You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2015/03/13 10:33:44 UTC
[1/9] git commit: updated refs/heads/master to 6c71d3b
Repository: cloudstack
Updated Branches:
refs/heads/master 3d411dc61 -> 6c71d3bae
Error message exposes domain Id when deployVirtualMachine() is attempted on a shared network to which the user doesnot have access to.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit 0d36f2e4b520ecc85342ab8660e5547f675db12a)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6ccb9b1f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6ccb9b1f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6ccb9b1f
Branch: refs/heads/master
Commit: 6ccb9b1fc3c7be9cbb314aee7afb499169a891c0
Parents: 5608982
Author: Min Chen <mi...@citrix.com>
Authored: Wed Sep 17 15:34:12 2014 -0700
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 15:02:26 2015 +0530
----------------------------------------------------------------------
server/src/com/cloud/acl/AffinityGroupAccessChecker.java | 9 ++++++++-
server/src/com/cloud/network/NetworkModelImpl.java | 6 +++++-
2 files changed, 13 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6ccb9b1f/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/acl/AffinityGroupAccessChecker.java b/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
index 7bcecf0..57f7b37 100644
--- a/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
+++ b/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
@@ -28,9 +28,11 @@ import org.apache.cloudstack.affinity.AffinityGroup;
import org.apache.cloudstack.affinity.AffinityGroupService;
import org.apache.cloudstack.affinity.dao.AffinityGroupDomainMapDao;
+import com.cloud.domain.DomainVO;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.user.Account;
import com.cloud.user.AccountManager;
+import com.cloud.utils.exception.CloudRuntimeException;
@Component
@Local(value = SecurityChecker.class)
@@ -58,7 +60,12 @@ public class AffinityGroupAccessChecker extends DomainChecker {
if (group.getAclType() == ACLType.Domain) {
if (!_affinityGroupService.isAffinityGroupAvailableInDomain(group.getId(), caller.getDomainId())) {
- throw new PermissionDeniedException("Affinity group is not available in domain id=" + caller.getDomainId());
+ DomainVO callerDomain = _domainDao.findById(caller.getDomainId());
+ if (callerDomain == null) {
+ throw new CloudRuntimeException("cannot check permission on account " + caller.getAccountName() + " whose domain does not exist");
+ }
+
+ throw new PermissionDeniedException("Affinity group is not available in domain id=" + callerDomain.getUuid());
} else {
return true;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6ccb9b1f/server/src/com/cloud/network/NetworkModelImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkModelImpl.java b/server/src/com/cloud/network/NetworkModelImpl.java
index 4db7141..178796b 100644
--- a/server/src/com/cloud/network/NetworkModelImpl.java
+++ b/server/src/com/cloud/network/NetworkModelImpl.java
@@ -1598,8 +1598,12 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel {
} else {
if (!isNetworkAvailableInDomain(network.getId(), owner.getDomainId())) {
+ DomainVO ownerDomain = _domainDao.findById(owner.getDomainId());
+ if (ownerDomain == null) {
+ throw new CloudRuntimeException("cannot check permission on account " + owner.getAccountName() + " whose domain does not exist");
+ }
throw new PermissionDeniedException("Shared network id=" + ((NetworkVO)network).getUuid() + " is not available in domain id=" +
- owner.getDomainId());
+ ownerDomain.getUuid());
}
}
}
[5/9] git commit: updated refs/heads/master to 6c71d3b
Posted by bh...@apache.org.
CS-19734:Session cookie is exposed to scripts.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit 0b5b9c91e451d069c501a08a34523eccd22dff05)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b9d624da
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b9d624da
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b9d624da
Branch: refs/heads/master
Commit: b9d624dae0599dff7ed7dbd6642d113e9ec901e0
Parents: 64816db
Author: Min Chen <mi...@citrix.com>
Authored: Fri Jul 18 12:08:07 2014 -0700
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 15:02:27 2015 +0530
----------------------------------------------------------------------
client/tomcatconf/context.xml.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b9d624da/client/tomcatconf/context.xml.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/context.xml.in b/client/tomcatconf/context.xml.in
index 9913dd1..a78215c 100644
--- a/client/tomcatconf/context.xml.in
+++ b/client/tomcatconf/context.xml.in
@@ -16,7 +16,7 @@
limitations under the License.
-->
<!-- The contents of this file will be loaded for each web application -->
-<Context allowLinking="true">
+<Context allowLinking="true" useHttpOnly="true">
<!-- Default set of monitored resources -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
[8/9] git commit: updated refs/heads/master to 6c71d3b
Posted by bh...@apache.org.
CS-18149: UI - no longer store sessionKey in cookie. After
... this change, opening the 2nd browser window (of the same
domain) will show login screen (i.e. user has to enter
credentials again) and will cause the 1st browser window
session timeout.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit 19e3c0168e744a76b5e1dc24a5eafa776d342404)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/a308f372
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/a308f372
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/a308f372
Branch: refs/heads/master
Commit: a308f37232748d422be56bbda62ac34fe44fcf55
Parents: b9d624d
Author: Jessica Wang <je...@apache.org>
Authored: Fri Mar 13 13:14:42 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 15:02:27 2015 +0530
----------------------------------------------------------------------
ui/scripts/cloudStack.js | 17 +++++++----------
1 file changed, 7 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a308f372/ui/scripts/cloudStack.js
----------------------------------------------------------------------
diff --git a/ui/scripts/cloudStack.js b/ui/scripts/cloudStack.js
index 66598a9..2adb89c 100644
--- a/ui/scripts/cloudStack.js
+++ b/ui/scripts/cloudStack.js
@@ -105,10 +105,10 @@
bypassLoginCheck: function(args) { //determine to show or bypass login screen
if (g_loginResponse == null) { //show login screen
/*
- but if this is a 2nd browser window (of the same domain), login screen still won't show because $.cookie('sessionKey') is valid for 2nd browser window (of the same domain) as well.
- i.e. calling listCapabilities API with g_sessionKey from $.cookie('sessionKey') will succeed,
- then userValid will be set to true, then an user object (instead of "false") will be returned, then login screen will be bypassed.
