Return-Path: 
 <dev-return-29423-apmail-cloudstack-dev-archive=cloudstack.apache.org@cloudstack.apache.org>
X-Original-To: apmail-cloudstack-dev-archive@www.apache.org
Delivered-To: apmail-cloudstack-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 76CB8F222
	for <apmail-cloudstack-dev-archive@www.apache.org>;
 Tue,  2 Apr 2013 05:42:55 +0000 (UTC)
Received: (qmail 14958 invoked by uid 500); 2 Apr 2013 05:42:55 -0000
Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org
Received: (qmail 14813 invoked by uid 500); 2 Apr 2013 05:42:54 -0000
Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:dev@cloudstack.apache.org>
List-Id: <dev.cloudstack.apache.org>
Reply-To: dev@cloudstack.apache.org
Delivered-To: mailing list dev@cloudstack.apache.org
Received: (qmail 14760 invoked by uid 500); 2 Apr 2013 05:42:53 -0000
Delivered-To: apmail-incubator-cloudstack-dev@incubator.apache.org
Received: (qmail 14753 invoked by uid 99); 2 Apr 2013 05:42:53 -0000
Received: from reviews-vm.apache.org (HELO reviews.apache.org) (140.211.11.40)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Apr 2013 05:42:53 +0000
Received: from reviews.apache.org (localhost [127.0.0.1])
	by reviews.apache.org (Postfix) with ESMTP id 060361C263B;
	Tue,  2 Apr 2013 05:42:50 +0000 (UTC)
Content-Type: multipart/alternative;
 boundary="===============0424345343130688435=="
MIME-Version: 1.0
Subject: Re: Review Request: Make SHA256Salt the default password encoding and
 authentication mechanism for cloudstack
From: "Venkata Siva Vijayendra Bhamidipati"
 <vijayendra.bhamidipati@citrix.com>
To: "Min Chen" <min.chen@citrix.com>, "Kelven Yang" <kelven.yang@citrix.com>,
 "Hugo Trippaers" <htrippaers@schubergphilis.com>
Cc: "cloudstack" <cloudstack-dev@incubator.apache.org>,
 "Venkata Siva Vijayendra Bhamidipati" <vijayendra.bhamidipati@citrix.com>
Date: Tue, 02 Apr 2013 05:42:50 -0000
Message-ID: <20130402054250.23824.73047@reviews.apache.org>
X-ReviewBoard-URL: https://reviews.apache.org
Auto-Submitted: auto-generated
Sender: "Venkata Siva Vijayendra Bhamidipati" <noreply@reviews.apache.org>
X-ReviewGroup: cloudstack
X-ReviewRequest-URL: https://reviews.apache.org/r/10039/
X-Sender: "Venkata Siva Vijayendra Bhamidipati" <noreply@reviews.apache.org>
References: <20130328202619.12538.35642@reviews.apache.org>
In-Reply-To: <20130328202619.12538.35642@reviews.apache.org>
Reply-To: "Venkata Siva Vijayendra Bhamidipati"
 <vijayendra.bhamidipati@citrix.com>

--===============0424345343130688435==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/10039/
-----------------------------------------------------------

(Updated April 2, 2013, 5:42 a.m.)


Review request for cloudstack, Hugo Trippaers, Kelven Yang, and Min Chen.


Changes
-------

Attaching latest diffs on top of master, incorporating changes suggested by=
 Min.


Description
-------

Changing default password encoding mechanism from MD5 to SHA256Salted.


This addresses bug CS-1734.


Diffs (updated)
-----

  api/src/org/apache/cloudstack/api/command/admin/account/CreateAccountCmd.=
java 89673ea =

  api/src/org/apache/cloudstack/api/command/admin/user/CreateUserCmd.java f=
b29e1a =

  api/src/org/apache/cloudstack/api/command/admin/user/UpdateUserCmd.java 1=
f31662 =

  client/tomcatconf/applicationContext.xml.in 636eac2 =

  client/tomcatconf/componentContext.xml.in fea1d0f =

  client/tomcatconf/nonossComponentContext.xml.in 0b02eb6 =

  developer/developer-prefill.sql 6300d35 =

  plugins/user-authenticators/ldap/src/com/cloud/server/auth/LDAPUserAuthen=
ticator.java 61eebe5 =

  plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenti=
cator.java 026125e =

  plugins/user-authenticators/plain-text/src/com/cloud/server/auth/PlainTex=
tUserAuthenticator.java 52e7cb3 =

  plugins/user-authenticators/sha256salted/src/com/cloud/server/auth/SHA256=
SaltedUserAuthenticator.java 1b29f69 =

  server/src/com/cloud/server/ManagementServerImpl.java d0904e1 =

  server/src/com/cloud/user/AccountManagerImpl.java 40db4ed =


Diff: https://reviews.apache.org/r/10039/diff/


Testing
-------

Manual testing done for both oss and nonoss components. Both admin and user=
s added later are encoded according to the scheme configured, and authentic=
ated by the same scheme.

To change the order of the schemes, modify the following list properties in=
 client/tomcatconf/nonossComponentContext.xml.in or client/tomcatconf/compo=
nentContext.xml.in as applicable, to the desired order:

    <property name=3D"UserAuthenticators">
         <list>
            <ref bean=3D"SHA256SaltedUserAuthenticator"/>
            <ref bean=3D"MD5UserAuthenticator"/>
            <ref bean=3D"LDAPUserAuthenticator"/>
            <ref bean=3D"PlainTextUserAuthenticator"/>
        </list>
    </property>

    <property name=3D"UserPasswordEncoders">
        <list>
            <ref bean=3D"SHA256SaltedUserAuthenticator"/>
             <ref bean=3D"MD5UserAuthenticator"/>
             <ref bean=3D"LDAPUserAuthenticator"/>
            <ref bean=3D"PlainTextUserAuthenticator"/>
         </list>


Thanks,

Venkata Siva Vijayendra Bhamidipati


--===============0424345343130688435==--