Details
-
Bug
-
Status: Closed
-
Resolution: Fixed
-
7.2.X, 7.3.X, Master
-
7.3.x, 7.2.x
-
Committed
-
13
-
3
Description
Description
The LDAP Password Compare method does not work when the Password Encryption Algorithm is set to None. This is due to a faulty null-check in the code, which causes Liferay to use the default Password Encryption Algorithm (as specified by the portal property "passwords.encryption.algorithm") rather than using no Password Encryption algorithm. So, Liferay incorrectly treats the password from LDAP as though it had been encrypted with the default Password Encryption Algorithm, when it, in fact, had not been. This causes errors when trying to log in.
Steps to Reproduce
1. Set up an LDAP instance with the users' passwords stored unencrypted.
2. Start up Liferay and log in as the admin user.
3. Navigate to Control Panel > Instance Settings > User Authentication > General.
4. Change the How do users authenticate? to "By Screen Name" and click the Save button.
5. Navigate to Control Panel > Instance Settings > LDAP > General.
6. Check the Enabled and Required boxes.
7. Change the Method to "Password Compare".
8. Click the Save button.
9. Navigate to Control Panel > Instance Settings > LDAP > Import.
10. Check the Enable Import and Enable Import on Startup boxes.
11. Uncheck the Enable User Password on Import box.
12. Click the Save button.
13. Navigate to Control Panel > Instance Settings > LDAP > Servers.
14. Add a server configuration to connect to your LDAP instance.
15. Restart the DXP bundle to trigger the import.
16. Attempt to log in as one of the LDAP users.
Expected Result: The LDAP user can log in
Actual Result: The LDAP user is unable to log in, and the following stack trace appears in the logs:
2021-09-09 14:58:07.145 ERROR [http-nio-8080-exec-5][LDAPAuth:429] Problem accessing LDAP server com.liferay.portal.kernel.exception.PwdEncryptorException: String index out of range: 5 at com.liferay.portal.security.pwd.PBKDF2PasswordEncryptor.encrypt(PBKDF2PasswordEncryptor.java:90) at com.liferay.portal.security.pwd.CompositePasswordEncryptor.encrypt(CompositePasswordEncryptor.java:110) at com.liferay.portal.security.ldap.internal.authenticator.LDAPAuth.authenticate(LDAPAuth.java:253) at com.liferay.portal.security.ldap.internal.authenticator.LDAPAuth.authenticate(LDAPAuth.java:349) at com.liferay.portal.security.ldap.internal.authenticator.LDAPAuth.authenticateAgainstPreferredLDAPServer(LDAPAuth.java:548) at com.liferay.portal.security.ldap.internal.authenticator.LDAPAuth.authenticate(LDAPAuth.java:467) at com.liferay.portal.security.ldap.internal.authenticator.LDAPAuth.authenticateByScreenName(LDAPAuth.java:112) at com.liferay.portal.security.auth.AuthPipeline._authenticate(AuthPipeline.java:150) at com.liferay.portal.security.auth.AuthPipeline.authenticateByScreenName(AuthPipeline.java:49) at com.liferay.portal.service.impl.UserLocalServiceImpl.authenticate(UserLocalServiceImpl.java:5638) at com.liferay.portal.service.impl.UserLocalServiceImpl.authenticateByScreenName(UserLocalServiceImpl.java:1316) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.liferay.portal.kernel.bean.ClassLoaderBeanHandler.invoke(ClassLoaderBeanHandler.java:66) at com.sun.proxy.$Proxy701.authenticateByScreenName(Unknown Source) at com.liferay.portal.kernel.service.UserLocalServiceWrapper.authenticateByScreenName(UserLocalServiceWrapper.java:499) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.liferay.portal.kernel.bean.ClassLoaderBeanHandler.invoke(ClassLoaderBeanHandler.java:66) at com.sun.proxy.$Proxy702.authenticateByScreenName(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.liferay.portal.spring.aop.AopMethodInvocationImpl.proceed(AopMethodInvocationImpl.java:50) at com.liferay.portal.spring.transaction.TransactionInterceptor.invoke(TransactionInterceptor.java:69) at com.liferay.portal.spring.aop.AopMethodInvocationImpl.proceed(AopMethodInvocationImpl.java:57) at com.liferay.portal.spring.aop.AopInvocationHandler.invoke(AopInvocationHandler.java:49) at com.sun.proxy.