- */
+ * Since we no longer store sessionKey in cookie, opening the
+ * 2nd browser window (of the same domain) will show login screen (i.e. user has to
+ * enter credentials again) and will cause the 1st browser window session timeout.
+ */
var unBoxCookieValue = function (cookieName) {
var cookieValue = $.cookie(cookieName);
if (cookieValue && cookieValue.length > 2 && cookieValue[0] === '"' && cookieValue[cookieValue.length-1] === '"') {
@@ -117,7 +117,7 @@
}
return cookieValue;
};
- g_sessionKey = unBoxCookieValue('sessionKey');
+ g_sessionKey = unBoxCookieValue('JSESSIONID');
g_role = unBoxCookieValue('role');
g_userid = unBoxCookieValue('userid');
g_domainid = unBoxCookieValue('domainid');
@@ -226,9 +226,6 @@
g_timezone = loginresponse.timezone;
g_userfullname = loginresponse.firstname + ' ' + loginresponse.lastname;
- $.cookie('sessionKey', g_sessionKey, {
- expires: 1
- });
$.cookie('username', g_username, {
expires: 1
});
@@ -324,7 +321,7 @@
g_regionsecondaryenabled = null;
g_loginCmdText = null;
- $.cookie('sessionKey', null);
+ $.cookie('JSESSIONID', null);
$.cookie('username', null);
$.cookie('account', null);
$.cookie('domainid', null);
@@ -347,7 +344,7 @@
},
samlLoginAction: function(args) {
- $.cookie('sessionKey', null);
+ $.cookie('JSESSIONID', null);
$.cookie('username', null);
$.cookie('account', null);
$.cookie('domainid', null);
[6/9] git commit: updated refs/heads/master to 6c71d3b
Posted by bh...@apache.org.
CS-17504: Weak SSL ciphers supported by the management server
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit 20a63c409d52b2c3dffc8ea58dd25ffb7e55d0e8)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Conflicts:
packaging/centos63/cloud.spec
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/ac1a2207
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/ac1a2207
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/ac1a2207
Branch: refs/heads/master
Commit: ac1a2207ef3002637749773c02ecfaaaef0d0854
Parents: a308f37
Author: Harikrishna Patnala <ha...@citrix.com>
Authored: Tue Nov 4 17:47:04 2014 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 15:02:27 2015 +0530
----------------------------------------------------------------------
client/tomcatconf/java.security.ciphers.in | 18 ++++++++++++++++++
client/tomcatconf/tomcat6-nonssl.conf.in | 2 +-
client/tomcatconf/tomcat6-ssl.conf.in | 2 +-
debian/cloudstack-management.install | 1 +
packaging/centos63/cloud.spec | 2 +-
packaging/centos7/cloud.spec | 2 +-
packaging/fedora20/cloud.spec | 2 +-
packaging/fedora21/cloud.spec | 2 +-
8 files changed, 25 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ac1a2207/client/tomcatconf/java.security.ciphers.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/java.security.ciphers.in b/client/tomcatconf/java.security.ciphers.in
new file mode 100644
index 0000000..986abf6
--- /dev/null
+++ b/client/tomcatconf/java.security.ciphers.in
@@ -0,0 +1,18 @@
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements. See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership. The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing,
+ # software distributed under the License is distributed on an
+ # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ # KIND, either express or implied. See the License for the
+ # specific language governing permissions and limitations
+ # under the License.
+
+jdk.tls.disabledAlgorithms=DH keySize < 128, RSA keySize < 128, DES keySize < 128, SHA1 keySize < 128, MD5 keySize < 128, RC4
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ac1a2207/client/tomcatconf/tomcat6-nonssl.conf.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/tomcat6-nonssl.conf.in b/client/tomcatconf/tomcat6-nonssl.conf.in
index 5ce724c..3f08c90 100644
--- a/client/tomcatconf/tomcat6-nonssl.conf.in
+++ b/client/tomcatconf/tomcat6-nonssl.conf.in
@@ -41,7 +41,7 @@ CATALINA_TMPDIR="@MSENVIRON@/temp"
# Use JAVA_OPTS to set java.library.path for libtcnative.so
#JAVA_OPTS="-Djava.library.path=/usr/lib64"
-JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:PermSize=512M -XX:MaxPermSize=800m"
+JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:PermSize=512M -XX:MaxPermSize=800m -Djava.security.properties=/etc/cloudstack/management/java.security.ciphers"
# What user should run tomcat
TOMCAT_USER="@MSUSER@"
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ac1a2207/client/tomcatconf/tomcat6-ssl.conf.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/tomcat6-ssl.conf.in b/client/tomcatconf/tomcat6-ssl.conf.in
index c967a98..e7c53ac 100644
--- a/client/tomcatconf/tomcat6-ssl.conf.in
+++ b/client/tomcatconf/tomcat6-ssl.conf.in
@@ -40,7 +40,7 @@ CATALINA_TMPDIR="@MSENVIRON@/temp"
# Use JAVA_OPTS to set java.library.path for libtcnative.so
#JAVA_OPTS="-Djava.library.path=/usr/lib64"
-JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Djavax.net.ssl.trustStore=/etc/cloudstack/management/cloudmanagementserver.keystore -Djavax.net.ssl.trustStorePassword=vmops.com -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:MaxPermSize=800m -XX:PermSize=512M"
+JAVA_OPTS="-Djava.awt.headless=true -Dcom.sun.management.jmxremote=false -Djavax.net.ssl.trustStore=/etc/cloudstack/management/cloudmanagementserver.keystore -Djavax.net.ssl.trustStorePassword=vmops.com -Xmx2g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=@MSLOGDIR@ -XX:MaxPermSize=800m -XX:PermSize=512M -Djava.security.properties=/etc/cloudstack/management/java.security.ciphers"
# What user should run tomcat
TOMCAT_USER="@MSUSER@"
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ac1a2207/debian/cloudstack-management.install
----------------------------------------------------------------------
diff --git a/debian/cloudstack-management.install b/debian/cloudstack-management.install
index ea3f93b..4e016df 100644
--- a/debian/cloudstack-management.install
