843f6b1691
CLOUDSTACK-5236 : ability to identify where the user is from (ex. LDAP)
...
Added a source column to the user table.
Source now has only two values UNKNOWN,LDAP with UNKNOWN being the
default and is an enum is com.cloud.User.
When the source is UNKNOWN, the old method of authenticating against all
the available authenticators is used. If a source is available, only
that particular authenticator will be used.
added overloaded methods in AccountService to createUserAccount and
createUser with source specified.
(cherry picked from commit 5da733072e
2015-03-16 14:53:53 +05:30
43cf1da865
CLOUDSTACK-5238: password checks, NPE fixes and minor fixes
...
- insecure authenticators excluded in configuration
- snapshot response should have zone
- remove vmsnapshots when removing accounts
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 5481485a08
2015-02-27 18:24:46 +05:30
a75ff23131
CLOUDSTACK-8273: fix baremetal account creation
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit e000646790
2015-02-27 15:55:09 +05:30
4dde4106c0
server: Add missing import, fixes build
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2015-02-26 17:49:55 +05:30
6df2fe7a8a
CLOUDSTACK-8273: refactor baremetal user name to utils, restrict baremetal user
...
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit cb08707add
2015-02-26 17:47:01 +05:30
552f2ae60c
CLOUDSTACK-8191: SAML users should have their own accounts
...
(cherry picked from commit 876c78fe1b
2015-02-02 19:58:10 +05:30
b2393c31ed
move ConstantTimeComparator to utils
2015-01-14 12:14:00 +01:00
9b4e39e837
Use constant-time comparison functions when checking signatures
...
This limits the likeliness of timing attacks against the API.
See http://codahale.com/a-lesson-in-timing-attacks/ for the
full rationale.
Conflicts:
server/src/com/cloud/api/ApiServer.java
server/src/com/cloud/user/AccountManagerImpl.java
2015-01-14 11:32:29 +01:00
590667076d
CID-1256277 use StringBuffer in loop
2014-12-03 13:32:22 +01:00
af2f21894c
CLOUDSTACK-7983: Create Disk/Service Offering for Domain Admin
2014-12-01 13:03:37 +01:00
7ff31f1b22
Merge remote-tracking branch 'origin/inetaddress'
...
- Tested locally against unit tests
- TravisCI build passed: https://travis-ci.org/apache/cloudstack/builds/41990351
- Manual QA passed for basic auth and saml auth using default IDP settings
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Conflicts:
server/src/com/cloud/api/ApiServlet.java
2014-11-25 14:32:09 +05:30
3577423da9
removed executable flags from java classes
...
Signed-off-by: Laszlo Hornyak <laszlo.hornyak@gmail.com>
2014-11-23 19:49:01 +01:00
4bd49df3f5
Use InetAddress for passing Remote Address instead of String
2014-11-21 12:10:35 +01:00
f585dd2661
CLOUDSTACK-7902: Account creation results in exception in logs
...
Event publish code was wrapped in transaction, moved it out
2014-11-13 16:11:53 +05:30
5f7b4dbbb2
CLOUDSTACK-7471:Regular user is allowed to deleteNetwork/RestartNetwork
...
that does not belong to him.He is also able to deploy Vm for other
users.
2014-09-02 17:24:08 -07:00
736ff5f8e5
Fixed CLOUDSTACK-7303 [LDAP] while importing ldap users, update the user info if it already exists in cloudstack
2014-08-11 17:54:31 +05:30
5fa2d1c7ca
Fixed Bug: CLOUDSTACK-7200 [LDAP] importUsersCmd for a group fails incase any member of a group is not an user
2014-07-30 12:02:24 +05:30
2f832fddff
CLOUDSTACK-7164: fix NPE
2014-07-24 17:01:23 -07:00
b259bccee7
CLOUDSTACK-6742: listVolumes - As regularuser , able to list Vms and
...
volumes of other users.
2014-05-22 18:28:00 -07:00
ba848087f8
Disable IAM feature from 4.4 release.
2014-05-22 18:27:08 -07:00
51cb0f9a4a
CLOUDSTACK-6598:IAM - listAccount() retrurns "Caller cannot be passed as
...
NULL to IAM!" when domain deletion is in progress.
2014-05-08 17:56:20 -07:00
3314e11b70
CLOUDSTACK-6569: IAM - Regular user is able to listNetworks of another
...
user in the same domain , by passing account and domainId.
2014-05-02 14:58:11 -07:00
a9072a6612
CLOUDSTACK-6513: Optimize code by removing deprecated utility to
...
QueryManagerImpl as private method just used for listTemplates and
listAffinityGroups to avoid misuse by new list APIs.
2014-05-01 15:57:28 -07:00
f4779b4d0c
Fixed CLOUDSTACK-6509 Cannot import multiple LDAP/AD users into a cloudstack account
...
