694a694860
pbkdf2: fix encoding issue when converting byte[] to String
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 814e5574dc
2015-02-28 00:44:20 +05:30
8829a0d4a7
plugins: fix version to fix build
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2015-02-27 16:20:27 +05:30
6f4db0ce4b
CLOUDSTACK-5237: Add a default PBKDF2-SHA-256 based authenticator
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 9533c54db6
2015-02-27 15:53:58 +05:30
008911d4b1
CLOUDSTACK-8195: Don't break IdP, return metadata XML
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 1172867df0
2015-02-03 17:05:29 +05:30
552f2ae60c
CLOUDSTACK-8191: SAML users should have their own accounts
...
(cherry picked from commit 876c78fe1b
2015-02-02 19:58:10 +05:30
b7b3a4fb3c
CLOUDSTACK-8037: Require signed AuthnRequest, adds more security
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 6bec69844d
2015-01-14 02:43:48 +05:30
1a7f76ac77
CLOUDSTACK-8037: Fix attribute detection, tested to work with onelogin.com
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 23de431f96
2015-01-12 19:41:10 +05:30
aaf6a34c54
CLOUDSTACK-8035: Generate and store X509Cert and reuse this for SAML
...
The fix generates X509Certificate if missing from DB and uses that for eternity.
SAML SP metadata remains same since it's using the same X509 certificate and
it remains same after restarts. The certificate is serialized, base64 encoded
and stored in the keystore table under a specific name. For reading, it's
retrieved, base64 decoded and deserialized.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 4358714381
2015-01-12 16:49:49 +05:30
173710d5b4
CLOUDSTACK-8037: URL encode cookie values with UTF8 as per version 1
...
As per Version 1 cookies, certain characters are now allowed such as space,
colons etc but they should be url encoded using UTF8 encoding. The frontend
has a cookie value unboxing method that removes any double quotes that are added.
As per the doc http://download.oracle.com/javase/6/docs/api/java/net/URLEncoder.html
values are application/x-www-form-urlencoded and as per
http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4 whitespaces are encoded
as +, therefore '+' are replaced by %20 (whitespace).
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 734bd70173
2015-01-12 14:03:09 +05:30
0b94f254e8
CLOUDSTACK-8034: Hash user IDs for SAML authentication
...
The User table's UUID column is restricted to 40 chars only, since we don't
know how long the nameID/userID of a SAML authenticated user will be - the fix
hashes that user ID and takes a substring of length 40 chars. For hashing,
SHA256 is used which returns a 64 char length string.
- Fix tests, add test cases
- Improve checkSAMLUser method
- Use SHA256 one way hashing to create unique UUID for SAML users
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit b2b496288d
2015-01-12 13:37:51 +05:30
ec32ea30f7
Housekeeping, properly declare required maven version and update build plugin versions to recent versions
2015-01-06 11:58:58 +01:00
4bd49df3f5
Use InetAddress for passing Remote Address instead of String
2014-11-21 12:10:35 +01:00
6766b6c6e4
Merge branch '4.5'
2014-11-06 09:46:30 +05:30
d969364daf
Fixed coverity issue
...
CID 11461 (#1 of 1): DLS: Dead local store (FB.DLS_DEAD_LOCAL_STORE)
2014-11-06 09:38:22 +05:30
f543d86eff
saml: Use camelCase api names for SAML login/logout apis
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-10-31 01:24:39 +05:30
cd52bed477
saml: Use camelCase api names for SAML login/logout apis
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 85c0bd68ae8a76c231ab402dd0311e3672155f71)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-10-31 00:32:29 +05:30
4ebaf0a583
Bump master version to 4.6.0-SNAPSHOT after branching 4.5.0-SNAPSHOT
2014-10-29 14:54:23 +01:00
fecc6b6e48
SAML2LoginAPIAuthenticatorCmd: Don't support HTTP artifact binding
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-09-12 16:47:40 +02:00
394e6130e0
SAML2LoginAPIAuthenticatorCmd: add signature on redirect url
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-09-12 16:31:16 +02:00
67f97df00f
GetServiceProviderMetaDataCmd: in metadata use SP's own X509 certs
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-09-12 16:30:52 +02:00
5e947e2b24
SAML2AuthManagerImpl: create or load keystore dao
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-09-12 16:28:02 +02:00
aaa4b60b23
SAML2AuthManager: add new methods to the interface
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-09-12 16:27:11 +02:00
f144081958
saml2: WIP X509 certificate auth stuff
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit f7d409e0f4d2b6f56ec82ae339eff5f477e4a832)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-09-12 14:31:21 +02:00
aeec24b2ca
SAMLMetaDataResponse: this should extend AuthenticationCmdResponse
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-09-12 13:58:39 +02:00
8929d74519
SAML2UserAuthenticatorTest: Fix test, make sure encoded password length > 0
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-09-10 14:24:03 +02:00
dc3f0cbc63
Improve the handling of the findbug exclude files
2014-09-03 10:41:22 +02:00
33a249e77a
CLOUDSTACK-7455: Fix possible case for NPE
...
