/**
* Change the password for this slice
*
* <p>A slice is allowed to change its own password and the password of any slice that it has
* (transitively) created
*
* @param sliceName
* @param newPasswd
*/
@Override
public Boolean changePasswd(String sliceName, String newPasswd) throws PermissionDeniedException {
String changerSlice = APIUserCred.getUserName();
if (!APIAuth.transitivelyCreated(changerSlice, sliceName)
&& !FVConfig.isSupervisor(changerSlice))
throw new PermissionDeniedException(
"Slice " + changerSlice + " does not have perms to change the passwd of " + sliceName);
String salt = APIAuth.getSalt();
String crypt = APIAuth.makeCrypt(salt, newPasswd);
sliceName = FVConfig.sanitize(sliceName);
// set passwd is synchronized
FVConfig.setPasswd(sliceName, salt, crypt);
FlowVisor.getInstance().checkPointConfig();
return true;
}
@Override
public boolean setMaximumFlowMods(String sliceName, String dpid, String maxFlowMods)
throws PermissionDeniedException {
String user = APIUserCred.getUserName();
if (!APIAuth.transitivelyCreated(user, sliceName) && !FVConfig.isSupervisor(user))
throw new PermissionDeniedException(
"User " + user + " does not have perms to set the flow mod limit for slice " + sliceName);
Long dp = FlowSpaceUtil.parseDPID(dpid);
int limit = Integer.parseInt(maxFlowMods);
FVLog.log(
LogLevel.DEBUG,
null,
"Setting flowmod limit for slice "
+ sliceName
+ " for dpid "
+ dpid
+ " to "
+ maxFlowMods);
try {
if (dp == FlowEntry.ALL_DPIDS) SliceImpl.getProxy().setMaxFlowMods(sliceName, limit);
else SwitchImpl.getProxy().setMaxFlowMods(sliceName, dp, limit);
} catch (ConfigError e) {
return false;
}
return true;
}
@Override
public Boolean changeSlice(String sliceName, String key, String value)
throws MalformedURLException, InvalidSliceName, PermissionDeniedException, InvalidUserInfoKey,
DuplicateControllerException {
String changerSlice = APIUserCred.getUserName();
if (!APIAuth.transitivelyCreated(changerSlice, sliceName)
&& !FVConfig.isSupervisor(changerSlice))
throw new PermissionDeniedException(
"Slice " + changerSlice + " does not have perms to change the passwd of " + sliceName);
/**
* this is the list of things a user is allowed to change about themselves. Critically, it
* should not include "creator" string as this would allow security issues.
*/
try {
if (key.equals("contact_email")) FVConfig.setSliceContactEmail(sliceName, value);
else if (key.equals("controller_hostname")) {
// make sure there isn't already a slice with this hostname and port
// that this slice uses
if (isSecondSliceSharingController(sliceName, value, FVConfig.getSlicePort(sliceName))) {
throw new DuplicateControllerException(
value, FVConfig.getSlicePort(sliceName), sliceName, "changed");
}
FVConfig.setSliceHost(sliceName, value);
} else if (key.equals("controller_port")) {
// Make sure that there isn't already a slice on this port that uses
// the same hostname that this slice uses
if (isSecondSliceSharingController(
sliceName, FVConfig.getSliceHost(sliceName), Integer.parseInt(value))) {
throw new DuplicateControllerException(
FVConfig.getSliceHost(sliceName), Integer.parseInt(value), sliceName, "changed");
}
FVConfig.setSlicePort(sliceName, Integer.valueOf(value));
} else if (key.equals("drop_policy")) {
// Set the drop policy when the controller is done,
// either to an exact match of the packet in or to the
// flow entry.
FVConfig.setSliceDropPolicy(sliceName, value);
} else
throw new InvalidUserInfoKey(
"invalid key: "
+ key
+ "-- only contact_email, drop_policy and "
+ "controller_{hostname,port} can be changed");
FlowVisor.getInstance().checkPointConfig();
} catch (ConfigError e) {
// this should probably never happen b/c of above checks
throw new InvalidUserInfoKey(e.toString());
}
return true;
}
public Integer getCurrentFlowMods(String sliceName, String dpid)
throws PermissionDeniedException, SliceNotFound, DPIDNotFound {
String user = APIUserCred.getUserName();
if (!APIAuth.transitivelyCreated(user, sliceName) && !FVConfig.isSupervisor(user))
throw new PermissionDeniedException(
"User "
+ user
+ " does not have perms to get the current flow mod value for slice "
+ sliceName);
Long dp = FlowSpaceUtil.parseDPID(dpid);
if (dp == FlowEntry.ALL_DPIDS) return getSliceLimits().getSliceFMLimit(sliceName);
else return lookupClassifier(dp).getCurrentFlowModCounter(sliceName);
}
@Override
public Integer getMaximumFlowMods(String sliceName, String dpid)
throws PermissionDeniedException {
String user = APIUserCred.getUserName();
if (!APIAuth.transitivelyCreated(user, sliceName) && !FVConfig.isSupervisor(user))
throw new PermissionDeniedException(
"User " + user + " does not have perms to get the flow mod limit for slice " + sliceName);
Long dp = FlowSpaceUtil.parseDPID(dpid);
try {
if (dp == FlowEntry.ALL_DPIDS) return SliceImpl.getProxy().getMaxFlowMods(sliceName);
else return SwitchImpl.getProxy().getMaxFlowMods(sliceName, dp);
} catch (ConfigError e) {
FVLog.log(LogLevel.DEBUG, null, "Unable to get flow mod limit; " + e.getMessage());
return null;
}
}
@Override
public Boolean deleteSlice(String sliceName)
throws SliceNotFound, PermissionDeniedException, ConfigError {
String changerSlice = APIUserCred.getUserName();
if (!APIAuth.transitivelyCreated(changerSlice, sliceName)) {
FVLog.log(
LogLevel.WARN,
null,
"API deletSlice(" + sliceName + ") failed by: " + APIUserCred.getUserName());
throw new PermissionDeniedException(
"Slice " + changerSlice + " does not have perms to change the passwd of " + sliceName);
}
synchronized (FVConfig.class) {
FVLog.log(
LogLevel.DEBUG,
null,
"API removeSlice(" + sliceName + ") by: " + APIUserCred.getUserName());
FlowMap flowSpace = FlowSpaceUtil.deleteFlowSpaceBySlice(sliceName);
try {
// this is also synchronized against FVConfig.class
FVConfig.deleteSlice(sliceName);
} catch (Exception e) {
throw new SliceNotFound("slice does not exist: " + sliceName);
}
/*
* We need to do this because of the linear flowmap, because
* it wants the slicers and classifiers to update their
* view of the flowspace.
* Once linearflowmap is dropped, this should be dropped as
* well.
*
* FIXME
*/
FlowSpaceImpl.getProxy().notifyChange(flowSpace);
// FVConfig.sendUpdates(FVConfig.FLOWSPACE);
// signal that FS has changed
FlowVisor.getInstance().checkPointConfig();
}
return true;
}