etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
25,994 Commits 327 Branches 325 Tags 822 MiB
Commit Graph

381 Commits

Author SHA1 Message Date
Pierre-Yves Ritschard b2393c31ed move ConstantTimeComparator to utils 2015-01-14 12:14:00 +01:00
Pierre-Yves Ritschard 9b4e39e837 Use constant-time comparison functions when checking signatures 
This limits the likeliness of timing attacks against the API.
See http://codahale.com/a-lesson-in-timing-attacks/ for the
full rationale.

Conflicts:
	server/src/com/cloud/api/ApiServer.java
	server/src/com/cloud/user/AccountManagerImpl.java
 2015-01-14 11:32:29 +01:00
Daan Hoogland 590667076d CID-1256277 use StringBuffer in loop 2014-12-03 13:32:22 +01:00
Wei Zhou af2f21894c CLOUDSTACK-7983: Create Disk/Service Offering for Domain Admin 2014-12-01 13:03:37 +01:00
Rohit Yadav 7ff31f1b22 Merge remote-tracking branch 'origin/inetaddress' 
- Tested locally against unit tests
- TravisCI build passed: https://travis-ci.org/apache/cloudstack/builds/41990351
- Manual QA passed for basic auth and saml auth using default IDP settings

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

Conflicts:
	server/src/com/cloud/api/ApiServlet.java
 2014-11-25 14:32:09 +05:30
Laszlo Hornyak 3577423da9 removed executable flags from java classes 
Signed-off-by: Laszlo Hornyak <laszlo.hornyak@gmail.com>
 2014-11-23 19:49:01 +01:00
Wido den Hollander 4bd49df3f5 Use InetAddress for passing Remote Address instead of String 2014-11-21 12:10:35 +01:00
Koushik Das f585dd2661 CLOUDSTACK-7902: Account creation results in exception in logs 
Event publish code was wrapped in transaction, moved it out
 2014-11-13 16:11:53 +05:30
Min Chen 5f7b4dbbb2 CLOUDSTACK-7471:Regular user is allowed to deleteNetwork/RestartNetwork 
that does not belong to him.He is also able to deploy Vm for other
users.
 2014-09-02 17:24:08 -07:00
Rajani Karuturi 736ff5f8e5 Fixed CLOUDSTACK-7303 [LDAP] while importing ldap users, update the user info if it already exists in cloudstack 2014-08-11 17:54:31 +05:30
Rajani Karuturi 5fa2d1c7ca Fixed Bug: CLOUDSTACK-7200 [LDAP] importUsersCmd for a group fails incase any member of a group is not an user 2014-07-30 12:02:24 +05:30
Edison Su 2f832fddff CLOUDSTACK-7164: fix NPE 2014-07-24 17:01:23 -07:00
Min Chen b259bccee7 CLOUDSTACK-6742: listVolumes - As regularuser , able to list Vms and 
volumes of other users.
 2014-05-22 18:28:00 -07:00
Min Chen ba848087f8 Disable IAM feature from 4.4 release. 2014-05-22 18:27:08 -07:00
Min Chen 51cb0f9a4a CLOUDSTACK-6598:IAM - listAccount() retrurns "Caller cannot be passed as 
NULL to IAM!" when domain deletion is in progress.
 2014-05-08 17:56:20 -07:00
Min Chen 3314e11b70 CLOUDSTACK-6569: IAM - Regular user is able to listNetworks of another 
user in the same domain , by passing account and domainId.
 2014-05-02 14:58:11 -07:00
Min Chen a9072a6612 CLOUDSTACK-6513: Optimize code by removing deprecated utility to 
QueryManagerImpl as private method just used for listTemplates and
listAffinityGroups to avoid misuse by new list APIs.
 2014-05-01 15:57:28 -07:00
Rajani Karuturi f4779b4d0c Fixed CLOUDSTACK-6509 Cannot import multiple LDAP/AD users into a cloudstack account 
Conflicts:
	api/src/com/cloud/user/AccountService.java
	plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccountCmd.java
	plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapImportUsersCmd.java

Signed-off-by: Koushik Das <koushik@apache.org>
 2014-04-29 14:49:06 +05:30
Min Chen 44ff7fea5f CLOUDSTACK-6513: IAM - Templates - When templates are listed with 
templatefilter="shared" is used , we see public templates also being
included in the list. This commit reverts listTemplates behavior to 4.3
old logic without using consistent interpretation of list parameters
adopted in new IAM model.
 2014-04-28 11:11:53 -07:00
Min Chen 6af1a2919b CLOUDSTACK-6501:IAM - DomainAdmin - When listVirtualMachines is used 
with listall=true and account and domainId , Vms owned by the account
account is not listed.
 2014-04-28 11:11:27 -07:00
Prachi Damle 9514c9e045 CLOUDSTACK-6349: IAM - No error message presented to the user , when 
invalid password is provided.

