f47e32ec5f
cloudstack: change version to 4.3.2
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2014-12-11 19:08:36 +05:30
2a72afdc48
Revert "Revert "Bump release version to 4.3.2-SNAPSHOT and add empty db upgrade path""
...
The revert was an error, sorry about that.
- Rohit
This reverts commit 0aba9654f8
2014-11-21 18:04:33 +05:30
0aba9654f8
Revert "Bump release version to 4.3.2-SNAPSHOT and add empty db upgrade path"
...
This reverts commit c3c3bab41a
2014-11-20 20:35:45 +05:30
c3c3bab41a
Bump release version to 4.3.2-SNAPSHOT and add empty db upgrade path
...
This reverts commit e6d00bcc66
2014-11-20 14:04:43 +05:30
e6d00bcc66
Revert "Updating pom.xml version numbers for release 4.3.2-SNAPSHOT"
...
This reverts commit 063bb8f5b4
2014-11-18 16:04:33 +05:30
063bb8f5b4
Updating pom.xml version numbers for release 4.3.2-SNAPSHOT
...
Signed-off-by: Sebastien Goasguen <runseb@gmail.com>
2014-09-16 09:16:47 -04:00
41c0eaa14d
Updating pom.xml version numbers for release 4.3.1
...
Signed-off-by: Sebastien Goasguen <runseb@gmail.com>
2014-09-04 16:47:57 +02:00
a654894dbd
Updating pom.xml version numbers for release 4.3.1-SNAPSHOT
...
Signed-off-by: Sebastien Goasguen <runseb@gmail.com>
2014-08-25 09:16:27 -04:00
aa6f4dc8a7
CLOUDSTACK-5930: Changed "authenticate" method to return both - result of authentication, and action to perform when authentication failed - to the accountManagerImpl. Only if authenicators request INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT, the incorrect_login_attempts parameter will be increased
...
Signed-off-by: Alena Prokharchyk <alena.prokharchyk@citrix.com>
Conflicts:
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java
plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java
plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java
server/src/com/cloud/server/auth/UserAuthenticator.java
server/src/com/cloud/user/AccountManagerImpl.java
(cherry picked from commit f160b31f51
2014-01-22 13:07:43 -08:00
d5e0dcd2a7
Revert "Changed "authenticate" method to return both - result of authentication, and action to perform when authentication failed - to the accountManagerImpl. Only if authenicators request INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT, the incorrect_login_attempts parameter will be increased"
...
This reverts commit 7884bb8aaf
2014-01-21 19:50:46 -08:00
7884bb8aaf
Changed "authenticate" method to return both - result of authentication, and action to perform when authentication failed - to the accountManagerImpl. Only if authenicators request INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT, the incorrect_login_attempts parameter will be increased
...
Signed-off-by: Alena Prokharchyk <alena.prokharchyk@citrix.com>
Conflicts:
plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapAuthenticator.java
plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java
plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTextUserAuthenticator.java
plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256SaltedUserAuthenticator.java
server/src/com/cloud/server/auth/UserAuthenticator.java
server/src/com/cloud/user/AccountManagerImpl.java
2014-01-21 18:09:15 -08:00
70ba92fc14
Updating pom.xml version numbers for release 4.3.0
...
Signed-off-by: Animesh Chaturvedi <animesh@apache.org>
2014-01-21 17:29:51 -08:00
891b85d516
Add missing licenses
2013-10-23 15:20:08 -07:00
67186429e1
Spring Modularization
...
ACS is now comprised of a hierarchy of spring application contexts.
Each plugin can contribute configuration files to add to an existing
module or create it's own module.
Additionally, for the mgmt server, ACS custom AOP is no longer used
and instead we use Spring AOP to manage interceptors.
2013-10-02 15:41:04 -07:00
692535f928
Cleanup DefaultUserAuthenticator and removed masking _name variable
...
DefaultUserAuthenticator maskes the _name varible in ComponentLifecycleBase
making the setName() method not work as expected. This patch cleans up the
code such that getName() will be getClass().getSimpleName() unless
overridden in the Spring configuration.
2013-09-30 09:33:33 -07:00
c7cc79181b
Revert "Cleanup DefaultUserAuthenticator and removed masking _name variable"
...
This reverts commit 4d01ce8fc7
2013-09-20 19:33:50 +05:30
4d01ce8fc7
Cleanup DefaultUserAuthenticator and removed masking _name variable
2013-09-20 17:40:00 +05:30
5495f10bce
Revert "Reverting the range of commits that broke the build"
...
This reverts commit b59e3aaefc
2013-08-08 15:02:40 -07:00
b59e3aaefc
Reverting the range of commits that broke the build
...
This reverts commits 30c33415..f6a2c817bc
Signed-off-by: Prasanna Santhanam <tsp@apache.org>
2013-08-08 14:46:56 +05:30
f6a2c817bc
Unit test successful. Had to comment out a timing test from Amogh
2013-08-07 16:41:06 -07:00
dce3551031
CLOUDSTACK-2312, CLOUDSTACK-2314 : SHA256 timing attack and brute force attack fix
...
Signed-off-by: Chiradeep Vittal <chiradeep@apache.org>
2013-08-07 12:15:07 -07:00
8225374138
Updating pom.xml version numbers for release 4.3.0-SNAPSHOT
...
Signed-off-by: Chip Childers <chipchilders@apache.org>
2013-08-01 10:35:00 -04:00
2dbdc46337
CLOUDSTACK-1734: Make SHA1 default password encoding mechanism
...
Description:
Making SHA256SALT the default encoding algorithm to encode
passwords when creating/updating users.
Introducing a new configurable list to allow admins to
separately configure the order of preference for encoding
and authentication schemes.
Since passwords are now sent by clients as clear text,
fixing the Plain text authenticator to check against the
password passed in rather than its md5 digest.
2013-04-02 17:40:50 -07:00
80d58b6c73
CLOUDSTACK-1317: Bump CloudStack package version to 4.2.0-SNAPSHOT in all poms
...
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
2013-02-20 16:42:56 +05:30
fac2270240
more files changed
2013-01-10 15:29:14 -08:00
56e5fbdee2
removed import of componentlocator and inject from all files
2013-01-10 11:44:47 -08:00
713418c0aa
Fixed license headers in 2 files
...
Signed-off-by: Chip Childers <chip.childers@gmail.com>
2012-10-31 14:29:38 -04:00
bd58ceccd8
Summary: Make the authenticator responsible for encoding the password and add a SHA256 salted authenticator
...
The authenticators now have an encode function that cloudstack will use to encode the user supplied password before storing it in the database. This makes it easier to add other authenticators with other hashing algorithms. The requires a two step approach to creating the admin account at first start as the authenticators are only present in the management-server component locator.
The SHA256 salted authenticator make use of this new system and adds a hashing algorithm based on SHA256 with a salt. This type of hash is far less susceptible to rainbow table attacks.
To make use of these new features the users password will be sent over the wire just as he typed it and it will be transformed into a hash on the server and compared with the stored password. This means that the hash will not go over the wire anymore.
The default authenticator in components.xml is still set to md5 for backwards compatibility. For new installations the sha256 could be enabled.
2012-10-30 12:56:56 +01:00
Rohit Yadav
Sebastien Goasguen
Alena Prokharchyk
Animesh Chaturvedi
Darren Shepherd
Darren Shepherd
Abhinandan Prateek
Alex Huang
Prasanna Santhanam
Amogh Vasekar
Chip Childers
Vijayendra Bhamidipati
Rohit Yadav
Chip Childers
Hugo Trippaers