apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug 6971: ensure no conflicts with portforwarding rules for vpn udp ports

Browse Source 
also, do not open up port 1701 -- only used on ppp interface not public interface
also clean up password generator, make it easier to use and more secure
moved some constants to NetUtils
heuristic to determine if an ip is one-to-one nat'ted
This commit is contained in:
Chiradeep Vittal 2010-11-16 17:55:18 -08:00
parent c871ef4acf
commit 31e17b907d
11 changed files with 221 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/com/cloud/network/FirewallRuleVO.java
View File

@ -148,7 +148,7 @@ public class FirewallRuleVO {
return this.protocol;
}
public void setProtocol(String protocol) {
this.protocol = protocol;
this.protocol = protocol.toLowerCase();
}
public boolean isForwarding() {
return forwarding;

4
core/src/com/cloud/network/HAProxyConfigurator.java
View File

@ -25,6 +25,8 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import com.cloud.utils.net.NetUtils;
/**
* @author chiradeep
@ -116,7 +118,7 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator {
sb = new StringBuilder();
sb.append("\t").append("balance ").append(algorithm);
result.add(sb.toString());
if (publicPort.equals("80")) {
if (publicPort.equals(NetUtils.HTTP_PORT)) {
sb = new StringBuilder();
sb.append("\t").append("mode http");
result.add(sb.toString());

14
core/src/com/cloud/network/dao/FirewallRulesDao.java
View File

@ -37,14 +37,20 @@ public interface FirewallRulesDao extends GenericDao<FirewallRuleVO, Long> {
public List<FirewallRuleVO> listIPForwardingForUpdate(String publicIPAddress);
public void disableIPForwarding(String publicIPAddress);
public List<FirewallRuleVO> listIPForwardingForUpdate(String publicIp, boolean fwding);
public List<FirewallRuleVO> listIPForwardingForUpdate(String publicIp, String publicPort, String proto);
public List<FirewallRuleVO> listLoadBalanceRulesForUpdate(String publicIp, String publicPort, String algo);
public List<FirewallRuleVO> listIPForwardingForUpdate(String publicIp, String publicPort, String proto);
public List<FirewallRuleVO> listIPForwardingByPortAndProto(String publicIp, String publicPort, String proto);
public List<FirewallRuleVO> listLoadBalanceRulesForUpdate(String publicIp, String publicPort, String algo);
public List<FirewallRuleVO> listIpForwardingRulesForLoadBalancers(String publicIp);
public List<FirewallRuleVO> listRulesExcludingPubIpPort(String publicIpAddress, long securityGroupId);
public List<FirewallRuleVO> listBySecurityGroupId(long securityGroupId);
public List<FirewallRuleVO> listByLoadBalancerId(long loadBalancerId);
public List<FirewallRuleVO> listForwardingByPubAndPrivIp(boolean forwarding, String publicIPAddress, String privateIp);
public FirewallRuleVO findByGroupAndPrivateIp(long groupId, String privateIp, boolean forwarding);
List<FirewallRuleVO> findByPublicIpPrivateIpForNatRule(String publicIp,String privateIp);
List<FirewallRuleVO> listByPrivateIp(String privateIp);
public List<FirewallRuleVO> findByPublicIpPrivateIpForNatRule(String publicIp,String privateIp);
public List<FirewallRuleVO> listByPrivateIp(String privateIp);
public boolean isPublicIpOneToOneNATted(String publicIp);
void deleteIPForwardingByPublicIpAndPort(String ipAddress, String port);
}

