From 98b93aeaa6bf0212267ff3c03472ee94c4f71f99 Mon Sep 17 00:00:00 2001
From: Abhi <abhinandan.prateek@citrix.com>
Date: Sat, 28 Apr 2012 12:28:44 +0530
Subject: [PATCH] bug CS-14663: accepting encoded password for MD5

---
 .../com/cloud/server/auth/MD5UserAuthenticator.java  | 12 +++++-------
 ui/scripts/sharedFunctions.js                        |  2 +-
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/server/src/com/cloud/server/auth/MD5UserAuthenticator.java b/server/src/com/cloud/server/auth/MD5UserAuthenticator.java
index 5fe70140180..b67c5fc0f92 100644
--- a/server/src/com/cloud/server/auth/MD5UserAuthenticator.java
+++ b/server/src/com/cloud/server/auth/MD5UserAuthenticator.java
@@ -11,10 +11,7 @@
 // 
 // Automatically generated by addcopyright.py at 04/02/2012
 package com.cloud.server.auth;
-
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
+
 import java.util.Map;
 
 import javax.ejb.Local;
@@ -26,7 +23,6 @@ import com.cloud.server.ManagementServer;
 import com.cloud.user.UserAccount;
 import com.cloud.user.dao.UserAccountDao;
 import com.cloud.utils.component.ComponentLocator;
-import com.cloud.utils.exception.CloudRuntimeException;
 
 /**
  * Simple UserAuthenticator that performs a MD5 hash of the password before 
@@ -50,7 +46,8 @@ public class MD5UserAuthenticator extends DefaultUserAuthenticator {
             s_logger.debug("Unable to find user with " + username + " in domain " + domainId);
             return false;
         }
-        
+        
+        /**
         MessageDigest md5;
         try {
             md5 = MessageDigest.getInstance("MD5");
@@ -68,12 +65,13 @@ public class MD5UserAuthenticator extends DefaultUserAuthenticator {
             sb.append('0');
         }
         sb.append(pwStr);
+        **/
         
         // Will: The MD5Authenticator is now a straight pass-through comparison of the
         // the passwords because we will not assume that the password passed in has
         // already been MD5 hashed.  I am keeping the above code in case this requirement changes
         // or people need examples of how to MD5 hash passwords in java.
-        if (!user.getPassword().equals(sb.toString())) {
+        if (!user.getPassword().equals(password)) {
             s_logger.debug("Password does not match");
             return false;
         }
diff --git a/ui/scripts/sharedFunctions.js b/ui/scripts/sharedFunctions.js
index ac059db4f4e..d29a97e9b74 100644
--- a/ui/scripts/sharedFunctions.js
+++ b/ui/scripts/sharedFunctions.js
@@ -33,7 +33,7 @@ var ERROR_VMOPS_ACCOUNT_ERROR = 531;
 
 // Default password is MD5 hashed.  Set the following variable to false to disable this.
 var md5Hashed = true;
-var md5HashedLogin = false;
+var md5HashedLogin = true;
 
 //page size for API call (e.g."listXXXXXXX&pagesize=N" )
 var pageSize = 20;