etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
28,788 Commits 323 Branches 325 Tags 836 MiB
Commit Graph

208 Commits

Author SHA1 Message Date
Rohit Yadav 552f2ae60c CLOUDSTACK-8191: SAML users should have their own accounts 
(cherry picked from commit 876c78fe1b)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-02-02 19:58:10 +05:30
Rohit Yadav b7b3a4fb3c CLOUDSTACK-8037: Require signed AuthnRequest, adds more security 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 6bec69844d)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-01-14 02:43:48 +05:30
Rohit Yadav 1a7f76ac77 CLOUDSTACK-8037: Fix attribute detection, tested to work with onelogin.com 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 23de431f96)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-01-12 19:41:10 +05:30
Rohit Yadav aaf6a34c54 CLOUDSTACK-8035: Generate and store X509Cert and reuse this for SAML 
The fix generates X509Certificate if missing from DB and uses that for eternity.
SAML SP metadata remains same since it's using the same X509 certificate and
it remains same after restarts. The certificate is serialized, base64 encoded
and stored in the keystore table under a specific name. For reading, it's
retrieved, base64 decoded and deserialized.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 4358714381)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-01-12 16:49:49 +05:30
Rohit Yadav 173710d5b4 CLOUDSTACK-8037: URL encode cookie values with UTF8 as per version 1 
As per Version 1 cookies, certain characters are now allowed such as space,
colons etc but they should be url encoded using UTF8 encoding. The frontend
has a cookie value unboxing method that removes any double quotes that are added.

As per the doc http://download.oracle.com/javase/6/docs/api/java/net/URLEncoder.html
values are application/x-www-form-urlencoded and as per
http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4 whitespaces are encoded
as +, therefore '+' are replaced by %20 (whitespace).

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 734bd70173)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-01-12 14:03:09 +05:30
Rohit Yadav 0b94f254e8 CLOUDSTACK-8034: Hash user IDs for SAML authentication 
The User table's UUID column is restricted to 40 chars only, since we don't
know how long the nameID/userID of a SAML authenticated user will be - the fix
hashes that user ID and takes a substring of length 40 chars. For hashing,
SHA256 is used which returns a 64 char length string.

- Fix tests, add test cases
- Improve checkSAMLUser method
- Use SHA256 one way hashing to create unique UUID for SAML users

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit b2b496288d)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2015-01-12 13:37:51 +05:30
Hugo Trippaers ec32ea30f7 Housekeeping, properly declare required maven version and update build plugin versions to recent versions 2015-01-06 11:58:58 +01:00
Wido den Hollander 4bd49df3f5 Use InetAddress for passing Remote Address instead of String 2014-11-21 12:10:35 +01:00
Rajani Karuturi 6766b6c6e4 Merge branch '4.5' 2014-11-06 09:46:30 +05:30
Rajani Karuturi d969364daf Fixed coverity issue 
CID 11461 (#1 of 1): DLS: Dead local store (FB.DLS_DEAD_LOCAL_STORE)
 2014-11-06 09:38:22 +05:30
Rohit Yadav f543d86eff saml: Use camelCase api names for SAML login/logout apis 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-10-31 01:24:39 +05:30
Rohit Yadav cd52bed477 saml: Use camelCase api names for SAML login/logout apis 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 85c0bd68ae8a76c231ab402dd0311e3672155f71)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-10-31 00:32:29 +05:30
Hugo Trippaers 4ebaf0a583 Bump master version to 4.6.0-SNAPSHOT after branching 4.5.0-SNAPSHOT 2014-10-29 14:54:23 +01:00
Rohit Yadav fecc6b6e48 SAML2LoginAPIAuthenticatorCmd: Don't support HTTP artifact binding 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-09-12 16:47:40 +02:00
Rohit Yadav 394e6130e0 SAML2LoginAPIAuthenticatorCmd: add signature on redirect url 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-09-12 16:31:16 +02:00
Rohit Yadav 67f97df00f GetServiceProviderMetaDataCmd: in metadata use SP's own X509 certs 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-09-12 16:30:52 +02:00
Rohit Yadav 5e947e2b24 SAML2AuthManagerImpl: create or load keystore dao 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-09-12 16:28:02 +02:00
Rohit Yadav aaa4b60b23 SAML2AuthManager: add new methods to the interface 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-09-12 16:27:11 +02:00
Rohit Yadav f144081958 saml2: WIP X509 certificate auth stuff 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit f7d409e0f4d2b6f56ec82ae339eff5f477e4a832)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-09-12 14:31:21 +02:00
Rohit Yadav aeec24b2ca SAMLMetaDataResponse: this should extend AuthenticationCmdResponse 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-09-12 13:58:39 +02:00
Rohit Yadav 8929d74519 SAML2UserAuthenticatorTest: Fix test, make sure encoded password length > 0 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-09-10 14:24:03 +02:00
Hugo Trippaers dc3f0cbc63 Improve the handling of the findbug exclude files 2014-09-03 10:41:22 +02:00
Rohit Yadav 33a249e77a CLOUDSTACK-7455: Fix possible case for NPE 
NPE can happen if Spring fails to inject api authenticator, so better check
and set list of commands if the authenticator is not null or returning null cmds