$Proxy38.authenticateByScreenName(Unknown Source) at com.liferay.portal.kernel.service.UserLocalServiceUtil.authenticateByScreenName(UserLocalServiceUtil.java:454) at com.liferay.portal.security.auth.session.AuthenticatedSessionManagerImpl._getAuthenticatedUser(AuthenticatedSessionManagerImpl.java:496) at com.liferay.portal.security.auth.session.AuthenticatedSessionManagerImpl.login(AuthenticatedSessionManagerImpl.java:137) at com.liferay.login.web.internal.portlet.action.LoginMVCActionCommand.login(LoginMVCActionCommand.java:209) at com.liferay.login.web.internal.portlet.action.LoginMVCActionCommand.doProcessAction(LoginMVCActionCommand.java:99) at com.liferay.portal.kernel.portlet.bridges.mvc.BaseMVCActionCommand.processAction(BaseMVCActionCommand.java:61) at com.liferay.portal.kernel.portlet.bridges.mvc.MVCPortlet.callActionMethod(MVCPortlet.java:378) at com.liferay.portal.kernel.portlet.LiferayPortlet.processAction(LiferayPortlet.java:88) at com.liferay.portal.kernel.portlet.bridges.mvc.MVCPortlet.processAction(MVCPortlet.java:260) at com.liferay.portlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:77) at com.liferay.portal.kernel.portlet.PortletFilterUtil.doFilter(PortletFilterUtil.java:50) at com.liferay.portal.kernel.servlet.PortletServlet.service(PortletServlet.java:115) at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) at org.eclipse.equinox.http.servlet.internal.registration.EndpointRegistration.service(EndpointRegistration.java:153) at org.eclipse.equinox.http.servlet.internal.servlet.ResponseStateHandler.processRequest(ResponseStateHandler.java:62) at org.eclipse.equinox.http.servlet.internal.context.DispatchTargets.doDispatch(DispatchTargets.java:120) at org.eclipse.equinox.http.servlet.internal.servlet.RequestDispatcherAdaptor.include(RequestDispatcherAdaptor.java:48) at com.liferay.portlet.internal.InvokerPortletImpl.invoke(InvokerPortletImpl.java:587) at com.liferay.portlet.internal.InvokerPortletImpl.invokeAction(InvokerPortletImpl.java:630) at com.liferay.portlet.internal.InvokerPortletImpl.processAction(InvokerPortletImpl.java:304) at com.liferay.portal.monitoring.internal.portlet.MonitoringInvokerPortlet.processAction(MonitoringInvokerPortlet.java:213) at com.liferay.portlet.internal.PortletContainerImpl._processAction(PortletContainerImpl.java:521) at com.liferay.portlet.internal.PortletContainerImpl.lambda$processAction$0(PortletContainerImpl.java:150) at com.liferay.portlet.internal.PortletContainerImpl._preserveGroupIds(PortletContainerImpl.java:425) at com.liferay.portlet.internal.PortletContainerImpl.processAction(PortletContainerImpl.java:143) at com.liferay.portlet.SecurityPortletContainerWrapper.processAction(SecurityPortletContainerWrapper.java:93) at com.liferay.portlet.RestrictPortletContainerWrapper.processAction(RestrictPortletContainerWrapper.java:76) at com.liferay.portal.kernel.portlet.PortletContainerUtil.processAction(PortletContainerUtil.java:118) at com.liferay.portal.action.LayoutAction.processLayout(LayoutAction.java:367) at com.liferay.portal.action.LayoutAction.execute(LayoutAction.java:173) at com.liferay.portal.struts.PortalRequestProcessor._process(PortalRequestProcessor.java:415) at com.liferay.portal.struts.PortalRequestProcessor.process(PortalRequestProcessor.java:155) at com.liferay.portal.internal.servlet.MainServlet.doPost(MainServlet.java:216) at javax.servlet.http.HttpServlet.service(HttpServlet.java:652) at com.liferay.portal.internal.servlet.MainServlet.service(MainServlet.java:623) at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:124) at com.liferay.portal.servlet.filters.password.modified.PasswordModifiedFilter.processFilter(PasswordModifiedFilter.java:62) at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:215) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:116) at com.liferay.portal.servlet.filters.lockout.LockoutFilter.processFilter(LockoutFilter.java:58) at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:215) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:116) at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:147) at com.liferay.portal.servlet.filters.secure.BaseAuthFilter.processFilter(BaseAuthFilter.java:357) at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:215) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:116) at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:147) at com.liferay.portal.monitoring.internal.servlet.filter.MonitoringFilter.processFilter(MonitoringFilter.java:183) at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:215) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:116) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:104) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:710) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:457) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:384) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:312) at