apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '4.11'

Browse Source
This commit is contained in:
Rohit Yadav 2018-04-10 00:31:38 +05:30
commit 50042680b0
7 changed files with 180 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packaging/centos63/cloud.spec
View File

@ -449,6 +449,10 @@ if [ -f "%{_sysconfdir}/cloud.rpmsave/management/db.properties" ]; then
mv %{_sysconfdir}/cloud.rpmsave/management/db.properties %{_sysconfdir}/cloud.rpmsave/management/db.properties.rpmsave mv %{_sysconfdir}/cloud.rpmsave/management/db.properties %{_sysconfdir}/cloud.rpmsave/management/db.properties.rpmsave
fi fi
if [ -f %{_sysconfdir}/sysconfig/%{name}-management ] ; then
rm -f %{_sysconfdir}/sysconfig/%{name}-management
fi
chown -R cloud:cloud /var/log/cloudstack/management chown -R cloud:cloud /var/log/cloudstack/management
%preun agent %preun agent

4
packaging/centos7/cloud.spec
View File

@ -393,11 +393,13 @@ if [ ! -f %{_datadir}/cloudstack-common/scripts/vm/hypervisor/xenserver/vhd-util
fi fi
if [ -f %{_sysconfdir}/sysconfig/%{name}-management ] ; then if [ -f %{_sysconfdir}/sysconfig/%{name}-management ] ; then
mv %{_sysconfdir}/sysconfig/%{name}-management %{_sysconfdir}/default/%{name}-management rm -f %{_sysconfdir}/sysconfig/%{name}-management
fi fi
chown -R cloud:cloud /var/log/cloudstack/management chown -R cloud:cloud /var/log/cloudstack/management
systemctl daemon-reload
%preun agent %preun agent
/sbin/service cloudstack-agent stop || true /sbin/service cloudstack-agent stop || true
if [ "$1" == "0" ] ; then if [ "$1" == "0" ] ; then

2
plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/ADLdapUserManagerImpl.java
View File

@ -59,7 +59,7 @@ public class ADLdapUserManagerImpl extends OpenLdapUserManagerImpl implements Ld
return users; return users;
} }
private String generateADGroupSearchFilter(String groupName, Long domainId) { String generateADGroupSearchFilter(String groupName, Long domainId) {
final StringBuilder userObjectFilter = new StringBuilder(); final StringBuilder userObjectFilter = new StringBuilder();
userObjectFilter.append("(objectClass="); userObjectFilter.append("(objectClass=");
userObjectFilter.append(_ldapConfiguration.getUserObject(domainId)); userObjectFilter.append(_ldapConfiguration.getUserObject(domainId));

6
plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapAuthenticator.java
View File

@ -215,7 +215,7 @@ public class LdapAuthenticator extends AdapterBase implements UserAuthenticator
* @param user cloudstack user object * @param user cloudstack user object
* @return false if either user object does not exist or authenitication fails * @return false if either user object does not exist or authenitication fails
*/ */
private Pair<Boolean, ActionOnFailedAuthentication> authenticate(String username, String password, Long domainId, UserAccount user) { Pair<Boolean, ActionOnFailedAuthentication> authenticate(String username, String password, Long domainId, UserAccount user) {
boolean result = false; boolean result = false;
if(user != null ) { if(user != null ) {
@ -231,8 +231,8 @@ public class LdapAuthenticator extends AdapterBase implements UserAuthenticator
} }
} }
return (!result && user != null) ? return (!result && user != null) ?
new Pair<Boolean, ActionOnFailedAuthentication>(false, ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT): new Pair<Boolean, ActionOnFailedAuthentication>(result, ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT):
new Pair<Boolean, ActionOnFailedAuthentication>(false, null); new Pair<Boolean, ActionOnFailedAuthentication>(result, null);
} }
private void enableUserInCloudStack(UserAccount user) { private void enableUserInCloudStack(UserAccount user) {

2
plugins/user-authenticators/ldap/src/test/java/org/apache/cloudstack/api/command/LdapConfigurationChanger.java
View File

@ -38,7 +38,7 @@ interface LdapConfigurationChanger {
* the first field found by this name in the class "klas" or any of it's superclasses except for {@code Object}. Implementers of this interface can decide to also return any field in implemented interfaces or in {@code Object}. * the first field found by this name in the class "klas" or any of it's superclasses except for {@code Object}. Implementers of this interface can decide to also return any field in implemented interfaces or in {@code Object}.
* *
* @param name of the field to find * @param name of the field to find
* @param klas class to gat a field by name "name" from * @param klas class to get a field by name "name" from
* @return a {@code Field} by the name "name" * @return a {@code Field} by the name "name"
* @throws NoSuchFieldException * @throws NoSuchFieldException
*/ */

91
plugins/user-authenticators/ldap/test/org/apache/cloudstack/ldap/ADLdapUserManagerImplTest.java Normal file
View File

