From 05740f7903980924df868dd9bb92db485c05a079 Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Sat, 13 Oct 2012 15:41:57 +0000
Subject: [PATCH] - Fix MD5 passwords after testing - Remove unused password
fallback in FormHandler
---
.../i2p/router/web/ConsolePasswordManager.java | 17 +++++++++++------
.../src/net/i2p/router/web/FormHandler.java | 8 --------
.../net/i2p/router/web/RouterConsoleRunner.java | 6 +++---
3 files changed, 14 insertions(+), 17 deletions(-)
diff --git a/apps/routerconsole/java/src/net/i2p/router/web/ConsolePasswordManager.java b/apps/routerconsole/java/src/net/i2p/router/web/ConsolePasswordManager.java
index b428de7a49..4d475e43f2 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/ConsolePasswordManager.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/ConsolePasswordManager.java
@@ -28,11 +28,11 @@ public class ConsolePasswordManager extends RouterPasswordManager {
private static final String PROP_MIGRATED = "routerconsole.passwordManager.migrated";
// migrate these to hash
private static final String PROP_CONSOLE_OLD = "consolePassword";
- public static final String PROP_CONSOLE_NEW = "routerconsole.auth";
private static final String CONSOLE_USER = "admin";
public ConsolePasswordManager(RouterContext ctx) {
super(ctx);
+ migrateConsole();
}
/**
@@ -48,7 +48,7 @@ public class ConsolePasswordManager extends RouterPasswordManager {
//checkCrypt(realm, user, pw) ||
checkMD5(realm, user, pw);
}
-
+
/**
* The username is the salt
*
@@ -119,7 +119,8 @@ public class ConsolePasswordManager extends RouterPasswordManager {
}
/**
- * Migrate from plaintext to salt/hash
+ * Migrate from plaintext to MD5 hash
+ * Ref: RFC 2617
*
* @return success or nothing to migrate
*/
@@ -130,9 +131,13 @@ public class ConsolePasswordManager extends RouterPasswordManager {
// consolePassword
String pw = _context.getProperty(PROP_CONSOLE_OLD);
if (pw != null) {
- if (pw.length() > 0)
- saveMD5(PROP_CONSOLE_NEW, CONSOLE_USER, pw);
- return _context.router().saveConfig(PROP_CONSOLE_OLD, null);
+ if (pw.length() > 0) {
+ pw = CONSOLE_USER + ':' + RouterConsoleRunner.JETTY_REALM + ':' + pw;
+ saveMD5(RouterConsoleRunner.PROP_CONSOLE_PW, CONSOLE_USER, pw);
+ }
+ Map toAdd = Collections.singletonMap(PROP_MIGRATED, "true");
+ List toDel = Collections.singletonList(PROP_CONSOLE_OLD);
+ return _context.router().saveConfig(toAdd, toDel);
}
return true;
}
diff --git a/apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java b/apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java
index 2f16cd359b..6cbfd184a4 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/FormHandler.java
@@ -21,7 +21,6 @@ public class FormHandler {
private String _nonce;
protected String _action;
protected String _method;
- protected String _passphrase;
private final List<String> _errors;
private final List<String> _notices;
private boolean _processed;
@@ -52,7 +51,6 @@ public class FormHandler {
public void setNonce(String val) { _nonce = val; }
public void setAction(String val) { _action = val; }
- public void setPassphrase(String val) { _passphrase = val; }
/**
* Call this to prevent changes using GET
@@ -168,14 +166,8 @@ public class FormHandler {
String noncePrev = nonce + PREV_SUFFIX;
if ( ( (nonce == null) || (!_nonce.equals(nonce)) ) &&
( (noncePrev == null) || (!_nonce.equals(noncePrev)) ) ) {
-
- String expected = _context.getProperty("consolePassword");
- if ( (expected != null) && (expected.trim().length() > 0) && (expected.equals(_passphrase)) ) {
- // ok
- } else {
addFormError(_("Invalid form submission, probably because you used the 'back' or 'reload' button on your browser. Please resubmit."));
_valid = false;
- }
}
}
diff --git a/apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java b/apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java
index e5ffcc0aee..34c2174a9a 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java
@@ -80,8 +80,9 @@ public class RouterConsoleRunner implements RouterApp {
// Jetty Auth
private static final DigestAuthenticator authenticator = new DigestAuthenticator();
- private static final String JETTY_REALM = "i2prouter";
+ public static final String JETTY_REALM = "i2prouter";
private static final String JETTY_ROLE = "routerAdmin";
+ public static final String PROP_CONSOLE_PW = "routerconsole.auth." + JETTY_REALM;
public static final String ROUTERCONSOLE = "routerconsole";
public static final String PREFIX = "webapps.";
@@ -706,8 +707,7 @@ public class RouterConsoleRunner implements RouterApp {
SecurityHandler sec = new SecurityHandler();
List<ConstraintMapping> constraints = new ArrayList(4);
ConsolePasswordManager mgr = new ConsolePasswordManager(ctx);
- mgr.migrateConsole();
- Map<String, String> userpw = mgr.getMD5(PasswordManager.PROP_CONSOLE_NEW);
+ Map<String, String> userpw = mgr.getMD5(PROP_CONSOLE_PW);
if (!userpw.isEmpty()) {
HashUserRealm realm = new HashUserRealm(JETTY_REALM);
sec.setUserRealm(realm);
--
GitLab