NPE can happen if Spring fails to inject api authenticator, so better check
and set list of commands if the authenticator is not null or returning null cmds
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-31 14:42:18 +02:00
550762a0dc
SAMLUtils: fix signature, refactor generateRandomX509Certificate
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-30 21:37:55 +02:00
784288eaab
SAML2AuthManagerImpl: let the component return true on start
...
- Return super.true() even if plugin is not enabled
- Return empty list when getCommands is called
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-30 14:32:54 +02:00
81608afee1
SAML2LoginAPIAuthenticatorCmdTest: Add missing license
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 20:06:38 +02:00
6eae9b8596
saml: disable plugin by default and don't initiate if not enabled
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 19:49:48 +02:00
aa02e30e95
saml: fix tests and update method signature that generates random certs
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 19:45:27 +02:00
0402f68b12
SAML2LogoutAPIAuthenticatorCmd: if session is null, redirect to login page
...
If session is null, probably logout (local) happened removing the name id and
session index which is needed for global logout. The limitation by design is that
local logout will void possibility of global logout. To globally logout, one
use the SLO api which would logout locally as well.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 19:45:26 +02:00
de4e74b2b4
saml: Add unit tests for saml plugin
...
- Fixes signatures on plugin manager for ease of testing
- Fixes authenticator
- Adds unit testing for getType and authenticate methods for all cmd classes
- Adds SAMLAuthenticator test
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 19:45:26 +02:00
15fdc1744c
SAML2LogoutAPIAuthenticatorCmd: check logout response and redirect to UI
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 19:45:26 +02:00
8dc50927f9
saml: use SAML_RESPONSE from SAMLUtils
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 19:45:26 +02:00
ad13d3d747
SAML2UserAuthenticator: check that request params has SAMLResponse
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 19:45:26 +02:00
7ee4176c7a
SAML2LogoutAPIAuthenticatorCmd: implement single log out
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 19:45:25 +02:00
b1946e8c13
SAML2LoginAPIAuthenticatorCmd: store nameid and session index in user's session
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 19:45:25 +02:00
b401828aef
saml: use values from config for user account, domain and redirected url
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 19:45:25 +02:00
a13da8f9e0
saml2: Add GetServiceProviderMetaDataCmd that returns SP metadata XML
...
This adds GetServiceProviderMetaDataCmd which returns SP metadata XML, since
this information should be public for IdPs to discover, we implement this as a
login/cmd api so this does not require any kind of authentication to GET this
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 19:45:24 +02:00
7687b7311a
saml: Implement logic to check response against X509 keys
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 19:45:24 +02:00
47ccce85a1
api: add method to pass on api authenticators to cmd classes
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 19:45:24 +02:00
06e909923a
saml: Have the plugin use IDP metadata from URL, get values from Config
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 19:45:24 +02:00
37961ebdd8
saml: Implement SAML2AuthManager interface
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 19:45:23 +02:00
d45b303569
saml2: Fix plugin after refactoring
...
