2016-05-26

Link opening a new tab with Vaadin

Hi, my rare readers ;)

Not having much time to post recently, but this one will be very short.

Problem


I just wanted to have a link that opens a URL on a new tab in Vaadin.

Silly Try


My first try was:

 getTable().addGeneratedColumn("confirmLink", new ColumnGenerator() {
  private static final long serialVersionUID = 1L;
  @Override
  public Object generateCell(Table sour
   return new Link("Confirm", new ExternalResource("./confirm?id=" + itemId),
    "_blank",
    0, 0, BorderStyle.NONE
    );
  }
 });

The problem here was that the link was open on a new, very large, window. No tabs at all, in any browser.

Correct Way


After reading something about not set dimensions on a few forum posts, I tried:

 getTable().addGeneratedColumn("confirmLink", new ColumnGenerator() {
  private static final long serialVersionUID = 1L;
  @Override
  public Object generateCell(Table source, Object itemId, Object columnId) {
   Link link = new Link("Confirm", new ExternalResource("./confirm?id=" + itemId));
   link.setTargetName("_blank");
   return link;
  }
 });

And it worked!

The trap


I think this long constructor of the Link class is a little bit misleading, as it receives the target parameter, but also force you to pass dimensions, which are primitive types and cannot be null. Passing dimensions force the browser to open a new window to try to honor the dimensions it received.

Vaadin should have a constructor for Link only with label, resource and target parameters. Hope I have some time to report it soon ;)

2016-03-07

Status of a 'dd' operation on OS X

 Hi, people!

Just a quick note: Today I had to create a CentOS bootable USB stick. I used to do that on a Linux box, but this time I had to use an OS X one. I checked a few posts online and dd seemed to be available on OS X, so I run something like:

time sudo dd if=CentOS-7-x86_64-Minimal-1503-01.iso of=/dev/disk2 bs=1m

I'm using a very old USB stick and the process was kind of slow. I decided to do the same I used to do on a Linux box and issued the following:

killall -USR1 dd

For my surprise, the dd process just finished suddenly :(

Searching on Google, I found some people saying that USR1 signal doesn't work on OS X, but none mentioned that it interrupts dd!

The proper way to do that on OS X is:

killall -INFO dd

EDIT:
After checking this link, I found out that Ctrl + T on the dd terminal window also do the same on OS X!

 Hope it helps!

2016-02-25

On-the-fly database migration between two hosts (no dump file)

Hi, world!

Yesterday I had to migrate a MySQL database from on host to another. I didn't want to follow the standard process of (1) dumping a file, (2) transferring it and then (3) loading it in the new host for a few reasons:
  • The source host was low on space and the database was big
  • This is a waste of time because dump and load does not run in parallel
  • I like to do complicated stuff ;)
So, the idea was to use some pipes and redirect the data flow through SSH to the target host, which would receive it and load on the new database.
I did it with MySQL, but it should work with any database that supports dumping to the standard output and loading dumps from standard input.

Requirements

  • Have two Linux hosts with SSH available
  • Have pv and gzip installed (pv is not actually required)
  • Need to transfer a huge database between them

Transfering


You have to run one command in each host. I'll call the host that currently contains the database to be transferred source host and the host that will receive the new database as target host. You need to start the with the target host as it will wait from the connection from the source host.
I recommend you to run both sides inside a screen shell to avoid disruption by network problems if you are accessing the hosts remotely.

Target host


The command in the target host is the following (broken in lines for the ease of reading):
nc -l 3456 | \
  gunzip | \
  pv | \
  mysql -u tdb_user -ptdb_pass targetdatabase

This command receives the data from the source host and then flows it through some process. The nc command waits a connection listening on port 1234. When it receives a connection, it starts sending data to gunzip, which decompress the data. pv is just to show how much data has passed through it. Finally, mysql loads the data it receives from standard input in the targetdatabase. Keep in mind that this only starts when the other side connects and sends data.

Source host


The command in the source host is the following (broken in lines for the ease of reading):
mysqldump -u sdb_user -psdb_pass sourcedatabase | \
  pv | \
  gzip | \
  ssh sshuser@targethost nc 127.0.0.1 3456

This command sends data to the target host. Firstly, mysqldump extracts the data from sourcedatabase and sends it to the standard output. pv receives it and only shows how much data is passing through. Then, gzip process compresses the data and ssh sends it to the other side. Notice that SSH is running a nc remotely. This nc is responsible for connecting in the nc you started on the target host and plug the two sides.

That's it!


If everything is all right, in some time the database will be already copied to the target host! In almost half the time (actually, the total time is expected to be the load time on the target host).

If you have any doubt or suggestion, please post in the comments!

