Bug #2503

one.user.passwd should not accept whitespaces as a new password

Added by Daniel Molina almost 6 years ago. Updated over 5 years ago.

Status:ClosedStart date:11/27/2013
Priority:NormalDue date:
Assignee:Carlos Martín% Done:

0%

Category:Core & System
Target version:Release 4.6
Resolution:fixed Pull request:https://github.com/OpenNebula/one/pull/16
Affected Versions:OpenNebula 4.4

0001-Bug-2503-Improve-setting-of-password-auth_driver.patch Magnifier - patch (4.33 KB) Jens Hoffmann, 12/11/2013 11:02 PM

Associated revisions

Revision 0a3ba8ac
Added by Jens Hoffmann over 5 years ago

Bug #2503: Improve setting of password/auth_driver

UserChangePassword followed this strategy:
a1. Eventually encrypt user password if the users
auth_driver is CORE_AUTH
a2. Set (probably encrypted) password with
User::set_password
a3. User::set_password tries to validate (probably
encrypted) password instead of the raw password

UserChangeAuth did something similar:
b1. If password is given (not empty) do a1 through a3
b2. Set auth_driver

The change proposes the following: * In set_password:
1. Validate the raw password
2. Do encryption if needed * In UserChangePassword: simply call set_password * In UserChangeAuth: set auth_driver before calling
set_password, such that set_password does the right thing
if the auth_driver changes

Note: I needed to move the implementation of set_password
from User.h to User.cc since it seems impossible to access
UserPool::CORE_AUTH from within User.h.

Revision 2e8dc65f
Added by Carlos Martín over 5 years ago

Bug #2503: Add rollback in case of error

History

#1 Updated by Jens Hoffmann almost 6 years ago

sha1-encryption is done before password validation / set_password validates a sha1

My patch tries to fix this. Please review with "4 eyes", I'm quite new to OpenNebula.

#2 Updated by Ruben S. Montero almost 6 years ago

  • Target version set to Release 4.6

#3 Updated by Ruben S. Montero almost 6 years ago

Hi thanks for the patch, we'll work on the pull-request from github

#4 Updated by Javi Fontan almost 6 years ago

Related to this GitHub pull request:

https://github.com/OpenNebula/one/pull/16

#5 Updated by Javi Fontan almost 6 years ago

  • Pull request set to https://github.com/OpenNebula/one/pull/16

#6 Updated by Jaime Melis over 5 years ago

  • Assignee set to Carlos Martín

#7 Updated by Carlos Martín over 5 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

Patch applied, thank you!

Also available in: Atom PDF