- Use opensaml version from root pom
- Add utils and api as explicit dependency
- Add org.apache.cloudstack.saml.SAML2AuthServiceImpl bean
- Fix imports in all source files and resource xmls
- Use methods available from SAMLUtils to encode/decode SAML request/response
- SAML logout api is not the global logout api
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 19:45:23 +02:00
4422fdd9ad
saml2: Implement SAML2AuthServiceImpl which is a PluggableAPIAuthenticator
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 19:45:23 +02:00
68e094ebaf
saml: move refactor files from server to api module
...
- Move interfaces and classes from server to api module
- This can be then used for pluggable api authenticators
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-28 19:45:22 +02:00
14f3ad55ec
Fixed CLOUDSTACK-7374: added PaginationControl while querying ldap users
2014-08-20 15:58:08 +05:30
6a8f8317fd
CLOUDSTACK-7361: Fix SAML2UserAuthenticator to not let every login credential
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-18 11:41:32 +02:00
a6a63dd2d3
saml2: add opensaml as dependency
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-12 12:01:29 +02:00
c35f704f21
saml2: add spring security saml2 extension 1.0.0.RELEASE
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-12 12:01:29 +02:00
c4f200265b
CLOUDSTACK-7083: Add SAML2 SSO plugin skeleton and stub
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-08-12 12:01:28 +02:00
736ff5f8e5
Fixed CLOUDSTACK-7303 [LDAP] while importing ldap users, update the user info if it already exists in cloudstack
2014-08-11 17:54:31 +05:30
fca41bf527
Fixed bug: CLOUDSTACK-7214 added a config for ldap connection read timeout.
2014-08-01 16:32:45 +05:30
f7c664fc2e
Revert "Fixed bug: CLOUDSTACK-7214 added a config for ldap connection read timeout."
...
This reverts commit cd2f27a662
2014-08-01 11:20:20 +05:30
cd2f27a662
Fixed bug: CLOUDSTACK-7214 added a config for ldap connection read timeout.
2014-07-31 17:33:18 +05:30
5fa2d1c7ca
Fixed Bug: CLOUDSTACK-7200 [LDAP] importUsersCmd for a group fails incase any member of a group is not an user
2014-07-30 12:02:24 +05:30
97d296bfbd
Fixed Coverity reported performance issues like inefficient string concatenations, wrong boxing or unboxing types, inefficent map element retrievals
...
Signed-off-by: Daan Hoogland <daan@onecht.net>
2014-07-01 22:06:25 +02:00
f4779b4d0c
Fixed CLOUDSTACK-6509 Cannot import multiple LDAP/AD users into a cloudstack account
...
Conflicts:
api/src/com/cloud/user/AccountService.java
plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccountCmd.java
plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapImportUsersCmd.java
Signed-off-by: Koushik Das <koushik@apache.org>
2014-04-29 14:49:06 +05:30
baadf930fb
checkstyle fix for commit 8e2e8e5e8a
...
improved ldap logging. added stacktrace in debug level incase of exceptions.
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2014-04-24 17:30:12 +05:30
a92610d277
improved ldap logging. added stacktrace in debug level incase of exceptions.
...
Conflicts:
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2014-04-24 16:47:52 +05:30
b54ae73917
Fixing rat failure
2014-04-21 14:32:00 +05:30
54cfc2c2b1
md5 authenticator test
...
Signed-off-by: Laszlo Hornyak <laszlo.hornyak@gmail.com>
2014-04-21 10:25:16 +02:00
8b62b2cb92
findbugs: exclude known spiffy hacks a.k.a. false positives
2014-03-28 14:28:10 +01:00
4402685e11
Update master to 4.5.0-SNAPSHOT
2014-03-14 14:55:26 +01:00
99bdc8d875
Merge branch 'master' into rbac.
2014-03-13 11:05:03 -07:00
4552ec6322
Fixed CLOUDSTACK-6210 LDAP:listLdapUsers api throws exception when we click on "Add LDAP Account" This occurs when ldap basedn is not configured. Throwing an IAE and a proper message is returned from the api call
...
Signed-off-by: Ian Duffy <ian@ianduffy.ie>
2014-03-07 16:57:13 +00:00
48e08fe676
Merge branch 'master' into rbac.