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-31 14:42:18 +02:00
Rohit Yadav 550762a0dc SAMLUtils: fix signature, refactor generateRandomX509Certificate 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-30 21:37:55 +02:00
Rohit Yadav 784288eaab SAML2AuthManagerImpl: let the component return true on start 
- Return super.true() even if plugin is not enabled
- Return empty list when getCommands is called

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-30 14:32:54 +02:00
Rohit Yadav 81608afee1 SAML2LoginAPIAuthenticatorCmdTest: Add missing license 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 20:06:38 +02:00
Rohit Yadav 6eae9b8596 saml: disable plugin by default and don't initiate if not enabled 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:49:48 +02:00
Rohit Yadav aa02e30e95 saml: fix tests and update method signature that generates random certs 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:27 +02:00
Rohit Yadav 0402f68b12 SAML2LogoutAPIAuthenticatorCmd: if session is null, redirect to login page 
If session is null, probably logout (local) happened removing the name id and
session index which is needed for global logout. The limitation by design is that
local logout will void possibility of global logout. To globally logout, one
use the SLO api which would logout locally as well.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:26 +02:00
Rohit Yadav de4e74b2b4 saml: Add unit tests for saml plugin 
- Fixes signatures on plugin manager for ease of testing
- Fixes authenticator
- Adds unit testing for getType and authenticate methods for all cmd classes
- Adds SAMLAuthenticator test

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:26 +02:00
Rohit Yadav 15fdc1744c SAML2LogoutAPIAuthenticatorCmd: check logout response and redirect to UI 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:26 +02:00
Rohit Yadav 8dc50927f9 saml: use SAML_RESPONSE from SAMLUtils 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:26 +02:00
Rohit Yadav ad13d3d747 SAML2UserAuthenticator: check that request params has SAMLResponse 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:26 +02:00
Rohit Yadav 7ee4176c7a SAML2LogoutAPIAuthenticatorCmd: implement single log out 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:25 +02:00
Rohit Yadav b1946e8c13 SAML2LoginAPIAuthenticatorCmd: store nameid and session index in user's session 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:25 +02:00
Rohit Yadav b401828aef saml: use values from config for user account, domain and redirected url 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:25 +02:00
Rohit Yadav a13da8f9e0 saml2: Add GetServiceProviderMetaDataCmd that returns SP metadata XML 
This adds GetServiceProviderMetaDataCmd which returns SP metadata XML, since
this information should be public for IdPs to discover, we implement this as a
login/cmd api so this does not require any kind of authentication to GET this