@ -0,0 +1,91 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.ldap;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.runners.MockitoJUnitRunner;
import javax.naming.directory.SearchControls;
import javax.naming.ldap.LdapContext;
import static org.junit.Assert.assertTrue;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.when;
@RunWith(MockitoJUnitRunner.class)
public class ADLdapUserManagerImplTest {
ADLdapUserManagerImpl adLdapUserManager;
@Mock
LdapConfiguration ldapConfiguration;
@Before
public void init() throws Exception {
adLdapUserManager = new ADLdapUserManagerImpl();
adLdapUserManager._ldapConfiguration = ldapConfiguration;
}
@Test
public void testGenerateADSearchFilterWithNestedGroupsEnabled() {
when(ldapConfiguration.getUserObject(any())).thenReturn("user");
when(ldapConfiguration.getCommonNameAttribute()).thenReturn("CN");
when(ldapConfiguration.getBaseDn(any())).thenReturn("DC=cloud,DC=citrix,DC=com");
when(ldapConfiguration.isNestedGroupsEnabled(any())).thenReturn(true);
String [] groups = {"dev", "dev-hyd"};
for (String group: groups) {
String result = adLdapUserManager.generateADGroupSearchFilter(group, 1L);
assertTrue(("(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=" + group + ",DC=cloud,DC=citrix,DC=com))").equals(result));
}
}
@Test
public void testGenerateADSearchFilterWithNestedGroupsDisabled() {
when(ldapConfiguration.getUserObject(any())).thenReturn("user");
when(ldapConfiguration.getCommonNameAttribute()).thenReturn("CN");
when(ldapConfiguration.getBaseDn(any())).thenReturn("DC=cloud,DC=citrix,DC=com");
when(ldapConfiguration.isNestedGroupsEnabled(any())).thenReturn(false);
String [] groups = {"dev", "dev-hyd"};
for (String group: groups) {
String result = adLdapUserManager.generateADGroupSearchFilter(group, 1L);
assertTrue(("(&(objectClass=user)(memberOf=CN=" + group + ",DC=cloud,DC=citrix,DC=com))").equals(result));
}
}
@Mock
LdapContext ldapContext;
@Test(expected = IllegalArgumentException.class)
public void testGetUsersInGroupUsingNullGroup() throws Exception {
String[] returnAttributes = {"username", "firstname", "lastname", "email"};
when(ldapConfiguration.getScope()).thenReturn(SearchControls.SUBTREE_SCOPE);
when(ldapConfiguration.getReturnAttributes(null)).thenReturn(returnAttributes);
when(ldapConfiguration.getBaseDn(any())).thenReturn(null).thenReturn(null).thenReturn("DC=cloud,DC=citrix,DC=com");
LdapContext context = ldapContext;
String [] groups = {null, "group", null};
for (String group: groups) {
adLdapUserManager.getUsersInGroup(group, context,null);
}
}
}

77
plugins/user-authenticators/ldap/test/org/apache/cloudstack/ldap/LdapAuthenticatorTest.java Normal file
View File

@ -0,0 +1,77 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.ldap;
import com.cloud.server.auth.UserAuthenticator;
import com.cloud.user.UserAccount;
import com.cloud.user.UserAccountVO;
import com.cloud.user.dao.UserAccountDao;
import com.cloud.utils.Pair;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.runners.MockitoJUnitRunner;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.when;
@RunWith(MockitoJUnitRunner.class)
public class LdapAuthenticatorTest {
@Mock
LdapManager ldapManager;
@Mock
UserAccountDao userAccountDao;
@Mock
UserAccount user = new UserAccountVO();
LdapAuthenticator ldapAuthenticator;
private String username = "bbanner";
private String principal = "cd=bbanner";
private String hardcoded = "password";
private Long domainId = 1L;
@Before
public void setUp() throws Exception {
ldapAuthenticator = new LdapAuthenticator(ldapManager, userAccountDao);
}
@Test
public void authenticateWithoutAccount() throws Exception {
LdapUser ldapUser = new LdapUser(username,"a@b","b","banner",principal,"",false,null);
Pair<Boolean, UserAuthenticator.ActionOnFailedAuthentication> rc;
when(ldapManager.getUser(username, domainId)).thenReturn(ldapUser);
rc = ldapAuthenticator.authenticate(username, "password", domainId, user);
assertFalse("authentication succeded when it should have failed", rc.first());
assertEquals("", UserAuthenticator.ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT,rc.second());
}
@Test
public void authenticate() throws Exception {
LdapUser ldapUser = new LdapUser(username, "a@b", "b", "banner", principal, "", false, null);
when(ldapManager.getUser(username, domainId)).thenReturn(ldapUser);
when(ldapManager.canAuthenticate(principal, hardcoded, domainId)).thenReturn(true);
Pair<Boolean, UserAuthenticator.ActionOnFailedAuthentication> rc = ldapAuthenticator.authenticate(username, hardcoded, domainId, user);
assertTrue("authentication failed when it should have succeeded", rc.first());
assertNull(rc.second());
}
}