest(credentials).equals(password));
           return (validated);
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to