protected void setUpLogExpectations(boolean debug) {
    mockStatic(LogFactoryCompat.class);
    LogCompat log = createMock(LogCompat.class);
    expect(LogFactoryCompat.getLog(AbstractBackendResource.class)).andReturn(log);
    expect(log.isDebugEnabled()).andReturn(debug).anyTimes();

    replayAll();
  }
예제 #2
0
public class DateMapper {

  protected static final LogCompat LOG = LogFactoryCompat.getLog(DateMapper.class);
  protected static final String DATATYPE_FACTORY_CREATION_FAILED =
      "DatatypeFactory creation failed";

  private static DatatypeFactory datatypeFactory;

  /**
   * Class-level synchronization to avoid potential thread-safety issues with statically shared
   * DatatypeFactory.
   */
  @Mapping(from = Date.class, to = XMLGregorianCalendar.class)
  public static synchronized XMLGregorianCalendar map(Date date, XMLGregorianCalendar template) {
    GregorianCalendar calendar =
        template != null ? template.toGregorianCalendar() : new GregorianCalendar();
    calendar.setTime(date);
    DatatypeFactory factory = getDatatypeFactory();
    return factory != null ? factory.newXMLGregorianCalendar(calendar) : null;
  }

  @Mapping(from = Integer.class, to = XMLGregorianCalendar.class)
  public static synchronized XMLGregorianCalendar map(
      BigDecimal secondsAgo, XMLGregorianCalendar template) {
    GregorianCalendar calendar =
        template != null
            ? template.toGregorianCalendar()
            : new GregorianCalendar(TimeZone.getTimeZone("UTC"));
    DatatypeFactory factory = getDatatypeFactory();
    XMLGregorianCalendar ret = null;
    if (factory != null) {
      ret = factory.newXMLGregorianCalendar(calendar);
      ret.add(factory.newDuration(false, 0, 0, 0, 0, 0, secondsAgo.intValue()));
    }
    return ret;
  }

  /** @pre called with class-level mutex held */
  private static DatatypeFactory getDatatypeFactory() {
    if (datatypeFactory == null) {
      try {
        datatypeFactory = DatatypeFactory.newInstance();
      } catch (DatatypeConfigurationException dce) {
        LOG.warn(DATATYPE_FACTORY_CREATION_FAILED, dce);
      }
    }
    return datatypeFactory;
  }
}
public class MaintananceVdsCommand<T extends MaintananceVdsParameters> extends VdsCommand<T> {
  private final boolean _isInternal;
  private List<VM> vms;

  public MaintananceVdsCommand(T parameters) {
    super(parameters);
    _isInternal = parameters.getIsInternal();
  }

  @Override
  protected void executeCommand() {
    if (getVds().getstatus() == VDSStatus.Maintenance) {
      // nothing to do
      setSucceeded(true);
    } else {
      setSucceeded(MigrateAllVms());

      /** if non responsive move directly to maintenance */
      if (getVds().getstatus() == VDSStatus.NonResponsive
          || getVds().getstatus() == VDSStatus.Problematic
          || getVds().getstatus() == VDSStatus.Down) {
        Backend.getInstance()
            .getResourceManager()
            .RunVdsCommand(
                VDSCommandType.SetVdsStatus,
                new SetVdsStatusVDSCommandParameters(getVdsId(), VDSStatus.Maintenance));
      }
    }
  }

  protected void orderListOfRunningVmsOnVds(Guid vdsId) {
    vms = DbFacade.getInstance().getVmDAO().getAllRunningForVds(vdsId);
    Collections.sort(vms, Collections.reverseOrder(new VmsComparer()));
  }

  protected boolean MigrateAllVms() {
    return MigrateAllVms(false);
  }

  protected boolean MigrateAllVms(boolean HAOnly) {
    orderListOfRunningVmsOnVds(getVdsId());

    boolean succeeded = true;

    for (VM vm : vms) {
      // if HAOnly is true check that vm is HA (auto_startup should be
      // true)
      if (vm.getstatus() != VMStatus.MigratingFrom
          && (!HAOnly || (HAOnly && vm.getauto_startup()))) {
        MigrateVmParameters tempVar = new MigrateVmParameters(false, vm.getvm_guid());
        tempVar.setTransactionScopeOption(TransactionScopeOption.RequiresNew);
        VdcReturnValueBase result =
            Backend.getInstance().runInternalAction(VdcActionType.InternalMigrateVm, tempVar);
        if (!result.getCanDoAction()
            || !(((Boolean) result.getActionReturnValue()).booleanValue())) {
          succeeded = false;
          AppendCustomValue("failedVms", vm.getvm_name(), ",");
          log.errorFormat(
              "ResourceManager::vdsMaintenance - Failed migrating desktop '{0}'", vm.getvm_name());
        }
      }
    }
    return succeeded;
  }

