Merge branch 'cassandra-3.0' into cassandra-3.11
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/4f12c409 Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/4f12c409 Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/4f12c409 Branch: refs/heads/trunk Commit: 4f12c409267eb44cbf596193456c5a67a1775748 Parents: 02e9846 5e7f60f Author: Jeff Jirsa <jji...@apple.com> Authored: Wed Aug 30 21:58:44 2017 -0700 Committer: Jeff Jirsa <jji...@apple.com> Committed: Wed Aug 30 21:59:33 2017 -0700 ---------------------------------------------------------------------- CHANGES.txt | 1 + .../cassandra/auth/PasswordAuthenticator.java | 16 ++++- .../auth/PasswordAuthenticatorTest.java | 64 ++++++++++++++++++++ 3 files changed, 80 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/4f12c409/CHANGES.txt ---------------------------------------------------------------------- diff --cc CHANGES.txt index d848eff,b405fdf..af185cf --- a/CHANGES.txt +++ b/CHANGES.txt @@@ -1,12 -1,7 +1,13 @@@ -3.0.15 - * Better tolerate improperly formatted bcrypt hashes (CASSANDRA-13626) +3.11.1 + * Fix cassandra-stress hang issues when an error during cluster connection happens (CASSANDRA-12938) + * Better bootstrap failure message when blocked by (potential) range movement (CASSANDRA-13744) + * "ignore" option is ignored in sstableloader (CASSANDRA-13721) + * Deadlock in AbstractCommitLogSegmentManager (CASSANDRA-13652) + * Duplicate the buffer before passing it to analyser in SASI operation (CASSANDRA-13512) + * Properly evict pstmts from prepared statements cache (CASSANDRA-13641) +Merged from 3.0: ++ * Better tolerate improperly formatted bcrypt hashes (CASSANDRA-13626) * Fix race condition in read command serialization (CASSANDRA-13363) - * Enable segement creation before recovering commitlogs (CASSANDRA-13587) * Fix AssertionError in short read protection (CASSANDRA-13747) * Don't skip corrupted sstables on startup (CASSANDRA-13620) * Fix the merging of cells with different user type versions (CASSANDRA-13776) http://git-wip-us.apache.org/repos/asf/cassandra/blob/4f12c409/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java ---------------------------------------------------------------------- diff --cc src/java/org/apache/cassandra/auth/PasswordAuthenticator.java index 4b667ae,58f61f5..54f7985 --- a/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java +++ b/src/java/org/apache/cassandra/auth/PasswordAuthenticator.java @@@ -86,52 -92,8 +100,52 @@@ public class PasswordAuthenticator impl { try { + String hash = cache.get(username); - if (!BCrypt.checkpw(password, hash)) ++ if (!checkpw(password, hash)) + throw new AuthenticationException(String.format("Provided username %s and/or password are incorrect", username)); + + return new AuthenticatedUser(username); + } + catch (ExecutionException | UncheckedExecutionException e) + { + // the credentials were somehow invalid - either a non-existent role, or one without a defined password + if (e.getCause() instanceof NoSuchCredentialsException) + throw new AuthenticationException(String.format("Provided username %s and/or password are incorrect", username)); + + // an unanticipated exception occured whilst querying the credentials table + if (e.getCause() instanceof RequestExecutionException) + { + logger.trace("Error performing internal authentication", e); + throw new AuthenticationException(String.format("Error during authentication of user %s : %s", username, e.getMessage())); + } + + throw new RuntimeException(e); + } + } + + private String queryHashedPassword(String username) throws NoSuchCredentialsException + { + try + { SelectStatement authenticationStatement = authenticationStatement(); - return doAuthenticate(username, password, authenticationStatement); + + ResultMessage.Rows rows = + authenticationStatement.execute(QueryState.forInternalCalls(), + QueryOptions.forInternalCalls(consistencyForRole(username), + Lists.newArrayList(ByteBufferUtil.bytes(username))), + System.nanoTime()); + + // If either a non-existent role name was supplied, or no credentials + // were found for that role we don't want to cache the result so we throw + // a specific, but unchecked, exception to keep LoadingCache happy. + if (rows.result.isEmpty()) + throw new NoSuchCredentialsException(); + + UntypedResultSet result = UntypedResultSet.create(rows.result); + if (!result.one().has(SALTED_HASH)) + throw new NoSuchCredentialsException(); + + return result.one().getString(SALTED_HASH); } catch (RequestExecutionException e) { --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