2014-03-06 14:02:20 -08:00
b0c6d47347
- Updated APICommand annotation to add new flags that indicate if API request or response carry sensitive info - Updated all API classes with the new annotation flag values as per the API's sensitivity - Updated server code to check response annotation before audit logging
...
Signed-off-by: Daan Hoogland <daan@onecht.net>
(cherry picked from commit df270d6387c362b960064ee5123c14782e767a19)
Signed-off-by: Daan Hoogland <daan@onecht.net>
2014-02-25 22:59:10 +01:00
33cd1ab921
Merge branch 'master' into rbac
2014-01-22 11:23:51 -08:00
202c18243b
Fixed unittest
2014-01-21 20:05:16 -08:00
ab627bc767
Changed "authenticate" method to return both - result of authentication, and action to perform when authentication failed - to the accountManagerImpl. Only if authenicators request INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT, the incorrect_login_attempts parameter will be increased
...
Signed-off-by: Alena Prokharchyk <alena.prokharchyk@citrix.com>
2014-01-21 17:45:53 -08:00
929fbabaa2
Merge branch 'master' into rbac.
2014-01-17 14:37:08 -08:00
b61f0a74ca
Centralize all eclipse m2e excludes in the main pom.xml
2014-01-14 09:39:42 +01:00
001e67ab02
Revert "CLOUDSTACK-5435 enabled encryption for ldap params"
...
This reverts commit 1d5051f60e
2014-01-09 15:50:53 +05:30
c2baed665b
Moved the check-style.xml into the tools directory given that we're not using the project to reference the style any longer. Fixed problems with eclipse complaining about copy-dependencies
2013-12-20 17:21:34 -08:00
1d5051f60e
CLOUDSTACK-5435 enabled encryption for ldap params
2013-12-13 17:44:24 +05:30
d2922b9254
Separate ListAccounts cmd to use two different views.
2013-12-12 17:52:45 -08:00
be5e5cc641
All Checkstyle problems corrected
2013-12-12 12:26:07 -08:00
db8f83d71b
CLOUDSTACK-5375 :ldapconfig and ldapRemove api's are not working Added support for 4.2 ldap apis
...
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2013-12-11 15:30:03 +05:30
2774b62d64
Fixing bugs from Coverity related to Dereferenced Null after check and as return value.
...
Signed-off-by: Daan Hoogland <daan@onecht.net>
2013-11-27 11:18:00 +01:00
433a631916
Reformat of source code to set a stable base for the future. I couldn't get checkstyle enabled. There's still about a thousand errors from checkstyle. Most of it from length errors from comments and strings. Will attempt to remove those tonight. This change is so large I just want to get it in before any merge nightmares. The changes are fairly minor though and I did a full compile and start a server with the reformat code.
2013-11-21 07:56:47 -08:00
cf715ff491
Bump 4.3.0 to 4.4.0 in master
2013-11-21 16:01:15 +01:00
d620df2bdd
Reformatted all of the code.
2013-11-21 06:15:26 -08:00
224f479974
Removed trailing spaces
2013-11-21 04:08:01 -08:00
8d62744681
Reformat all source code. Added checkstyle to check the source code
2013-11-20 07:26:53 -08:00
31758ed8d0
Fix codestyle/formatting within plugins/userauthenticators/ldap
2013-11-20 14:00:08 +01:00
917ea33ba9
added LDAP group name label in add account wizard
...
changed the parameter for domain in api importLdapUser from name to UUID
improved error handling
2013-11-20 13:57:41 +01:00
d17a8f8b11
Get rid of some errors and warnings in the plugins user-authenticators ldap sources
2013-11-04 20:01:13 +01:00
b436a82392
added group and domain params to importLdapUsers api call
...
Signed-off-by: Ian Duffy <ian@ianduffy.ie>
2013-10-31 22:06:32 +00:00
9d2271d115
Revert "fixed m2eclipse error" because it breaks packaging
...
This reverts commit 5bcd8280fd
2013-10-30 20:17:59 +01:00
5bcd8280fd
fixed m2eclipse error
2013-10-29 15:20:49 -07:00
9300d4a3ba
Added an api call to import all the ldap users to the same domains(ou's) in cloudstack
...
