use of org.apache.derby.iapi.sql.dictionary.UserDescriptor in project derby by apache.
the class SYSUSERSRowFactory method makeRow.
// ///////////////////////////////////////////////////////////////////////////
//
// METHODS
//
// ///////////////////////////////////////////////////////////////////////////
/**
* Make a SYSUSERS row. The password in the UserDescriptor will be zeroed by
* this method.
*
* @return Row suitable for inserting into SYSUSERS
*
* @exception StandardException thrown on failure
*/
public ExecRow makeRow(TupleDescriptor td, TupleDescriptor parent) throws StandardException {
String userName = null;
String hashingScheme = null;
char[] password = null;
Timestamp lastModified = null;
ExecRow row;
try {
if (td != null) {
UserDescriptor descriptor = (UserDescriptor) td;
userName = descriptor.getUserName();
hashingScheme = descriptor.getHashingScheme();
password = descriptor.getAndZeroPassword();
lastModified = descriptor.getLastModified();
}
/* Build the row to insert */
row = getExecutionFactory().getValueRow(SYSUSERS_COLUMN_COUNT);
/* 1st column is USERNAME (varchar(128)) */
row.setColumn(USERNAME_COL_NUM, new SQLVarchar(userName));
/* 2nd column is HASHINGSCHEME (varchar(32672)) */
row.setColumn(HASHINGSCHEME_COL_NUM, new SQLVarchar(hashingScheme));
/* 3rd column is PASSWORD (varchar(32672)) */
row.setColumn(PASSWORD_COL_NUM, new SQLVarchar(password));
/* 4th column is LASTMODIFIED (timestamp) */
row.setColumn(LASTMODIFIED_COL_NUM, new SQLTimestamp(lastModified));
} finally {
// zero out the password to prevent it from being memory-sniffed
if (password != null) {
Arrays.fill(password, (char) 0);
}
}
return row;
}
use of org.apache.derby.iapi.sql.dictionary.UserDescriptor in project derby by apache.
the class NativeAuthenticationServiceImpl method authenticateLocally.
// /////////////////////////////////////////////////////////////////////////////////
//
// AUTHENTICATE LOCALLY
//
// /////////////////////////////////////////////////////////////////////////////////
/**
* Authenticate the passed-in credentials against the local database.
*
* @param userName The user's name used to connect to JBMS system
* @param userPassword The user's password used to connect to JBMS system
* @param databaseName The database which the user wants to connect to.
*/
private boolean authenticateLocally(String userName, String userPassword, String databaseName) throws StandardException, SQLException {
userName = IdUtil.getUserAuthorizationId(userName);
//
if (_creatingCredentialsDB) {
_creatingCredentialsDB = false;
TransactionController tc = getTransaction();
SystemProcedures.addUser(userName, userPassword, tc);
tc.commit();
return true;
}
//
// we expect to find a data dictionary
//
DataDictionary dd = (DataDictionary) AuthenticationServiceBase.getServiceModule(this, DataDictionary.MODULE);
UserDescriptor userDescriptor = dd.getUser(userName);
if (userDescriptor == null) {
//
// Before returning, we pretend to evaluate the password.
// This helps prevent blackhats from discovering legal usernames
// by measuring how long password evaluation takes. For more context,
// see the 2012-02-22 comment on DERBY-5539.
//
PasswordHasher hasher = dd.makePasswordHasher(getDatabaseProperties());
hasher.hashPasswordIntoString(userName, userPassword).toCharArray();
return false;
}
PasswordHasher hasher = new PasswordHasher(userDescriptor.getHashingScheme());
char[] candidatePassword = hasher.hashPasswordIntoString(userName, userPassword).toCharArray();
char[] actualPassword = userDescriptor.getAndZeroPassword();
try {
if ((candidatePassword == null) || (actualPassword == null)) {
return false;
}
if (candidatePassword.length != actualPassword.length) {
return false;
}
for (int i = 0; i < candidatePassword.length; i++) {
if (candidatePassword[i] != actualPassword[i]) {
return false;
}
}
} finally {
if (candidatePassword != null) {
Arrays.fill(candidatePassword, (char) 0);
}
if (actualPassword != null) {
Arrays.fill(actualPassword, (char) 0);
}
}
//
if (_passwordLifetimeMillis > 0) {
long passwordAge = System.currentTimeMillis() - userDescriptor.getLastModified().getTime();
long remainingLifetime = _passwordLifetimeMillis - passwordAge;
//
if (remainingLifetime <= 0L) {
// The DBO's password never expires.
if (!dd.getAuthorizationDatabaseOwner().equals(userName)) {
return false;
} else {
remainingLifetime = 0L;
}
}
long expirationThreshold = (long) (_passwordLifetimeMillis * _passwordExpirationThreshold);
if (remainingLifetime <= expirationThreshold) {
if (dd.getAuthorizationDatabaseOwner().equals(userName)) {
throw SQLWarningFactory.newSQLWarning(SQLState.DBO_PASSWORD_EXPIRES_SOON, databaseName);
}
long daysRemaining = remainingLifetime / Property.MILLISECONDS_IN_DAY;
throw SQLWarningFactory.newSQLWarning(SQLState.PASSWORD_EXPIRES_SOON, Long.toString(daysRemaining), databaseName);
}
}
return true;
}
Aggregations