etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,595 Commits 323 Branches 325 Tags 836 MiB
Commit Graph

221 Commits

Author SHA1 Message Date
Deepak Garg d2155890cc CS-16168:AutoScale- Deletion of Account doesn't delete the AutoScale LB rule 2012-11-16 10:56:57 +05:30
Alena Prokharchyk 74622a4dc3 Fixed listNetworks for the case when a) caller is an admin 2) projectId=-1 is specified - admin wasn't able to list networks belonging to regular users' projects 2012-11-14 14:59:51 -08:00
Hugo Trippaers bd58ceccd8 Summary: Make the authenticator responsible for encoding the password and add a SHA256 salted authenticator 
The authenticators now have an encode function that cloudstack will use to encode the user supplied password before storing it in the database. This makes it easier to add other authenticators with other hashing algorithms. The requires a two step approach to creating the admin account at first start as the authenticators are only present in the management-server component locator.

The SHA256 salted authenticator make use of this new system and adds a hashing algorithm based on SHA256 with a salt. This type of hash is far less susceptible to rainbow table attacks.

To make use of these new features the users password will be sent over the wire just as he typed it and it will be transformed into a hash on the server and compared with the stored password. This means that the hash will not go over the wire anymore.

The default authenticator in components.xml is still set to md5 for backwards compatibility. For new installations the sha256 could be enabled.
 2012-10-30 12:56:56 +01:00
Alena Prokharchyk 214bbf3ebd CLOUDSTACK-279: fixed deleteProject when executed by the regular user. Always pass System account as a caller when do account cleanup 
Conflicts:

	api/src/com/cloud/api/commands/DeleteRemoteAccessVpnCmd.java
	server/src/com/cloud/network/element/CiscoNexusVSMElement.java
	server/src/com/cloud/network/element/ElasticLoadBalancerElement.java
	server/src/com/cloud/network/element/F5ExternalLoadBalancerElement.java
	server/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java
	server/src/com/cloud/network/element/NetscalerElement.java
	server/src/com/cloud/network/element/OvsElement.java
	server/src/com/cloud/network/element/VpcJuniperSRXExternalFirewallElement.java
	server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
	server/src/com/cloud/network/vpc/VpcManagerImpl.java
	server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java
	server/src/com/cloud/storage/StorageManager.java
 2012-10-17 17:26:19 -07:00
Alena Prokharchyk 8f2d9a09e5 CLOUDSTACK-332: intermediate checkin fixing count parameter in listCommands 
Fixes the count in commands:

listVolumes
listVirtualMachines
listSnapshots
listRouters
listFirewallRules
listPortForwardingRules
listLoadBalancerRules
listIpForwardingRules
listAccounts
listUsers
listDomains
listDomainChildren
listPublicIpAddresses
listAlerts
listAsyncJobs
listRemoteAccessVpns
listVpnUsers
listTags
listPrivateGateways
listNetworkACLs
listStaticRoutes

Conflicts:

	api/src/com/cloud/api/commands/ListVMsCmd.java
	api/src/com/cloud/api/commands/ListVolumesCmd.java
	api/src/com/cloud/network/lb/LoadBalancingRulesService.java
	server/src/com/cloud/network/firewall/FirewallManagerImpl.java
	server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
	server/src/com/cloud/network/rules/RulesManagerImpl.java
	server/src/com/cloud/network/vpc/NetworkACLManagerImpl.java
	server/src/com/cloud/network/vpc/VpcManagerImpl.java
	server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java
	server/src/com/cloud/tags/TaggedResourceManagerImpl.java
 2012-10-12 13:58:59 -07:00
Alena Prokharchyk c9aa9a5557 CLOUDSTACK-287: don't allow API call against system account (adding users to system account is prohibited; can't delete/update System account) 
Conflicts:

	server/src/com/cloud/user/AccountManagerImpl.java
 2012-10-09 09:37:27 -07:00
Alena Prokharchyk ffa5276222 Fixed CLOUDSTACK-287 
1) Always fail to authenticate system user.
2) DB - always create system user with RANDOM not null password
3) Don't allow modifying (setting api/secretKeys, etc) system user via API