TODO:
1. error handling of no domains present, nested hierarchy
2. handling the case when the api call fails for a specific user/users
3. test cases for LdapUserManager
Signed-off-by: Ian Duffy <ian@ianduffy.ie>
2013-10-29 09:04:33 +00:00
891b85d516
Add missing licenses
2013-10-23 15:20:08 -07:00
67186429e1
Spring Modularization
...
ACS is now comprised of a hierarchy of spring application contexts.
Each plugin can contribute configuration files to add to an existing
module or create it's own module.
Additionally, for the mgmt server, ACS custom AOP is no longer used
and instead we use Spring AOP to manage interceptors.
2013-10-02 15:41:04 -07:00
692535f928
Cleanup DefaultUserAuthenticator and removed masking _name variable
...
DefaultUserAuthenticator maskes the _name varible in ComponentLifecycleBase
making the setName() method not work as expected. This patch cleans up the
code such that getName() will be getClass().getSimpleName() unless
overridden in the Spring configuration.
2013-09-30 09:33:33 -07:00
c7cc79181b
Revert "Cleanup DefaultUserAuthenticator and removed masking _name variable"
...
This reverts commit 4d01ce8fc7
2013-09-20 19:33:50 +05:30
4d01ce8fc7
Cleanup DefaultUserAuthenticator and removed masking _name variable
2013-09-20 17:40:00 +05:30
9febf4c43e
Return name for getName() on LdapAuthenticator
2013-09-13 17:22:52 +01:00
2fb6ae814f
copyright
2013-09-01 23:59:53 +02:00
f1a4e9fdf5
copyrights
2013-09-01 23:49:05 +02:00
bdba0ddeed
Bring up to date with master
2013-08-31 00:25:48 +01:00
7f7035d516
Update unit tests, add filter to list all users, update ssl
...
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2013-08-12 14:49:55 +05:30
5495f10bce
Revert "Reverting the range of commits that broke the build"
...
This reverts commit b59e3aaefc
2013-08-08 15:02:40 -07:00
b59e3aaefc
Reverting the range of commits that broke the build
...
This reverts commits 30c33415..f6a2c817bc
Signed-off-by: Prasanna Santhanam <tsp@apache.org>
2013-08-08 14:46:56 +05:30
f6a2c817bc
Unit test successful. Had to comment out a timing test from Amogh
2013-08-07 16:41:06 -07:00
942f282a6e
Moved config into it's own package
2013-08-07 16:41:02 -07:00
dce3551031
CLOUDSTACK-2312, CLOUDSTACK-2314 : SHA256 timing attack and brute force attack fix
...
Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>
2013-08-07 12:15:07 -07:00
25e8e9b85f
General cleanup, source formatting, remove whitespace
...
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2013-08-02 14:20:47 +05:30
00c17add3c
Add SSL Support
...
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2013-08-02 14:20:47 +05:30
23f0187d05
Add Support for member of filter
...
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2013-08-02 14:20:47 +05:30
532e04db1a
Disable password changing when ldap is enabled
...
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2013-08-02 14:20:47 +05:30
8225374138
Updating pom.xml version numbers for release 4.3.0-SNAPSHOT
...
Signed-off-by: Chip Childers <chipchilders@apache.org>
2013-08-01 10:35:00 -04:00
ec064b3077
New LDAP UI
...
Signed-off-by: Sebastien Goasguen <runseb@gmail.com>
2013-07-29 05:58:00 -04:00
eaa4143371
Merge LDAPPlugin
...
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
2013-07-25 17:54:52 +05:30
2dbdc46337
CLOUDSTACK-1734: Make SHA1 default password encoding mechanism
...
Description:
Making SHA256SALT the default encoding algorithm to encode
passwords when creating/updating users.
Introducing a new configurable list to allow admins to
separately configure the order of preference for encoding
and authentication schemes.
Since passwords are now sent by clients as clear text,
fixing the Plain text authenticator to check against the
password passed in rather than its md5 digest.
2013-04-02 17:40:50 -07:00
80d58b6c73
CLOUDSTACK-1317: Bump CloudStack package version to 4.2.0-SNAPSHOT in all poms
...
