This is an automated email from the ASF dual-hosted git repository. mehul pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
commit ab3805fac04132fbeaf131e74293b037a836d7f2 Author: Pradeep AgrawaL <prad...@apache.org> AuthorDate: Wed Aug 16 11:10:08 2023 +0530 RANGER-4354: Improve ChangePassword utility for multiple default password change request --- .../ranger/patch/cliutil/ChangePasswordUtil.java | 57 ++++++++++++++-------- 1 file changed, 37 insertions(+), 20 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java index 2087cb50f..536ad0fc6 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java @@ -219,30 +219,47 @@ public class ChangePasswordUtil extends BaseLoader { String currentEncryptedPassword = null; String md5EncryptedPassword = null; try { - currentEncryptedPassword = userMgr.encrypt(userLoginIdTemp, currentPasswordTemp); - if (currentEncryptedPassword.equals(dbPassword)) { - validatePassword(newPasswordTemp); - userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true); - logger.info("User '" + userLoginIdTemp + "' Password updated sucessfully."); - } else if (!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) { - logger.info("current encryped password is not equal to dbpassword , trying with md5 now"); - md5EncryptedPassword = userMgr.encryptWithOlderAlgo(userLoginIdTemp, currentPasswordTemp); - if (md5EncryptedPassword.equals(dbPassword)) { + if (config.isFipsEnabled()) { + if (defaultPwdChangeRequest) { + currentEncryptedPassword = userMgr.encryptWithOlderAlgo(userLoginIdTemp, currentPasswordTemp); + if (currentEncryptedPassword.equals(dbPassword)) { + validatePassword(newPasswordTemp); + userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true); + logger.info("User '" + userLoginIdTemp + "' Password updated successfully."); + } else { + System.out.println("Skipping default password change request as provided password doesn't match with existing password."); + logger.error("Skipping default password change request as provided password doesn't match with existing password."); + System.exit(2); + } + } else if (userMgr.isPasswordValid(userLoginIdTemp, dbPassword, currentPasswordTemp)) { validatePassword(newPasswordTemp); userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true); - logger.info("User '" + userLoginIdTemp + "' Password updated sucessfully."); - } else { - System.out.println( - "Skipping default password change request as provided password doesn't match with existing password."); - logger.error( - "Skipping default password change request as provided password doesn't match with existing password."); - System.exit(2); + logger.info("User '" + userLoginIdTemp + "' Password updated successfully."); } } else { - System.out.println("Invalid user password"); - logger.error("Invalid user password"); - System.exit(1); - break; + currentEncryptedPassword = userMgr.encrypt(userLoginIdTemp, currentPasswordTemp); + if (currentEncryptedPassword.equals(dbPassword)) { + validatePassword(newPasswordTemp); + userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true); + logger.info("User '" + userLoginIdTemp + "' Password updated successfully."); + } else if (!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) { + logger.info("current encryped password is not equal to dbpassword , trying with md5 now"); + md5EncryptedPassword = userMgr.encryptWithOlderAlgo(userLoginIdTemp, currentPasswordTemp); + if (md5EncryptedPassword.equals(dbPassword)) { + validatePassword(newPasswordTemp); + userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true); + logger.info("User '" + userLoginIdTemp + "' Password updated successfully."); + } else { + System.out.println("Skipping default password change request as provided password doesn't match with existing password."); + logger.error("Skipping default password change request as provided password doesn't match with existing password."); + System.exit(2); + } + } else { + System.out.println("Invalid user password"); + logger.error("Invalid user password"); + System.exit(1); + break; + } } } catch (Exception e) { logger.error("Update Admin Password failure. Detail: \n", e);