+++ b/debian/cloudstack-management.install
@@ -30,6 +30,7 @@
/etc/cloudstack/management/tomcat6.conf
/etc/cloudstack/management/web.xml
/etc/cloudstack/management/environment.properties
+/etc/cloudstack/management/java.security.ciphers
/etc/cloudstack/management/log4j-cloud.xml
/etc/cloudstack/management/tomcat-users.xml
/etc/cloudstack/management/context.xml
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ac1a2207/packaging/centos63/cloud.spec
----------------------------------------------------------------------
diff --git a/packaging/centos63/cloud.spec b/packaging/centos63/cloud.spec
index 07b3360..83e3c0c 100644
--- a/packaging/centos63/cloud.spec
+++ b/packaging/centos63/cloud.spec
@@ -290,7 +290,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/cl
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/vms
for name in db.properties log4j-cloud.xml tomcat6-nonssl.conf tomcat6-ssl.conf server-ssl.xml server-nonssl.xml \
- catalina.policy catalina.properties classpath.conf tomcat-users.xml web.xml environment.properties ; do
+ catalina.policy catalina.properties classpath.conf tomcat-users.xml web.xml environment.properties java.security.ciphers; do
mv ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/$name \
${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/management/$name
done
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ac1a2207/packaging/centos7/cloud.spec
----------------------------------------------------------------------
diff --git a/packaging/centos7/cloud.spec b/packaging/centos7/cloud.spec
index 3aec349..b6c9559 100644
--- a/packaging/centos7/cloud.spec
+++ b/packaging/centos7/cloud.spec
@@ -264,7 +264,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/cl
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/vms
for name in catalina.properties db.properties log4j-cloud.xml web.xml cloud-bridge.properties\
- ec2-service.properties server.xml commons-logging.properties environment.properties tomcat-users.xml
+ ec2-service.properties server.xml commons-logging.properties environment.properties java.security.ciphers tomcat-users.xml
do
cp packaging/centos7/tomcat7/$name \
${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/management/$name
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ac1a2207/packaging/fedora20/cloud.spec
----------------------------------------------------------------------
diff --git a/packaging/fedora20/cloud.spec b/packaging/fedora20/cloud.spec
index 84b29db..1bb1c97 100644
--- a/packaging/fedora20/cloud.spec
+++ b/packaging/fedora20/cloud.spec
@@ -292,7 +292,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/cl
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/vms
for name in db.properties log4j-cloud.xml tomcat6-nonssl.conf tomcat6-ssl.conf server-ssl.xml server-nonssl.xml \
- catalina.policy catalina.properties classpath.conf tomcat-users.xml web.xml environment.properties ; do
+ catalina.policy catalina.properties classpath.conf tomcat-users.xml web.xml environment.properties java.security.ciphers ; do
mv ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/$name \
${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/management/$name
done
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ac1a2207/packaging/fedora21/cloud.spec
----------------------------------------------------------------------
diff --git a/packaging/fedora21/cloud.spec b/packaging/fedora21/cloud.spec
index 98b12ba..661d807 100644
--- a/packaging/fedora21/cloud.spec
+++ b/packaging/fedora21/cloud.spec
@@ -292,7 +292,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/cl
rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/vms
for name in db.properties log4j-cloud.xml tomcat6-nonssl.conf tomcat6-ssl.conf server-ssl.xml server-nonssl.xml \
- catalina.policy catalina.properties classpath.conf tomcat-users.xml web.xml environment.properties ; do
+ catalina.policy catalina.properties classpath.conf tomcat-users.xml web.xml environment.properties java.security.ciphers ; do
mv ${RPM_BUILD_ROOT}%{_datadir}/%{name}-management/webapps/client/WEB-INF/classes/$name \
${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/management/$name
done
[3/9] git commit: updated refs/heads/master to 6c71d3b
Posted by bh...@apache.org.
Avoid distributing private key for realhostip.com
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit d94a5720efbadb2e538dc68c45c88288486b68f6)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/76562265
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/76562265
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/76562265
Branch: refs/heads/master
Commit: 765622658a87d6bfa72eb49a4ed68ebdb5302db5
Parents: ac1a220
Author: Nitin Mehta <ni...@citrix.com>
Authored: Fri Mar 13 13:33:48 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 15:02:27 2015 +0530
----------------------------------------------------------------------
.../cloud/upgrade/dao/Upgrade2213to2214.java | 35 +-------
.../schema/src/com/cloud/vm/ConsoleProxyVO.java | 91 ++------------------
.../com/cloud/consoleproxy/AgentHookBase.java | 14 +--
.../consoleproxy/ConsoleProxyManagerImpl.java | 36 ++------
.../ConsoleProxySecureServerFactoryImpl.java | 34 +-------
5 files changed, 29 insertions(+), 181 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/76562265/engine/schema/src/com/cloud/upgrade/dao/Upgrade2213to2214.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade2213to2214.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade2213to2214.java
index f3293ba..a8bf80c 100644
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade2213to2214.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade2213to2214.java
@@ -19,7 +19,6 @@ package com.cloud.upgrade.dao;
import java.io.File;
import java.sql.Connection;
import java.sql.PreparedStatement;
-import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
