[Engine-patches] Change in ovirt-engine[master]: aaa: Handle audit log of expired account

yzaslavs Fri, 10 Oct 2014 03:45:48 -0700

Yair Zaslavsky has uploaded a new change for review.

Change subject: aaa: Handle audit log of expired account
......................................................................


aaa: Handle audit log of expired account

Bug-Url: httsp:/bugzilla.redhat.com/1078196
Topic: AAA
Change-Id: Ifba0841260071c5a7e9b3ee5df8d04b81ec21076
Signed-off-by: Yair Zaslavsky <yzasl...@redhat.com>
---
M 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java
M 
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java
M 
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java
M backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties
M 
backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties
M 
frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java
M 
frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties
M 
frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties
8 files changed, 13 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/92/33992/1

diff --git 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java
 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java
index b6ec6f5..a513a06 100644
--- 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java
+++ 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginBaseCommand.java
@@ -56,6 +56,7 @@
         auditLogMap.put(Authn.AuthResult.ACCOUNT_LOCKED, 
AuditLogType.USER_ACCOUNT_DISABLED_OR_LOCKED);
         auditLogMap.put(Authn.AuthResult.ACCOUNT_DISABLED, 
AuditLogType.USER_ACCOUNT_DISABLED_OR_LOCKED);
         auditLogMap.put(Authn.AuthResult.TIMED_OUT, 
AuditLogType.USER_ACCOUNT_DISABLED_OR_LOCKED);
+        auditLogMap.put(Authn.AuthResult.ACCOUNT_EXPIRED, 
AuditLogType.USER_ACCOUNT_EXPIRED);
 
         vdcBllMessagesMap.put(Authn.AuthResult.GENERAL_ERROR, 
VdcBllMessages.USER_FAILED_TO_AUTHENTICATE);
         vdcBllMessagesMap.put(Authn.AuthResult.CREDENTIALS_INVALID,
@@ -64,6 +65,8 @@
                 
VdcBllMessages.USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD);
         vdcBllMessagesMap.put(Authn.AuthResult.ACCOUNT_LOCKED, 
VdcBllMessages.USER_ACCOUNT_DISABLED);
         vdcBllMessagesMap.put(Authn.AuthResult.ACCOUNT_DISABLED, 
VdcBllMessages.USER_ACCOUNT_DISABLED);
+        vdcBllMessagesMap.put(Authn.AuthResult.ACCOUNT_DISABLED, 
VdcBllMessages.USER_ACCOUNT_EXPIRED);
+
         vdcBllMessagesMap.put(Authn.AuthResult.TIMED_OUT, 
VdcBllMessages.USER_FAILED_TO_AUTHENTICATE_TIMED_OUT);
         vdcBllMessagesMap.put(Authn.AuthResult.CREDENTIALS_EXPIRED, 
VdcBllMessages.USER_PASSWORD_EXPIRED);
     }
diff --git 
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java
 
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java
index 8763391..43a6f8d 100644
--- 
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java
+++ 
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java
@@ -879,6 +879,8 @@
     AUTH_FAILED_NO_USER_INFORMATION_WAS_FOUND(1182, AuditLogSeverity.ERROR),
     AUTH_FAILED_CLIENT_NOT_FOUND_IN_KERBEROS_DATABASE(1183, 
AuditLogSeverity.ERROR),
     AUTH_FAILED_INTERNAL_KERBEROS_ERROR(1184, AuditLogSeverity.ERROR),
+    USER_ACCOUNT_EXPIRED(1185, AuditLogSeverity.ERROR),
+
 
     // Providers
     PROVIDER_ADDED(205),
diff --git 
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java
 
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java
index 750c860..695051c 100644
--- 
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java
+++ 
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/VdcBllMessages.java
@@ -433,6 +433,7 @@
     USER_PASSWORD_EXPIRED_CHANGE_URL_PROVIDED(ErrorType.NO_AUTHENTICATION),
     USER_PASSWORD_EXPIRED_CHANGE_MSG_PROVIDED(ErrorType.NO_AUTHENTICATION),
     USER_ACCOUNT_DISABLED(ErrorType.NO_AUTHENTICATION),
+    USER_ACCOUNT_EXPIRED(ErrorType.NO_AUTHENTICATION),
     USER_PERMISSION_DENIED(ErrorType.NO_AUTHENTICATION),
     USER_MUST_EXIST_IN_DB(ErrorType.NO_AUTHENTICATION),
     USER_MUST_EXIST_IN_DIRECTORY(ErrorType.NO_AUTHENTICATION),
diff --git 
a/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties 
b/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties
index 300b7e1..058a54d 100644
--- 
a/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties
+++ 
b/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties
@@ -414,6 +414,7 @@
        - Please verify that the correct authentication method is used in your 
system.
 VMT_CLUSTER_IS_NOT_VALID=Cannot ${action} ${type}. Cluster ID is not valid.
 USER_ACCOUNT_DISABLED=Cannot Login. User Account is Disabled or Locked, Please 
contact your system administrator.
+USER_ACCOUNT_EXPIRED=Cannot Login. User Account has expired, Please contact 
your system administrator.
 USER_PERMISSION_DENIED=Permission denied. Engine Administrator permission is 
required.
 USER_CANNOT_LOGIN_SESSION_MISSING=Cannot Login. Session timeout.
 USER_CANNOT_REMOVE_ADMIN_USER=Cannot remove internal admin user or its 
permissions.
diff --git 
a/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties
 