70
core/src/com/cloud/network/dao/FirewallRulesDaoImpl.java
View File

@ -34,7 +34,9 @@ import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
import com.cloud.utils.db.Transaction;
import com.cloud.utils.db.SearchCriteria.Op;
import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.utils.net.NetUtils;
@Local(value = { FirewallRulesDao.class })
public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> implements FirewallRulesDao {
@ -43,7 +45,9 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
public static String SELECT_IP_FORWARDINGS_BY_USERID_SQL = null;
public static String SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL = null;
public static final String DELETE_IP_FORWARDING_BY_IPADDRESS_SQL = "DELETE FROM ip_forwarding WHERE public_ip_address = ?";
public static final String DELETE_IP_FORWARDING_BY_IPADDRESS_SQL = "DELETE FROM ip_forwarding WHERE public_ip_address = ?";
public static final String DELETE_IP_FORWARDING_BY_IP_PORT_SQL = "DELETE FROM ip_forwarding WHERE public_ip_address = ? and public_port = ?";
public static final String DISABLE_IP_FORWARDING_BY_IPADDRESS_SQL = "UPDATE ip_forwarding set enabled=0 WHERE public_ip_address = ?";
@ -54,9 +58,12 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
protected SearchBuilder<FirewallRuleVO> FWByIPPortAlgoSearch;
protected SearchBuilder<FirewallRuleVO> FWByPrivateIPSearch;
protected SearchBuilder<FirewallRuleVO> RulesExcludingPubIpPort;
protected SearchBuilder<FirewallRuleVO> FWByGroupId;
protected SearchBuilder<FirewallRuleVO> FWByGroupId;
protected SearchBuilder<FirewallRuleVO> FWByIpForLB;
protected SearchBuilder<FirewallRuleVO> FWByGroupAndPrivateIp;
protected SearchBuilder<FirewallRuleVO> FWByPrivateIpPrivatePortPublicIpPublicPortSearch;
protected SearchBuilder<FirewallRuleVO> FWByPrivateIpPrivatePortPublicIpPublicPortSearch;
protected SearchBuilder<FirewallRuleVO> OneToOneNATSearch;
protected FirewallRulesDaoImpl() {
}
@ -132,6 +139,16 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
FWByPrivateIpPrivatePortPublicIpPublicPortSearch.and("publicPort", FWByPrivateIpPrivatePortPublicIpPublicPortSearch.entity().getPublicPort(), SearchCriteria.Op.NULL);
FWByPrivateIpPrivatePortPublicIpPublicPortSearch.done();
OneToOneNATSearch = createSearchBuilder();
OneToOneNATSearch.and("publicIpAddress", OneToOneNATSearch.entity().getPublicIpAddress(), SearchCriteria.Op.EQ);
OneToOneNATSearch.and("protocol", OneToOneNATSearch.entity().getProtocol(), SearchCriteria.Op.EQ);
OneToOneNATSearch.done();
FWByIpForLB = createSearchBuilder();
FWByIpForLB.and("publicIpAddress", FWByIpForLB.entity().getPublicIpAddress(), SearchCriteria.Op.EQ);
FWByIpForLB.and("groupId", FWByIpForLB.entity().getGroupId(), SearchCriteria.Op.NNULL);
FWByIpForLB.and("forwarding", FWByIpForLB.entity().isForwarding(), SearchCriteria.Op.EQ);
FWByIpForLB.done();
return true;
}
@ -202,7 +219,22 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
s_logger.warn(e);
}
}
@Override
public void deleteIPForwardingByPublicIpAndPort(String ipAddress, String port) {
Transaction txn = Transaction.currentTxn();
PreparedStatement pstmt = null;
try {
pstmt = txn.prepareAutoCloseStatement(DELETE_IP_FORWARDING_BY_IP_PORT_SQL);
pstmt.setString(1, ipAddress);
pstmt.setString(2, port);
pstmt.executeUpdate();
} catch (Exception e) {
s_logger.warn(e);
}
}
@Override
public List<FirewallRuleVO> listIPForwarding(String publicIPAddress) {
SearchCriteria<FirewallRuleVO> sc = FWByIPSearch.create();
@ -329,5 +361,35 @@ public class FirewallRulesDaoImpl extends GenericDaoBase<FirewallRuleVO, Long> i
SearchCriteria<FirewallRuleVO> sc = FWByPrivateIPSearch.create();
sc.setParameters("privateIpAddress", privateIp);
return listBy(sc);
}
@Override
public List<FirewallRuleVO> listIPForwardingByPortAndProto(String publicIp,
String publicPort, String proto) {
SearchCriteria<FirewallRuleVO> sc = FWByIPPortProtoSearch.create();
sc.setParameters("publicIpAddress", publicIp);
sc.setParameters("publicPort", publicPort);
sc.setParameters("protocol", proto);
return search(sc, null);
}
@Override
public boolean isPublicIpOneToOneNATted(String publicIp) {
SearchCriteria<FirewallRuleVO> sc = OneToOneNATSearch.create();
sc.setParameters("publicIpAddress", publicIp);
sc.setParameters("protocol", NetUtils.NAT_PROTO);
List<FirewallRuleVO> rules = search(sc, null);
if (rules.size() != 1)
return false;
return rules.get(1).getProtocol().equalsIgnoreCase(NetUtils.NAT_PROTO);
}
@Override
public List<FirewallRuleVO> listIpForwardingRulesForLoadBalancers(
String publicIp) {
SearchCriteria<FirewallRuleVO> sc = FWByIpForLB.create();
sc.setParameters("publicIpAddress", publicIp);
sc.setParameters("forwarding", false);
return search(sc, null);
}
}

