You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ki...@apache.org on 2013/12/13 13:14:53 UTC
[1/3] git commit: updated refs/heads/master to b54ac9a
Updated Branches:
refs/heads/4.3 f69100e2e -> ef9fc95e8
refs/heads/master 86dadaaec -> b54ac9a63
CLOUDSTACK-5483 : Failed to start management server when db
encryption is enabled When db encryption is enabled, the server expects all
secure,hidden fields in encrypted form. moved the insert statements which has
dafault values to java and populated encrypted values if encryption is
enabled.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b54ac9a6
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b54ac9a6
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b54ac9a6
Branch: refs/heads/master
Commit: b54ac9a6350687bfb511a3cb1002212ad2a94501
Parents: 1d5051f
Author: Rajani Karuturi <ra...@gmail.com>
Authored: Fri Dec 13 17:43:48 2013 +0530
Committer: Kishan Kavala <ki...@cloud.com>
Committed: Fri Dec 13 17:44:24 2013 +0530
----------------------------------------------------------------------
.../com/cloud/upgrade/dao/Upgrade421to430.java | 47 ++++++++++++++++++++
setup/db/db/schema-421to430.sql | 7 ---
2 files changed, 47 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b54ac9a6/engine/schema/src/com/cloud/upgrade/dao/Upgrade421to430.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade421to430.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade421to430.java
index 0673c57..6df44ec 100644
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade421to430.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade421to430.java
@@ -18,10 +18,14 @@
package com.cloud.upgrade.dao;
import java.io.File;
+import java.io.UnsupportedEncodingException;
import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.SQLException;
import org.apache.log4j.Logger;
+import com.cloud.utils.crypt.DBEncryptionUtil;
import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.utils.script.Script;
@@ -55,6 +59,49 @@ public class Upgrade421to430 implements DbUpgrade {
@Override
public void performDataMigration(Connection conn) {
+ encryptLdapConfigParams(conn);
+ }
+
+ private void encryptLdapConfigParams(Connection conn) {
+ PreparedStatement pstmt = null;
+
+ String[][] ldapParams = { {"ldap.user.object", "inetOrgPerson", "Sets the object type of users within LDAP"},
+ {"ldap.username.attribute", "uid", "Sets the username attribute used within LDAP"}, {"ldap.email.attribute", "mail", "Sets the email attribute used within LDAP"},
+ {"ldap.firstname.attribute", "givenname", "Sets the firstname attribute used within LDAP"},
+ {"ldap.lastname.attribute", "sn", "Sets the lastname attribute used within LDAP"},
+ {"ldap.group.object", "groupOfUniqueNames", "Sets the object type of groups within LDAP"},
+ {"ldap.group.user.uniquemember", "uniquemember", "Sets the attribute for uniquemembers within a group"}};
+
+ String insertSql = "INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description) VALUES ('Secure', 'DEFAULT', 'management-server', ?, ?, "
+ + "?) ON DUPLICATE KEY UPDATE category='Secure';";
+
+ try {
+
+ for (String[] ldapParam : ldapParams) {
+ String name = ldapParam[0];
+ String value = ldapParam[1];
+ String desc = ldapParam[2];
+ String encryptedValue = DBEncryptionUtil.encrypt(value);
+ pstmt = conn.prepareStatement(insertSql);
+ pstmt.setString(1, name);
+ pstmt.setBytes(2, encryptedValue.getBytes("UTF-8"));
+ pstmt.setString(3, desc);
+ pstmt.executeUpdate();
+ }
+ } catch (SQLException e) {
+ throw new CloudRuntimeException("Unable to insert ldap configuration values ", e);
+ } catch (UnsupportedEncodingException e) {
+ throw new CloudRuntimeException("Unable to insert ldap configuration values ", e);
+ } finally {
+ try {
+ if (pstmt != null) {
+ pstmt.close();
+ }
+ } catch (SQLException e) {
+ }
+ }
+ s_logger.debug("Done encrypting ldap Config values");
+
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b54ac9a6/setup/db/db/schema-421to430.sql
----------------------------------------------------------------------
diff --git a/setup/db/db/schema-421to430.sql b/setup/db/db/schema-421to430.sql
index b1b378b..7cc0d4d 100644
--- a/setup/db/db/schema-421to430.sql
+++ b/setup/db/db/schema-421to430.sql
@@ -603,17 +603,10 @@ UPDATE `cloud`.`configuration` SET name='ldap.truststore.password' WHERE name='l
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.bind.principal', NULL, 'Specifies the bind principal to use for bind to LDAP', NULL) ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.bind.password', NULL, 'Specifies the password to use for binding to LDAP', NULL) ON DUPLICATE KEY UPDATE category='Secure';
-INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.username.attribute', 'uid', 'Sets the username attribute used within LDAP', 'uid') ON DUPLICATE KEY UPDATE category='Secure';
-INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.email.attribute', 'mail', 'Sets the email attribute used within LDAP', 'mail') ON DUPLICATE KEY UPDATE category='Secure';
-INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.firstname.attribute', 'givenname', 'Sets the firstname attribute used within LDAP', 'givenname') ON DUPLICATE KEY UPDATE category='Secure';
-INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.lastname.attribute', 'sn', 'Sets the lastname attribute used within LDAP', 'sn') ON DUPLICATE KEY UPDATE category='Secure';
-INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.user.object', 'inetOrgPerson', 'Sets the object type of users within LDAP', 'inetOrgPerson') ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.basedn', NULL, 'Sets the basedn for LDAP', NULL) ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.search.group.principle', NULL, 'Sets the principle of the group that users must be a member of', NULL) ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.truststore', NULL, 'Sets the path to the truststore to use for LDAP SSL', NULL) ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.truststore.password', NULL, 'Sets the password for the truststore', NULL) ON DUPLICATE KEY UPDATE category='Secure';
-INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.group.object', 'groupOfUniqueNames', 'Sets the object type of groups within LDAP', 'groupOfUniqueNames') ON DUPLICATE KEY UPDATE category='Secure';
-INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.group.user.uniquemember', 'uniquemember', 'Sets the attribute for uniquemembers within a group','uniquemember') ON DUPLICATE KEY UPDATE category='Secure';
CREATE TABLE `cloud`.`ldap_configuration` (
`id` bigint unsigned NOT NULL auto_increment COMMENT 'id',
[2/3] git commit: updated refs/heads/master to b54ac9a
Posted by ki...@apache.org.
CLOUDSTACK-5435 enabled encryption for ldap params
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1d5051f6
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1d5051f6
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1d5051f6
Branch: refs/heads/master
Commit: 1d5051f60e0b302287f4fd806a84e65afc7494d0
Parents: 86dadaa
Author: Rajani Karuturi <ra...@gmail.com>
Authored: Fri Dec 13 17:28:06 2013 +0530
Committer: Kishan Kavala <ki...@cloud.com>
Committed: Fri Dec 13 17:44:24 2013 +0530
----------------------------------------------------------------------
.../cloudstack/api/command/LDAPConfigCmd.java | 41 ++++++++------------
.../api/response/LdapConfigurationResponse.java | 13 +++----
.../cloudstack/ldap/LdapConfigurationVO.java | 21 ++++++----
.../apache/cloudstack/ldap/LdapManagerImpl.java | 9 ++---
setup/db/db/schema-421to430.sql | 2 +-
5 files changed, 40 insertions(+), 46 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1d5051f6/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LDAPConfigCmd.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LDAPConfigCmd.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LDAPConfigCmd.java
index 5e424de..db6d7dd 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LDAPConfigCmd.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/command/LDAPConfigCmd.java
@@ -21,9 +21,11 @@ import java.util.List;
import javax.inject.Inject;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.log4j.Logger;
-
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseCmd;
@@ -37,12 +39,9 @@ import org.apache.cloudstack.framework.config.impl.ConfigurationVO;
import org.apache.cloudstack.ldap.LdapConfiguration;
import org.apache.cloudstack.ldap.LdapConfigurationVO;
import org.apache.cloudstack.ldap.LdapManager;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.log4j.Logger;
-import com.cloud.exception.ConcurrentOperationException;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.exception.ResourceAllocationException;
-import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
import com.cloud.utils.Pair;
@@ -68,7 +67,7 @@ public class LDAPConfigCmd extends BaseCmd {
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
- @Parameter(name = ApiConstants.LIST_ALL, type = CommandType.BOOLEAN, description = "If true return current LDAP configuration")
+ @Parameter(name = ApiConstants.LIST_ALL, type = BaseCmd.CommandType.BOOLEAN, description = "If true return current LDAP configuration")
private Boolean listAll;
@Parameter(name = ApiConstants.HOST_NAME, type = CommandType.STRING, description = "Hostname or ip address of the ldap server eg: my.ldap.com")
@@ -80,19 +79,13 @@ public class LDAPConfigCmd extends BaseCmd {
@Parameter(name = ApiConstants.USE_SSL, type = CommandType.BOOLEAN, description = "Check Use SSL if the external LDAP server is configured for LDAP over SSL.")