  @Override
  protected boolean canDoAction() {
    return CanMaintananceVds(getVdsId(), getReturnValue().getCanDoActionMessages());
  }

  @Override
  public AuditLogType getAuditLogTypeValue() {
    if (_isInternal) {
      if (getSucceeded()) {
        return AuditLogType.VDS_MAINTENANCE;
      } else {
        return AuditLogType.VDS_MAINTENANCE_FAILED;
      }
    } else {
      if (getSucceeded()) {
        return AuditLogType.USER_VDS_MAINTENANCE;
      } else {
        return AuditLogType.USER_VDS_MAINTENANCE_MIGRATION_FAILED;
      }
    }
  }

  public boolean CanMaintananceVds(Guid vdsId, java.util.ArrayList<String> reasons) {
    boolean returnValue = true;
    // VDS vds = ResourceManager.Instance.getVds(vdsId);
    VDS vds = DbFacade.getInstance().getVdsDAO().get(vdsId);
    // we can get here when vds status was set already to Maintenance
    if ((vds.getstatus() != VDSStatus.Maintenance)
        && (vds.getstatus() != VDSStatus.NonResponsive)
        && (vds.getstatus() != VDSStatus.Up)
        && (vds.getstatus() != VDSStatus.Error)
        && (vds.getstatus() != VDSStatus.PreparingForMaintenance)
        && (vds.getstatus() != VDSStatus.Down)) {
      returnValue = false;
      reasons.add(VdcBllMessages.VDS_CANNOT_MAINTENANCE_VDS_IS_NOT_OPERATIONAL.toString());
    }

    orderListOfRunningVmsOnVds(vdsId);

    for (VM vm : vms) {
      if (vm.getMigrationSupport() != MigrationSupport.MIGRATABLE) {
        reasons.add(VdcBllMessages.VDS_CANNOT_MAINTENANCE_IT_INCLUDES_NON_MIGRATABLE_VM.toString());
        return false;
      }
    }

    return returnValue;
  }

  public static void ProcessStorageOnVdsInactive(VDS vds) {

    // Clear the problematic timers since the VDS is in maintenance so it doesn't make sense to
    // check it
    // anymore.
    IrsBrokerCommand.clearVdsFromCache(
        vds.getstorage_pool_id(), vds.getvds_id(), vds.getvds_name());

    if (!vds.getstorage_pool_id().equals(Guid.Empty)
        && StoragePoolStatus.Uninitialized
            != DbFacade.getInstance().getStoragePoolDAO().get(vds.getstorage_pool_id()).getstatus()
        && Backend.getInstance()
            .getResourceManager()
            .RunVdsCommand(
                VDSCommandType.DisconnectStoragePool,
                new DisconnectStoragePoolVDSCommandParameters(
                    vds.getvds_id(), vds.getstorage_pool_id(), vds.getvds_spm_id()))
            .getSucceeded()) {
      StoragePoolParametersBase tempVar = new StoragePoolParametersBase(vds.getstorage_pool_id());
      tempVar.setVdsId(vds.getvds_id());
      tempVar.setTransactionScopeOption(TransactionScopeOption.RequiresNew);
      Backend.getInstance()
          .runInternalAction(VdcActionType.DisconnectHostFromStoragePoolServers, tempVar);
    }
  }

  private static LogCompat log = LogFactoryCompat.getLog(MaintananceVdsCommand.class);
}
예제 #4
0
public class LdapTestsSetup {
  private Configuration testProperties;

  private IPAGroupDaoImpl ipaGroupDao = new IPAGroupDaoImpl();
  private IPAPersonDaoImpl ipaPersonDao = new IPAPersonDaoImpl();
  private ADPersonDaoImpl adPersonDao = new ADPersonDaoImpl();
  private ADGroupDaoImpl adGroupDao = new ADGroupDaoImpl();
  private LdapTemplate ipaLdapTemplate;
  private LdapTemplate adLdapTemplate;
  private LdapContextSource ipaLdapContext;
  private LdapContextSource adLdapContext;
  private Map<String, Person> users = new HashMap<String, Person>();
  private Map<String, Group> groups = new HashMap<String, Group>();
  private Map<String, String> ldapConfiguration = new HashMap<String, String>();

  private static LogCompat log = LogFactoryCompat.getLog(LdapTestsSetup.class);

  public LdapTestsSetup() {
    String confFile = System.getenv("LDAP_TESTER_PROPERTIES_FILE");
    if (confFile == null) {
      confFile = "ldap.integ/ldap-test.properties";
    }

    try {
      testProperties = new PropertiesConfiguration(confFile);

