safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-10-31 00:53:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUAC-1109: Do not rely on SHA2(). Handle password hashing in Java.

Browse Source
This commit is contained in:
Michael Jumper
2015-03-04 14:23:56 -08:00
parent 969db70be9
commit a4a3de002b
3 changed files with 23 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java
View File

@@ -32,23 +32,6 @@ import org.apache.ibatis.annotations.Param;
*/
public interface UserMapper extends DirectoryObjectMapper<UserModel> {
/**
* Returns the user having the given username and password, if any. If no
* such user exists, null is returned.
*
* @param username
* The username of the user to return.
*
* @param password
* The password of the user to return.
*
* @return
* The user having the given username and password, or null if no such
* user exists.
*/
UserModel selectOneByCredentials(@Param("username") String username,
@Param("password") String password);
/**
* Returns the user having the given username, if any. If no such user
* exists, null is returned.

29
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
View File

@@ -24,6 +24,7 @@ package org.glyptodon.guacamole.auth.jdbc.user;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import org.glyptodon.guacamole.net.auth.Credentials;
@@ -33,6 +34,7 @@ import org.glyptodon.guacamole.GuacamoleClientException;
import org.glyptodon.guacamole.GuacamoleException;
import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
import org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionMapper;
import org.glyptodon.guacamole.auth.jdbc.security.PasswordEncryptionService;
import org.glyptodon.guacamole.net.auth.User;
import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
@@ -64,6 +66,12 @@ public class UserService extends DirectoryObjectService<ModeledUser, User, UserM
@Inject
private Provider<ModeledUser> userProvider;
/**
* Service for hashing passwords.
*/
@Inject
private PasswordEncryptionService encryptionService;
@Override
protected DirectoryObjectMapper<UserModel> getObjectMapper() {
return userMapper;
@@ -169,15 +177,24 @@ public class UserService extends DirectoryObjectService<ModeledUser, User, UserM
String username = credentials.getUsername();
String password = credentials.getPassword();
// Retrieve user model, if the user exists
UserModel userModel = userMapper.selectOneByCredentials(username, password);
// Retrieve corresponding user model, if such a user exists
UserModel userModel = userMapper.selectOne(username);
if (userModel == null)
return null;
// Return corresponding user, set up cyclic reference
ModeledUser user = getObjectInstance(null, userModel);
user.setCurrentUser(new AuthenticatedUser(user, credentials));
return user;
// If password hash matches, return the retrieved user
byte[] hash = encryptionService.createPasswordHash(password, userModel.getPasswordSalt());
if (Arrays.equals(hash, userModel.getPasswordHash())) {
// Return corresponding user, set up cyclic reference
ModeledUser user = getObjectInstance(null, userModel);
user.setCurrentUser(new AuthenticatedUser(user, credentials));
return user;
}
// Otherwise, the credentials do not match
return null;
}