This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit ab3805fac04132fbeaf131e74293b037a836d7f2
Author: Pradeep AgrawaL <prad...@apache.org>
AuthorDate: Wed Aug 16 11:10:08 2023 +0530
RANGER-4354: Improve ChangePassword utility for multiple default password
change request
---
.../ranger/patch/cliutil/ChangePasswordUtil.java | 57 ++++++++++++++--------
1 file changed, 37 insertions(+), 20 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
index 2087cb50f..536ad0fc6 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
@@ -219,30 +219,47 @@ public class ChangePasswordUtil extends BaseLoader {
String currentEncryptedPassword = null;
String md5EncryptedPassword = null;
try {
- currentEncryptedPassword =
userMgr.encrypt(userLoginIdTemp, currentPasswordTemp);
- if
(currentEncryptedPassword.equals(dbPassword)) {
-
validatePassword(newPasswordTemp);
-
userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true);
- logger.info("User '" +
userLoginIdTemp + "' Password updated sucessfully.");
- } else if
(!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) {
- logger.info("current encryped
password is not equal to dbpassword , trying with md5 now");
- md5EncryptedPassword =
userMgr.encryptWithOlderAlgo(userLoginIdTemp, currentPasswordTemp);
- if
(md5EncryptedPassword.equals(dbPassword)) {
+ if (config.isFipsEnabled()) {
+ if (defaultPwdChangeRequest) {
+
currentEncryptedPassword = userMgr.encryptWithOlderAlgo(userLoginIdTemp,
currentPasswordTemp);
+ if
(currentEncryptedPassword.equals(dbPassword)) {
+
validatePassword(newPasswordTemp);
+
userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true);
+
logger.info("User '" + userLoginIdTemp + "' Password updated successfully.");
+ } else {
+
System.out.println("Skipping default password change request as provided
password doesn't match with existing password.");
+
logger.error("Skipping default password change request as provided password
doesn't match with existing password.");
+ System.exit(2);
+ }
+ } else if
(userMgr.isPasswordValid(userLoginIdTemp, dbPassword, currentPasswordTemp)) {
validatePassword(newPasswordTemp);
userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true);
- logger.info("User '" +
userLoginIdTemp + "' Password updated sucessfully.");
- } else {
- System.out.println(
-
"Skipping default password change request as provided password doesn't match
with existing password.");
- logger.error(
-
"Skipping default password change request as provided password doesn't match
with existing password.");
- System.exit(2);
+ logger.info("User '" +
userLoginIdTemp + "' Password updated successfully.");
}
} else {
- System.out.println("Invalid
user password");
- logger.error("Invalid user
password");
- System.exit(1);
- break;
+ currentEncryptedPassword =
userMgr.encrypt(userLoginIdTemp, currentPasswordTemp);
+ if
(currentEncryptedPassword.equals(dbPassword)) {
+
validatePassword(newPasswordTemp);
+
userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true);
+ logger.info("User '" +
userLoginIdTemp + "' Password updated successfully.");
+ } else if
(!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) {
+ logger.info("current
encryped password is not equal to dbpassword , trying with md5 now");
+ md5EncryptedPassword =
userMgr.encryptWithOlderAlgo(userLoginIdTemp, currentPasswordTemp);
+ if
(md5EncryptedPassword.equals(dbPassword)) {
+
validatePassword(newPasswordTemp);
+
userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true);
+
logger.info("User '" + userLoginIdTemp + "' Password updated successfully.");
+ } else {
+
System.out.println("Skipping default password change request as provided
password doesn't match with existing password.");
+
logger.error("Skipping default password change request as provided password
doesn't match with existing password.");
+ System.exit(2);
+ }
+ } else {
+
System.out.println("Invalid user password");
+ logger.error("Invalid
user password");
+ System.exit(1);
+ break;
+ }
}
} catch (Exception e) {
logger.error("Update Admin Password
failure. Detail: \n", e);