@@ -28,7 +27,6 @@ import org.apache.log4j.Logger;
import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.utils.script.Script;
-import com.cloud.vm.ConsoleProxyVO;
public class Upgrade2213to2214 implements DbUpgrade {
final static Logger s_logger = Logger.getLogger(Upgrade2213to2214.class);
@@ -58,40 +56,11 @@ public class Upgrade2213to2214 implements DbUpgrade {
return new File[] {new File(script)};
}
- private void upgradeCerts(Connection conn) {
- PreparedStatement pstmt;
- try {
- pstmt = conn.prepareStatement("select md5(`cloud`.`keystore`.key) from `cloud`.`keystore` where name = 'CPVMCertificate'");
- ResultSet rs = pstmt.executeQuery();
- while (rs.next()) {
- String privateKeyMd5 = rs.getString(1);
- if (privateKeyMd5.equalsIgnoreCase("432ea1370f57ccd774f4f36052c5fd73")) {
- s_logger.debug("Need to upgrade cloudstack provided certificate");
- pstmt = conn.prepareStatement("update `cloud`.`keystore` set `cloud`.`keystore`.key = ?, certificate = ? where name = 'CPVMCertificate'");
- pstmt.setString(1, ConsoleProxyVO.keyContent);
- pstmt.setString(2, ConsoleProxyVO.certContent);
- pstmt.executeUpdate();
-
- pstmt = conn.prepareStatement("insert into `cloud`.`keystore` (name, certificate, seq, domain_suffix) VALUES (?,?,?,?)");
- pstmt.setString(1, "root");
- pstmt.setString(2, ConsoleProxyVO.rootCa);
- pstmt.setInt(3, 0);
- pstmt.setString(4, "realhostip.com");
- pstmt.executeUpdate();
- }
- }
- rs.close();
- pstmt.close();
- } catch (SQLException e) {
- s_logger.debug("Failed to upgrade keystore: " + e.toString());
- }
-
- }
-
@Override
public void performDataMigration(Connection conn) {
fixIndexes(conn);
- upgradeCerts(conn);
+ //Remove certificate upgrade since RHIP is being retired
+ //upgradeCerts(conn);
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/76562265/engine/schema/src/com/cloud/vm/ConsoleProxyVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/vm/ConsoleProxyVO.java b/engine/schema/src/com/cloud/vm/ConsoleProxyVO.java
index 9d79193..de1d993 100644
--- a/engine/schema/src/com/cloud/vm/ConsoleProxyVO.java
+++ b/engine/schema/src/com/cloud/vm/ConsoleProxyVO.java
@@ -38,81 +38,6 @@ import com.cloud.hypervisor.Hypervisor.HypervisorType;
@PrimaryKeyJoinColumn(name = "id")
@DiscriminatorValue(value = "ConsoleProxy")
public class ConsoleProxyVO extends VMInstanceVO implements ConsoleProxy {
- public static final String keyContent = "-----BEGIN PRIVATE KEY-----\n" + "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCDT9AtEfs+s/I8QXp6rrCw0iNJ\n"
- + "0+GgsybNHheU+JpL39LMTZykCrZhZnyDvwdxCoOfE38Sa32baHKNds+y2SHnMNsOkw8OcNucHEBX\n"
- + "1FIpOBGph9D6xC+umx9od6xMWETUv7j6h2u+WC3OhBM8fHCBqIiAol31/IkcqDxxsHlQ8S/oCfTl\n"
- + "XJUY6Yn628OA1XijKdRnadV0hZ829cv/PZKljjwQUTyrd0KHQeksBH+YAYSo2JUl8ekNLsOi8/cP\n"
- + "tfojnltzRI1GXi0ZONs8VnDzJ0a2gqZY+uxlz+CGbLnGnlN4j9cBpE+MfUE+35Dq121sTpsSgF85\n"
- + "Mz+pVhn2S633AgMBAAECggEAH/Szd9RxbVADenCA6wxKSa3KErRyq1YN8ksJeCKMAj0FIt0caruE\n"
- + "qO11DebWW8cwQu1Otl/cYI6pmg24/BBldMrp9IELX/tNJo+lhPpRyGAxxC0eSXinFfoASb8d+jJd\n"
- + "Bd1mmemM6fSxqRlxSP4LrzIhjhR1g2CiyYuTsiM9UtoVKGyHwe7KfFwirUOJo3Mr18zUVNm7YqY4\n"
- + "IVhOSq59zkH3ULBlYq4bG50jpxa5mNSCZ7IpafPY/kE/CbR+FWNt30+rk69T+qb5abg6+XGm+OAm\n"
- + "bnQ18yZEqX6nJLk7Ch0cfA5orGgrTMOrM71wK7tBBDQ308kOxDGebx6j0qD36QKBgQDTRDr8kuhA\n"
- + "9sUyKr9vk2DQCMpNvEeiwI3JRMqmmxpNAtg01aJ3Ya57vX5Fc+zcuV87kP6FM1xgpHQvnw5LWo2J\n"
- + "s7ANwQcP8ricEW5zkZhSjI4ssMeAubmsHOloGxmLFYZqwx0JI7CWViGTLMcUlqKblmHcjeQDeDfP\n"
- + "P1TaCItFmwKBgQCfHZwVvIcaDs5vxVpZ4ftvflIrW8qq0uOVK6QIf9A/YTGhCXl2qxxTg2A6+0rg\n"
- + "ZqI7zKzUDxIbVv0KlgCbpHDC9d5+sdtDB3wW2pimuJ3p1z4/RHb4n/lDwXCACZl1S5l24yXX2pFZ\n"
- + "wdPCXmy5PYkHMssFLNhI24pprUIQs66M1QKBgQDQwjAjWisD3pRXESSfZRsaFkWJcM28hdbVFhPF\n"
- + "c6gWhwQLmTp0CuL2RPXcPUPFi6sN2iWWi3zxxi9Eyz+9uBn6AsOpo56N5MME/LiOnETO9TKb+Ib6\n"
- + "rQtKhjshcv3XkIqFPo2XdVvOAgglPO7vajX91iiXXuH7h7RmJud6l0y/lwKBgE+bi90gLuPtpoEr\n"
- + "VzIDKz40ED5bNYHT80NNy0rpT7J2GVN9nwStRYXPBBVeZq7xCpgqpgmO5LtDAWULeZBlbHlOdBwl\n"
- + "NhNKKl5wzdEUKwW0yBL1WSS5PQgWPwgARYP25/ggW22sj+49WIo1neXsEKPGWObk8e050f1fTt92\n"
- + "Vo1lAoGAb1gCoyBCzvi7sqFxm4V5oapnJeiQQJFjhoYWqGa26rQ+AvXXNuBcigIeDXNJPctSF0Uc\n"
- + "p11KbbCgiruBbckvM1vGsk6Sx4leRk+IFHRpJktFUek4o0eUg0shOsyyvyet48Dfg0a8FvcxROs0\n" + "gD+IYds5doiob/hcm1hnNB/3vk4=\n" + "-----END PRIVATE KEY-----\n";
-
- public static final String certContent = "-----BEGIN CERTIFICATE-----\n" + "MIIFZTCCBE2gAwIBAgIHKBCduBUoKDANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE\n"
- + "BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAY\n" + "BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlm\n"
- + "aWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5\n" + "IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMDc5Njky\n"
- + "ODcwHhcNMTIwMjAzMDMzMDQwWhcNMTcwMjA3MDUxMTIzWjBZMRkwFwYDVQQKDBAq\n" + "LnJlYWxob3N0aXAuY29tMSEwHwYDVQQLDBhEb21haW4gQ29udHJvbCBWYWxpZGF0\n"
- + "ZWQxGTAXBgNVBAMMECoucmVhbGhvc3RpcC5jb20wggEiMA0GCSqGSIb3DQEBAQUA\n" + "A4IBDwAwggEKAoIBAQCDT9AtEfs+s/I8QXp6rrCw0iNJ0+GgsybNHheU+JpL39LM\n"
- + "TZykCrZhZnyDvwdxCoOfE38Sa32baHKNds+y2SHnMNsOkw8OcNucHEBX1FIpOBGp\n" + "h9D6xC+umx9od6xMWETUv7j6h2u+WC3OhBM8fHCBqIiAol31/IkcqDxxsHlQ8S/o\n"
- + "CfTlXJUY6Yn628OA1XijKdRnadV0hZ829cv/PZKljjwQUTyrd0KHQeksBH+YAYSo\n" + "2JUl8ekNLsOi8/cPtfojnltzRI1GXi0ZONs8VnDzJ0a2gqZY+uxlz+CGbLnGnlN4\n"
- + "j9cBpE+MfUE+35Dq121sTpsSgF85Mz+pVhn2S633AgMBAAGjggG+MIIBujAPBgNV\n" + "HRMBAf8EBTADAQEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNV\n"
- + "HQ8BAf8EBAMCBaAwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nb2RhZGR5\n" + "LmNvbS9nZHMxLTY0LmNybDBTBgNVHSAETDBKMEgGC2CGSAGG/W0BBxcBMDkwNwYI\n"
- + "KwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3Np\n" + "dG9yeS8wgYAGCCsGAQUFBwEBBHQwcjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Au\n"
- + "Z29kYWRkeS5jb20vMEoGCCsGAQUFBzAChj5odHRwOi8vY2VydGlmaWNhdGVzLmdv\n" + "ZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RfaW50ZXJtZWRpYXRlLmNydDAfBgNVHSME\n"
