• Dave Cridland's avatar
    OF-1278 Do not be such an idiot while recursing (#751) · 166b17c3
    Dave Cridland authored
    * OF-1278 Recurse more sensibly in SCRAM code
    
    Previously, we called setPassword if (and only if) there was a plaintext password present AND the configuration was for SCRAM hashed passwords only.
    
    However, we would then retest to see if there was a salt present, and then recurse, if there was a plaintext password present.
    
    This meant that if there were pre-existing users (with only plaintext or encrypted passwords) but with no SCRAM information, and the userInfo.salt was unset, recursion would continue indefinitely.
    
    * OF-1278 Recurse more sensibly in SCRAM code
    
    This patch further proofs against infinite recursion, and is more aggressive about SCRAMming pre-existing users.
    
    Recursion is now prevented from being more than one deep, as designed.
    166b17c3
Name
Last commit
Last update
..
AuthFactory.java Loading commit data...
AuthProvider.java Loading commit data...
AuthProviderMapper.java Loading commit data...
AuthToken.java Loading commit data...
AuthorizationBasedAuthProviderMapper.java Loading commit data...
AuthorizationManager.java Loading commit data...
AuthorizationMapping.java Loading commit data...
AuthorizationPolicy.java Loading commit data...
ConnectionException.java Loading commit data...
DefaultAuthProvider.java Loading commit data...
DefaultAuthorizationMapping.java Loading commit data...
DefaultAuthorizationPolicy.java Loading commit data...
HybridAuthProvider.java Loading commit data...
InternalUnauthenticatedException.java Loading commit data...
JDBCAuthProvider.java Loading commit data...
MappedAuthProvider.java Loading commit data...
NativeAuthProvider.java Loading commit data...
POP3AuthProvider.java Loading commit data...
ScramUtils.java Loading commit data...
UnauthenticatedException.java Loading commit data...
UnauthorizedException.java Loading commit data...
package-info.java Loading commit data...