[Exist-commits] eXist-1.0/src/org/exist/security security.properties,NONE,1.1 MD5.java,1.1,1.2 SecurityManager.java,1.16,1.17 User.java,1.8,1.9

[Wolfgang M. M. <wol...@us...>]

Update of /cvsroot/exist/eXist-1.0/src/org/exist/security
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2156/src/org/exist/security

Modified Files:
	MD5.java SecurityManager.java User.java 
Added Files:
	security.properties 
Log Message:
A large number of XUpdate bugs has been fixed.

Index: User.java
===================================================================
RCS file: /cvsroot/exist/eXist-1.0/src/org/exist/security/User.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** User.java	16 Feb 2004 13:02:44 -0000	1.8
--- User.java	23 Apr 2004 13:07:43 -0000	1.9
***************
*** 2,7 ****
--- 2,9 ----
  package org.exist.security;
  
+ import java.io.IOException;
  import java.util.ArrayList;
  import java.util.Iterator;
+ import java.util.Properties;
  
  import org.exist.util.DatabaseConfigurationException;
***************
*** 26,30 ****
      private final static String USER_ID = "uid";
      private final static String HOME = "home";
!     
      private ArrayList groups = new ArrayList( 2 );
      private String password = null;
--- 28,57 ----
      private final static String USER_ID = "uid";
      private final static String HOME = "home";
! 
!     public final static int PLAIN_ENCODING = 0;
! 	public final static int SIMPLE_MD5_ENCODING = 1;
! 	public final static int MD5_ENCODING = 2;
! 	
! 	public static int PASSWORD_ENCODING;
! 	
! 	static {
! 		Properties props = new Properties(); 
! 		try {
! 			props.load(
! 					User.class.getClassLoader().getResourceAsStream("org/exist/security/security.properties")
! 			);
! 		} catch (IOException e) {
! 		}
! 		String encoding = props.getProperty("passwords.encoding", "md5");
! 		if(encoding != null) {
! 			if(encoding.equalsIgnoreCase("plain"))
! 				PASSWORD_ENCODING = PLAIN_ENCODING;
! 			else if(encoding.equalsIgnoreCase("md5"))
! 				PASSWORD_ENCODING = MD5_ENCODING;
! 			else
! 				PASSWORD_ENCODING = SIMPLE_MD5_ENCODING;
! 		}
! 	}
! 	
      private ArrayList groups = new ArrayList( 2 );
      private String password = null;
***************
*** 33,37 ****
      private String home = null;
  
- 
      /**
       *  Create a new user with name and password
--- 60,63 ----
***************
*** 180,184 ****
       */
      public final void setPassword( String passwd ) {
!         this.password = ( passwd == null ? null : MD5.md( passwd ) );
      }
  
--- 206,210 ----
       */
      public final void setPassword( String passwd ) {
!         this.password = ( passwd == null ? null : digest( passwd ) );
      }
  
***************
*** 193,202 ****
      }
  
! 
!     /**
!      *  Description of the Method
!      *
!      *@return    Description of the Return Value
!      */
      public final String toString() {
          StringBuffer buf = new StringBuffer();
--- 219,234 ----
      }
  
!     public final String digest(String passwd) {
!     	switch(PASSWORD_ENCODING) {
!     		case PLAIN_ENCODING:
!     			return passwd;
!     		case MD5_ENCODING:
!     			return MD5.md(user + ":exist:" + passwd);
!     		default:
!     			return MD5.md(passwd);
!     	}
!     	
!     }
!     
      public final String toString() {
          StringBuffer buf = new StringBuffer();
***************
*** 234,238 ****
          if ( passwd == null )
              return false;
!         return MD5.md( passwd ).equals( password );
      }
      
--- 266,270 ----
          if ( passwd == null )
              return false;
!         return digest( passwd ).equals( password );
      }
      

Index: MD5.java
===================================================================
RCS file: /cvsroot/exist/eXist-1.0/src/org/exist/security/MD5.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** MD5.java	21 Jan 2003 13:29:46 -0000	1.1
--- MD5.java	23 Apr 2004 13:07:43 -0000	1.2
***************
*** 5,16 ****
  import java.security.NoSuchAlgorithmException;
  