      Configuration usersSubset = testProperties.subset("users");
      HierarchicalConfiguration usersConfig = ConfigurationUtils.convertToHierarchical(usersSubset);
      List<ConfigurationNode> childrens = usersConfig.getRootNode().getChildren();
      for (ConfigurationNode node : childrens) {
        String name = node.getName();
        users.put(name, new Person(usersSubset.subset(name)));
      }

      Configuration groupsSubset = testProperties.subset("groups");
      HierarchicalConfiguration groupsConfig =
          ConfigurationUtils.convertToHierarchical(groupsSubset);
      childrens = groupsConfig.getRootNode().getChildren();
      for (ConfigurationNode node : childrens) {
        String name = node.getName();
        groups.put(name, new Group(groupsSubset.subset(name)));
      }

      Configuration ldapConfigurationSubset = testProperties.subset("configuration");
      HierarchicalConfiguration ldapConfig =
          ConfigurationUtils.convertToHierarchical(ldapConfigurationSubset);
      childrens = ldapConfig.getRootNode().getChildren();
      for (ConfigurationNode node : childrens) {
        String key = node.getName();
        String value = (String) node.getValue();
        ldapConfiguration.put(key, value);
      }
    } catch (ConfigurationException ex) {
      String message = "Problem loading configuration: " + ex.getMessage();
      log.error(message);
      throw new IllegalStateException(message);
    }
  }

  public void setup() throws Exception {
    setIpaLdapContext(ContextSourceFactory.getIPAContextSource(ldapConfiguration));
    getIpaLdapContext().afterPropertiesSet();
    setAdLdapContext(ContextSourceFactory.getADContextSource(ldapConfiguration));
    getAdLdapContext().afterPropertiesSet();
    ipaLdapTemplate = new LdapTemplate(getIpaLdapContext());
    adLdapTemplate = new LdapTemplate(getAdLdapContext());
    ipaPersonDao.setLdapTemplate(ipaLdapTemplate);
    ipaGroupDao.setLdapTemplate(ipaLdapTemplate);
    adPersonDao.setLdapTemplate(adLdapTemplate);
    adGroupDao.setLdapTemplate(adLdapTemplate);
  }

  public void populateUsersAndGroups() throws ConfigurationException, URISyntaxException {
    for (Person p : users.values()) {
      ipaPersonDao.create(p);
      adPersonDao.create(p);
    }

    List<String> list = new ArrayList<String>(groups.keySet());
    Collections.sort(list);
    for (String groupName : list) {
      Group group = groups.get(groupName);
      ipaGroupDao.create(group);
      adGroupDao.create(group);
      System.out.println(groupName);
    }
  }

  public Person getUser(String userName) {
    return users.get(userName);
  }

  public Group getGroup(String groupName) {
    return groups.get(groupName);
  }

  public void cleanup() {
    for (Person p : users.values()) {
      ipaPersonDao.delete(p);
      adPersonDao.delete(p);
    }

    for (Group g : groups.values()) {
      ipaGroupDao.delete(g);
      adGroupDao.delete(g);
    }
  }

  public IPAGroupDaoImpl getIpaGroupDao() {
    return ipaGroupDao;
  }

  public IPAPersonDaoImpl getIpaPersonDao() {
    return ipaPersonDao;
  }

  public ADPersonDaoImpl getAdPersonDao() {
    return adPersonDao;
  }

  public ADGroupDaoImpl getAdGroupDao() {
    return adGroupDao;
  }

  public void setIpaLdapContext(LdapContextSource ipaLdapContext) {
    this.ipaLdapContext = ipaLdapContext;
  }

  public LdapContextSource getIpaLdapContext() {
    return ipaLdapContext;
  }

  public void setAdLdapContext(LdapContextSource adLdapContext) {
    this.adLdapContext = adLdapContext;
  }

  public LdapContextSource getAdLdapContext() {
    return adLdapContext;
  }
}
/** Implements a GSSAPI directory context authentication strategy to be used with LDAP */
public class GSSAPIDirContextAuthenticationStrategy implements DirContextAuthenticationStrategy {

