Search in sources :

Example 1 with UserAccount

use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.

the class GetUserCmd method execute.

// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
@Override
public void execute() {
    final UserAccount result = _accountService.getUserByApiKey(getApiKey());
    if (result != null) {
        final UserResponse response = _responseGenerator.createUserResponse(result);
        if (StringUtils.isNotBlank(response.getSecretKey())) {
            response.setSecretKey("SecretKey only visible when generating a new key");
        }
        response.setResponseName(getCommandName());
        this.setResponseObject(response);
    } else {
        throw new InvalidParameterValueException("User with specified API key does not exist");
    }
}
Also used : UserResponse(com.cloud.api.response.UserResponse) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) UserAccount(com.cloud.legacymodel.user.UserAccount)

Example 2 with UserAccount

use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.

the class UpdateUserCmd method execute.

@Override
public void execute() {
    CallContext.current().setEventDetails("UserId: " + getId());
    final UserAccount user = _regionService.updateUser(this);
    if (user != null) {
        final UserResponse response = _responseGenerator.createUserResponse(user);
        response.setResponseName(getCommandName());
        this.setResponseObject(response);
    } else {
        throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to update user");
    }
}
Also used : UserResponse(com.cloud.api.response.UserResponse) ServerApiException(com.cloud.api.ServerApiException) UserAccount(com.cloud.legacymodel.user.UserAccount)

Example 3 with UserAccount

use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.

the class LdapAuthenticator method authenticate.

@Override
public Pair<Boolean, ActionOnFailedAuthentication> authenticate(final String username, final String password, final Long domainId, final Map<String, Object[]> requestParameters) {
    if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
        s_logger.debug("Username or Password cannot be empty");
        return new Pair<>(false, null);
    }
    boolean result = false;
    ActionOnFailedAuthentication action = null;
    if (_ldapManager.isLdapEnabled()) {
        final UserAccount user = _userAccountDao.getUserAccount(username, domainId);
        final LdapTrustMapVO ldapTrustMapVO = _ldapManager.getDomainLinkedToLdap(domainId);
        if (ldapTrustMapVO != null) {
            ldapGroupName = DistinguishedNameParser.parseLeafName(ldapTrustMapVO.getName());
            try {
                final LdapUser ldapUser = _ldapManager.getUser(username, ldapTrustMapVO.getType().toString(), ldapTrustMapVO.getName());
                if (!ldapUser.isDisabled()) {
                    result = _ldapManager.canAuthenticate(ldapUser.getPrincipal(), password);
                    if (result) {
                        if (user == null) {
                            // import user to cloudstack
                            createCloudStackUserAccount(ldapUser, domainId, ldapTrustMapVO.getAccountType());
                        } else {
                            enableUserInCloudStack(user);
                        }
                    }
                } else {
                    // disable user in cloudstack
                    disableUserInCloudStack(user);
                }
            } catch (final NoLdapUserMatchingQueryException e) {
                s_logger.debug(e.getMessage());
            }
        } else {
            // domain is not linked to ldap follow normal authentication
            if (user != null) {
                try {
                    final LdapUser ldapUser = _ldapManager.getUser(username);
                    if (!ldapUser.isDisabled()) {
                        result = _ldapManager.canAuthenticate(ldapUser.getPrincipal(), password);
                    } else {
                        s_logger.debug("user with principal " + ldapUser.getPrincipal() + " is disabled in ldap");
                    }
                } catch (final NoLdapUserMatchingQueryException e) {
                    s_logger.debug(e.getMessage());
                }
            }
        }
        if (!result && user != null) {
            action = ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT;
        }
    }
    return new Pair<>(result, action);
}
Also used : UserAccount(com.cloud.legacymodel.user.UserAccount) Pair(com.cloud.legacymodel.utils.Pair)

Example 4 with UserAccount

use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.

the class LinkDomainToLdapCmd method execute.

