Repository: cloudstack Updated Branches: refs/heads/master 843f6b169 -> a69780b69
user-authenticators: don't allow empty usernames or passwords Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com> (cherry picked from commit 16e5f5d7d335ec325d995d91234461e99c695ed7) Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com> Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/a69780b6 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/a69780b6 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/a69780b6 Branch: refs/heads/master Commit: a69780b69b11004cf981db8d72a97301c2b46847 Parents: 843f6b1 Author: Rohit Yadav <rohit.ya...@shapeblue.com> Authored: Mon Mar 16 15:00:08 2015 +0530 Committer: Rohit Yadav <rohit.ya...@shapeblue.com> Committed: Mon Mar 16 15:17:23 2015 +0530 ---------------------------------------------------------------------- .../cloudstack/ldap/LdapAuthenticator.java | 16 +++++++----- .../cloud/server/auth/MD5UserAuthenticator.java | 25 ++++++++++-------- .../server/auth/PBKDF2UserAuthenticator.java | 6 +++++ .../server/auth/PlainTextUserAuthenticator.java | 18 ++++++++----- .../cloudstack/saml/SAML2UserAuthenticator.java | 7 +++++ .../auth/SHA256SaltedUserAuthenticator.java | 27 ++++++++++++-------- 6 files changed, 65 insertions(+), 34 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a69780b6/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java index afba272..8c6820f 100644 --- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java +++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java @@ -16,16 +16,15 @@ // under the License. package org.apache.cloudstack.ldap; -import java.util.Map; - -import javax.inject.Inject; - -import org.apache.log4j.Logger; - import com.cloud.server.auth.DefaultUserAuthenticator; import com.cloud.user.UserAccount; import com.cloud.user.dao.UserAccountDao; import com.cloud.utils.Pair; +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; + +import javax.inject.Inject; +import java.util.Map; public class LdapAuthenticator extends DefaultUserAuthenticator { private static final Logger s_logger = Logger.getLogger(LdapAuthenticator.class.getName()); @@ -48,6 +47,11 @@ public class LdapAuthenticator extends DefaultUserAuthenticator { @Override public Pair<Boolean, ActionOnFailedAuthentication> authenticate(final String username, final String password, final Long domainId, final Map<String, Object[]> requestParameters) { + if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { + s_logger.debug("Username or Password cannot be empty"); + return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); + } + final UserAccount user = _userAccountDao.getUserAccount(username, domainId); if (user == null) { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a69780b6/plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java b/plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java index d478df6..f08ec37 100644 --- a/plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java +++ b/plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java @@ -15,20 +15,19 @@ package com.cloud.server.auth; -import java.math.BigInteger; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.util.Map; - -import javax.ejb.Local; -import javax.inject.Inject; - -import org.apache.log4j.Logger; - import com.cloud.user.UserAccount; import com.cloud.user.dao.UserAccountDao; import com.cloud.utils.Pair; import com.cloud.utils.exception.CloudRuntimeException; +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; + +import javax.ejb.Local; +import javax.inject.Inject; +import java.math.BigInteger; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Map; /** * Simple UserAuthenticator that performs a MD5 hash of the password before @@ -47,6 +46,12 @@ public class MD5UserAuthenticator extends DefaultUserAuthenticator { if (s_logger.isDebugEnabled()) { s_logger.debug("Retrieving user: " + username); } + + if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { + s_logger.debug("Username or Password cannot be empty"); + return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); + } + UserAccount user = _userAccountDao.getUserAccount(username, domainId); if (user == null) { s_logger.debug("Unable to find user with " + username + " in domain " + domainId); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a69780b6/plugins/user-authenticators/pbkdf2/src/org/apache/cloudstack/server/auth/PBKDF2UserAuthenticator.java ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/pbkdf2/src/org/apache/cloudstack/server/auth/PBKDF2UserAuthenticator.java b/plugins/user-authenticators/pbkdf2/src/org/apache/cloudstack/server/auth/PBKDF2UserAuthenticator.java index 58f5ea2..130950d 100644 --- a/plugins/user-authenticators/pbkdf2/src/org/apache/cloudstack/server/auth/PBKDF2UserAuthenticator.java +++ b/plugins/user-authenticators/pbkdf2/src/org/apache/cloudstack/server/auth/PBKDF2UserAuthenticator.java @@ -53,6 +53,12 @@ public class PBKDF2UserAuthenticator extends DefaultUserAuthenticator { if (s_logger.isDebugEnabled()) { s_logger.debug("Retrieving user: " + username); } + + if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { + s_logger.debug("Username or Password cannot be empty"); + return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); + } + boolean isValidUser = false; UserAccount user = this._userAccountDao.getUserAccount(username, domainId); if (user != null) { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a69780b6/plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java b/plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java index 0afbbfc..aaff27e 100644 --- a/plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java +++ b/plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java @@ -15,16 +15,15 @@ package com.cloud.server.auth; -import java.util.Map; - -import javax.ejb.Local; -import javax.inject.Inject; - -import org.apache.log4j.Logger; - import com.cloud.user.UserAccount; import com.cloud.user.dao.UserAccountDao; import com.cloud.utils.Pair; +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; + +import javax.ejb.Local; +import javax.inject.Inject; +import java.util.Map; @Local(value = {UserAuthenticator.class}) public class PlainTextUserAuthenticator extends DefaultUserAuthenticator { @@ -39,6 +38,11 @@ public class PlainTextUserAuthenticator extends DefaultUserAuthenticator { s_logger.debug("Retrieving user: " + username); } + if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { + s_logger.debug("Username or Password cannot be empty"); + return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); + } + UserAccount user = _userAccountDao.getUserAccount(username, domainId); if (user == null) { s_logger.debug("Unable to find user with " + username + " in domain " + domainId); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a69780b6/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java index 31a93a4..68bd81c 100644 --- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java +++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2UserAuthenticator.java @@ -22,6 +22,7 @@ import com.cloud.user.dao.UserAccountDao; import com.cloud.user.dao.UserDao; import com.cloud.utils.Pair; import org.apache.cloudstack.utils.auth.SAMLUtils; +import org.apache.cxf.common.util.StringUtils; import org.apache.log4j.Logger; import javax.ejb.Local; @@ -42,6 +43,12 @@ public class SAML2UserAuthenticator extends DefaultUserAuthenticator { if (s_logger.isDebugEnabled()) { s_logger.debug("Trying SAML2 auth for user: " + username); } + + if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { + s_logger.debug("Username or Password cannot be empty"); + return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); + } + final UserAccount userAccount = _userAccountDao.getUserAccount(username, domainId); if (userAccount == null) { s_logger.debug("Unable to find user with " + username + " in domain " + domainId); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a69780b6/plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java b/plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java index 36305f1..e35c29d 100644 --- a/plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java +++ b/plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java @@ -16,23 +16,22 @@ // under the License. package com.cloud.server.auth; +import com.cloud.user.UserAccount; +import com.cloud.user.dao.UserAccountDao; +import com.cloud.utils.Pair; +import com.cloud.utils.exception.CloudRuntimeException; +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; +import org.bouncycastle.util.encoders.Base64; + +import javax.ejb.Local; +import javax.inject.Inject; import java.io.UnsupportedEncodingException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.Map; -import javax.ejb.Local; -import javax.inject.Inject; - -import org.apache.log4j.Logger; -import org.bouncycastle.util.encoders.Base64; - -import com.cloud.user.UserAccount; -import com.cloud.user.dao.UserAccountDao; -import com.cloud.utils.Pair; -import com.cloud.utils.exception.CloudRuntimeException; - @Local(value = {UserAuthenticator.class}) public class SHA256SaltedUserAuthenticator extends DefaultUserAuthenticator { public static final Logger s_logger = Logger.getLogger(SHA256SaltedUserAuthenticator.class); @@ -50,6 +49,12 @@ public class SHA256SaltedUserAuthenticator extends DefaultUserAuthenticator { if (s_logger.isDebugEnabled()) { s_logger.debug("Retrieving user: " + username); } + + if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { + s_logger.debug("Username or Password cannot be empty"); + return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); + } + boolean realUser = true; UserAccount user = _userAccountDao.getUserAccount(username, domainId); if (user == null) {
