This is an automated email from the ASF dual-hosted git repository. nikhil pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push: new d37a6b5 RANGER-2644 : Improvement in Ranger encryption algorithm usage d37a6b5 is described below commit d37a6b5a0fd909fe4cbe650a7bdfae401247849c Author: Nikhil P <nik...@apache.org> AuthorDate: Thu Nov 14 12:53:29 2019 +0530 RANGER-2644 : Improvement in Ranger encryption algorithm usage --- .../main/java/org/apache/ranger/biz/UserMgr.java | 8 +++++ .../ranger/patch/cliutil/ChangePasswordUtil.java | 41 ++++++++++++++++------ .../conf.dist/ranger-admin-default-site.xml | 2 +- 3 files changed, 39 insertions(+), 12 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java index 9e45782..3045eaf 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java @@ -1109,6 +1109,14 @@ public class UserMgr { return saltEncodedpasswd; } + public String encryptWithOlderAlgo(String loginId, String password) { + String saltEncodedpasswd = ""; + + saltEncodedpasswd = md5Encoder.encodePassword(password, loginId); + + return saltEncodedpasswd; + } + public VXPortalUser createUser(VXPortalUser userProfile) { checkAdminAccess(); rangerBizUtil.blockAuditorRoleUser(); diff --git a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java index 65b9ccb..e7a0853 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java @@ -130,18 +130,28 @@ public class ChangePasswordUtil extends BaseLoader { if (xPortalUser != null) { String dbPassword = xPortalUser.getPassword(); String currentEncryptedPassword = null; + String md5EncryptedPassword = null; try { currentEncryptedPassword = userMgr.encrypt(userLoginId, currentPassword); if (currentEncryptedPassword.equals(dbPassword)) { validatePassword(newPassword); userMgr.updatePasswordInSHA256(userLoginId, newPassword, true); logger.info("User '" + userLoginId + "' Password updated sucessfully."); - } else if (!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) { - System.out.println( - "Skipping default password change request as provided password doesn't match with existing password."); - logger.error( - "Skipping default password change request as provided password doesn't match with existing password."); - System.exit(2); + } + else if (!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) { + logger.info("current encryped password is not equal to dbpassword , trying with md5 now"); + md5EncryptedPassword = userMgr.encryptWithOlderAlgo(userLoginId, currentPassword); + if (md5EncryptedPassword.equals(dbPassword)) { + validatePassword(newPassword); + userMgr.updatePasswordInSHA256(userLoginId, newPassword, true); + logger.info("User '" + userLoginId + "' Password updated sucessfully."); + } else { + System.out.println( + "Skipping default password change request as provided password doesn't match with existing password."); + logger.error( + "Skipping default password change request as provided password doesn't match with existing password."); + System.exit(2); + } } else { System.out.println("Invalid user password"); logger.error("Invalid user password"); @@ -185,6 +195,7 @@ public class ChangePasswordUtil extends BaseLoader { if (xPortalUser != null) { String dbPassword = xPortalUser.getPassword(); String currentEncryptedPassword = null; + String md5EncryptedPassword = null; try { currentEncryptedPassword = userMgr.encrypt(userLoginIdTemp, currentPasswordTemp); if (currentEncryptedPassword.equals(dbPassword)) { @@ -192,11 +203,19 @@ public class ChangePasswordUtil extends BaseLoader { userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true); logger.info("User '" + userLoginIdTemp + "' Password updated sucessfully."); } else if (!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) { - System.out.println( - "Skipping default password change request as provided password doesn't match with existing password."); - logger.error( - "Skipping default password change request as provided password doesn't match with existing password."); - System.exit(2); + logger.info("current encryped password is not equal to dbpassword , trying with md5 now"); + md5EncryptedPassword = userMgr.encryptWithOlderAlgo(userLoginIdTemp, currentPasswordTemp); + if (md5EncryptedPassword.equals(dbPassword)) { + validatePassword(newPasswordTemp); + userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true); + logger.info("User '" + userLoginIdTemp + "' Password updated sucessfully."); + } else { + System.out.println( + "Skipping default password change request as provided password doesn't match with existing password."); + logger.error( + "Skipping default password change request as provided password doesn't match with existing password."); + System.exit(2); + } } else { System.out.println("Invalid user password"); logger.error("Invalid user password"); diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml index 34e8303..9916297 100644 --- a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml +++ b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml @@ -463,7 +463,7 @@ </property> <property> <name>ranger.sha256Password.update.disable</name> - <value>true</value> + <value>false</value> <description></description> </property> <!-- # DB Info for audit_DB -->