! import org.apache.log4j.Category;
  
- /**
-  *  Description of the Class
-  *
-  *@author     Wolfgang Meier <me...@if...>
-  *@created    20. August 2002
-  */
  public class MD5 {
  
--- 5,10 ----
  import java.security.NoSuchAlgorithmException;
  
! import org.apache.log4j.Logger;
  
  public class MD5 {
  
***************
*** 18,29 ****
              "8", "9", "a", "b", "c", "d", "e", "f"};
  
!     private static final Category LOG = Category.getInstance(MD5.class.getName());
  
-     /**
-      *  Description of the Method
-      *
-      *@param  passwd  Description of the Parameter
-      *@return         Description of the Return Value
-      */
      public static String md( String passwd ) {
          MessageDigest md5 = null;
--- 12,17 ----
              "8", "9", "a", "b", "c", "d", "e", "f"};
  
!     private static final Logger LOG = Logger.getLogger(MD5.class);
  
      public static String md( String passwd ) {
          MessageDigest md5 = null;
***************
*** 56,65 ****
  
  
-     /**
-      *  Description of the Method
-      *
-      *@param  b  Description of the Parameter
-      *@return    Description of the Return Value
-      */
      public static String byteArrayToHex( byte[] b ) {
          StringBuffer buf = new StringBuffer( b.length * 2 );
--- 44,47 ----

--- NEW FILE: security.properties ---
# How will passwords be stored in /db/system/users.xml
# Possible values are md5, simple-md5, plain
#
# The default should be md5 (required if you want to 
# use WebDAV with digest authentication).
#
# simple-md5 is used for backwards-compatibility with earlier
# versions of eXist. If you users have been registered with a
# version before April 22, 2004, use simple-md5. Otherwise,
# the database will not recognize the old passwords.

passwords.encoding=md5
Index: SecurityManager.java
===================================================================
RCS file: /cvsroot/exist/eXist-1.0/src/org/exist/security/SecurityManager.java,v
retrieving revision 1.16
retrieving revision 1.17
diff -C2 -d -r1.16 -r1.17
*** SecurityManager.java	14 Apr 2004 12:17:24 -0000	1.16
--- SecurityManager.java	23 Apr 2004 13:07:43 -0000	1.17
***************
*** 26,30 ****
  import java.util.Iterator;
  
! import org.apache.log4j.Category;
  import org.exist.EXistException;
  import org.exist.collections.Collection;
--- 26,30 ----
  import java.util.Iterator;
  
! import org.apache.log4j.Logger;
  import org.exist.EXistException;
  import org.exist.collections.Collection;
***************
*** 60,66 ****
  	public final static String GUEST_USER = "guest";
  	public final static String SYSTEM = "/db/system";
! 
! 	private final static Category LOG =
! 		Category.getInstance(SecurityManager.class.getName());
  
  	private BrokerPool pool;
--- 60,66 ----
  	public final static String GUEST_USER = "guest";
  	public final static String SYSTEM = "/db/system";
! 	
! 	private final static Logger LOG =
! 		Logger.getLogger(SecurityManager.class);
  
  	private BrokerPool pool;
***************
*** 69,73 ****
  	private int nextUserId = 0;
  	private int nextGroupId = 0;
! 
  	private BrokerPool brokerPool;
  
--- 69,73 ----
  	private int nextUserId = 0;
  	private int nextGroupId = 0;
! 	
  	private BrokerPool brokerPool;
  
***************
*** 83,88 ****
  	public SecurityManager(BrokerPool pool, DBBroker sysBroker) {
  		this.pool = pool;
  		DBBroker broker = sysBroker;
- 
  		try {
  			Collection sysCollection = broker.getCollection(SYSTEM);
--- 83,88 ----
  	public SecurityManager(BrokerPool pool, DBBroker sysBroker) {
  		this.pool = pool;
+ 		
  		DBBroker broker = sysBroker;
  		try {
  			Collection sysCollection = broker.getCollection(SYSTEM);