GUAC-1103: Allow unsalted passwords from external systems.

2025-09-07 05:31:22 +00:00 · 2015-03-05 11:45:03 -08:00
parent 187f61b483
commit 4fb2f4e047
4 changed files with 27 additions and 18 deletions
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java
@@ -30,11 +30,16 @@ public interface PasswordEncryptionService {

    /**
     * Creates a password hash based on the provided username, password, and
-     * salt.
+     * salt. If the provided salt is null, only the password itself is hashed.
     *
-     * @param password The password to hash.
-     * @param salt The salt to use when hashing the password.
-     * @return The generated password hash.
+     * @param password
+     *     The password to hash.
+     *
+     * @param salt
+     *     The salt to use when hashing the password, if any.
+     *
+     * @return
+     *     The generated password hash.
     */
    public byte[] createPasswordHash(String password, byte[] salt);

--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java
@@ -38,26 +38,26 @@ public class SHA256PasswordEncryptionService implements PasswordEncryptionServic

        try {

-            // Build salted password
+            // Build salted password, if a salt was provided
            StringBuilder builder = new StringBuilder();
            builder.append(password);
-            builder.append(DatatypeConverter.printHexBinary(salt));

-            // Hash UTF-8 bytes of salted password
+            if (salt != null)
+                builder.append(DatatypeConverter.printHexBinary(salt));
+
+            // Hash UTF-8 bytes of possibly-salted password
            MessageDigest md = MessageDigest.getInstance("SHA-256");
            md.update(builder.toString().getBytes("UTF-8"));
            return md.digest();

        }

-        // Should not happen
-        catch (UnsupportedEncodingException ex) {
-            throw new RuntimeException(ex);
+        // Throw hard errors if standard pieces of Java are missing
+        catch (UnsupportedEncodingException e) {
+            throw new UnsupportedOperationException("Unexpected lack of UTF-8 support.", e);
        }
-
-        // Should not happen
-        catch (NoSuchAlgorithmException ex) {
-            throw new RuntimeException(ex);
+        catch (NoSuchAlgorithmException e) {
+            throw new UnsupportedOperationException("Unexpected lack of SHA-256 support.", e);
        }

    }