This is an automated email from the ASF dual-hosted git repository.
nikhil pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new d37a6b5 RANGER-2644 : Improvement in Ranger encryption algorithm usage
d37a6b5 is described below
commit d37a6b5a0fd909fe4cbe650a7bdfae401247849c
Author: Nikhil P <nik...@apache.org>
AuthorDate: Thu Nov 14 12:53:29 2019 +0530
RANGER-2644 : Improvement in Ranger encryption algorithm usage
---
.../main/java/org/apache/ranger/biz/UserMgr.java | 8 +++++
.../ranger/patch/cliutil/ChangePasswordUtil.java | 41 ++++++++++++++++------
.../conf.dist/ranger-admin-default-site.xml | 2 +-
3 files changed, 39 insertions(+), 12 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index 9e45782..3045eaf 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -1109,6 +1109,14 @@ public class UserMgr {
return saltEncodedpasswd;
}
+ public String encryptWithOlderAlgo(String loginId, String password) {
+ String saltEncodedpasswd = "";
+
+ saltEncodedpasswd = md5Encoder.encodePassword(password,
loginId);
+
+ return saltEncodedpasswd;
+ }
+
public VXPortalUser createUser(VXPortalUser userProfile) {
checkAdminAccess();
rangerBizUtil.blockAuditorRoleUser();
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
index 65b9ccb..e7a0853 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
@@ -130,18 +130,28 @@ public class ChangePasswordUtil extends BaseLoader {
if (xPortalUser != null) {
String dbPassword = xPortalUser.getPassword();
String currentEncryptedPassword = null;
+ String md5EncryptedPassword = null;
try {
currentEncryptedPassword =
userMgr.encrypt(userLoginId, currentPassword);
if
(currentEncryptedPassword.equals(dbPassword)) {
validatePassword(newPassword);
userMgr.updatePasswordInSHA256(userLoginId, newPassword, true);
logger.info("User '" + userLoginId + "'
Password updated sucessfully.");
- } else if
(!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) {
- System.out.println(
- "Skipping default
password change request as provided password doesn't match with existing
password.");
- logger.error(
- "Skipping default
password change request as provided password doesn't match with existing
password.");
- System.exit(2);
+ }
+ else if
(!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) {
+ logger.info("current encryped password
is not equal to dbpassword , trying with md5 now");
+ md5EncryptedPassword =
userMgr.encryptWithOlderAlgo(userLoginId, currentPassword);
+ if
(md5EncryptedPassword.equals(dbPassword)) {
+ validatePassword(newPassword);
+
userMgr.updatePasswordInSHA256(userLoginId, newPassword, true);
+ logger.info("User '" +
userLoginId + "' Password updated sucessfully.");
+ } else {
+ System.out.println(
+ "Skipping
default password change request as provided password doesn't match with
existing password.");
+ logger.error(
+ "Skipping
default password change request as provided password doesn't match with
existing password.");
+ System.exit(2);
+ }
} else {
System.out.println("Invalid user
password");
logger.error("Invalid user password");
@@ -185,6 +195,7 @@ public class ChangePasswordUtil extends BaseLoader {
if (xPortalUser != null) {
String dbPassword = xPortalUser.getPassword();
String currentEncryptedPassword = null;
+ String md5EncryptedPassword = null;
try {
currentEncryptedPassword =
userMgr.encrypt(userLoginIdTemp, currentPasswordTemp);
if
(currentEncryptedPassword.equals(dbPassword)) {
@@ -192,11 +203,19 @@ public class ChangePasswordUtil extends BaseLoader {
userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true);
logger.info("User '" +
userLoginIdTemp + "' Password updated sucessfully.");
} else if
(!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) {
- System.out.println(
- "Skipping
default password change request as provided password doesn't match with
existing password.");
- logger.error(
- "Skipping
default password change request as provided password doesn't match with
existing password.");
- System.exit(2);
+ logger.info("current encryped
password is not equal to dbpassword , trying with md5 now");
+ md5EncryptedPassword =
userMgr.encryptWithOlderAlgo(userLoginIdTemp, currentPasswordTemp);
+ if
(md5EncryptedPassword.equals(dbPassword)) {
+
validatePassword(newPasswordTemp);
+
userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true);
+ logger.info("User '" +
userLoginIdTemp + "' Password updated sucessfully.");
+ } else {
+ System.out.println(
+
"Skipping default password change request as provided password doesn't match
with existing password.");
+ logger.error(
+
"Skipping default password change request as provided password doesn't match
with existing password.");
+ System.exit(2);
+ }
} else {
System.out.println("Invalid
user password");
logger.error("Invalid user
password");
diff --git
a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
index 34e8303..9916297 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
@@ -463,7 +463,7 @@
</property>
<property>
<name>ranger.sha256Password.update.disable</name>
- <value>true</value>
+ <value>false</value>
<description></description>
</property>
<!-- # DB Info for audit_DB -->