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
2013-02-20 16:42:56 +05:30
f2b97db0f9
CLOUDSTACK-1172: LDAP enhancements
2013-02-19 15:36:39 +05:30
2a0c2be136
CLOUDSTACK-1175: PlainTextAuthenticator was being loaded due @Component annotation. Removed the annotation so that MD5 authenticator will be used
2013-02-06 15:27:03 +05:30
2be270de89
Separate loadable components like Gurus, Elements, Adapters to componentContext.xml
2013-01-16 16:33:59 -08:00
fac2270240
more files changed
2013-01-10 15:29:14 -08:00
56e5fbdee2
removed import of componentlocator and inject from all files
2013-01-10 11:44:47 -08:00
0bcb64605f
all built with the latest
2013-01-09 05:02:39 -08:00
14bd345f1f
merge compiles
2013-01-09 04:41:27 -08:00
b274c570f9
Cleanup places that use explicit wiring of the components
2013-01-08 17:45:33 -08:00
cf8de7ee17
Removed all the .project files
2013-01-08 14:11:00 -08:00
30f2565d98
Merge branch 'api_refactoring' into javelin
2013-01-08 12:36:04 -08:00
296b49c2f8
Merge branch 'master' into test-merge-api
...
Conflicts:
api/src/com/cloud/agent/api/BackupSnapshotCommand.java
api/src/com/cloud/agent/api/storage/PrimaryStorageDownloadCommand.java
api/src/com/cloud/agent/api/to/PortForwardingRuleTO.java
api/src/com/cloud/network/NetworkService.java
api/src/com/cloud/resource/ResourceService.java
api/src/org/apache/cloudstack/api/ApiConstants.java
api/src/org/apache/cloudstack/api/ResponseGenerator.java
api/src/org/apache/cloudstack/api/response/SSHKeyPairResponse.java
client/tomcatconf/commands.properties.in
core/src/com/cloud/storage/SnapshotVO.java
pom.xml
server/src/com/cloud/api/ApiDispatcher.java
server/src/com/cloud/api/ApiResponseHelper.java
server/src/com/cloud/api/ApiServer.java
server/src/com/cloud/configuration/ConfigurationManagerImpl.java
server/src/com/cloud/network/NetworkManagerImpl.java
server/src/com/cloud/network/rules/RulesManagerImpl.java
server/src/com/cloud/offerings/NetworkOfferingVO.java
server/src/com/cloud/resource/ResourceManagerImpl.java
server/src/com/cloud/upgrade/dao/Upgrade40to41.java
server/src/com/cloud/vm/UserVmManagerImpl.java
server/test/com/cloud/vpc/MockNetworkManagerImpl.java
setup/db/create-schema.sql
setup/db/db/schema-40to410.sql
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
2012-12-23 13:54:46 -08:00
2b74b6e827
Start removing the old ant build files
...
Removed all build.xml files from the plugins
2012-12-07 15:58:56 +01:00
6fc3bc3760
api_refactor: refactor vpn and vm apis
...
- Refactor VPN and VM APIs to admin and user pkgs
- Names space, org.apache.cloudstack
- Fix refactored apis in commands*.in
- Fix comments etc.
- Expand tabs, remove trailing whitespace
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
2012-12-03 21:27:02 -08:00
5edfc2760a
refactor: remove redundant imports, fix trailing chars
2012-12-03 13:54:37 -08:00
aab02e2743
Add Spring annotation to major components
2012-11-07 14:53:39 -08:00
91e68b5f2c
A bunch of .project changes again
2012-11-04 19:25:03 -08:00
713418c0aa
Fixed license headers in 2 files
...
Signed-off-by: Chip Childers <chip.childers@gmail.com>
2012-10-31 14:29:38 -04:00
bd58ceccd8
Summary: Make the authenticator responsible for encoding the password and add a SHA256 salted authenticator
...
The authenticators now have an encode function that cloudstack will use to encode the user supplied password before storing it in the database. This makes it easier to add other authenticators with other hashing algorithms. The requires a two step approach to creating the admin account at first start as the authenticators are only present in the management-server component locator.
