safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-07 13:41:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ticket #269: Refactor password service to not depend on Credentials (password only). Remove database semantics from non-database password service.

Browse Source
This commit is contained in:
Michael Jumper
2013-02-26 12:15:40 -08:00
parent 77f83dfaa4
commit 64d301dfb3
3 changed files with 28 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
View File

@@ -119,11 +119,12 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
UserWithBLOBs user = users.get(0); UserWithBLOBs user = users.get(0);
// Get password service // Get password service
PasswordEncryptionService passwordService = injector.getInstance(PasswordEncryptionService.class); PasswordEncryptionService passwordService =
injector.getInstance(PasswordEncryptionService.class);
// Check password, if invalid return null // Check password, if invalid return null
if (!passwordService.checkCredentials(credentials, if (!passwordService.checkPassword(credentials.getPassword(),
user.getPassword_hash(), user.getUsername(), user.getPassword_salt())) user.getPassword_hash(), user.getPassword_salt()))
return null; return null;
MySQLUserContext context = injector.getInstance(MySQLUserContext.class); MySQLUserContext context = injector.getInstance(MySQLUserContext.class);

35
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PasswordEncryptionService.java
View File

@@ -1,3 +1,6 @@
package net.sourceforge.guacamole.net.auth.mysql.service;
/* ***** BEGIN LICENSE BLOCK ***** /* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
* *
@@ -33,9 +36,6 @@
* the terms of any one of the MPL, the GPL or the LGPL. * the terms of any one of the MPL, the GPL or the LGPL.
* *
* ***** END LICENSE BLOCK ***** */ * ***** END LICENSE BLOCK ***** */
package net.sourceforge.guacamole.net.auth.mysql.service;
import net.sourceforge.guacamole.net.auth.Credentials;
/** /**
* A service to perform password encryption and checking. * A service to perform password encryption and checking.
@@ -44,21 +44,26 @@ import net.sourceforge.guacamole.net.auth.Credentials;
public interface PasswordEncryptionService { public interface PasswordEncryptionService {
/** /**
* Checks if the provided Credentials are correct, compared with what the values from the database. * Checks whether the provided, unhashed password matches the given
* @param credentials * hash/salt pair.
* @param dbPasswordHash *
* @param dbUsername * @param credentials The credentials to validate.
* @param dbSalt * @param hashedPassword The hashed password to compare the given password
* @return true if the provided credentials match what's in the database for that user. * against.
* @param salt The salt used when the hashed password given was created.
* @return true if the provided credentials match the values given, false
* otherwise.
*/ */
public boolean checkCredentials(Credentials credentials, byte[] dbPasswordHash, String dbUsername, byte[] dbSalt); public boolean checkPassword(String password, byte[] hashedPassword,
byte[] salt);
/** /**
* Creates a password hash based on the provided username, password, and salt. * Creates a password hash based on the provided username, password, and
* @param username * salt.
* @param password *
* @param salt * @param password The password to hash.
* @return the generated password hash. * @param salt The salt to use when hashing the password.
* @return The generated password hash.
*/ */
public byte[] createPasswordHash(String password, byte[] salt); public byte[] createPasswordHash(String password, byte[] salt);
} }

13
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/Sha256PasswordEncryptionService.java
View File

@@ -42,7 +42,6 @@ import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.util.Arrays; import java.util.Arrays;
import javax.xml.bind.DatatypeConverter; import javax.xml.bind.DatatypeConverter;
import net.sourceforge.guacamole.net.auth.Credentials;
/** /**
* Provides a SHA-256 based implementation of the password encryption functionality. * Provides a SHA-256 based implementation of the password encryption functionality.
@@ -51,16 +50,12 @@ import net.sourceforge.guacamole.net.auth.Credentials;
public class Sha256PasswordEncryptionService implements PasswordEncryptionService { public class Sha256PasswordEncryptionService implements PasswordEncryptionService {
@Override @Override
public boolean checkCredentials(Credentials credentials, public boolean checkPassword(String password, byte[] hashedPassword,
byte[] dbPasswordHash, String dbUsername, byte[] dbSalt) { byte[] salt) {
// If usernames don't match, don't bother comparing passwords, just fail
if (!dbUsername.equals(credentials.getUsername()))
return false;
// Compare bytes of password in credentials against hashed password // Compare bytes of password in credentials against hashed password
byte[] passwordBytes = createPasswordHash(credentials.getPassword(), dbSalt); byte[] passwordBytes = createPasswordHash(password, salt);
return Arrays.equals(passwordBytes, dbPasswordHash); return Arrays.equals(passwordBytes, hashedPassword);
} }