- + "GDAWgBT9rGEyk2xF1uLuhV+auud2mWjM5zArBgNVHREEJDAighAqLnJlYWxob3N0\n" + "aXAuY29tgg5yZWFsaG9zdGlwLmNvbTAdBgNVHQ4EFgQUZyJz9/QLy5TWIIscTXID\n"
- + "E8Xk47YwDQYJKoZIhvcNAQEFBQADggEBAKiUV3KK16mP0NpS92fmQkCLqm+qUWyN\n" + "BfBVgf9/M5pcT8EiTZlS5nAtzAE/eRpBeR3ubLlaAogj4rdH7YYVJcDDLLoB2qM3\n"
- + "qeCHu8LFoblkb93UuFDWqRaVPmMlJRnhsRkL1oa2gM2hwQTkBDkP7w5FG1BELCgl\n" + "gZI2ij2yxjge6pOEwSyZCzzbCcg9pN+dNrYyGEtB4k+BBnPA3N4r14CWbk+uxjrQ\n"
- + "6j2Ip+b7wOc5IuMEMl8xwTyjuX3lsLbAZyFI9RCyofwA9NqIZ1GeB6Zd196rubQp\n" + "93cmBqGGjZUs3wMrGlm7xdjlX6GQ9UvmvkMub9+lL99A5W50QgCmFeI=\n"
- + "-----END CERTIFICATE-----\n";
-
- public static final String rootCa = "-----BEGIN CERTIFICATE-----\n" + "MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx\n"
- + "ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g\n" + "RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw\n"
- + "MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH\n" + "QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j\n"
- + "b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j\n" + "b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj\n"
- + "YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN\n" + "AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H\n"
- + "KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm\n" + "VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR\n"
- + "SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT\n" + "cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ\n"
- + "6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu\n" + "MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS\n"
- + "kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB\n" + "BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f\n"
- + "BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv\n" + "c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH\n"
- + "AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO\n" + "BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG\n"
- + "OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU\n" + "A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o\n"
- + "0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX\n" + "RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH\n"
- + "qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV\n" + "U+4=\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n"
- + "MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh\n" + "bGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu\n"
- + "Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24g\n" + "QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAe\n"
- + "BgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTA0MDYyOTE3MDYyMFoX\n" + "DTI0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBE\n"
- + "YWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0\n" + "aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgC\n"
- + "ggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv\n" + "2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+q\n"
- + "N1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiO\n" + "r18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lN\n"
- + "f4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEH\n" + "U1jPEX44dMX4/7VpkI+EdOqXG68CAQOjggHhMIIB3TAdBgNVHQ4EFgQU0sSw0pHU\n"
- + "TBFxs2HLPaH+3ahq1OMwgdIGA1UdIwSByjCBx6GBwaSBvjCBuzEkMCIGA1UEBxMb\n" + "VmFsaUNlcnQgVmFsaWRhdGlvbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwg\n"
- + "SW5jLjE1MDMGA1UECxMsVmFsaUNlcnQgQ2xhc3MgMiBQb2xpY3kgVmFsaWRhdGlv\n" + "biBBdXRob3JpdHkxITAfBgNVBAMTGGh0dHA6Ly93d3cudmFsaWNlcnQuY29tLzEg\n"
- + "MB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5jb22CAQEwDwYDVR0TAQH/BAUw\n" + "AwEB/zAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmdv\n"
- + "ZGFkZHkuY29tMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jZXJ0aWZpY2F0ZXMu\n" + "Z29kYWRkeS5jb20vcmVwb3NpdG9yeS9yb290LmNybDBLBgNVHSAERDBCMEAGBFUd\n"
- + "IAAwODA2BggrBgEFBQcCARYqaHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv\n" + "bS9yZXBvc2l0b3J5MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQC1\n"
- + "QPmnHfbq/qQaQlpE9xXUhUaJwL6e4+PrxeNYiY+Sn1eocSxI0YGyeR+sBjUZsE4O\n" + "WBsUs5iB0QQeyAfJg594RAoYC5jcdnplDQ1tgMQLARzLrUc+cb53S8wGd9D0Vmsf\n"
- + "SxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw==\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n"
- + "MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0\n" + "IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz\n"
- + "BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y\n" + "aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG\n"
- + "9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy\n" + "NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y\n"
- + "azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs\n" + "YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw\n"
- + "Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl\n" + "cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY\n"
- + "dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9\n" + "WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS\n"
- + "v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v\n" + "UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu\n"
- + "IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC\n" + "W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd\n" + "-----END CERTIFICATE-----\n";
@Column(name = "public_ip_address", nullable = false)
private String publicIpAddress;
@@ -170,41 +95,41 @@ public class ConsoleProxyVO extends VMInstanceVO implements ConsoleProxy {
}
public void setLastUpdateTime(Date time) {
- this.lastUpdateTime = time;
+ lastUpdateTime = time;
}
public void setSessionDetails(byte[] details) {
- this.sessionDetails = details;
+ sessionDetails = details;