com.liferay.friendly.url.internal.servlet.FriendlyURLServlet.service(FriendlyURLServlet.java:419) at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) at com.liferay.portal.servlet.ServletAdapter.service(ServletAdapter.java:99) at javax.servlet.http.HttpServlet.service(HttpServlet.java:733) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:124) at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:147) at com.liferay.portal.servlet.filters.i18n.I18nFilter.processFilter(I18nFilter.java:368) at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:215) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:116) at com.liferay.portal.servlet.filters.password.modified.PasswordModifiedFilter.processFilter(PasswordModifiedFilter.java:62) at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:215) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:116) at com.liferay.portal.servlet.filters.lockout.LockoutFilter.processFilter(LockoutFilter.java:58) at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:215) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:116) at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:147) at com.liferay.portal.servlet.filters.secure.BaseAuthFilter.processFilter(BaseAuthFilter.java:357) at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:215) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:116) at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:147) at com.liferay.portal.servlet.filters.etag.ETagFilter.processFilter(ETagFilter.java:87) at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:215) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:116) at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:147) at com.liferay.portal.servlet.filters.autologin.AutoLoginFilter.processFilter(AutoLoginFilter.java:265) at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:215) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:116) at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:147) at com.liferay.portal.sharepoint.SharepointFilter.processFilter(SharepointFilter.java:88) at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:215) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:116) at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:147) at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.processFilter(VirtualHostFilter.java:270) at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:215) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:116) at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:147) at com.liferay.portal.monitoring.internal.servlet.filter.MonitoringFilter.processFilter(MonitoringFilter.java:183) at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:215) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:116) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:196) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:99) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:196) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:99) at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176) at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92) at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389) at com.liferay.portal.servlet.filters.urlrewrite.UrlRewriteFilter.processFilter(UrlRewriteFilter.java:65) at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:215) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:116) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:175) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:99) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:175) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:99) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:196) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:99) at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:104) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:346) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:887) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1684) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.StringIndexOutOfBoundsException: String index out of range: 5 at java.lang.String.charAt(String.java:658) at com.liferay.portal.kernel.util.Base64._decode(Base64.java:165) at com.liferay.portal.kernel.util.Base64.decode(Base64.java:33) at com.liferay.portal.security.pwd.PBKDF2PasswordEncryptor$PBKDF2EncryptionConfiguration.configure(PBKDF2PasswordEncryptor.java:128) at com.liferay.portal.security.pwd.PBKDF2PasswordEncryptor.encrypt(PBKDF2PasswordEncryptor.java:54) ... 190 more