4
patches/systemvm/debian/vpn/opt/cloud/bin/vpn_l2tp.sh
View File

@ -20,7 +20,6 @@ iptables_() {
local subnet_if="eth0"
local subnet_ip=$(get_intf_ip $subnet_if)
iptables $op INPUT -i $public_if -p udp -m udp --dport 1701 -j ACCEPT
iptables $op INPUT -i $public_if -p udp -m udp --dport 500 -j ACCEPT
iptables $op INPUT -i $public_if -p udp -m udp --dport 4500 -j ACCEPT
iptables $op INPUT -i eth2 -p ah -j ACCEPT
@ -29,6 +28,9 @@ iptables_() {
iptables $op FORWARD -i $subnet_if -o ppp+ -j ACCEPT
iptables $op FORWARD -i ppp+ -o ppp+ -j ACCEPT
iptables $op INPUT -i ppp+ -m udp -p udp --dport 53 -j ACCEPT
iptables $op INPUT -i ppp+ -p udp -m udp --dport 1701 -j ACCEPT
iptables -t nat $op PREROUTING -i ppp+ -p udp -m udp --dport 53 -j DNAT --to-destination $subnet_ip
}

5
server/src/com/cloud/api/commands/CreateRemoteAccessVpnCmd.java
View File

@ -29,6 +29,11 @@ import com.cloud.api.ServerApiException;
import com.cloud.api.response.RemoteAccessVpnResponse;
import com.cloud.event.EventTypes;
import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.InsufficientAddressCapacityException;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.exception.NetworkRuleConflictException;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.RemoteAccessVpnVO;
import com.cloud.user.Account;

7
server/src/com/cloud/configuration/Config.java
View File

@ -59,6 +59,11 @@ public enum Config {
NetworkThrottlingRate("Network", ManagementServer.class, Integer.class, "network.throttling.rate", "200", "Default data transfer rate in megabits per second allowed.", null),
GuestDomainSuffix("Network", AgentManager.class, String.class, "domain.suffix", "cloud-test.cloud.internal", "Default domain name for vms inside virtualized networks fronted by router", null),
//VPN
RemoteAccessVpnPskLength("Network", AgentManager.class, Integer.class, "remote.access.vpn.psk.length", "24", "The length of the ipsec preshared key", null),
RemoteAccessVpnClientIpRange("Network", AgentManager.class, String.class, "remote.access.vpn.client.iprange", "10.1.2.1-10.1.2.8", "The range of ips to be allocated to remote access vpn clients. The first ip in the range is used by the VPN server", null),
// Usage
CapacityCheckPeriod("Usage", ManagementServer.class, Integer.class, "capacity.check.period", "300000", "The interval in milliseconds between capacity checks", null),
@ -187,7 +192,7 @@ public enum Config {
EnableUsageServer("Premium", ManagementServer.class, Boolean.class, "enable.usage.server", "true", "Flag for enabling usage", null),
// Hidden
UseSecondaryStorageVm("Hidden", ManagementServer.class, Boolean.class, "secondary.storage.vm", "false", "Deploys a VM per zone to manage secondary storage if true, otherwise secondary storage is mounted on management server", null),
UseSecondaryStorageVm("Hidden", ManagementServer.class, Boolean.class, "secondary.storage.vm", "true", "Deploys a VM per zone to manage secondary storage if true, otherwise secondary storage is mounted on management server", null),
CreatePoolsInPod("Hidden", ManagementServer.class, Boolean.class, "xen.create.pools.in.pod", "false", "Should we automatically add XenServers into pools that are inside a Pod", null),
CloudIdentifier("Hidden", ManagementServer.class, String.class, "cloud.identifier", null, "A unique identifier for the cloud.", null),
SSOKey("Hidden", ManagementServer.class, String.class, "security.singlesignon.key", null, "A Single Sign-On key used for logging into the cloud", null),

2
server/src/com/cloud/network/NetworkManager.java
View File

@ -336,7 +336,7 @@ public interface NetworkManager {
* @throws PermissionDeniedException
* @throws ConcurrentOperationException
*/
public RemoteAccessVpnVO createRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd) throws ConcurrentOperationException;
public RemoteAccessVpnVO createRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd) throws ConcurrentOperationException, InvalidParameterValueException, PermissionDeniedException;
/**
* Start a remote access vpn for the given public ip address and client ip range