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:24 +02:00
Rohit Yadav 7687b7311a saml: Implement logic to check response against X509 keys 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:24 +02:00
Rohit Yadav 47ccce85a1 api: add method to pass on api authenticators to cmd classes 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:24 +02:00
Rohit Yadav 06e909923a saml: Have the plugin use IDP metadata from URL, get values from Config 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:24 +02:00
Rohit Yadav 37961ebdd8 saml: Implement SAML2AuthManager interface 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:23 +02:00
Rohit Yadav d45b303569 saml2: Fix plugin after refactoring 
- Use opensaml version from root pom
- Add utils and api as explicit dependency
- Add org.apache.cloudstack.saml.SAML2AuthServiceImpl bean
- Fix imports in all source files and resource xmls
- Use methods available from SAMLUtils to encode/decode SAML request/response
- SAML logout api is not the global logout api

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:23 +02:00
Rohit Yadav 4422fdd9ad saml2: Implement SAML2AuthServiceImpl which is a PluggableAPIAuthenticator 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:23 +02:00
Rohit Yadav 68e094ebaf saml: move refactor files from server to api module 
- Move interfaces and classes from server to api module
- This can be then used for pluggable api authenticators

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-28 19:45:22 +02:00
Rajani Karuturi 14f3ad55ec Fixed CLOUDSTACK-7374: added PaginationControl while querying ldap users 2014-08-20 15:58:08 +05:30
Rohit Yadav 6a8f8317fd CLOUDSTACK-7361: Fix SAML2UserAuthenticator to not let every login credential 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-18 11:41:32 +02:00
Rohit Yadav a6a63dd2d3 saml2: add opensaml as dependency 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-12 12:01:29 +02:00
Rohit Yadav c35f704f21 saml2: add spring security saml2 extension 1.0.0.RELEASE 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-12 12:01:29 +02:00
Rohit Yadav c4f200265b CLOUDSTACK-7083: Add SAML2 SSO plugin skeleton and stub 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
 2014-08-12 12:01:28 +02:00
Rajani Karuturi 736ff5f8e5 Fixed CLOUDSTACK-7303 [LDAP] while importing ldap users, update the user info if it already exists in cloudstack 2014-08-11 17:54:31 +05:30
Rajani Karuturi fca41bf527 Fixed bug: CLOUDSTACK-7214 added a config for ldap connection read timeout. 2014-08-01 16:32:45 +05:30
Rajani Karuturi f7c664fc2e Revert "Fixed bug: CLOUDSTACK-7214 added a config for ldap connection read timeout." 
This reverts commit cd2f27a662.

reverting it as it breaks the build when encryption is enabled.
 2014-08-01 11:20:20 +05:30
Rajani Karuturi cd2f27a662 Fixed bug: CLOUDSTACK-7214 added a config for ldap connection read timeout. 2014-07-31 17:33:18 +05:30
Rajani Karuturi 5fa2d1c7ca Fixed Bug: CLOUDSTACK-7200 [LDAP] importUsersCmd for a group fails incase any member of a group is not an user 2014-07-30 12:02:24 +05:30
Santhosh Edukulla 97d296bfbd Fixed Coverity reported performance issues like inefficient string concatenations, wrong boxing or unboxing types, inefficent map element retrievals 
Signed-off-by: Daan Hoogland <daan@onecht.net>
 2014-07-01 22:06:25 +02:00
Rajani Karuturi f4779b4d0c Fixed CLOUDSTACK-6509 Cannot import multiple LDAP/AD users into a cloudstack account 
Conflicts:
	api/src/com/cloud/user/AccountService.java
	plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccountCmd.java
	plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapImportUsersCmd.java

Signed-off-by: Koushik Das <koushik@apache.org>
 2014-04-29 14:49:06 +05:30
Rajani Karuturi baadf930fb checkstyle fix for commit 8e2e8e5e8a 
improved ldap logging. added stacktrace in debug level incase of exceptions.

Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
 2014-04-24 17:30:12 +05:30
Rajani Karuturi a92610d277 improved ldap logging. added stacktrace in debug level incase of exceptions. 
Conflicts:
	plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapContextFactory.java

Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
 2014-04-24 16:47:52 +05:30
Devdeep Singh b54ae73917 Fixing rat failure 2014-04-21 14:32:00 +05:30
Laszlo Hornyak 54cfc2c2b1 md5 authenticator test 
Signed-off-by: Laszlo Hornyak <laszlo.hornyak@gmail.com>
 2014-04-21 10:25:16 +02:00
Daan Hoogland 8b62b2cb92 findbugs: exclude known spiffy hacks a.k.a. false positives 2014-03-28 14:28:10 +01:00
Hugo Trippaers 4402685e11 Update master to 4.5.0-SNAPSHOT 2014-03-14 14:55:26 +01:00
Min Chen 99bdc8d875 Merge branch 'master' into rbac. 2014-03-13 11:05:03 -07:00
Rajani Karuturi 4552ec6322 Fixed CLOUDSTACK-6210 LDAP:listLdapUsers api throws exception when we click on "Add LDAP Account" This occurs when ldap basedn is not configured. Throwing an IAE and a proper message is returned from the api call 
Signed-off-by: Ian Duffy <ian@ianduffy.ie>
 2014-03-07 16:57:13 +00:00
Min Chen 48e08fe676 Merge branch 'master' into rbac. 2014-03-06 14:02:20 -08:00
Mandar Barve b0c6d47347 - Updated APICommand annotation to add new flags that indicate if API request or response carry sensitive info - Updated all API classes with the new annotation flag values as per the API's sensitivity - Updated server code to check response annotation before audit logging 
Signed-off-by: Daan Hoogland <daan@onecht.net>
(cherry picked from commit df270d6387c362b960064ee5123c14782e767a19)
Signed-off-by: Daan Hoogland <daan@onecht.net>
 2014-02-25 22:59:10 +01:00
Min Chen 33cd1ab921 Merge branch 'master' into rbac 2014-01-22 11:23:51 -08:00
Alena Prokharchyk 202c18243b Fixed unittest 2014-01-21 20:05:16 -08:00
Alena Prokharchyk ab627bc767 Changed "authenticate" method to return both - result of authentication, and action to perform when authentication failed - to the accountManagerImpl. Only if authenicators request INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT, the incorrect_login_attempts parameter will be increased 
Signed-off-by: Alena Prokharchyk <alena.prokharchyk@citrix.com>
 2014-01-21 17:45:53 -08:00
Min Chen 929fbabaa2 Merge branch 'master' into rbac. 2014-01-17 14:37:08 -08:00
Hugo Trippaers b61f0a74ca Centralize all eclipse m2e excludes in the main pom.xml 2014-01-14 09:39:42 +01:00
Rajani Karuturi 001e67ab02 Revert "CLOUDSTACK-5435 enabled encryption for ldap params" 
This reverts commit 1d5051f60e.

Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
 2014-01-09 15:50:53 +05:30
Alex Huang c2baed665b Moved the check-style.xml into the tools directory given that we're not using the project to reference the style any longer. Fixed problems with eclipse complaining about copy-dependencies 2013-12-20 17:21:34 -08:00
Rajani Karuturi 1d5051f60e CLOUDSTACK-5435 enabled encryption for ldap params 2013-12-13 17:44:24 +05:30
Min Chen d2922b9254 Separate ListAccounts cmd to use two different views. 2013-12-12 17:52:45 -08:00
Alex Huang be5e5cc641 All Checkstyle problems corrected 2013-12-12 12:26:07 -08:00
Rajani Karuturi db8f83d71b CLOUDSTACK-5375 :ldapconfig and ldapRemove api's are not working Added support for 4.2 ldap apis 
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
 2013-12-11 15:30:03 +05:30
wilderrodrigues 2774b62d64 Fixing bugs from Coverity related to Dereferenced Null after check and as return value. 
Signed-off-by: Daan Hoogland <daan@onecht.net>
 2013-11-27 11:18:00 +01:00
Alex Huang 433a631916 Reformat of source code to set a stable base for the future. I couldn't get checkstyle enabled. There's still about a thousand errors from checkstyle. Most of it from length errors from comments and strings. Will attempt to remove those tonight. This change is so large I just want to get it in before any merge nightmares. The changes are fairly minor though and I did a full compile and start a server with the reformat code. 2013-11-21 07:56:47 -08:00
Hugo Trippaers cf715ff491 Bump 4.3.0 to 4.4.0 in master 2013-11-21 16:01:15 +01:00
Alex Huang d620df2bdd Reformatted all of the code. 2013-11-21 06:15:26 -08:00
Alex Huang 224f479974 Removed trailing spaces 2013-11-21 04:08:01 -08:00
Alex Huang 8d62744681 Reformat all source code. Added checkstyle to check the source code 2013-11-20 07:26:53 -08:00
Ian Duffy 31758ed8d0 Fix codestyle/formatting within plugins/userauthenticators/ldap 2013-11-20 14:00:08 +01:00
Rajani Karuturi 917ea33ba9 added LDAP group name label in add account wizard 
changed the parameter for domain in api importLdapUser from name to UUID