private Boolean useSSL;
- @Parameter(name = ApiConstants.SEARCH_BASE,
- type = CommandType.STRING,
- description = "The search base defines the starting point for the search in the directory tree Example: dc=cloud,dc=com.")
+ @Parameter(name = ApiConstants.SEARCH_BASE, type = CommandType.STRING, description = "The search base defines the starting point for the search in the directory tree Example: dc=cloud,dc=com.")
private String searchBase;
- @Parameter(name = ApiConstants.QUERY_FILTER,
- type = CommandType.STRING,
- description = "You specify a query filter here, which narrows down the users, who can be part of this domain.")
+ @Parameter(name = ApiConstants.QUERY_FILTER, type = CommandType.STRING, description = "You specify a query filter here, which narrows down the users, who can be part of this domain.")
private String queryFilter;
- @Parameter(name = ApiConstants.BIND_DN,
- type = CommandType.STRING,
- description = "Specify the distinguished name of a user with the search permission on the directory.")
+ @Parameter(name = ApiConstants.BIND_DN, type = CommandType.STRING, description = "Specify the distinguished name of a user with the search permission on the directory.")
private String bindDN;
@Parameter(name = ApiConstants.BIND_PASSWORD, type = CommandType.STRING, description = "Enter the password.")
@@ -177,8 +170,7 @@ public class LDAPConfigCmd extends BaseCmd {
/////////////////////////////////////////////////////
@Override
- public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException,
- ResourceAllocationException {
+ public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException {
if (getListAll()) {
// return the existing conf
@@ -192,8 +184,7 @@ public class LDAPConfigCmd extends BaseCmd {
String searchBaseConfig = _ldapConfiguration.getBaseDn();
String bindDnConfig = _ldapConfiguration.getBindPrincipal();
for (LdapConfigurationVO ldapConfigurationVO : result.first()) {
- responses.add(createLDAPConfigResponse(ldapConfigurationVO.getHostname(), ldapConfigurationVO.getPort(), useSSlConfig, null, searchBaseConfig,
- bindDnConfig));
+ responses.add(createLDAPConfigResponse(ldapConfigurationVO.getHostname(), ldapConfigurationVO.getPort(), useSSlConfig, null, searchBaseConfig, bindDnConfig));
}
}
response.setResponses(responses);
@@ -204,7 +195,7 @@ public class LDAPConfigCmd extends BaseCmd {
} else {
boolean result = updateLDAP();
if (result) {
- LDAPConfigResponse lr = createLDAPConfigResponse(getHostname(), getPort(), getUseSSL(), getQueryFilter(), getSearchBase(), getBindDN());
+ LDAPConfigResponse lr = this.createLDAPConfigResponse(getHostname(), getPort().toString(), getUseSSL(), getQueryFilter(), getSearchBase(), getBindDN());
lr.setResponseName(getCommandName());
setResponseObject(lr);
}
@@ -212,10 +203,10 @@ public class LDAPConfigCmd extends BaseCmd {
}
- private LDAPConfigResponse createLDAPConfigResponse(String hostname, Integer port, Boolean useSSL, String queryFilter, String searchBase, String bindDN) {
+ private LDAPConfigResponse createLDAPConfigResponse(String hostname, String port, Boolean useSSL, String queryFilter, String searchBase, String bindDN) {
LDAPConfigResponse lr = new LDAPConfigResponse();
lr.setHostname(hostname);
- lr.setPort(port.toString());
+ lr.setPort(port);
lr.setUseSSL(useSSL.toString());
lr.setQueryFilter(queryFilter);
lr.setBindDN(bindDN);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1d5051f6/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapConfigurationResponse.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapConfigurationResponse.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapConfigurationResponse.java
index a4e4782..f03df42 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapConfigurationResponse.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/api/response/LdapConfigurationResponse.java
@@ -16,11 +16,10 @@
// under the License.