@Override
public void execute() throws ServerApiException {
    try {
        final LinkDomainToLdapResponse response = _ldapManager.linkDomainToLdap(domainId, type, name, accountType);
        if (admin != null) {
            LdapUser ldapUser = null;
            try {
                ldapUser = _ldapManager.getUser(admin, type, name);
            } catch (final NoLdapUserMatchingQueryException e) {
                s_logger.debug("no ldap user matching username " + admin + " in the given group/ou", e);
            }
            if (ldapUser != null && !ldapUser.isDisabled()) {
                final Account account = _accountService.getActiveAccountByName(admin, domainId);
                if (account == null) {
                    try {
                        final UserAccount userAccount = _accountService.createUserAccount(admin, "", ldapUser.getFirstname(), ldapUser.getLastname(), ldapUser.getEmail(), null, admin, Account.ACCOUNT_TYPE_DOMAIN_ADMIN, domainId, null, null, UUID.randomUUID().toString(), UUID.randomUUID().toString(), User.Source.LDAP);
                        response.setAdminId(String.valueOf(userAccount.getAccountId()));
                        s_logger.info("created an account with name " + admin + " in the given domain " + domainId);
                    } catch (final Exception e) {
                        s_logger.info("an exception occurred while creating account with name " + admin + " in domain " + domainId, e);
                    }
                } else {
                    s_logger.debug("an account with name " + admin + " already exists in the domain " + domainId);
                }
            } else {
                s_logger.debug("ldap user with username " + admin + " is disabled in the given group/ou");
            }
        }
        response.setObjectName("LinkDomainToLdap");
        response.setResponseName(getCommandName());
        setResponseObject(response);
    } catch (final InvalidParameterValueException e) {
        throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, e.toString());
    }
}
Also used : UserAccount(com.cloud.legacymodel.user.UserAccount) Account(com.cloud.legacymodel.user.Account) NoLdapUserMatchingQueryException(com.cloud.ldap.NoLdapUserMatchingQueryException) LdapUser(com.cloud.ldap.LdapUser) LinkDomainToLdapResponse(com.cloud.api.response.LinkDomainToLdapResponse) ServerApiException(com.cloud.api.ServerApiException) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) UserAccount(com.cloud.legacymodel.user.UserAccount) NoLdapUserMatchingQueryException(com.cloud.ldap.NoLdapUserMatchingQueryException) ServerApiException(com.cloud.api.ServerApiException) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException)

Example 5 with UserAccount

use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.

the class SHA256SaltedUserAuthenticator method authenticate.

/* (non-Javadoc)
     * @see com.cloud.server.auth.UserAuthenticator#authenticate(java.lang.String, java.lang.String, java.lang.Long, java.util.Map)
     */
@Override
public Pair<Boolean, ActionOnFailedAuthentication> authenticate(final String username, final String password, final Long domainId, final Map<String, Object[]> requestParameters) {
    if (s_logger.isDebugEnabled()) {
        s_logger.debug("Retrieving user: " + username);
    }
    if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
        s_logger.debug("Username or Password cannot be empty");
        return new Pair<>(false, null);
    }
    boolean realUser = true;
    final UserAccount user = _userAccountDao.getUserAccount(username, domainId);
    if (user == null) {
        s_logger.debug("Unable to find user with " + username + " in domain " + domainId);
        realUser = false;
    }
    /* Fake Data */
    String realPassword = new String(s_defaultPassword);
    byte[] salt = new String(s_defaultSalt).getBytes();
    if (realUser) {
        final String[] storedPassword = user.getPassword().split(":");
        if (storedPassword.length != 2) {
            s_logger.warn("The stored password for " + username + " isn't in the right format for this authenticator");
            realUser = false;
        } else {
            realPassword = storedPassword[1];
            salt = Base64.decode(storedPassword[0]);
        }
    }
    try {
        final String hashedPassword = encode(password, salt);
        /* constantTimeEquals comes first in boolean since we need to thwart timing attacks */
        final boolean result = constantTimeEquals(realPassword, hashedPassword) && realUser;
        ActionOnFailedAuthentication action = null;
        if (!result && realUser) {
            action = ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT;
        }
        return new Pair<>(result, action);
    } catch (final NoSuchAlgorithmException e) {
        throw new CloudRuntimeException("Unable to hash password", e);
    } catch (final UnsupportedEncodingException e) {
        throw new CloudRuntimeException("Unable to hash password", e);
    }
}
Also used : CloudRuntimeException(com.cloud.legacymodel.exceptions.CloudRuntimeException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UserAccount(com.cloud.legacymodel.user.UserAccount) Pair(com.cloud.legacymodel.utils.Pair)

Aggregations

UserAccount (com.cloud.legacymodel.user.UserAccount)21 Account (com.cloud.legacymodel.user.Account)10 InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)8 ServerApiException (com.cloud.api.ServerApiException)7 UserResponse (com.cloud.api.response.UserResponse)5 CloudRuntimeException (com.cloud.legacymodel.exceptions.CloudRuntimeException)5 User (com.cloud.legacymodel.user.User)5 ActionEvent (com.cloud.event.ActionEvent)4 Domain (com.cloud.legacymodel.domain.Domain)4 Pair (com.cloud.legacymodel.utils.Pair)4 CloudAuthenticationException (com.cloud.legacymodel.exceptions.CloudAuthenticationException)3 PermissionDeniedException (com.cloud.legacymodel.exceptions.PermissionDeniedException)3 VpnUserVO (com.cloud.network.VpnUserVO)3 AccountResponse (com.cloud.api.response.AccountResponse)2 DomainVO (com.cloud.domain.DomainVO)2 LdapUser (com.cloud.ldap.LdapUser)2 NoLdapUserMatchingQueryException (com.cloud.ldap.NoLdapUserMatchingQueryException)2 UserAuthenticator (com.cloud.server.auth.UserAuthenticator)2 DB (com.cloud.utils.db.DB)2 TransactionStatus (com.cloud.utils.db.TransactionStatus)2