2016-02-20

Changing Samba4 (AWS Simple AD) user password using Java


I recently had to setup a AWS Simple AD to replace an old OpenLDAP that served us for years. I may post more about this in the following days, but if you have interest in any specific topic, please post here in the comments and I can speed it up ;)

Before


During this migration, I had to adjust a simple app I did in the past to reset and change users' passwords. To set a user's password, this application was just calculating the new password and setting in the userPassword attribute, like this:


LdapConnection connection = new LdapNetworkConnection( ldapserver, 389, false )) {
connection.bind(user, pass);

EntryCursor cursor = connection.search( baseDN, "(uid=" + user.getUsername() + ")", SearchScope.ONELEVEL, "*" );

if ( !cursor.next() ) {
  logger.debug("no user with uid '{}' found.", user.getUsername());
  return false;
}

Entry entry = cursor.get();

byte[] newPass = PasswordUtil.createStoragePassword(user.getPassword(), LdapSecurityConstants.HASH_METHOD_SSHA);

entry.put("userPassword", newPass);
entry.put("shadowLastChange", new Date().getTime() / (1000 * 60 * 60 * 24) + "");

logger.debug("changing password for user '{}'...", user.getUsername());
connection.modify(entry.getDn(), 
  extractModification("userPassword", entry), 
  extractModification("shadowLastChange", entry)
); 
 
connection.unBind();

The problem


When checking the Simple AD user's attributes, there was no userPassword anymore, so I tried to find a way to change the password. As I was already using de Apache LDAP API, and it supports LDAP Password Modify Extended Operation, it seemed a good way to go as I wouldn't need to worry about implementation-specific problems.

I just forgot to check if Simple AD/Samba4 supports it :( And it didn't, AFAICS.

Believe me, I tried a lot of code combinations to use the 1.3.6.1.4.1.4203.1.11.1 extended operation as there is no doc (and even reported a bug), but could not make it work.

There is hope


After spending a lot of time trying to figure it out, I found this archive:

http://linux.samba.narkive.com/3nPys6p5/samba-sambar4-user-creation-with-ldap-and-initial-password

There, Tomas Mueller says:
I do not have a AD available today , i'll try tomorrow. i've found this
about the userPassword attribute on msdn:
http://msdn.microsoft.com/en-us/library/cc223249(prot.20).aspx
<http://msdn.microsoft.com/en-us/library/cc223249%28prot.20%29.aspx>

searching the sourcecode about userPassword i've found this comment in
password_hash.c:

* Notice: unlike the real AD which only supports the UTF16 special based
* 'unicodePwd' and the UTF8 based 'userPassword' plaintext attribute we
* understand also a UTF16 based 'clearTextPassword' one.
* The latter is also accessible through LDAP so it can also be set by
external
* tools and scripts. But be aware that this isn't portable on non
SAMBA 4 ADs!

"The latter is also accessible through LDAP" implies that unicodePwd and
userPassword aren't.

- Thomas

So, after reading this, I tried clearTextPassword and it worked!!! It seems that Samba4 doesn't implement the extended operation, but created this fake attribute to allow password set through LDAP protocol.

Follows the base of the final code:
LdapConnection connection = new LdapNetworkConnection( ldapserver, 389, false )) {
connection.bind(user, pass);

SearchRequest searchRequest = getUserSearch(user);
SearchCursor cursor = connection.search( searchRequest );
if ( !cursor.next() ) {
  logger.debug("no user with sAMAccountName '{}' found.", user.getUsername());
  throw new InvalidCredentialsException();
}

Entry entry = cursor.getEntry();
Dn userBeingChangedDN = entry.getDn();

logger.debug("changing password for user '{}'...", user.getUsername());
entry.put("clearTextPassword", newPassword.getBytes("UTF-16LE"));
connection.modify(entry.getDn(), extractModification("clearTextPassword", entry));

try (LdapConnection connectionForChange = getConnection()) {
  connectionForChange.bind(userBeingChangedDN, user.getPassword());
  connectionForChange.unBind();
} catch (LdapException e) {
  throw new InvalidCredentialsException();
}

connection.unBind();


Hope it helps!

If you want to know more about the whole Simple AD setup, please comment asking what you want.

Extras



private static Modification extractModification(String attrAlias, Entry modifiedEntry) {
  Modification mod = new DefaultModification();
  mod.setOperation(ModificationOperation.REPLACE_ATTRIBUTE);
  Attribute attribute = modifiedEntry.get(attrAlias);
  mod.setAttribute(attribute);
  return mod; 
}

private SearchRequest getUserSearch(User user) throws LdapInvalidDnException, LdapException {
  SearchRequest searchRequest = new SearchRequestImpl();
  searchRequest.setBase( new Dn("CN=Users,DC=visagio,DC=company") );
  searchRequest.setFilter( "(sAMAccountName=" + user.getUsername() + ")" );
  searchRequest.setScope( SearchScope.ONELEVEL );
  searchRequest.addAttributes( "*" );
  return searchRequest;
}