- AccountManager now works using accountId instead of accountType in
following methods too:
- isResourceDomainAdmin()
- isAdmin()
 2014-04-28 11:10:50 -07:00
Prachi Damle 797169457b CLOUDSTACK-6349: IAM - No error message presented to the user , when invalid password is provided. 
- AccountManager now works using accountId instead of accountType
 2014-04-28 11:09:12 -07:00
Laszlo Hornyak be8c6fe626 test for AccountManagerImpl 
- new test for disableUser
- unused code removed
- A redundant if branch removed - all branches are doing the same

Signed-off-by: Laszlo Hornyak <laszlo.hornyak@gmail.com>
 2014-04-21 10:25:16 +02:00
Min Chen c4892c2692 Fix FindBugs bug. 2014-04-18 17:31:29 -07:00
Min Chen 29f39149b1 Fix IAM list api implementation based on agreed interpretation for 
listAll, isRecursive, domainId and account.
 2014-04-17 18:33:22 -07:00
Min Chen c25332fc46 CLOUDSTACK-6429:distinguish the case where caller can see everything and 
the case where caller cannot see anything. Also change behavior to
default isRecursive to false if not specified.
 2014-04-17 18:33:08 -07:00
Min Chen c4b0a1e2d9 CLOUDSTACK-6350: IAM - Listing of VM using uuid when owner account of 
this Vm is deleted results is VM not being returned.But list VM with
listAll=true is able to return this VM.
 2014-04-17 18:06:29 -07:00
Min Chen 5d59fc7f5a Fix RoleBasedQuerySelector to handle new listAll semantics. If 
listAll=true, show all resources that caller (or impersonater) has
ListEntry access type; otherwise, show all resources that caller (or
impersonater) has UseEntry access type.
 2014-04-17 18:06:07 -07:00
Min Chen 7796128372 Handle listAll flag in IAM buildAclSearchParameters. 2014-04-17 18:05:44 -07:00
Min Chen da13165743 Change AccountManagerImpl.checkAccess to invoke SecurityChecker 
interface that takes multiple controlled entities.
 2014-04-17 17:53:01 -07:00
Min Chen 94ebc90877 Remove usage of sameOwner checkAccess invocation, and convert to 
OperateEntry IAM check.
 2014-04-04 16:38:29 -07:00
Prachi Damle 4e61e49143 CLOUDSTACK-6303 [Automation] [UI] Account creation hang in UI 
Changes:
- Caused due to a MySql error during 'Project' account cleanup. The MySql error hits a deadlock bug in the MessageBus code that does not release the lock/decrement the counter Eventually all callers on the MessageBus end up waiting to enter
- This fixes the account cleanup MySql error.
 2014-03-28 14:35:00 -07:00
Prachi Damle 36c0a4e2c3 Removed the AccessType.UseNetwork - replaced all referrences by AccessType.UseEntry 2014-03-13 15:32:38 -07:00
Prachi Damle d9696b26e1 After merge, fix isRootAdmin() calls to use accountId instead of type 2014-03-13 13:28:40 -07:00
Min Chen 99bdc8d875 Merge branch 'master' into rbac. 2014-03-13 11:05:03 -07:00
Alena Prokharchyk 7b0c5cfcbe Removed unused methods from BaseCmd class. Moved some helper methods to AccountManagerImpl class 2014-03-07 11:33:10 -08:00
Prachi Damle 695d689de5 Adding annotations for more admin APIs 2014-03-04 18:14:05 -08:00
Min Chen 13e25d2aae Fixed a bug in constructing search parameters with accountName passed. 2014-02-19 11:35:00 -08:00
Min Chen 8072e50845 Fixed a bug for listTemplates with TemplateFilter=shared. 2014-02-13 16:47:41 -08:00
Prachi Damle 96a64b933e - Adding OperateEntry during loading of commands 
- Replace ListEntry By OperateEntry
- ApiDispatcher should pass on the API name
 2014-01-23 17:50:59 -08:00
Prachi Damle 39c0a302b4 Fix the isRootAdmin and isDomainAdmin to return true or false even if the permission is denied by IAM 2014-01-22 13:59:59 -08:00
Min Chen 33cd1ab921 Merge branch 'master' into rbac 2014-01-22 11:23:51 -08:00
Alena Prokharchyk ab627bc767 Changed "authenticate" method to return both - result of authentication, and action to perform when authentication failed - to the accountManagerImpl. Only if authenicators request INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT, the incorrect_login_attempts parameter will be increased 
Signed-off-by: Alena Prokharchyk <alena.prokharchyk@citrix.com>
 2014-01-21 17:45:53 -08:00
Min Chen 929fbabaa2 Merge branch 'master' into rbac. 2014-01-17 14:37:08 -08:00
Min Chen 6583cb3800 Add listAclGroupsByAccount to QuerySelector adapters and remove 
AclProxyService interface.
 2014-01-14 16:19:25 -08:00
Prachi Damle fac9f2da0f Adding messageBus events for adding and removal of an account. 2014-01-13 22:12:39 -08:00
Min Chen bae498c89e Handle search of those entities without db view created using new ACL 
model.
 2014-01-13 21:55:56 -08:00
Murali Reddy af657b3d71 CLOUDSTACK-5861: networks that failed to implement can not be destroyed 
introduces a force option in delete network to forcifully delete a
network. This comes handy in rare cases where network fails to implenet
and network is in shutdown state, but network shutdown to rollback
implement process fails as well.

Conflicts:
	api/src/org/apache/cloudstack/api/command/user/network/DeleteNetworkCmd.java
	server/src/com/cloud/user/DomainManagerImpl.java
 2014-01-13 23:28:35 +05:30
Prachi Damle 6cd121fe7b RootAdmin and DomainAdmin access check via IAM 2014-01-10 17:06:10 -08:00
Min Chen 43f0f901dd Remove VO and DAO from cloud-engine-schema. 2014-01-10 15:57:39 -08:00