From d60ca0a6201eb45afb0f98b204a4192270414d68 Mon Sep 17 00:00:00 2001
From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Wed, 1 Jul 2009 22:13:33 +0000
Subject: [PATCH] Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=37984
 Strip {MD5} as well as {SHA} from digested passwords

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@790405 13f79535-47bb-0310-9956-ffa450edef68
---
 java/org/apache/catalina/realm/JNDIRealm.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
index 2206e435f..f1c95fd1e 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -1419,10 +1419,10 @@ public class JNDIRealm extends RealmBase {
 
         boolean validated = false;
         if (hasMessageDigest()) {
-            // iPlanet support if the values starts with {SHA1}
+            // Some directories prefix the password with the hash type
             // The string is in a format compatible with Base64.encode not
             // the Hex encoding of the parent class.
-            if (password.startsWith("{SHA}")) {
+            if (password.startsWith("{MD5}") || password.startsWith("{SHA}")) {
                 /* sync since super.digest() does this same thing */
                 synchronized (this) {
                     password = password.substring(5);
-- 
2.11.0