72
server/src/com/cloud/network/NetworkManagerImpl.java
View File

@ -226,6 +226,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
ScheduledExecutorService _executor;
SearchBuilder<AccountVO> AccountsUsingNetworkConfigurationSearch;
private Map<String, String> _configs;
@Override
public boolean sendSshKeysToHost(Long hostId, String pubKey, String prvKey) {
@ -1320,7 +1322,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
IPAddressVO ipAddr = _ipAddressDao.findById(loadBalancer.getIpAddress());
List<IPAddressVO> ipAddrs = listPublicIpAddressesInVirtualNetwork(accountId, ipAddr.getDataCenterId(), null);
for (IPAddressVO ipv : ipAddrs) {
List<FirewallRuleVO> rules = _rulesDao.listIPForwarding(ipv.getAddress(), false);
List<FirewallRuleVO> rules = _rulesDao.listIpForwardingRulesForLoadBalancers(ipv.getAddress());
firewallRulesToApply.addAll(rules);
}
@ -1669,24 +1671,25 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
return ans.getResult();
}
}
private Integer getIntegerConfigValue(String configKey) {
String value = _configs.get(configKey);
if (value != null) {
return Integer.parseInt(value);
}
return null;
}
@Override
public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
_name = name;
final Map<String, String> configs = _configDao.getConfiguration("AgentManager", params);
_configs = _configDao.getConfiguration("AgentManager", params);
String value = configs.get(Config.NetworkThrottlingRate.key());
Integer rateMbps = null;
if (value != null) {
rateMbps = Integer.parseInt(value);
}
Integer multicastRateMbps = null;
value = configs.get(Config.MulticastThrottlingRate.key());
if (value != null) {
multicastRateMbps = Integer.parseInt(value);
}
Integer rateMbps = getIntegerConfigValue(Config.NetworkThrottlingRate.key());
Integer multicastRateMbps = getIntegerConfigValue(Config.MulticastThrottlingRate.key());
NetworkOfferingVO publicNetworkOffering = new NetworkOfferingVO(NetworkOfferingVO.SystemVmPublicNetwork, TrafficType.Public, null);
publicNetworkOffering = _networkOfferingDao.persistDefaultNetworkOffering(publicNetworkOffering);
@ -2651,6 +2654,13 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
return setupNetworkConfiguration(owner, networkOffering, plan);
}
private String [] getGuestIpRange() {
String guestRouterIp = _configs.get(Config.GuestIpNetwork.key());
String guestNetmask = _configs.get(Config.GuestNetmask.key());
return NetUtils.ipAndNetMaskToRange(guestRouterIp, guestNetmask);
}
@Override
@DB
public RemoteAccessVpnVO createRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd)
@ -2711,30 +2721,28 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
}
String ipRange = cmd.getIpRange();
if (ipRange == null) {
//TODO: get default range from database
ipRange = "10.1.2.1-10.1.2.8";
ipRange = _configs.get(Config.RemoteAccessVpnClientIpRange.key());
}
String [] range = ipRange.split("-");
if (range.length != 2) {
throw new InvalidParameterValueException("Invalid ip range");
}
if (!NetUtils.isValidIp(range[0]) || !NetUtils.isValidIp(range[1])){
throw new InvalidParameterValueException("Invalid ip range");
throw new InvalidParameterValueException("Invalid ip range " + ipRange);
}
if (!NetUtils.validIpRange(range[0], range[1])){
throw new InvalidParameterValueException("Invalid ip range");
}
if (NetUtils.ipRangesOverlap(range[0], range[1], "10.1.1.1", "10.1.1.255")) {
throw new InvalidParameterValueException("Invalid ip range --- overlaps with guest ip range");
//TODO: get actual guest ip range from config db
String [] guestIpRange = getGuestIpRange();