Conflicts:

	server/src/com/cloud/user/AccountManagerImpl.java
	setup/db/db/schema-305to306.sql
 2012-10-09 09:37:27 -07:00
Rohit Yadav 5cd7fb8408 CLOUDSTACK-121: Fixed "Incorrect username/domainId login causes NullPointerException " 2012-10-05 11:42:04 -07:00
Alena Prokharchyk 51041e4f77 Fixed security problem in listAccounts call (regular user could see other accounts' info when domainId was passed in to listAccounts call) 2012-09-25 10:44:22 -07:00
Saksham Srivastava a56631bc66 bug CS-15278: Added global setting login.attempts.allowed which defines the maximum incorrect password attempts allowed. 
Also after the maximum attempts are reached the user account is disabled
 2012-09-12 19:35:24 +05:30
Alena Prokharchyk c5e3493792 Merge branch 'master' into vpc 2012-08-08 18:38:35 -07:00
Alena Prokharchyk a1f361904e Reverted "Initialize user context from AccountManager" committed to master branch by mistake 
This reverts commit da26302049.
 2012-08-08 15:26:45 -07:00
Alena Prokharchyk 048c5e50cf Merge branch 'master' into vpc 
Conflicts:
	utils/test/com/cloud/utils/component/MockComponentLocator.java
 2012-08-08 11:50:39 -07:00
Alena Prokharchyk da26302049 Initialize user context from AccountManager 
Conflicts:

	server/src/com/cloud/configuration/DefaultComponentLibrary.java
	server/src/com/cloud/network/vpc/VpcManagerImpl.java
 2012-08-08 11:17:01 -07:00
Sheng Yang d90be0d9bc S2S VPN: CS-15748: Deleting customer vpn gateway when delete account 
Conflicts:

	server/src/com/cloud/network/vpn/Site2SiteVpnManagerImpl.java
 2012-07-30 15:34:41 -07:00
Sheng Yang fd9ef34a0f CS-15719: Fix state change when stopping 2012-07-27 16:28:06 -07:00
bfederle c8f72c9198 Merge branch 'master' into vpc 
Conflicts:
	ui/scripts/network.js
 2012-07-23 10:36:25 -07:00
kishan f2bbf62d9d Added getUser API to get user details using API key. Services like S3 can user this API to authenticate. API is admin only. 2012-07-18 14:20:04 -07:00
Alena Prokharchyk 7c2b123d94 Merge branch 'master' into vpc 2012-07-16 15:43:16 -07:00
Alena Prokharchyk 7a5efcc2e8 CS-15579 - perform check when account/domainId is passed to list call by the regular user 2012-07-13 15:59:15 -07:00
Alena Prokharchyk 31f9d718fb Merge branch 'master' into vpc 
Conflicts:
	server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
 2012-07-03 17:32:50 -07:00
David Nalley e87558256c Patch from Chip Childers 
https://reviews.apache.org/r/5704/
License header updates for the server folder
 2012-07-02 09:51:21 -04:00
Alena Prokharchyk 634cd78baa Merge branch 'master' into vpc 
Conflicts:
	api/src/com/cloud/api/ApiConstants.java
	api/src/com/cloud/api/BaseCmd.java
	api/src/com/cloud/api/ResponseGenerator.java
	api/src/com/cloud/api/commands/ListNetworksCmd.java
	api/src/com/cloud/api/response/NetworkResponse.java
	api/src/com/cloud/event/EventTypes.java
	api/src/com/cloud/network/NetworkService.java
	client/tomcatconf/commands.properties.in
	scripts/network/domr/getDomRVersion.sh
	scripts/network/domr/ipassoc.sh
	scripts/network/domr/l2tp_vpn.sh
	scripts/network/domr/networkUsage.sh
	scripts/network/domr/router_proxy.sh
	server/src/com/cloud/api/ApiDBUtils.java
	server/src/com/cloud/api/ApiResponseHelper.java
	server/src/com/cloud/configuration/DefaultComponentLibrary.java
	server/src/com/cloud/network/NetworkManagerImpl.java
	server/src/com/cloud/network/dao/IPAddressDao.java
	server/src/com/cloud/network/dao/IPAddressDaoImpl.java
	setup/apidoc/gen_toc.py
	setup/db/create-schema.sql
	wscript
 2012-06-28 17:41:40 -07:00
Alena Prokharchyk b03265bc76 VPC: implemented vpc cleanup thread that cleans up Inactive VPCs (that were failed to delete) 2012-06-28 10:18:14 -07:00
Alena Prokharchyk 5ecdad7399 VPC: don't generate empty SetStaticRoute command during VR start when there are no static routes for the VPC 
Conflicts:

	server/src/com/cloud/user/AccountManagerImpl.java
 2012-06-28 10:17:34 -07:00
saksham f6d16d0ab5 CS-15018: Event USER.LOGIN should contain the client IP address. Changes made in accordance with the coding convention. 
Reviewed-by: Alena Prokharchyk
 2012-06-18 10:18:30 -07:00
Alena Prokharchyk 929997f54e AssociateIpAddress to VPC - the ip gets associated to the network only when the first rule for the ip gets created. 
When the last rule is removed for vpc ip, networkId is set to null

Conflicts:

	api/src/com/cloud/api/commands/AssociateIPAddrCmd.java
	api/src/com/cloud/api/commands/EnableStaticNatCmd.java
	api/src/com/cloud/network/NetworkService.java
	api/src/com/cloud/network/rules/RulesService.java
	server/src/com/cloud/network/NetworkManagerImpl.java
	server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
	server/src/com/cloud/network/rules/RulesManagerImpl.java
	server/test/com/cloud/network/MockNetworkManagerImpl.java
 2012-06-15 14:18:24 -07:00
Alena Prokharchyk b9a4e79277 1) Added search by vpcId to listRouters/listNetworks Apis 
2) Don't allow to add new networks/implement existing ones for VPC in Disabled state. Disabled state indicates that there was unsuccessful attempt to remove the VPC, and the further cleanup will be taken care of by cleanup thread.