improved error handling
 2013-11-20 13:57:41 +01:00
Hugo Trippaers d17a8f8b11 Get rid of some errors and warnings in the plugins user-authenticators ldap sources 2013-11-04 20:01:13 +01:00
Rajani Karuturi b436a82392 added group and domain params to importLdapUsers api call 
Signed-off-by: Ian Duffy <ian@ianduffy.ie>
 2013-10-31 22:06:32 +00:00
Hugo Trippaers 9d2271d115 Revert "fixed m2eclipse error" because it breaks packaging 
This reverts commit 5bcd8280fd.
 2013-10-30 20:17:59 +01:00
Anthony Xu 5bcd8280fd fixed m2eclipse error 2013-10-29 15:20:49 -07:00
Rajani Karuturi 9300d4a3ba Added an api call to import all the ldap users to the same domains(ou's) in cloudstack 
TODO:
    1. error handling of no domains present, nested hierarchy
    2. handling the case when the api call fails for a specific user/users
    3. test cases for LdapUserManager

Signed-off-by: Ian Duffy <ian@ianduffy.ie>
 2013-10-29 09:04:33 +00:00
Darren Shepherd 891b85d516 Add missing licenses 2013-10-23 15:20:08 -07:00
Darren Shepherd 67186429e1 Spring Modularization 
ACS is now comprised of a hierarchy of spring application contexts.
Each plugin can contribute configuration files to add to an existing
module or create it's own module.

Additionally, for the mgmt server, ACS custom AOP is no longer used
and instead we use Spring AOP to manage interceptors.
 2013-10-02 15:41:04 -07:00
Darren Shepherd 692535f928 Cleanup DefaultUserAuthenticator and removed masking _name variable 
DefaultUserAuthenticator maskes the _name varible in ComponentLifecycleBase
making the setName() method not work as expected.  This patch cleans up the
code such that getName() will be getClass().getSimpleName() unless
overridden in the Spring configuration.
 2013-09-30 09:33:33 -07:00
Abhinandan Prateek c7cc79181b Revert "Cleanup DefaultUserAuthenticator and removed masking _name variable" 
This reverts commit 4d01ce8fc7.
 2013-09-20 19:33:50 +05:30
Darren Shepherd 4d01ce8fc7 Cleanup DefaultUserAuthenticator and removed masking _name variable 2013-09-20 17:40:00 +05:30
Ian Duffy 9febf4c43e Return name for getName() on LdapAuthenticator 2013-09-13 17:22:52 +01:00
Daan Hoogland 2fb6ae814f copyright 2013-09-01 23:59:53 +02:00
Daan Hoogland f1a4e9fdf5 copyrights 2013-09-01 23:49:05 +02:00
Ian Duffy bdba0ddeed Bring up to date with master 2013-08-31 00:25:48 +01:00
Ian Duffy 7f7035d516 Update unit tests, add filter to list all users, update ssl 
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
 2013-08-12 14:49:55 +05:30