Conflicts:
api/src/com/cloud/user/AccountService.java
plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapCreateAccountCmd.java
plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LdapImportUsersCmd.java
Signed-off-by: Koushik Das <koushik@apache.org>
2014-04-29 14:49:06 +05:30
44ff7fea5f
CLOUDSTACK-6513: IAM - Templates - When templates are listed with
...
templatefilter="shared" is used , we see public templates also being
included in the list. This commit reverts listTemplates behavior to 4.3
old logic without using consistent interpretation of list parameters
adopted in new IAM model.
2014-04-28 11:11:53 -07:00
6af1a2919b
CLOUDSTACK-6501:IAM - DomainAdmin - When listVirtualMachines is used
...
with listall=true and account and domainId , Vms owned by the account
account is not listed.
2014-04-28 11:11:27 -07:00
9514c9e045
CLOUDSTACK-6349: IAM - No error message presented to the user , when
...
invalid password is provided.
- AccountManager now works using accountId instead of accountType in
following methods too:
- isResourceDomainAdmin()
- isAdmin()
2014-04-28 11:10:50 -07:00
797169457b
CLOUDSTACK-6349: IAM - No error message presented to the user , when invalid password is provided.
...
- AccountManager now works using accountId instead of accountType
2014-04-28 11:09:12 -07:00
be8c6fe626
test for AccountManagerImpl
...
- new test for disableUser
- unused code removed
- A redundant if branch removed - all branches are doing the same
Signed-off-by: Laszlo Hornyak <laszlo.hornyak@gmail.com>
2014-04-21 10:25:16 +02:00
c4892c2692
Fix FindBugs bug.
2014-04-18 17:31:29 -07:00
29f39149b1
Fix IAM list api implementation based on agreed interpretation for
...
listAll, isRecursive, domainId and account.
2014-04-17 18:33:22 -07:00
c25332fc46
CLOUDSTACK-6429:distinguish the case where caller can see everything and
...
the case where caller cannot see anything. Also change behavior to
default isRecursive to false if not specified.
2014-04-17 18:33:08 -07:00
c4b0a1e2d9
CLOUDSTACK-6350: IAM - Listing of VM using uuid when owner account of
...
this Vm is deleted results is VM not being returned.But list VM with
listAll=true is able to return this VM.
2014-04-17 18:06:29 -07:00
5d59fc7f5a
Fix RoleBasedQuerySelector to handle new listAll semantics. If
...
listAll=true, show all resources that caller (or impersonater) has
ListEntry access type; otherwise, show all resources that caller (or
impersonater) has UseEntry access type.
2014-04-17 18:06:07 -07:00
7796128372
Handle listAll flag in IAM buildAclSearchParameters.
2014-04-17 18:05:44 -07:00
da13165743
Change AccountManagerImpl.checkAccess to invoke SecurityChecker
...
interface that takes multiple controlled entities.
2014-04-17 17:53:01 -07:00
94ebc90877
Remove usage of sameOwner checkAccess invocation, and convert to
...
OperateEntry IAM check.
2014-04-04 16:38:29 -07:00
4e61e49143
CLOUDSTACK-6303 [Automation] [UI] Account creation hang in UI
...
Changes:
- Caused due to a MySql error during 'Project' account cleanup. The MySql error hits a deadlock bug in the MessageBus code that does not release the lock/decrement the counter Eventually all callers on the MessageBus end up waiting to enter
- This fixes the account cleanup MySql error.
2014-03-28 14:35:00 -07:00
36c0a4e2c3
Removed the AccessType.UseNetwork - replaced all referrences by AccessType.UseEntry
2014-03-13 15:32:38 -07:00
d9696b26e1
After merge, fix isRootAdmin() calls to use accountId instead of type
2014-03-13 13:28:40 -07:00
99bdc8d875
Merge branch 'master' into rbac.
2014-03-13 11:05:03 -07:00
7b0c5cfcbe
Removed unused methods from BaseCmd class. Moved some helper methods to AccountManagerImpl class
2014-03-07 11:33:10 -08:00
48e08fe676
Merge branch 'master' into rbac.
2014-03-06 14:02:20 -08:00
793becf524
CLOUDSTACK-5920: Add some interface methods and constants required by
...
IAM.
2014-03-05 09:40:55 -08:00
695d689de5
Adding annotations for more admin APIs
2014-03-04 18:14:05 -08:00
13e25d2aae
Fixed a bug in constructing search parameters with accountName passed.
2014-02-19 11:35:00 -08:00
8072e50845
Fixed a bug for listTemplates with TemplateFilter=shared.
2014-02-13 16:47:41 -08:00
939b15169c
changes to support the domain wide resources for Network
2014-02-03 17:34:03 -08:00
91317dc497
Changes for createDomain - create new group AND createAccount - add account to domain group
2014-01-28 09:48:19 -08:00
96a64b933e
- Adding OperateEntry during loading of commands
...
- Replace ListEntry By OperateEntry
- ApiDispatcher should pass on the API name
2014-01-23 17:50:59 -08:00
Rajani Karuturi
Rohit Yadav
Pierre-Yves Ritschard
Daan Hoogland
Wei Zhou
Laszlo Hornyak
Wido den Hollander
Koushik Das
Min Chen
Edison Su
Prachi Damle
Alena Prokharchyk