}
@Override
public String getPublicIpAddress() {
- return this.publicIpAddress;
+ return publicIpAddress;
}
@Override
public String getPublicNetmask() {
- return this.publicNetmask;
+ return publicNetmask;
}
@Override
public String getPublicMacAddress() {
- return this.publicMacAddress;
+ return publicMacAddress;
}
@Override
public int getActiveSession() {
- return this.activeSession;
+ return activeSession;
}
@Override
public Date getLastUpdateTime() {
- return this.lastUpdateTime;
+ return lastUpdateTime;
}
@Override
public byte[] getSessionDetails() {
- return this.sessionDetails;
+ return sessionDetails;
}
public boolean isSslEnabled() {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/76562265/server/src/com/cloud/consoleproxy/AgentHookBase.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/consoleproxy/AgentHookBase.java b/server/src/com/cloud/consoleproxy/AgentHookBase.java
index b61ba13..c391182 100644
--- a/server/src/com/cloud/consoleproxy/AgentHookBase.java
+++ b/server/src/com/cloud/consoleproxy/AgentHookBase.java
@@ -42,6 +42,7 @@ import com.cloud.agent.api.GetVncPortCommand;
import com.cloud.agent.api.StartupCommand;
import com.cloud.agent.api.StartupProxyCommand;
import com.cloud.agent.api.proxy.StartConsoleProxyAgentHttpHandlerCommand;
+import com.cloud.configuration.Config;
import com.cloud.exception.AgentUnavailableException;
import com.cloud.exception.OperationTimedoutException;
import com.cloud.host.Host;
@@ -196,12 +197,15 @@ public abstract class AgentHookBase implements AgentHook {
random.nextBytes(randomBytes);
String storePassword = Base64.encodeBase64String(randomBytes);
- byte[] ksBits = _ksMgr.getKeystoreBits(ConsoleProxyManager.CERTIFICATE_NAME, ConsoleProxyManager.CERTIFICATE_NAME, storePassword);
-
- assert (ksBits != null);
- if (ksBits == null) {
- s_logger.error("Could not find and construct a valid SSL certificate");
+ byte[] ksBits = null;
+ String consoleProxyUrlDomain = _configDao.getValue(Config.ConsoleProxyUrlDomain.key());
+ if (consoleProxyUrlDomain == null || consoleProxyUrlDomain.isEmpty()) {
+ s_logger.debug("SSL is disabled for console proxy based on global config, skip loading certificates");
+ } else {
+ ksBits = _ksMgr.getKeystoreBits(ConsoleProxyManager.CERTIFICATE_NAME, ConsoleProxyManager.CERTIFICATE_NAME, storePassword);
+ //ks manager raises exception if ksBits are null, hence no need to explicltly handle the condition
}
+
cmd = new StartConsoleProxyAgentHttpHandlerCommand(ksBits, storePassword);
cmd.setEncryptorPassword(getEncryptorPassword());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/76562265/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
index 478aab1..8a065dc 100644
--- a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
+++ b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
@@ -30,8 +30,12 @@ import javax.ejb.Local;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
-import org.apache.cloudstack.config.ApiServiceConfiguration;
+import org.apache.log4j.Logger;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import org.apache.cloudstack.config.ApiServiceConfiguration;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
@@ -43,7 +47,6 @@ import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao;
import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
import org.apache.cloudstack.storage.datastore.db.TemplateDataStoreDao;
import org.apache.cloudstack.storage.datastore.db.TemplateDataStoreVO;
-import org.apache.log4j.Logger;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.Answer;
@@ -137,8 +140,6 @@ import com.cloud.vm.VirtualMachineProfile;
import com.cloud.vm.dao.ConsoleProxyDao;
import com.cloud.vm.dao.UserVmDetailsDao;
import com.cloud.vm.dao.VMInstanceDao;
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
//
// Possible console proxy state transition cases
@@ -380,7 +381,9 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
}
KeystoreVO ksVo = _ksDao.findByName(ConsoleProxyManager.CERTIFICATE_NAME);
- assert (ksVo != null);
+ if (proxy.isSslEnabled() && ksVo == null) {
+ s_logger.warn("SSL enabled for console proxy but no server certificate found in database");
+ }
if (_staticPublicIp == null) {
return new ConsoleProxyInfo(proxy.isSslEnabled(), proxy.getPublicIpAddress(), _consoleProxyPort, proxy.getPort(), _consoleProxyUrlDomain);
@@ -1168,27 +1171,6 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
return "consoleproxy.alloc";
}
- private void prepareDefaultCertificate() {
- GlobalLock lock = GlobalLock.getInternLock("consoleproxy.cert.setup");
- try {
- if (lock.lock(ACQUIRE_GLOBAL_LOCK_TIMEOUT_FOR_SYNC)) {
- KeystoreVO ksVo = _ksDao.findByName(CERTIFICATE_NAME);
- if (ksVo == null) {
- _ksDao.save(CERTIFICATE_NAME, ConsoleProxyVO.certContent, ConsoleProxyVO.keyContent, "realhostip.com");
- KeystoreVO caRoot = new KeystoreVO();
- caRoot.setCertificate(ConsoleProxyVO.rootCa);
- caRoot.setDomainSuffix("realhostip.com");
- caRoot.setName("root");
- caRoot.setIndex(0);
- _ksDao.persist(caRoot);
- }
- lock.unlock();
- }
- } finally {
- lock.releaseRef();
- }
- }
-
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
if (s_logger.isInfoEnabled()) {
@@ -1246,8 +1228,6 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
_instance = "DEFAULT";
}
- prepareDefaultCertificate();
-
Map<String, String> agentMgrConfigs = _configDao.getConfiguration("AgentManager", params);
value = agentMgrConfigs.get("port");
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/76562265/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
----------------------------------------------------------------------
diff --git a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
index e15ddd4..5df971c 100644
--- a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
+++ b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
@@ -16,7 +16,6 @@
// under the License.