package org.apache.cloudstack.api.response;
-import com.google.gson.annotations.SerializedName;
-
import org.apache.cloudstack.api.BaseResponse;
import com.cloud.serializer.Param;
+import com.google.gson.annotations.SerializedName;
public class LdapConfigurationResponse extends BaseResponse {
@SerializedName("hostname")
@@ -29,7 +28,7 @@ public class LdapConfigurationResponse extends BaseResponse {
@SerializedName("port")
@Param(description = "port")
- private int port;
+ private String port;
public LdapConfigurationResponse() {
super();
@@ -40,7 +39,7 @@ public class LdapConfigurationResponse extends BaseResponse {
this.hostname = hostname;
}
- public LdapConfigurationResponse(final String hostname, final int port) {
+ public LdapConfigurationResponse(final String hostname, final String port) {
this.hostname = hostname;
this.port = port;
}
@@ -49,7 +48,7 @@ public class LdapConfigurationResponse extends BaseResponse {
return hostname;
}
- public int getPort() {
+ public String getPort() {
return port;
}
@@ -57,7 +56,7 @@ public class LdapConfigurationResponse extends BaseResponse {
this.hostname = hostname;
}
- public void setPort(final int port) {
+ public void setPort(final String port) {
this.port = port;
}
-}
\ No newline at end of file
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1d5051f6/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfigurationVO.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfigurationVO.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfigurationVO.java
index 488e7f4..54b35cb 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfigurationVO.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapConfigurationVO.java
@@ -16,6 +16,10 @@
// under the License.
package org.apache.cloudstack.ldap;
+import org.apache.cloudstack.api.InternalIdentity;
+
+import com.cloud.utils.db.Encrypt;
+
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
@@ -23,26 +27,27 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
-import org.apache.cloudstack.api.InternalIdentity;
-
@Entity
@Table(name = "ldap_configuration")
public class LdapConfigurationVO implements InternalIdentity {
- @Column(name = "hostname")
- private String hostname;
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
private Long id;
+ @Encrypt
+ @Column(name = "hostname")
+ private String hostname;
+
+ @Encrypt
@Column(name = "port")
- private int port;
+ private String port;
public LdapConfigurationVO() {
}
- public LdapConfigurationVO(final String hostname, final int port) {
+ public LdapConfigurationVO(final String hostname, final String port) {
this.hostname = hostname;
this.port = port;
}
@@ -56,11 +61,11 @@ public class LdapConfigurationVO implements InternalIdentity {
return id;
}
- public int getPort() {
+ public String getPort() {
return port;
}
public void setId(final long id) {
this.id = id;
}
-}
\ No newline at end of file
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1d5051f6/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java
index 6d71f4f..42b0aeb 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapManagerImpl.java
@@ -24,9 +24,6 @@ import javax.inject.Inject;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
-import org.apache.log4j.Logger;
-import org.springframework.stereotype.Component;
-
import org.apache.cloudstack.api.LdapValidator;
import org.apache.cloudstack.api.command.LDAPConfigCmd;
import org.apache.cloudstack.api.command.LDAPRemoveCmd;
@@ -40,6 +37,8 @@ import org.apache.cloudstack.api.command.LdapUserSearchCmd;
import org.apache.cloudstack.api.response.LdapConfigurationResponse;
import org.apache.cloudstack.api.response.LdapUserResponse;
import org.apache.cloudstack.ldap.dao.LdapConfigurationDao;
+import org.apache.log4j.Logger;
+import org.springframework.stereotype.Component;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.utils.Pair;
@@ -76,10 +75,10 @@ public class LdapManagerImpl implements LdapManager, LdapValidator {
try {
final String providerUrl = "ldap://" + hostname + ":" + port;
_ldapContextFactory.createBindContext(providerUrl);
- configuration = new LdapConfigurationVO(hostname, port);
