RANGER-2644 : Improvement in Ranger encryption algorithm usage
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index 9e45782..3045eaf 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -1109,6 +1109,14 @@
return saltEncodedpasswd;
}
+ public String encryptWithOlderAlgo(String loginId, String password) {
+ String saltEncodedpasswd = "";
+
+ saltEncodedpasswd = md5Encoder.encodePassword(password, loginId);
+
+ return saltEncodedpasswd;
+ }
+
public VXPortalUser createUser(VXPortalUser userProfile) {
checkAdminAccess();
rangerBizUtil.blockAuditorRoleUser();
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
index 65b9ccb..e7a0853 100644
--- a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
@@ -130,18 +130,28 @@
if (xPortalUser != null) {
String dbPassword = xPortalUser.getPassword();
String currentEncryptedPassword = null;
+ String md5EncryptedPassword = null;
try {
currentEncryptedPassword = userMgr.encrypt(userLoginId, currentPassword);
if (currentEncryptedPassword.equals(dbPassword)) {
validatePassword(newPassword);
userMgr.updatePasswordInSHA256(userLoginId, newPassword, true);
logger.info("User '" + userLoginId + "' Password updated sucessfully.");
- } else if (!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) {
- System.out.println(
- "Skipping default password change request as provided password doesn't match with existing password.");
- logger.error(
- "Skipping default password change request as provided password doesn't match with existing password.");
- System.exit(2);
+ }
+ else if (!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) {
+ logger.info("current encryped password is not equal to dbpassword , trying with md5 now");
+ md5EncryptedPassword = userMgr.encryptWithOlderAlgo(userLoginId, currentPassword);
+ if (md5EncryptedPassword.equals(dbPassword)) {
+ validatePassword(newPassword);
+ userMgr.updatePasswordInSHA256(userLoginId, newPassword, true);
+ logger.info("User '" + userLoginId + "' Password updated sucessfully.");
+ } else {
+ System.out.println(
+ "Skipping default password change request as provided password doesn't match with existing password.");
+ logger.error(
+ "Skipping default password change request as provided password doesn't match with existing password.");
+ System.exit(2);
+ }
} else {
System.out.println("Invalid user password");
logger.error("Invalid user password");
@@ -185,6 +195,7 @@
if (xPortalUser != null) {
String dbPassword = xPortalUser.getPassword();
String currentEncryptedPassword = null;
+ String md5EncryptedPassword = null;
try {
currentEncryptedPassword = userMgr.encrypt(userLoginIdTemp, currentPasswordTemp);
if (currentEncryptedPassword.equals(dbPassword)) {
@@ -192,11 +203,19 @@
userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true);
logger.info("User '" + userLoginIdTemp + "' Password updated sucessfully.");
} else if (!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) {
- System.out.println(
- "Skipping default password change request as provided password doesn't match with existing password.");
- logger.error(
- "Skipping default password change request as provided password doesn't match with existing password.");
- System.exit(2);
+ logger.info("current encryped password is not equal to dbpassword , trying with md5 now");
+ md5EncryptedPassword = userMgr.encryptWithOlderAlgo(userLoginIdTemp, currentPasswordTemp);
+ if (md5EncryptedPassword.equals(dbPassword)) {
+ validatePassword(newPasswordTemp);
+ userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true);
+ logger.info("User '" + userLoginIdTemp + "' Password updated sucessfully.");
+ } else {
+ System.out.println(
+ "Skipping default password change request as provided password doesn't match with existing password.");
+ logger.error(
+ "Skipping default password change request as provided password doesn't match with existing password.");
+ System.exit(2);
+ }
} else {
System.out.println("Invalid user password");
logger.error("Invalid user password");
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
index 34e8303..9916297 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
@@ -463,7 +463,7 @@
</property>
<property>
<name>ranger.sha256Password.update.disable</name>
- <value>true</value>
+ <value>false</value>
<description></description>
</property>
<!-- # DB Info for audit_DB -->