apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

user-authenticators: don't allow empty usernames or passwords

Browse Source 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 16e5f5d7d335ec325d995d91234461e99c695ed7)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This commit is contained in:
Rohit Yadav 2015-03-16 15:00:08 +05:30
parent 843f6b1691
commit a69780b69b
6 changed files with 65 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
View File

@ -16,16 +16,15 @@
// under the License.
package org.apache.cloudstack.ldap;
import java.util.Map;
import javax.inject.Inject;
import org.apache.log4j.Logger;
import com.cloud.server.auth.DefaultUserAuthenticator;
import com.cloud.user.UserAccount;
import com.cloud.user.dao.UserAccountDao;
import com.cloud.utils.Pair;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import javax.inject.Inject;
import java.util.Map;
public class LdapAuthenticator extends DefaultUserAuthenticator {
private static final Logger s_logger = Logger.getLogger(LdapAuthenticator.class.getName());
@ -48,6 +47,11 @@ public class LdapAuthenticator extends DefaultUserAuthenticator {
@Override
public Pair<Boolean, ActionOnFailedAuthentication> authenticate(final String username, final String password, final Long domainId, final Map<String, Object[]> requestParameters) {
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
s_logger.debug("Username or Password cannot be empty");
return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
}
final UserAccount user = _userAccountDao.getUserAccount(username, domainId);
if (user == null) {

25
plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java
View File

@ -15,20 +15,19 @@
package com.cloud.server.auth;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import javax.ejb.Local;
import javax.inject.Inject;
import org.apache.log4j.Logger;
import com.cloud.user.UserAccount;
import com.cloud.user.dao.UserAccountDao;
import com.cloud.utils.Pair;
import com.cloud.utils.exception.CloudRuntimeException;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import javax.ejb.Local;
import javax.inject.Inject;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
/**
* Simple UserAuthenticator that performs a MD5 hash of the password before
@ -47,6 +46,12 @@ public class MD5UserAuthenticator extends DefaultUserAuthenticator {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Retrieving user: " + username);
}
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
s_logger.debug("Username or Password cannot be empty");
return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
}
UserAccount user = _userAccountDao.getUserAccount(username, domainId);
if (user == null) {
s_logger.debug("Unable to find user with " + username + " in domain " + domainId);

6
plugins/user-authenticators/pbkdf2/src/org/apache/cloudstack/server/auth/PBKDF2UserAuthenticator.java
View File

@ -53,6 +53,12 @@ public class PBKDF2UserAuthenticator extends DefaultUserAuthenticator {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Retrieving user: " + username);
}
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
s_logger.debug("Username or Password cannot be empty");
return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
}
boolean isValidUser = false;
UserAccount user = this._userAccountDao.getUserAccount(username, domainId);
if (user != null) {

18
plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java
View File

@ -15,16 +15,15 @@
package com.cloud.server.auth;
import java.util.Map;
import javax.ejb.Local;
import javax.inject.Inject;
import org.apache.log4j.Logger;
import com.cloud.user.UserAccount;
import com.cloud.user.dao.UserAccountDao;
import com.cloud.utils.Pair;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import javax.ejb.Local;
import javax.inject.Inject;
import java.util.Map;
@Local(value = {UserAuthenticator.class})
public class PlainTextUserAuthenticator extends DefaultUserAuthenticator {
@ -39,6 +38,11 @@ public class PlainTextUserAuthenticator extends DefaultUserAuthenticator {
s_logger.debug("Retrieving user: " + username);
}
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
s_logger.debug("Username or Password cannot be empty");
return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
}
UserAccount user = _userAccountDao.getUserAccount(username, domainId);
if (user == null) {
s_logger.debug("Unable to find user with " + username + " in domain " + domainId);

7
plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java
View File

@ -22,6 +22,7 @@ import com.cloud.user.dao.UserAccountDao;
import com.cloud.user.dao.UserDao;
import com.cloud.utils.Pair;
import org.apache.cloudstack.utils.auth.SAMLUtils;
import org.apache.cxf.common.util.StringUtils;
import org.apache.log4j.Logger;
import javax.ejb.Local;
@ -42,6 +43,12 @@ public class SAML2UserAuthenticator extends DefaultUserAuthenticator {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Trying SAML2 auth for user: " + username);
}
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
s_logger.debug("Username or Password cannot be empty");
return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
}
final UserAccount userAccount = _userAccountDao.getUserAccount(username, domainId);
if (userAccount == null) {
s_logger.debug("Unable to find user with " + username + " in domain " + domainId);

27
plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java
View File

@ -16,23 +16,22 @@
// under the License.
package com.cloud.server.auth;
import com.cloud.user.UserAccount;
import com.cloud.user.dao.UserAccountDao;
import com.cloud.utils.Pair;
import com.cloud.utils.exception.CloudRuntimeException;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.bouncycastle.util.encoders.Base64;
import javax.ejb.Local;
import javax.inject.Inject;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Map;
import javax.ejb.Local;
import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.bouncycastle.util.encoders.Base64;
import com.cloud.user.UserAccount;
import com.cloud.user.dao.UserAccountDao;
import com.cloud.utils.Pair;
import com.cloud.utils.exception.CloudRuntimeException;
@Local(value = {UserAuthenticator.class})
public class SHA256SaltedUserAuthenticator extends DefaultUserAuthenticator {
public static final Logger s_logger = Logger.getLogger(SHA256SaltedUserAuthenticator.class);
@ -50,6 +49,12 @@ public class SHA256SaltedUserAuthenticator extends DefaultUserAuthenticator {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Retrieving user: " + username);
}
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
s_logger.debug("Username or Password cannot be empty");
return new Pair<Boolean, ActionOnFailedAuthentication>(false, null);
}
boolean realUser = true;
UserAccount user = _userAccountDao.getUserAccount(username, domainId);
if (user == null) {