Conflicts:

	server/src/com/cloud/network/dao/IPAddressDao.java
	server/src/com/cloud/server/ManagementServerImpl.java
 2012-06-15 14:09:37 -07:00
Alena Prokharchyk 737543ce3e CS-15025 
listTemplates: made executable filters to work for regular user
 2012-05-21 15:35:10 -07:00
Alena Prokharchyk 25e85e177e bug 14589: don't accept empty username/firstname/lastname in update/createUser apis 2012-04-04 12:55:02 -07:00
frank 2f634c0913 Switch to Apache license 2012-04-03 04:50:05 -07:00
Alena Prokharchyk 96cdc408d4 bug 14103: mark account for cleanup only in cleanupAccount and disableAccount method, not in the callers methods 
status 14103: resolved fixed
 2012-03-05 16:19:12 -08:00
Alena Prokharchyk fa0e25d146 bug 14080: do EQ instead of LIKE search when search for duplicated users during the user update 
status 14080: resolved fixed
 2012-03-01 15:11:46 -08:00
Alena Prokharchyk 6b9abf832b bug 13944: when delete the account, expunge detached volumes on the backend 
status 13944: resolved fixed
Reviewed-by: Frank Zhang
 2012-02-22 17:59:22 -08:00
Alena Prokharchyk 2fb10fe9d7 bug 13700: delete projects as a part of domain cleanup 
status 13700: resolved fixed
reviwed-by: Frank
 2012-02-15 16:34:50 -08:00
Alena Prokharchyk 17349dfe12 bug 13695: deleteAccount - remove account from projects as a part of account cleanup process 
status 13695: resolved fixed
Reviewed-by: Frank
 2012-02-14 14:06:49 -08:00
Alena Prokharchyk d5532d7de0 Update apikey/secretkey in transaction 2012-02-13 11:11:56 -08:00
Alena Prokharchyk cad392cd68 bug 13335: fixed listProjectInvitations by projectId 
status 13335: resolved fixed
 2012-02-07 13:16:27 -08:00
Alena Prokharchyk 1490e45a1c Fixed format style in a bunch of files (replaced tabs with spaces as a part of it) 2012-02-03 13:49:11 -08:00
Alena Prokharchyk c09faa109d bug 13296: release public ip addresses in the basic zone during the account cleanup 
status 13296: resolved fixed
 2012-01-25 11:26:37 -08:00
Alena Prokharchyk 88d3f1ba03 bug 13295: apply specific security check for the network 
status 13295: resolved fixed

Reviewed-by: Will Chan
 2012-01-25 10:57:24 -08:00
Nitin Mehta f558aa07c5 Bug 12740: Allow root admins and system user to bypass the ACL layer. 
Reviewed-By: Kishan
 2012-01-25 12:29:04 +05:30
Alena Prokharchyk 83400cd15f bug 12776: if there are multiple objects involved in resource creation, verify that they belong to the same account 
status 12776: resolved fixed
 2012-01-17 13:40:37 -08:00
Alena Prokharchyk bda032b874 bug 12760: generate vm.destroy event when vm goes from Stopped to Expuning state 
status 12760: resolved fixed
 2012-01-17 10:38:52 -08:00
Alena Prokharchyk f0c4980dff bug 13110: use Ternary data structure when build search criteria 
status 13110: resolved fixed
 2012-01-16 14:15:28 -08:00
Alena Prokharchyk a5900368b6 bug 13023: fixed listAccounts to return all accounts the user is authorized to see 
status 13023: resolved fixed
 2012-01-16 11:45:02 -08:00
kishan b589e49263 Bug 12929: Added domain_id to event table. Populate domain_id while persisting events. Cleanedup EventUtils. 
Status 12929: resolved fixed
Reviewed-By: Nitin
 2012-01-12 16:16:06 +05:30
Alena Prokharchyk c581506103 bug 12306: list* command revamp 2012-01-09 10:07:42 -08:00
Abhinandan Prateek 4f9cbdaadb bug 11303: passing the request params to the authenticators, callingh authenticators in a configurable chain 2012-01-02 14:55:26 +05:30
Alena Prokharchyk 8d27ecf4de bug 12635: enable project account when activate the project 
status 12635: resolved fixed
 2011-12-19 12:23:41 -08:00