if (NetUtils.ipRangesOverlap(range[0], range[1], guestIpRange[0], guestIpRange[1])) {
throw new InvalidParameterValueException("Invalid ip range: " + ipRange + " overlaps with guest ip range " + guestIpRange[0] + "-" + guestIpRange[1]);
}
//TODO: check sufficient range
//TODO: check overlap with private and public ip ranges in datacenter
//TODO: check overlap with port forwarding rules on this ip (udp ports 500, 4500, 1701)
long startIp = NetUtils.ip2Long(range[0]);
String newIpRange = NetUtils.long2Ip(++startIp) + "-" + range[1];
String sharedSecret = PasswordGenerator.generateRandomPassword(24);
//TODO: use SecureRandom in password generator
String sharedSecret = PasswordGenerator.generatePresharedKey(24); //TODO:configurable length
Transaction txn = Transaction.currentTxn();
txn.start();
boolean locked = false;
@ -2744,8 +2752,24 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
throw new ConcurrentOperationException("Another operation active, unable to create vpn");
}
locked = true;
//check overlap with port forwarding rules on this ip (udp ports 500, 4500)
List<FirewallRuleVO> existing = _rulesDao.listIPForwardingByPortAndProto(publicIp, NetUtils.VPN_PORT, NetUtils.UDP_PROTO);
if (!existing.isEmpty()) {
throw new InvalidParameterValueException("UDP Port " + NetUtils.VPN_PORT + " is configured for destination NAT");
}
existing = _rulesDao.listIPForwardingByPortAndProto(publicIp, NetUtils.VPN_NATT_PORT, NetUtils.UDP_PROTO);
if (!existing.isEmpty()) {
throw new InvalidParameterValueException("UDP Port " + NetUtils.VPN_NATT_PORT + " is configured for destination NAT");
}
if (_rulesDao.isPublicIpOneToOneNATted(publicIp)) {
throw new InvalidParameterValueException("Public Ip " + publicIp + " is configured for destination NAT");
}
vpnVO = new RemoteAccessVpnVO(account.getId(), cmd.getZoneId(), publicIp, range[0], newIpRange, sharedSecret);
vpnVO = _remoteAccessVpnDao.persist(vpnVO);
FirewallRuleVO rule = new FirewallRuleVO(null, null, publicIp, NetUtils.VPN_PORT, guestIpRange[0], NetUtils.VPN_PORT, true, NetUtils.UDP_PROTO, false, null);
_rulesDao.persist(rule);
rule = new FirewallRuleVO(null, null, publicIp, NetUtils.VPN_NATT_PORT, guestIpRange[0], NetUtils.VPN_PORT, true, NetUtils.UDP_PROTO, false, null);
_rulesDao.persist(rule);
txn.commit();
return vpnVO;
} finally {
@ -2822,6 +2846,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
} finally {
if (deleted) {
_remoteAccessVpnDao.remove(vpnId);
_rulesDao.deleteIPForwardingByPublicIpAndPort(publicIp, NetUtils.VPN_PORT);
_rulesDao.deleteIPForwardingByPublicIpAndPort(publicIp, NetUtils.VPN_NATT_PORT);
EventUtils.saveEvent(userId, account.getId(), EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, "Deleted Remote Access VPN for account: " + account.getAccountName() + " in zone " + cmd.getZoneId());
} else {
EventUtils.saveEvent(userId, account.getId(), EventVO.LEVEL_ERROR, EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, "Unable to delete Remote Access VPN ", account.getAccountName() + " in zone " + cmd.getZoneId());
@ -3075,7 +3101,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
newFwRule.setEnabled(true);
newFwRule.setForwarding(true);
newFwRule.setPrivatePort(null);
newFwRule.setProtocol("NAT");//protocol cannot be null; adding this as a NAT
newFwRule.setProtocol(NetUtils.NAT_PROTO);//protocol cannot be null; adding this as a NAT
newFwRule.setPublicPort(null);
newFwRule.setPublicIpAddress(ipAddress.getAddress());
newFwRule.setPrivateIpAddress(userVM.getGuestIpAddress());