+ configuration = new LdapConfigurationVO(hostname, Integer.toString(port));
_ldapConfigurationDao.persist(configuration);
s_logger.info("Added new ldap server with hostname: " + hostname);
- return new LdapConfigurationResponse(hostname, port);
+ return new LdapConfigurationResponse(hostname, Integer.toString(port));
} catch (final NamingException e) {
throw new InvalidParameterValueException("Unable to bind to the given LDAP server");
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1d5051f6/setup/db/db/schema-421to430.sql
----------------------------------------------------------------------
diff --git a/setup/db/db/schema-421to430.sql b/setup/db/db/schema-421to430.sql
index 532a33a..b1b378b 100644
--- a/setup/db/db/schema-421to430.sql
+++ b/setup/db/db/schema-421to430.sql
@@ -618,7 +618,7 @@ INSERT INTO `cloud`.`configuration`(category, instance, component, name, value,
CREATE TABLE `cloud`.`ldap_configuration` (
`id` bigint unsigned NOT NULL auto_increment COMMENT 'id',
`hostname` varchar(255) NOT NULL COMMENT 'the hostname of the ldap server',
- `port` int(10) COMMENT 'port that the ldap server is listening on',
+ `port` varchar(255) COMMENT 'port that the ldap server is listening on',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
[3/3] git commit: updated refs/heads/4.3 to ef9fc95
Posted by ki...@apache.org.
CLOUDSTACK-5483 : Failed to start management server when db encryption is enabled When db encryption is enabled, the server expects all secure,hidden fields in encrypted form. moved the insert statements which has dafault values to java and populated encrypted values if encryption is enabled.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/ef9fc95e
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/ef9fc95e
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/ef9fc95e
Branch: refs/heads/4.3
Commit: ef9fc95e8775457d126a37f8e0cb35c613c9c581
Parents: f69100e
Author: Rajani Karuturi <ra...@gmail.com>
Authored: Fri Dec 13 17:11:41 2013 +0530
Committer: Kishan Kavala <ki...@cloud.com>
Committed: Fri Dec 13 17:44:36 2013 +0530
----------------------------------------------------------------------
.../com/cloud/upgrade/dao/Upgrade421to430.java | 53 +++++++++++++++++++-
setup/db/db/schema-421to430.sql | 7 ---
2 files changed, 51 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ef9fc95e/engine/schema/src/com/cloud/upgrade/dao/Upgrade421to430.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade421to430.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade421to430.java
index 5647289..471307a 100644
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade421to430.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade421to430.java
@@ -18,10 +18,16 @@
package com.cloud.upgrade.dao;
import java.io.File;
+import java.io.UnsupportedEncodingException;
import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.SQLException;
+import java.util.Properties;
+import com.cloud.utils.db.DbProperties;
import org.apache.log4j.Logger;
+import com.cloud.utils.crypt.DBEncryptionUtil;
import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.utils.script.Script;
@@ -50,11 +56,54 @@ public class Upgrade421to430 implements DbUpgrade {
throw new CloudRuntimeException("Unable to find db/schema-421to430.sql");
}
- return new File[] { new File(script) };
+ return new File[] {new File(script)};
}
@Override
public void performDataMigration(Connection conn) {
+ encryptLdapConfigParams(conn);
+ }
+
+ private void encryptLdapConfigParams(Connection conn) {
+ PreparedStatement pstmt = null;
+
+ String[][] ldapParams = { {"ldap.user.object", "inetOrgPerson", "Sets the object type of users within LDAP"},
+ {"ldap.username.attribute", "uid", "Sets the username attribute used within LDAP"}, {"ldap.email.attribute", "mail", "Sets the email attribute used within LDAP"},
+ {"ldap.firstname.attribute", "givenname", "Sets the firstname attribute used within LDAP"},
+ {"ldap.lastname.attribute", "sn", "Sets the lastname attribute used within LDAP"},
+ {"ldap.group.object", "groupOfUniqueNames", "Sets the object type of groups within LDAP"},
