cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject [10/12] git commit: updated refs/heads/4.5 to 30598e9
Date Tue, 20 Jan 2015 05:58:06 GMT
CLOUDSTACK-7977
Fix password generator, add guards for minimum length

(cherry picked from commit 960b7bbf742bbba62cd25bc62b700c6c829e35f2)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/3cb43582
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/3cb43582
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/3cb43582

Branch: refs/heads/4.5
Commit: 3cb4358270497d4db22d19647a4c2820ed544f04
Parents: 1b7a100
Author: amoghvk <amogh.vasekar@citrix.com>
Authored: Wed Nov 26 15:08:48 2014 -0800
Committer: Rohit Yadav <rohit.yadav@shapeblue.com>
Committed: Tue Jan 20 10:31:05 2015 +0530

----------------------------------------------------------------------
 server/src/com/cloud/configuration/Config.java  |  8 +++++++
 .../configuration/ConfigurationManagerImpl.java |  5 ++++
 .../src/com/cloud/utils/PasswordGenerator.java  | 24 ++++++++++++++------
 .../com/cloud/utils/PasswordGeneratorTest.java  |  7 +++---
 4 files changed, 34 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3cb43582/server/src/com/cloud/configuration/Config.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java
index 091a3e9..dfb5f2a 100755
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@@ -907,6 +907,14 @@ public enum Config {
             "0",
             "Default disk I/O read rate in requests per second allowed in User vm's disk.",
             null),
+    VmPasswordLength(
+            "Advanced",
+            ManagementServer.class,
+            Integer.class,
+            "vm.password.length",
+            "6",
+            "Specifies the length of a randomly generated password",
+            null),
     VmDiskThrottlingIopsWriteRate(
             "Advanced",
             ManagementServer.class,

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3cb43582/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
index ce63e84..cf94b95 100755
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -366,6 +366,7 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
         configValuesForValidation.add("xenserver.heartbeat.interval");
         configValuesForValidation.add("xenserver.heartbeat.timeout");
         configValuesForValidation.add("incorrect.login.attempts.allowed");
+        configValuesForValidation.add("vm.password.length");
     }
 
     private void weightBasedParametersForValidation() {
@@ -779,6 +780,10 @@ public class ConfigurationManagerImpl extends ManagerBase implements
Configurati
                 if (val <= 0) {
                     throw new InvalidParameterValueException("Please enter a positive value
for the configuration parameter:" + name);
                 }
+                //TODO - better validation for all password pamameters
+                if ("vm.password.length".equalsIgnoreCase(name) && val < 6) {
+                    throw new InvalidParameterValueException("Please enter a value greater
than 6 for the configuration parameter:" + name);
+                }
             } catch (NumberFormatException e) {
                 s_logger.error("There was an error trying to parse the integer value for:"
+ name);
                 throw new InvalidParameterValueException("There was an error trying to parse
the integer value for:" + name);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3cb43582/utils/src/com/cloud/utils/PasswordGenerator.java
----------------------------------------------------------------------
diff --git a/utils/src/com/cloud/utils/PasswordGenerator.java b/utils/src/com/cloud/utils/PasswordGenerator.java
index 2abf071..0d79143 100644
--- a/utils/src/com/cloud/utils/PasswordGenerator.java
+++ b/utils/src/com/cloud/utils/PasswordGenerator.java
@@ -35,18 +35,28 @@ public class PasswordGenerator {
     static private char[] alphaNumeric = new char[] {'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
'J', 'K', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y',
         'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'j', 'k', 'm', 'n', 'p', 'q', 'r', 's',
't', 'u', 'v', 'w', 'x', 'y', 'z', '2', '3', '4', '5', '6', '7', '8', '9'};
 
+    static private int minLength = 3;
+
     public static String generateRandomPassword(int num) {
         Random r = new SecureRandom();
         StringBuilder password = new StringBuilder();
 
-        // Generate random 3-character string with a lowercase character,
-        // uppercase character, and a digit
-        password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r)).append(generateDigit(r));
+        //Guard for num < minLength
+        if (num < minLength) {
+            //Add alphanumeric chars at random
+            for (int i = 0; i < minLength; i++) {
+                password.append(generateAlphaNumeric(r));
+            }
+        } else {
+            // Generate random 3-character string with a lowercase character,
+            // uppercase character, and a digit
+            password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r)).append(generateDigit(r));
 
-        // Generate a random n-character string with only lowercase
-        // characters
-        for (int i = 0; i < num; i++) {
-            password.append(generateLowercaseChar(r));
+            // Generate a random n-character string with only lowercase
+            // characters
+            for (int i = 0; i < num - 3; i++) {
+                password.append(generateLowercaseChar(r));
+            }
         }
 
         return password.toString();

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3cb43582/utils/test/com/cloud/utils/PasswordGeneratorTest.java
----------------------------------------------------------------------
diff --git a/utils/test/com/cloud/utils/PasswordGeneratorTest.java b/utils/test/com/cloud/utils/PasswordGeneratorTest.java
index a4e2496..413b866 100644
--- a/utils/test/com/cloud/utils/PasswordGeneratorTest.java
+++ b/utils/test/com/cloud/utils/PasswordGeneratorTest.java
@@ -25,10 +25,11 @@ import org.junit.Test;
 public class PasswordGeneratorTest {
     @Test
     public void generateRandomPassword() {
-        // actual length is requested length + 3
+        // actual length is requested length, minimum length is 3
         Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length() == 3);
-        Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() == 4);
-        String password = PasswordGenerator.generateRandomPassword(0);
+        Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() == 3);
+        Assert.assertTrue(PasswordGenerator.generateRandomPassword(5).length() == 5);
+        String password = PasswordGenerator.generateRandomPassword(8);
         // TODO: this might give more help to bruteforcing than desired
         // the actual behavior is that the first character is a random lowercase
         // char


Mime
View raw message