package com.cloud.consoleproxy;
-import com.cloud.utils.db.DbProperties;
import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsParameters;
@@ -31,7 +30,6 @@ import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import java.io.ByteArrayInputStream;
-import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.KeyStore;
@@ -49,36 +47,8 @@ public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFa
s_logger.info("Start initializing SSL");
if (ksBits == null) {
- try {
- s_logger.info("Initializing SSL from built-in default certificate");
-
- final String pass = DbProperties.getDbProperties().getProperty("db.cloud.keyStorePassphrase");
- char[] passphrase = "vmops.com".toCharArray();
- if (pass != null) {
- passphrase = pass.toCharArray();
- }
- KeyStore ks = KeyStore.getInstance("JKS");
-
- ks.load(new FileInputStream("certs/realhostip.keystore"), passphrase);
- // ks.load(ConsoleProxy.class.getResourceAsStream("/realhostip.keystore"), passphrase);
-
- s_logger.info("SSL certificate loaded");
-
- KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
- kmf.init(ks, passphrase);
- s_logger.info("Key manager factory is initialized");
-
- TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
- tmf.init(ks);
- s_logger.info("Trust manager factory is initialized");
-
- sslContext = SSLUtils.getSSLContext();
- sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
- s_logger.info("SSL context is initialized");
- } catch (Exception ioe) {
- s_logger.error(ioe.toString(), ioe);
- }
-
+ // this should not be the case
+ s_logger.info("No certificates passed, recheck global configuration and certificates");
} else {
char[] passphrase = ksPassword != null ? ksPassword.toCharArray() : null;
try {
[4/9] git commit: updated refs/heads/master to 6c71d3b
Posted by bh...@apache.org.
CS-20680: The user's secret key is not encrypted in the UserCredentialsVO class
Changes:
-Added annotation to encrypt the secret key while persisting to the DB
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit c5754e693f0272b29fc0aa89278a30ee967f12f9)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/64816dbf
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/64816dbf
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/64816dbf
Branch: refs/heads/master
Commit: 64816dbfbdf0ebde0b9b8c46c40e844590f7cc4e
Parents: 6ccb9b1
Author: Prachi Damle <pr...@citrix.com>
Authored: Wed Oct 15 14:53:45 2014 -0700
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 15:02:27 2015 +0530
----------------------------------------------------------------------
awsapi/src/com/cloud/bridge/model/UserCredentialsVO.java | 3 +++
1 file changed, 3 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/64816dbf/awsapi/src/com/cloud/bridge/model/UserCredentialsVO.java
----------------------------------------------------------------------
diff --git a/awsapi/src/com/cloud/bridge/model/UserCredentialsVO.java b/awsapi/src/com/cloud/bridge/model/UserCredentialsVO.java
index 9a10c2e..fe009cd 100644
--- a/awsapi/src/com/cloud/bridge/model/UserCredentialsVO.java
+++ b/awsapi/src/com/cloud/bridge/model/UserCredentialsVO.java
@@ -23,6 +23,8 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
+import com.cloud.utils.db.Encrypt;
+
@Entity
@Table(name = "usercredentials")
public class UserCredentialsVO {
@@ -36,6 +38,7 @@ public class UserCredentialsVO {
@Column(name = "AccessKey")
private String accessKey;
+ @Encrypt
@Column(name = "SecretKey")
private String secretKey;
[7/9] git commit: updated refs/heads/master to 6c71d3b
Posted by bh...@apache.org.
Avoid logging password when adding srx device
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit a1cc43fee2876463c2ca65e9e9d7e81be48a136e)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/2f1863ca
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/2f1863ca
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/2f1863ca
Branch: refs/heads/master
Commit: 2f1863cae03e29a682305e6d88fa59416a8663f2
Parents: 7656226
Author: Jayapal <ja...@apache.org>
Authored: Fri Mar 13 13:38:23 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 15:02:27 2015 +0530
----------------------------------------------------------------------
.../cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2f1863ca/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java
----------------------------------------------------------------------
diff --git a/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java b/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java
index 89e0800..6d20445 100644
--- a/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java
+++ b/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java
@@ -61,6 +61,7 @@ import com.cloud.cluster.ManagementServerHost;
import com.cloud.utils.DateUtil;
import com.cloud.utils.Pair;
import com.cloud.utils.Predicate;
+import com.cloud.utils.StringUtils;
import com.cloud.utils.component.ComponentLifecycle;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.concurrency.NamedThreadFactory;
@@ -179,7 +180,7 @@ public class AsyncJobManagerImpl extends ManagerBase implements AsyncJobManager,
publishOnEventBus(job, "submit");
scheduleExecution(job, scheduleJobExecutionInContext);
if (s_logger.isDebugEnabled()) {
- s_logger.debug("submit async job-" + job.getId() + ", details: " + job.toString());
+ s_logger.debug("submit async job-" + job.getId() + ", details: " + StringUtils.cleanString(job.toString()));
}
return job.getId();
}
@@ -518,7 +519,7 @@ public class AsyncJobManagerImpl extends ManagerBase implements AsyncJobManager,
// execute the job
if (s_logger.isDebugEnabled()) {
- s_logger.debug("Executing " + job);
+ s_logger.debug("Executing " + StringUtils.cleanString(job.toString()));
}
if ((getAndResetPendingSignals(job) & AsyncJob.Constants.SIGNAL_MASK_WAKEUP) != 0) {
[2/9] git commit: updated refs/heads/master to 6c71d3b
Posted by bh...@apache.org.
