/** * Change the password for this slice * * <p>A slice is allowed to change its own password and the password of any slice that it has * (transitively) created * * @param sliceName * @param newPasswd */ @Override public Boolean changePasswd(String sliceName, String newPasswd) throws PermissionDeniedException { String changerSlice = APIUserCred.getUserName(); if (!APIAuth.transitivelyCreated(changerSlice, sliceName) && !FVConfig.isSupervisor(changerSlice)) throw new PermissionDeniedException( "Slice " + changerSlice + " does not have perms to change the passwd of " + sliceName); String salt = APIAuth.getSalt(); String crypt = APIAuth.makeCrypt(salt, newPasswd); sliceName = FVConfig.sanitize(sliceName); // set passwd is synchronized FVConfig.setPasswd(sliceName, salt, crypt); FlowVisor.getInstance().checkPointConfig(); return true; }
@Override public boolean setMaximumFlowMods(String sliceName, String dpid, String maxFlowMods) throws PermissionDeniedException { String user = APIUserCred.getUserName(); if (!APIAuth.transitivelyCreated(user, sliceName) && !FVConfig.isSupervisor(user)) throw new PermissionDeniedException( "User " + user + " does not have perms to set the flow mod limit for slice " + sliceName); Long dp = FlowSpaceUtil.parseDPID(dpid); int limit = Integer.parseInt(maxFlowMods); FVLog.log( LogLevel.DEBUG, null, "Setting flowmod limit for slice " + sliceName + " for dpid " + dpid + " to " + maxFlowMods); try { if (dp == FlowEntry.ALL_DPIDS) SliceImpl.getProxy().setMaxFlowMods(sliceName, limit); else SwitchImpl.getProxy().setMaxFlowMods(sliceName, dp, limit); } catch (ConfigError e) { return false; } return true; }
@Override public Boolean changeSlice(String sliceName, String key, String value) throws MalformedURLException, InvalidSliceName, PermissionDeniedException, InvalidUserInfoKey, DuplicateControllerException { String changerSlice = APIUserCred.getUserName(); if (!APIAuth.transitivelyCreated(changerSlice, sliceName) && !FVConfig.isSupervisor(changerSlice)) throw new PermissionDeniedException( "Slice " + changerSlice + " does not have perms to change the passwd of " + sliceName); /** * this is the list of things a user is allowed to change about themselves. Critically, it * should not include "creator" string as this would allow security issues. */ try { if (key.equals("contact_email")) FVConfig.setSliceContactEmail(sliceName, value); else if (key.equals("controller_hostname")) { // make sure there isn't already a slice with this hostname and port // that this slice uses if (isSecondSliceSharingController(sliceName, value, FVConfig.getSlicePort(sliceName))) { throw new DuplicateControllerException( value, FVConfig.getSlicePort(sliceName), sliceName, "changed"); } FVConfig.setSliceHost(sliceName, value); } else if (key.equals("controller_port")) { // Make sure that there isn't already a slice on this port that uses // the same hostname that this slice uses if (isSecondSliceSharingController( sliceName, FVConfig.getSliceHost(sliceName), Integer.parseInt(value))) { throw new DuplicateControllerException( FVConfig.getSliceHost(sliceName), Integer.parseInt(value), sliceName, "changed"); } FVConfig.setSlicePort(sliceName, Integer.valueOf(value)); } else if (key.equals("drop_policy")) { // Set the drop policy when the controller is done, // either to an exact match of the packet in or to the // flow entry. FVConfig.setSliceDropPolicy(sliceName, value); } else throw new InvalidUserInfoKey( "invalid key: " + key + "-- only contact_email, drop_policy and " + "controller_{hostname,port} can be changed"); FlowVisor.getInstance().checkPointConfig(); } catch (ConfigError e) { // this should probably never happen b/c of above checks throw new InvalidUserInfoKey(e.toString()); } return true; }
public Integer getCurrentFlowMods(String sliceName, String dpid) throws PermissionDeniedException, SliceNotFound, DPIDNotFound { String user = APIUserCred.getUserName(); if (!APIAuth.transitivelyCreated(user, sliceName) && !FVConfig.isSupervisor(user)) throw new PermissionDeniedException( "User " + user + " does not have perms to get the current flow mod value for slice " + sliceName); Long dp = FlowSpaceUtil.parseDPID(dpid); if (dp == FlowEntry.ALL_DPIDS) return getSliceLimits().getSliceFMLimit(sliceName); else return lookupClassifier(dp).getCurrentFlowModCounter(sliceName); }
@Override public Integer getMaximumFlowMods(String sliceName, String dpid) throws PermissionDeniedException { String user = APIUserCred.getUserName(); if (!APIAuth.transitivelyCreated(user, sliceName) && !FVConfig.isSupervisor(user)) throw new PermissionDeniedException( "User " + user + " does not have perms to get the flow mod limit for slice " + sliceName); Long dp = FlowSpaceUtil.parseDPID(dpid); try { if (dp == FlowEntry.ALL_DPIDS) return SliceImpl.getProxy().getMaxFlowMods(sliceName); else return SwitchImpl.getProxy().getMaxFlowMods(sliceName, dp); } catch (ConfigError e) { FVLog.log(LogLevel.DEBUG, null, "Unable to get flow mod limit; " + e.getMessage()); return null; } }
@Override public Boolean deleteSlice(String sliceName) throws SliceNotFound, PermissionDeniedException, ConfigError { String changerSlice = APIUserCred.getUserName(); if (!APIAuth.transitivelyCreated(changerSlice, sliceName)) { FVLog.log( LogLevel.WARN, null, "API deletSlice(" + sliceName + ") failed by: " + APIUserCred.getUserName()); throw new PermissionDeniedException( "Slice " + changerSlice + " does not have perms to change the passwd of " + sliceName); } synchronized (FVConfig.class) { FVLog.log( LogLevel.DEBUG, null, "API removeSlice(" + sliceName + ") by: " + APIUserCred.getUserName()); FlowMap flowSpace = FlowSpaceUtil.deleteFlowSpaceBySlice(sliceName); try { // this is also synchronized against FVConfig.class FVConfig.deleteSlice(sliceName); } catch (Exception e) { throw new SliceNotFound("slice does not exist: " + sliceName); } /* * We need to do this because of the linear flowmap, because * it wants the slicers and classifiers to update their * view of the flowspace. * Once linearflowmap is dropped, this should be dropped as * well. * * FIXME */ FlowSpaceImpl.getProxy().notifyChange(flowSpace); // FVConfig.sendUpdates(FVConfig.FLOWSPACE); // signal that FS has changed FlowVisor.getInstance().checkPointConfig(); } return true; }