The SHA256 salted authenticator make use of this new system and adds a hashing algorithm based on SHA256 with a salt. This type of hash is far less susceptible to rainbow table attacks.
To make use of these new features the users password will be sent over the wire just as he typed it and it will be transformed into a hash on the server and compared with the stored password. This means that the hash will not go over the wire anymore.
The default authenticator in components.xml is still set to md5 for backwards compatibility. For new installations the sha256 could be enabled.
2012-10-30 12:56:56 +01:00
f92ce72639
Correct dependency errors
2012-10-24 11:12:40 -07:00
059f605ace
add more interfaces
2012-10-22 17:50:51 -07:00
5fee891162
merge from master
2012-10-11 17:42:25 -07:00
aa6355ffe6
Updated master to 4.1.0
...
mvn release:update-versions -DautoVersionSubmodules=true -Dnonoss -P
client,deps,developer -DdevelopmentVersion=4.1.0-SNAPSHOT
2012-10-01 11:00:55 -07:00
c9aa08350a
[DOC] docbook conversion - choosing a deployment architecture
2012-09-13 16:12:06 -04:00
1d0a10c69e
Merged master over to javelin to get new poms and maven build
2012-09-05 14:31:24 -07:00
2300310243
Messaging facility initials for new architecture
2012-08-28 17:58:45 -07:00
fe8a01106b
rename cloud-plugins to cloudstack-plugins
2012-08-27 16:53:51 +02:00
a06ed5728c
remove intermediate parent poms
2012-08-27 16:43:24 +02:00
3aa469da2a
groupdId is now org.apache.cloudstack
2012-08-25 09:20:21 +02:00
5ef60aceb1
%s/tab/ws/
2012-08-25 00:03:23 +02:00
4a4007e652
Add license
2012-08-24 11:18:54 -07:00
ebc0fa458a
* Maven 3 support
...
* Pretty Format POM's
* AWS API compiles now
2012-08-24 11:18:54 -07:00
f826971fea
Maven config, initial commit
2012-08-24 11:18:52 -07:00
d06d6dae72
add maven eclipse project files from Darren
2012-08-23 17:55:20 -07:00
9a51ff3bfc
Maven worksplace fixes/patches from Darren
2012-08-23 14:26:27 -07:00
2f6cc4b0cb
Add license
2012-08-23 14:26:26 -07:00
ad54ed1790
* Maven 3 support
...
* Pretty Format POM's
* AWS API compiles now
2012-08-23 14:26:26 -07:00
b8e95e435f
Maven config, initial commit
2012-08-23 14:26:25 -07:00
3eda2b8c4b
Remove @author tag from non third-party source files in plugins folder
2012-08-13 15:04:30 +08:00
3a882fa17c
License header updates for the plugins folder.
2012-08-03 09:07:43 -04:00
67bc9c819a
fixing some more license headers
2012-07-20 15:59:31 -04:00
3ceb8d5667
moving out plaintext authenticator to plugins/user-authenticators
2012-06-26 14:33:27 -07:00
eb5e02e4e1
moving out MD5 authenticator to plugins/user-authenticators
2012-06-26 14:18:42 -07:00
712565cef2
build fix: adding missing file LDAPUserAuthenticator.java
2012-06-25 21:33:16 -07:00
1a6102be1e
moving LDAP authenticator to plugins/user-authenticators/ldap
2012-06-25 19:30:00 -07:00
Rohit Yadav
Hugo Trippaers
Wido den Hollander
Rajani Karuturi
Santhosh Edukulla
Devdeep Singh
Laszlo Hornyak
Daan Hoogland
Min Chen
Mandar Barve
Alena Prokharchyk
Alex Huang
wilderrodrigues
Ian Duffy
Anthony Xu
Darren Shepherd
Darren Shepherd
Abhinandan Prateek
Daan Hoogland
Prasanna Santhanam
Amogh Vasekar
Chip Childers
Vijayendra Bhamidipati
Rohit Yadav
Kishan Kavala
Kelven Yang
Hugo Trippaers
Chip Childers
Edison Su
Kelven Yang
Jie Feng
olivier lamy
Darren Shepherd
Darren Shepherd
Mice Xia
David Nalley
Murali reddy