  private static final String GSS_API_AUTHENTICATION = "GSSAPI";
  private static final String LOGIN_MODULE_POLICY_NAME = "RHEVKerberosAuth";
  private static LogCompat log =
      LogFactoryCompat.getLog(GSSAPIDirContextAuthenticationStrategy.class);
  private LoginContext loginContext;
  private String password;
  private String userName;
  private String realm;
  private boolean explicitAuth;

  public void setExplicitAuth(boolean explicitAuth) {
    this.explicitAuth = explicitAuth;
  }

  public LoginContext getLoginContext() {
    return loginContext;
  }

  /**
   * @param password
   * @param userName
   * @param explicitAuth
   */
  public GSSAPIDirContextAuthenticationStrategy(
      String userName, String password, String realm, boolean explicitAuth) {
    this.userName = userName;
    this.password = password;
    this.realm = realm;
    this.explicitAuth = explicitAuth;
  }

  /*
   * (non-Javadoc)
   *
   * @see
   * org.springframework.ldap.core.support.DirContextAuthenticationStrategy
   * #setupEnvironment(java.util.Hashtable, java.lang.String,
   * java.lang.String)
   */
  @Override
  public void setupEnvironment(Hashtable env, String userDn, String password)
      throws NamingException {
    env.put(Context.SECURITY_AUTHENTICATION, GSS_API_AUTHENTICATION);
    String qopValue = Config.<String>GetValue(ConfigValues.SASL_QOP);
    env.put("javax.security.sasl.qop", qopValue);
  }

  /*
   * (non-Javadoc)
   *
   * @see
   * org.springframework.ldap.core.support.DirContextAuthenticationStrategy
   * #processContextAfterCreation(javax.naming.directory.DirContext,
   * java.lang.String, java.lang.String)
   */
  @Override
  public DirContext processContextAfterCreation(DirContext ctx, String userDn, String password)
      throws NamingException {

    return ctx;
  }

  public void authenticate() throws EngineDirectoryServiceException {
    UsersDomainsCacheManager usersDomainsCacheManager =
        UsersDomainsCacheManagerService.getInstance();
    UserDomainInfo userDomainInfo =
        usersDomainsCacheManager.associateUserWithDomain(this.userName, this.realm.toLowerCase());
    loginContext = null;
    synchronized (userDomainInfo) {
      // In case authentication is performed in an implicit way (as a
      // result of internal command) try and get
      // login context from cache
      if (!explicitAuth) {
        loginContext = userDomainInfo.getLoginContext();
      }

      if (!validLoginContext()) {
        explicitAuth(userDomainInfo);
      }
    }
  }

  private void explicitAuth(UserDomainInfo userDomainInfo) throws EngineDirectoryServiceException {

    GSSAPICallbackHandler callbackHandler = new GSSAPICallbackHandler(userName, password);
    authenticateToKDC(callbackHandler, userDomainInfo);
  }

  private void authenticateToKDC(
      GSSAPICallbackHandler callbackHandler, UserDomainInfo userDomainInfo)
      throws EngineDirectoryServiceException {

    try {
      loginContext = new LoginContext(LOGIN_MODULE_POLICY_NAME, callbackHandler);
      loginContext.login();
      userDomainInfo.setLoginContext(loginContext);
      if (log.isDebugEnabled()) {
        log.debug("Successful login for user " + userName);
      }
    } catch (LoginException ex) {

      // JAAS throws login exception due to various reasons.
      // We check if the login exception matches a case where the user
      // provided wrong authentication details, or
      // if there was another error - in case the user provided wrong
      // authentication details, we will abort the kdc search
      loginContext = null;
      KerberosReturnCodeParser parser = new KerberosReturnCodeParser();
      AuthenticationResult result = parser.parse(ex.getMessage());
      if (result == AuthenticationResult.OTHER || result == null) {
        // An error our error parser does not recognize
        log.error("Error from Kerberos: " + ex.getMessage());
      } else {
        StringBuilder error = new StringBuilder();
        error.append(result.getDetailedMessage());
        log.error(error.toString());
      }
      throw new EngineDirectoryServiceException(result);
    }
  }

  private boolean validLoginContext() {

    if (loginContext == null) return false;

    Subject subject = loginContext.getSubject();
    if (subject == null) return false;
    Set<KerberosTicket> privateCreds = subject.getPrivateCredentials(KerberosTicket.class);
    if (privateCreds == null || privateCreds.size() == 0) return false;

    Iterator<KerberosTicket> iterator = privateCreds.iterator();
    KerberosTicket ticket = iterator.next();
    return ticket.isCurrent();
  }
}