76
utils/src/com/cloud/utils/PasswordGenerator.java
View File

@ -18,6 +18,7 @@ version.
*/
package com.cloud.utils;
import java.security.SecureRandom;
import java.util.Random;
/**
@ -25,51 +26,66 @@ import java.util.Random;
*
*/
public class PasswordGenerator {
//Leave out visually confusing l,L,1,o,O,0
static private char[] lowerCase = new char[]{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'm', 'n', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'};
static private char[] upperCase = new char[]{'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'M', 'N', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'};
static private char[] numeric = new char[]{'2', '3', '4', '5', '6', '7', '8', '9'};
static private char[] alphaNumeric = new char[]{'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'J', 'K', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'j', 'k', 'm', 'n', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
'2', '3', '4', '5', '6', '7', '8', '9'};
public static String generateRandomPassword(int num) {
Random r = new Random();
StringBuffer password = new StringBuffer();
Random r = new SecureRandom();
StringBuilder password = new StringBuilder();
// Generate random 3-character string with a lowercase character,
// uppercase character, and a digit
password.append(generateLowercaseChar(r))
.append(generateUppercaseChar(r))
.append(generateDigit(r));
// Generate a random lowercase character
int lowercase = generateLowercaseChar(r);
// Generate a random uppercase character ()
int uppercase = generateUppercaseChar(r);
// Generate a random digit between 2 and 9
int digit = r.nextInt(8) + 2;
// Append to the password
password.append((char) lowercase);
password.append((char) uppercase);
password.append(digit);
// Generate a random 6-character string with only lowercase
// Generate a random n-character string with only lowercase
// characters
for (int i = 0; i < num; i++) {
// Generate a random lowercase character (don't allow lowercase
// "l" or lowercase "o")
lowercase = generateLowercaseChar(r);
// Append to the password
password.append((char) lowercase);
password.append(generateLowercaseChar(r));
}
return password.toString();
}
private static char generateLowercaseChar(Random r) {
// Don't allow lowercase "l" or lowercase "o"
int lowercase = -1;
while (lowercase == -1 || lowercase == 108 || lowercase == 111)
lowercase = r.nextInt(26) + 26 + 71;
return ((char) lowercase);
return lowerCase[r.nextInt(lowerCase.length)];
}
private static char generateDigit(Random r ) {
return numeric[r.nextInt(numeric.length)];
}
private static char generateUppercaseChar(Random r) {
// Don't allow uppercase "I" or uppercase "O"
int uppercase = -1;
while (uppercase == -1 || uppercase == 73 || uppercase == 79)
uppercase = r.nextInt(26) + 65;
return ((char) uppercase);
return upperCase[r.nextInt(upperCase.length)];
}
private static char generateAlphaNumeric(Random r) {
return alphaNumeric[r.nextInt(alphaNumeric.length)];
}
public static String generatePresharedKey(int numChars) {
Random r = new SecureRandom();
StringBuilder psk = new StringBuilder();
for (int i = 0; i < numChars; i++) {
psk.append(generateAlphaNumeric(r));
}
return psk.toString();
}
public static void main(String [] args) {
for (int i=0; i < 100; i++) {
System.out.println("PSK: " + generatePresharedKey(24));
}
for (int i=0; i < 100; i++) {
System.out.println("Password: " + generateRandomPassword(6));
}
}
}

31
utils/src/com/cloud/utils/net/NetUtils.java
View File

@ -41,7 +41,16 @@ import com.cloud.utils.NumbersUtil;
public class NetUtils {
protected final static Logger s_logger = Logger.getLogger(NetUtils.class);
public final static String HTTP_PORT = "80";
public final static String VPN_PORT = "500";
public final static String VPN_NATT_PORT = "4500";
public final static String UDP_PROTO = "udp";
public final static String TCP_PROTO = "tcp";
public final static String ICMP_PROTO = "icmp";
public final static String NAT_PROTO = "nat"; //special value for one-to-one NAT
public static String getHostName() {
try {
InetAddress localAddr = InetAddress.getLocalHost();
@ -552,6 +561,23 @@ public class NetUtils {
return long2Ip(result) + "/" + Integer.toString(bits);
}
public static String [] ipAndNetMaskToRange(String ip, String netmask) {
long ipAddr = ip2Long(ip);
long subnet = ip2Long(netmask);
long start = (ipAddr & subnet) + 1;
long end = start;
int bits = (subnet == 0)?0:1;
while ((subnet = (subnet >> 1) & subnet) != 0 )
bits++;
end = end >> (32 - bits);
end++;
end = (end << (32 - bits)) - 2;
return new String[] {long2Ip(start), long2Ip(end)};
}
public static boolean isNetworkAWithinNetworkB(String cidrA, String cidrB) {
Long cidrALong = cidrToLong(cidrA);
Long cidrBLong = cidrToLong(cidrB);
@ -761,7 +787,12 @@ public class NetUtils {
String ip = args[1];
String mask = args[2];
System.out.println(NetUtils.ipAndNetMaskToCidr(ip, mask));
} else if (args[0].equals("ipmasktorange")){
String ip = args[1];
String mask = args[2];
String [] range = NetUtils.ipAndNetMaskToRange(ip, mask);
System.out.println(range[0] + " : " + range[1]);
} else {
System.out.println(long2Ip(NumbersUtil.parseLong(args[1], 0)));
}