cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anoop Rajendra <anoop.rajen...@gmail.com>
Subject Re: Bug in updateUser API in CS 4.1.0
Date Mon, 10 Jun 2013 19:26:10 GMT
Hi Chiradeep,

My componentContext.xml has the following entries for the security
adapter section

<bean id="userAuthenticators" class="com.cloud.utils.component.AdapterList">
    <property name="Adapters">
      <list>
          <ref bean="MD5UserAuthenticator"/>
          <ref bean="LDAPUserAuthenticator"/>
          <ref bean="PlainTextUserAuthenticator"/>
      </list>
    </property>
  </bean>


So clearly MD5UserAuthenticator is present, and being used.

However the updateUser api isn't working as documentation states.

Here's proof of this.

1. password is "password". md5sum hash of the password is
""5f4dcc3b5aa765d61d8327deb882cf99"

If I craft the updateUser api call as the following url,

http://localhost:8080/client/api?apiKey=68jXaZIv0O42n1h2C_KmGtHpD7YRvrYGJszs-d0T1pPxxxP91EYuY-gjz7pCD3pEl8x2lyLzF-WeEdupxAIUkQ&id=1723cb29-8dfd-4211-8ca1-212e1f192455&command=updateUser&signature=AM8rwempktibzYro%2B%2FmHEHbnKng%3D&password=5f4dcc3b5aa765d61d8327deb882cf99&response=json

the MD5 password stored in the database is
"696d29e0940a4957748fe3fc9efd22a3" which is actually the md5 hash of
the hashed password.

However if I craft the URL to read,

http://localhost:8080/client/api?apiKey=68jXaZIv0O42n1h2C_KmGtHpD7YRvrYGJszs-d0T1pPxxxP91EYuY-gjz7pCD3pEl8x2lyLzF-WeEdupxAIUkQ&id=1723cb29-8dfd-4211-8ca1-212e1f192455&command=updateUser&signature=sms6kd0LlAsZyqOFlFE%2FROsBlyw%3D&password=password&response=json

then the md5 password stored in the database is
"5f4dcc3b5aa765d61d8327deb882cf99", which is what I want.

As you can see, the updateUser api requires the password to be
cleartext, and not an MD5 hash (as stated in the documentation, and as
used to work previously).

By the way, the login API correctly requires the MD5 hashed password,
and will not work with a clear text password.

-a

On Mon, Jun 10, 2013 at 10:03 AM, Chiradeep Vittal
<Chiradeep.Vittal@citrix.com> wrote:
> There should be a configuration file called componentContext.xml in your
> install path. Search for Authenticator in the file. The order of the
> Authenticators matter.
>
> On 6/9/13 10:59 PM, "Anoop Rajendra" <anoop.rajendra@gmail.com> wrote:
>
>>How would I install the MD5Authenticator as the default
>>authenticator?
>>
>>Thanks,
>>-a
>>On Jun 7, 2013 5:56 PM, "Chiradeep Vittal" <Chiradeep.Vittal@citrix.com>
>>wrote:
>>
>>> See this discussion
>>> http://markmail.org/thread/7r6ia3ckkt6fzlic
>>>
>>> You might have to install the MD5Authenticator as the default
>>> authenticator.
>>>
>>> On 6/7/13 3:44 PM, "Anoop Rajendra" <anoop.rajendra@gmail.com> wrote:
>>>
>>> >Hi, When I try to run the updateUser API for the admin user, the
>>> >password field requires a cleartext unhashed password.
>>> >
>>> >With previous versions I could provide the hashed  MD5 password, and
>>> >the admin password would get updated.
>>> >
>>> >-a
>>>
>>>
>

Mime
View raw message