Fix encoding for user account label in header
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit bfcdbeca29dcf234d5aecbb4f2d9ca1ec315e0da)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/5608982c
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/5608982c
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/5608982c
Branch: refs/heads/master
Commit: 5608982c43af7c400394689fe8cab4b8af24fff0
Parents: 3d411dc
Author: Brian Federle <br...@citrix.com>
Authored: Thu Oct 9 10:47:31 2014 -0700
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 15:02:26 2015 +0530
----------------------------------------------------------------------
ui/scripts/ui/core.js | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5608982c/ui/scripts/ui/core.js
----------------------------------------------------------------------
diff --git a/ui/scripts/ui/core.js b/ui/scripts/ui/core.js
index c5816a0..da2a16c 100644
--- a/ui/scripts/ui/core.js
+++ b/ui/scripts/ui/core.js
@@ -50,7 +50,7 @@
.addClass('navigation-item')
.addClass(sectionID)
.append($('<span>').addClass('icon').html(' '))
- .append($('<span>').html(_l(args.title)))
+ .append($('<span>').text(_l(args.title)))
.data('cloudStack-section-id', sectionID);
if (args.customIcon) {
@@ -223,7 +223,7 @@
id: 'user'
}).addClass('button')
.append(
- $('<div>').addClass('name').html(
+ $('<div>').addClass('name').text(
args.context && args.context.users ?
cloudStack.concat(userLabel, 14) : 'Invalid User'
)
@@ -258,7 +258,7 @@
$('<div>').attr({
id: 'breadcrumbs'
})
- .append($('<div>').addClass('home').html(_l('label.home')))
+ .append($('<div>').addClass('home').text(_l('label.home')))
.append($('<div>').addClass('end'))
)
@@ -312,7 +312,7 @@
.attr({
href: '#'
})
- .html(_l(this.toString()))
+ .text(_l(this.toString()))
.appendTo($options);
if (this == 'label.help') {
@@ -326,8 +326,8 @@
}
if (this == 'label.about') {
$link.addClass('about').click(function() {
- var $logo = $('<div>').addClass('logo').html(_l('label.app.name')),
- $version = $('<div>').addClass('version').html(g_cloudstackversion),
+ var $logo = $('<div>').addClass('logo').text(_l('label.app.name')),
+ $version = $('<div>').addClass('version').text(g_cloudstackversion),
$about = $('<div>').addClass('about').append($logo).append($version);
$about.dialog({
modal: true,
[9/9] git commit: updated refs/heads/master to 6c71d3b
Posted by bh...@apache.org.
ui: if session cookie exists, use it to set global session holder and invalidate it
The 19e3c0168e744a76b5e1dc24a5eafa776d342404 commit breaks SAML login and any
login where redirection is used.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit b79f13ccb54c6afc48c42bc94c61621dc6cac32d)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6c71d3ba
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6c71d3ba
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6c71d3ba
Branch: refs/heads/master
Commit: 6c71d3bae1a3a72a9fa4004decdba4a7174f6913
Parents: 2f1863c
Author: Rohit Yadav <ro...@shapeblue.com>
Authored: Fri Mar 13 15:01:11 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 15:02:27 2015 +0530
----------------------------------------------------------------------
.../api/command/SAML2LoginAPIAuthenticatorCmd.java | 2 +-
ui/scripts/cloudStack.js | 14 ++++++++++++--
2 files changed, 13 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c71d3ba/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
index 3b6b7d3..de6031c 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -285,7 +285,7 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent
resp.addCookie(new Cookie("domainid", URLEncoder.encode(loginResponse.getDomainId(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("role", URLEncoder.encode(loginResponse.getType(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("username", URLEncoder.encode(loginResponse.getUsername(), HttpUtils.UTF_8)));
- resp.addCookie(new Cookie("sessionKey", URLEncoder.encode(loginResponse.getSessionKey(), HttpUtils.UTF_8)));
+ resp.addCookie(new Cookie("sessionkey", URLEncoder.encode(loginResponse.getSessionKey(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("account", URLEncoder.encode(loginResponse.getAccount(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("timezone", URLEncoder.encode(loginResponse.getTimeZone(), HttpUtils.UTF_8)));
resp.addCookie(new Cookie("userfullname", URLEncoder.encode(loginResponse.getFirstName() + " " + loginResponse.getLastName(), HttpUtils.UTF_8).replace("+", "%20")));
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c71d3ba/ui/scripts/cloudStack.js
----------------------------------------------------------------------
diff --git a/ui/scripts/cloudStack.js b/ui/scripts/cloudStack.js
index 2adb89c..55200b6 100644
--- a/ui/scripts/cloudStack.js
+++ b/ui/scripts/cloudStack.js
@@ -117,14 +117,22 @@
}
return cookieValue;
};
- g_sessionKey = unBoxCookieValue('JSESSIONID');
+ unBoxCookieValue('sessionkey');
+ // if sessionkey cookie exists use this to set g_sessionKey
+ // and destroy sessionkey cookie
+ if ($.cookie('sessionkey')) {
+ g_sessionKey = $.cookie('sessionkey');
+ $.cookie('sessionkey', null);
+ } else {
+ g_sessionKey = unBoxCookieValue('JSESSIONID');
+ }
g_role = unBoxCookieValue('role');
g_userid = unBoxCookieValue('userid');
g_domainid = unBoxCookieValue('domainid');
g_account = unBoxCookieValue('account');
g_username = unBoxCookieValue('username');
g_userfullname = unBoxCookieValue('userfullname');
- g_timezone = unBoxCookieValue('timezone');
+ g_timezone = unBoxCookieValue('timezone');
} else { //single-sign-on (bypass login screen)
g_sessionKey = encodeURIComponent(g_loginResponse.sessionkey);
g_role = g_loginResponse.type;
@@ -322,6 +330,7 @@
g_loginCmdText = null;
$.cookie('JSESSIONID', null);
+ $.cookie('sessionkey', null);
$.cookie('username', null);
$.cookie('account', null);
$.cookie('domainid', null);
@@ -345,6 +354,7 @@
samlLoginAction: function(args) {
$.cookie('JSESSIONID', null);
+ $.cookie('sessionkey', null);
$.cookie('username', null);
$.cookie('account', null);
$.cookie('domainid', null);