+ {"ldap.group.user.uniquemember", "uniquemember", "Sets the attribute for uniquemembers within a group"}};
+
+ String insertSql = "INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description) VALUES ('Secure', 'DEFAULT', 'management-server', ?, ?, "
+ + "?) ON DUPLICATE KEY UPDATE category='Secure';";
+
+ try {
+
+ for (String[] ldapParam : ldapParams) {
+ String name = ldapParam[0];
+ String value = ldapParam[1];
+ String desc = ldapParam[2];
+ String encryptedValue = DBEncryptionUtil.encrypt(value);
+ pstmt = conn.prepareStatement(insertSql);
+ pstmt.setString(1, name);
+ pstmt.setBytes(2, encryptedValue.getBytes("UTF-8"));
+ pstmt.setString(3, desc);
+ pstmt.executeUpdate();
+ }
+ } catch (SQLException e) {
+ throw new CloudRuntimeException("Unable to insert ldap configuration values ", e);
+ } catch (UnsupportedEncodingException e) {
+ throw new CloudRuntimeException("Unable to insert ldap configuration values ", e);
+ } finally {
+ try {
+ if (pstmt != null) {
+ pstmt.close();
+ }
+ } catch (SQLException e) {
+ }
+ }
+ s_logger.debug("Done encrypting ldap Config values");
+
}
@Override
@@ -64,7 +113,7 @@ public class Upgrade421to430 implements DbUpgrade {
throw new CloudRuntimeException("Unable to find db/schema-421to430-cleanup.sql");
}
- return new File[] { new File(script) };
+ return new File[] {new File(script)};
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ef9fc95e/setup/db/db/schema-421to430.sql
----------------------------------------------------------------------
diff --git a/setup/db/db/schema-421to430.sql b/setup/db/db/schema-421to430.sql
index bcc827b..d9cdfe6 100644
--- a/setup/db/db/schema-421to430.sql
+++ b/setup/db/db/schema-421to430.sql
@@ -603,17 +603,10 @@ UPDATE `cloud`.`configuration` SET name='ldap.truststore.password' WHERE name='l
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.bind.principal', NULL, 'Specifies the bind principal to use for bind to LDAP', NULL) ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.bind.password', NULL, 'Specifies the password to use for binding to LDAP', NULL) ON DUPLICATE KEY UPDATE category='Secure';
-INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.username.attribute', 'uid', 'Sets the username attribute used within LDAP', 'uid') ON DUPLICATE KEY UPDATE category='Secure';
-INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.email.attribute', 'mail', 'Sets the email attribute used within LDAP', 'mail') ON DUPLICATE KEY UPDATE category='Secure';
-INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.firstname.attribute', 'givenname', 'Sets the firstname attribute used within LDAP', 'givenname') ON DUPLICATE KEY UPDATE category='Secure';
-INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.lastname.attribute', 'sn', 'Sets the lastname attribute used within LDAP', 'sn') ON DUPLICATE KEY UPDATE category='Secure';
-INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.user.object', 'inetOrgPerson', 'Sets the object type of users within LDAP', 'inetOrgPerson') ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.basedn', NULL, 'Sets the basedn for LDAP', NULL) ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.search.group.principle', NULL, 'Sets the principle of the group that users must be a member of', NULL) ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.truststore', NULL, 'Sets the path to the truststore to use for LDAP SSL', NULL) ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.truststore.password', NULL, 'Sets the password for the truststore', NULL) ON DUPLICATE KEY UPDATE category='Secure';
-INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.group.object', 'groupOfUniqueNames', 'Sets the object type of groups within LDAP', 'groupOfUniqueNames') ON DUPLICATE KEY UPDATE category='Secure';
-INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.group.user.uniquemember', 'uniquemember', 'Sets the attribute for uniquemembers within a group','uniquemember') ON DUPLICATE KEY UPDATE category='Secure';
CREATE TABLE `cloud`.`ldap_configuration` (
`id` bigint unsigned NOT NULL auto_increment COMMENT 'id',