CLOUDSTACK-4115 : Encrypt password in cluster_details table. This fix is to handle upgrades from versions earlier than 3.0.5 and 4.0. Upgrade was not handled when the cluster_details password encryption was introduced.

2025-11-02 20:02:29 +01:00 · 2013-08-22 18:52:34 +05:30 · 2013-08-22 18:52:34 +05:30 · ad0fba31a3
commit ad0fba31a3
parent 5980faf9a7
2 changed files with 80 additions and 0 deletions
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade302to40.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade302to40.java
@ -74,6 +74,7 @@ public class Upgrade302to40 extends Upgrade30xBase implements DbUpgrade {
        setupExternalNetworkDevices(conn);
        fixZoneUsingExternalDevices(conn);
        encryptConfig(conn);
+        encryptClusterDetails(conn);
    }

    @Override
@ -1072,4 +1073,42 @@ public class Upgrade302to40 extends Upgrade30xBase implements DbUpgrade {
        }
        s_logger.debug("Done encrypting Config values");
    }
+
+    private void encryptClusterDetails(Connection conn) {
+        s_logger.debug("Encrypting cluster details");
+        PreparedStatement pstmt = null;
+        ResultSet rs = null;
+        try {
+            pstmt = conn.prepareStatement("select id, value from `cloud`.`cluster_details` where name = 'password'");
+            rs = pstmt.executeQuery();
+            while (rs.next()) {
+                long id = rs.getLong(1);
+                String value = rs.getString(2);
+                if (value == null) {
+                    continue;
+                }
+                String encryptedValue = DBEncryptionUtil.encrypt(value);
+                pstmt = conn.prepareStatement("update `cloud`.`cluster_details` set value=? where id=?");
+                pstmt.setBytes(1, encryptedValue.getBytes("UTF-8"));
+                pstmt.setLong(2, id);
+                pstmt.executeUpdate();
+            }
+        } catch (SQLException e) {
+            throw new CloudRuntimeException("Unable encrypt cluster_details values ", e);
+        } catch (UnsupportedEncodingException e) {
+            throw new CloudRuntimeException("Unable encrypt cluster_details values ", e);
+        } finally {
+            try {
+                if (rs != null) {
+                    rs.close();
+                }
+
+                if (pstmt != null) {
+                    pstmt.close();
+                }
+            } catch (SQLException e) {
+            }
+        }
+        s_logger.debug("Done encrypting cluster_details");
+    }
 }
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade304to305.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade304to305.java
@ -19,6 +19,7 @@
 package com.cloud.upgrade.dao;

 import java.io.File;
+import java.io.UnsupportedEncodingException;
 import java.sql.Connection;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
@ -27,6 +28,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.UUID;

+import com.cloud.utils.crypt.DBEncryptionUtil;
 import org.apache.log4j.Logger;

 import com.cloud.utils.exception.CloudRuntimeException;
@ -68,6 +70,7 @@ public class Upgrade304to305 extends Upgrade30xBase implements DbUpgrade {
        fixZoneUsingExternalDevices(conn);
 //        updateSystemVms(conn);
        fixForeignKeys(conn);
+        encryptClusterDetails(conn);
    }

    @Override
@ -455,4 +458,42 @@ public class Upgrade304to305 extends Upgrade30xBase implements DbUpgrade {
            throw new CloudRuntimeException("Unable to execute ssh_keypairs table update for adding domain_id foreign key", e);
        }
    }
+
+    private void encryptClusterDetails(Connection conn) {
+        s_logger.debug("Encrypting cluster details");
+        PreparedStatement pstmt = null;
+        ResultSet rs = null;
+        try {
+            pstmt = conn.prepareStatement("select id, value from `cloud`.`cluster_details` where name = 'password'");
+            rs = pstmt.executeQuery();
+            while (rs.next()) {
+                long id = rs.getLong(1);
+                String value = rs.getString(2);
+                if (value == null) {
+                    continue;
+                }
+                String encryptedValue = DBEncryptionUtil.encrypt(value);
+                pstmt = conn.prepareStatement("update `cloud`.`cluster_details` set value=? where id=?");
+                pstmt.setBytes(1, encryptedValue.getBytes("UTF-8"));
+                pstmt.setLong(2, id);
+                pstmt.executeUpdate();
+            }
+        } catch (SQLException e) {
+            throw new CloudRuntimeException("Unable encrypt cluster_details values ", e);
+        } catch (UnsupportedEncodingException e) {
+            throw new CloudRuntimeException("Unable encrypt cluster_details values ", e);
+        } finally {
+            try {
+                if (rs != null) {
+                    rs.close();
+                }
+
+                if (pstmt != null) {
+                    pstmt.close();
+                }
+            } catch (SQLException e) {
+            }
+        }
+        s_logger.debug("Done encrypting cluster_details");
+    }
 }