gplazma: don't generate a stack-trace if htaccess is malformed

Motivation: Currently, attempts by users that authenticate via an htpasswd entry that happens to be malformed trigger a stack-trace. Modification: Update behaviour so the htpasswd plugin treats such problems as a normal plugin failure. A reasonably, but terse is included in the login printer, with a more detailed error being logged directly. Result: No more stack-trace when the htpasswd file is malformed. Target: master Patch: https://rb.dcache.org/r/9370/ Acked-by: Gerd Behrmann Fixes: #2505 Request: 2.16 Request: 2.15 Request: 2.14 Request: 2.13
dCache · Jun 2, 2016 · b788188 · b788188
1 parent 72df777
commit b788188
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/modules/gplazma2-htpasswd/src/main/java/org/dcache/gplazma/htpasswd/MD5Crypt.java b/modules/gplazma2-htpasswd/src/main/java/org/dcache/gplazma/htpasswd/MD5Crypt.java
@@ -32,15 +32,22 @@
 
 package org.dcache.gplazma.htpasswd;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import java.security.MessageDigest;
 
+import org.dcache.gplazma.AuthenticationException;
+
 /**
  * This class defines a method, {@link MD5Crypt#crypt(java.lang.String, java.lang.String) crypt()},
  * which takes a password and a salt string and generates an OpenBSD/FreeBSD/Linux-compatible
  * md5-encoded password entry.
  */
 public final class MD5Crypt
 {
+    private static final Logger LOG = LoggerFactory.getLogger(MD5Crypt.class);
+
     private static final String itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
 
     private static final String to64(long v, int size)
@@ -277,16 +284,18 @@ public static final String crypt(String password, String salt, String magic)
      * @param plaintextPass The plaintext password text to test.
      * @param md5CryptText  The Apache or FreeBSD-md5Crypted hash used to authenticate the
      *                      plaintextPass.
+     * @throws AuthenticationException if the md5CryptText is badly formed.
      */
-
     public static final boolean verifyPassword(String plaintextPass, String md5CryptText)
+            throws AuthenticationException
     {
         if (md5CryptText.startsWith("$1$")) {
             return md5CryptText.equals(MD5Crypt.crypt(plaintextPass, md5CryptText));
         } else if (md5CryptText.startsWith("$apr1$")) {
             return md5CryptText.equals(MD5Crypt.apacheCrypt(plaintextPass, md5CryptText));
         } else {
-            throw new RuntimeException("Bad md5CryptText");
+            LOG.error("Bad entry in file: hash does not start '$1$' or '$apr1$': {}", md5CryptText);
+            throw new AuthenticationException("bad hash in file");
         }
     }
 }