cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Duffy <...@ianduffy.ie>
Subject Re: vm.password.length issue in 4.4.1-SNAPSHOT
Date Tue, 14 Oct 2014 00:34:30 GMT
The only other usage of it is within
server/src/com/cloud/server/ConfigurationServerImpl.java
Its used for creating a Secondary storage vm copy password.

I'm seeing absolutely no reason why we have 3 values going in no matter
what, I'm willing to say its a bug. I'm curious to why the tests are
written to deal with it though....

On 14 October 2014 00:26, Nux! <nux@li.nux.ro> wrote:

> Well, it's a bit messy, but still better than the old password length.
> Ideally this should get clarified/fixed, but for now I am happy with my
> long+3 password! :)
>
>
> Cheers,
> Lucian
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
>
> ----- Original Message -----
> > From: "Ian Duffy" <ian@ianduffy.ie>
> > To: "CloudStack Dev" <dev@cloudstack.apache.org>
> > Cc: "laszlo hornyak" <laszlo.hornyak@gmail.com>
> > Sent: Monday, 13 October, 2014 19:54:53
> > Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
>
> > Hey Nux,
> >
> > So I passed this work off to a util class that was already present in the
> > code base "PasswordGenerator"
> >
> >    @Override
> >    public String generateRandomPassword() {
> >        Integer passwordLength =
> > Integer.parseInt(_configDao.getValue("vm.password.length"));
> >        return PasswordGenerator.generateRandomPassword(passwordLength);
> >    }
> >
> > Not a clue why but the generateRandomPassword method creates a random
> > 3-character string first then loops through to generate n random
> characters.
> >
> >    public static String generateRandomPassword(int num) {
> >        Random r = new SecureRandom();
> >        StringBuilder password = new StringBuilder();
> >
> >        // Generate random 3-character string with a lowercase character,
> >        // uppercase character, and a digit
> >
> >
> password.append(generateLowercaseChar(r)).append(generateUppercaseChar(r)).append(generateDigit(r));
> >
> >        // Generate a random n-character string with only lowercase
> >        // characters
> >        for (int i = 0; i < num; i++) {
> >            password.append(generateLowercaseChar(r));
> >        }
> >
> >        return password.toString();
> >    }
> >
> > The unit tests seem to accommodate for this aswell:
> >
> >        // actual length is requested length + 3
> >
> > Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length() ==
> > 3);
> >
> > Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length() ==
> > 4);
> >
> > I'm guessing there's some reasoning for this.... CCing Laszlo who
> according
> > to git log did some work on this class.
> >
> > Thanks,
> >
> > Ian
> >
> > On 13 October 2014 19:39, Nux! <nux@li.nux.ro> wrote:
> >
> >> Hello,
> >>
> >> First of all "THANKS!" to whoever made this feature happen (Ian I
> guess).
> >> Now we can set more secure passwords generated for our instances.
> >>
> >> Second, the feature works, but with a small glitch, the number seems to
> be
> >> affected by some sort of offset. I.e. if I set the password to be 15
> chars
> >> in length then the generated password will actually be 18 chars.
> >> In order to get a 15 chars long passwd I had to set vm.password.length
> to
> >> 12. Bug or feature? :)
> >>
> >>
> >> Lucian
> >>
> >> --
> >> Sent from the Delta quadrant using Borg technology!
> >>
> >> Nux!
> >> www.nux.ro
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message