b/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties
index 401b796..1a0bb6b 100644
--- 
a/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties
+++ 
b/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties
@@ -661,6 +661,7 @@
 RELOAD_CONFIGURATIONS_SUCCESS=System Configurations reloaded successfully.
 RELOAD_CONFIGURATIONS_FAILURE=System Configurations failed to reload.
 USER_ACCOUNT_DISABLED_OR_LOCKED=User ${UserName} cannot login, as it got 
disabled or locked. Please contact the system administrator.
+USER_ACCOUNT_EXPIRED=The account for ${UserName} got expired. Please contact 
the system administrator.
 USER_ACCOUNT_PASSWORD_EXPIRED=User ${UserName} cannot login, as the user 
account password has expired. Please contact the system administrator.
 AUTH_FAILED_INVALID_CREDENTIALS=User ${UserName} cannot login, please verify 
the username and password.
 AUTH_FAILED_CLOCK_SKEW_TOO_GREAT=User ${UserName} cannot login, the engine 
clock is not synchronized with directory services. Please contact the system 
administrator.
diff --git 
a/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java
 
b/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java
index e58133c..778a8d7 100644
--- 
a/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java
+++ 
b/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java
@@ -1177,6 +1177,9 @@
     @DefaultStringValue("Cannot Login. User Account is Disabled or Locked, 
Please contact your system administrator.")
     String USER_ACCOUNT_DISABLED();
 
+    @DefaultStringValue("Cannot Login. User Account has expired, Please 
contact your system administrator.")
+    String USER_ACCOUNT_EXPIRED();
+
     @DefaultStringValue("Permission denied. Engine Administrator permission is 
required.")
     String USER_PERMISSION_DENIED();
 
diff --git 
a/frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties
 
b/frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties
index 8e4de52..b9796f9 100644
--- 
a/frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties
+++ 
b/frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties
@@ -379,6 +379,7 @@
        - Please verify that the correct authentication method is used in your 
system.
 VMT_CLUSTER_IS_NOT_VALID=Cannot ${action} ${type}. Cluster ID is not valid.
 USER_ACCOUNT_DISABLED=Cannot Login. User Account is Disabled or Locked, Please 
contact your system administrator.
+USER_ACCOUNT_EXPIRED=Cannot Login. User Account has expired, Please contact 
your system administrator.
 USER_PERMISSION_DENIED=Permission denied. Engine Administrator permission is 
required.
 USER_CANNOT_LOGIN_SESSION_MISSING=Cannot Login. Session timeout.
 USER_CANNOT_REMOVE_ADMIN_USER=Cannot remove internal admin user or its 
permissions.
diff --git 
a/frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties
 
b/frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties
index 74494b3..2482217 100644
--- 
a/frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties
+++ 
b/frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties
@@ -416,6 +416,7 @@
        - Please verify that the correct authentication method is used in your 
system.
 VMT_CLUSTER_IS_NOT_VALID=Cannot ${action} ${type}. Cluster ID is not valid.
 USER_ACCOUNT_DISABLED=Cannot Login. User Account is Disabled or Locked, Please 
contact your system administrator.
+USER_ACCOUNT_EXPIRED=Cannot Login. User Account has expired, Please contact 
your system administrator.
 USER_PERMISSION_DENIED=Permission denied. Engine Administrator permission is 
required.
 USER_CANNOT_LOGIN_SESSION_MISSING=Cannot Login. Session timeout.
 USER_CANNOT_REMOVE_ADMIN_USER=Cannot remove internal admin user or its 
permissions.


-- 
To view, visit http://gerrit.ovirt.org/33992
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifba0841260071c5a7e9b3ee5df8d04b81ec21076
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

[Engine-patches] Change in ovirt-engine[master]: aaa: Handle audit log of expired account

Reply via email to