import org.opendaylight.controller.sal.authorization.AuthResultEnum;
import org.opendaylight.controller.sal.authorization.IResourceAuthorization;
import org.opendaylight.controller.sal.authorization.UserLevel;
-import org.opendaylight.controller.sal.utils.StatusCode;
import org.opendaylight.controller.sal.utils.GlobalConstants;
import org.opendaylight.controller.sal.utils.IObjectReader;
import org.opendaylight.controller.sal.utils.ObjectReader;
import org.opendaylight.controller.sal.utils.ObjectWriter;
import org.opendaylight.controller.sal.utils.Status;
+import org.opendaylight.controller.sal.utils.StatusCode;
import org.opendaylight.controller.usermanager.AuthResponse;
import org.opendaylight.controller.usermanager.AuthenticatedUser;
import org.opendaylight.controller.usermanager.AuthorizationConfig;
import org.opendaylight.controller.usermanager.UserConfig;
import org.opendaylight.controller.usermanager.security.SessionManager;
import org.opendaylight.controller.usermanager.security.UserSecurityContextRepository;
-
import org.osgi.framework.BundleContext;
import org.osgi.framework.FrameworkUtil;
import org.slf4j.Logger;
private IContainerAuthorization containerAuthorizationClient;
private Set<IResourceAuthorization> applicationAuthorizationClients;
private ISessionManager sessionMgr = new SessionManager();
+ protected enum Command {
+ ADD("add", "added"),
+ MODIFY("modify", "modified"),
+ REMOVE("remove", "removed");
+ private String action;
+ private String postAction;
+ private Command(String action, String postAction) {
+ this.action = action;
+ this.postAction = postAction;
+ }
+
+ public String getAction() {
+ return action;
+ }
+
+ public String getPostAction() {
+ return postAction;
+ }
+ }
public boolean addAAAProvider(IAAAProvider provider) {
if (provider == null || provider.getName() == null
private void loadConfigurations() {
// To encode and decode user and server configuration objects
loadSecurityKeys();
-
/*
- * Do not load local startup file if we already got the configurations
- * synced from another cluster node
+ * Do not load local startup file if we are not the coordinator
*/
- if (localUserConfigList.isEmpty()) {
+ if ((clusterGlobalService != null) && (clusterGlobalService.amICoordinator())) {
loadUserConfig();
- }
- if (remoteServerConfigList.isEmpty()) {
loadServerConfig();
- }
- if (authorizationConfList.isEmpty()) {
loadAuthConfig();
}
}
}
private void checkDefaultNetworkAdmin() {
- // If startup config is not there, it's old or it was deleted,
- // need to add Default Network Admin User
+ /*
+ * If startup config is not there, it's old or it was deleted or if a
+ * password recovery was run, need to add Default Network Admin User
+ */
if (!localUserConfigList.containsKey(DEFAULT_ADMIN)) {
List<String> roles = new ArrayList<String>(1);
roles.add(DEFAULT_ADMIN_ROLE);
- localUserConfigList.put(DEFAULT_ADMIN, new UserConfig(DEFAULT_ADMIN, DEFAULT_ADMIN_PASSWORD, roles));
+ // Need to skip the strong password check for the default admin
+ UserConfig defaultAdmin = UserConfig.getUncheckedUserConfig(UserManager.DEFAULT_ADMIN,
+ UserManager.DEFAULT_ADMIN_PASSWORD, roles);
+ localUserConfigList.put(UserManager.DEFAULT_ADMIN, defaultAdmin);
}
}
rcResponse = aaaClient.authService(userName, password,
aaaServer.getAddress(), aaaServer.getSecret());
if (rcResponse.getStatus() == AuthResultEnum.AUTH_ACCEPT) {
- logger.info(
+ logger.trace(
"Remote Authentication Succeeded for User: \"{}\", by Server: {}",
userName, aaaServer.getAddress());
remotelyAuthenticated = true;
break;
} else if (rcResponse.getStatus() == AuthResultEnum.AUTH_REJECT) {
- logger.info(
+ logger.trace(
"Remote Authentication Rejected User: \"{}\", from Server: {}, Reason:{}",
new Object[] { userName, aaaServer.getAddress(),
rcResponse.getStatus().toString() });
} else {
- logger.info(
+ logger.trace(
"Remote Authentication Failed for User: \"{}\", from Server: {}, Reason:{}",
new Object[] { userName, aaaServer.getAddress(),
rcResponse.getStatus().toString() });
/*
* Interaction with GUI START
*/
- private Status addRemoveLocalUser(UserConfig AAAconf, boolean delete) {
+ private Status changeLocalUser(UserConfig AAAconf, Command command) {
// UserConfig Validation check
Status validCheck = AAAconf.validate();
if (!validCheck.isSuccess()) {
// Check default admin user
if (user.equals(UserManager.DEFAULT_ADMIN)) {
- String msg = "Invalid Request: Default Network Admin User cannot be " + ((delete)? "removed" : "added");
+ String msg = String.format("Invalid Request: Default Network Admin User cannot be %s", command.getPostAction());
logger.debug(msg);
return new Status(StatusCode.NOTALLOWED, msg);
}
// Check user presence/conflict
+ UserConfig currentAAAconf = localUserConfigList.get(user);
StatusCode statusCode = null;
String reason = null;
- if (delete && !localUserConfigList.containsKey(user)) {
- reason = "not found";
- statusCode = StatusCode.NOTFOUND;
- } else if (!delete && localUserConfigList.containsKey(user)) {
- reason = "already present";
- statusCode = StatusCode.CONFLICT;
+ switch (command) {
+ case ADD:
+ if (currentAAAconf != null) {
+ reason = "already present";
+ statusCode = StatusCode.CONFLICT;
+ }
+ break;
+ case MODIFY:
+ case REMOVE:
+ if (currentAAAconf == null) {
+ reason = "not found";
+ statusCode = StatusCode.NOTFOUND;
+ }
+ break;
+ default:
+ break;
+
}
if (statusCode != null) {
+ String action = String.format("Failed to %s user %s: ", command.getAction(), user);
String msg = String.format("User %s %s in configuration database", user, reason);
- logger.debug(msg);
+ logger.debug(action + msg);
return new Status(statusCode, msg);
}
- return addRemoveLocalUserInternal(AAAconf, delete);
+ switch (command) {
+ case ADD:
+ return addRemoveLocalUserInternal(AAAconf, false);
+ case MODIFY:
+ addRemoveLocalUserInternal(currentAAAconf, true);
+ return addRemoveLocalUserInternal(AAAconf, false);
+ case REMOVE:
+ return addRemoveLocalUserInternal(AAAconf, true);
+ default:
+ return new Status(StatusCode.INTERNALERROR, "Unknown action");
+ }
}
private Status addRemoveLocalUserInternal(UserConfig AAAconf, boolean delete) {
@Override
public Status addLocalUser(UserConfig AAAconf) {
- return addRemoveLocalUser(AAAconf, false);
+ return changeLocalUser(AAAconf, Command.ADD);
+ }
+
+ @Override
+ public Status modifyLocalUser(UserConfig AAAconf) {
+ return changeLocalUser(AAAconf, Command.MODIFY);
}
@Override
public Status removeLocalUser(UserConfig AAAconf) {
- return addRemoveLocalUser(AAAconf, true);
+ return changeLocalUser(AAAconf, Command.REMOVE);
}
@Override
return new Status(StatusCode.NOTFOUND, "User does not exist");
}
- return addRemoveLocalUser(localUserConfigList.get(userName), true);
+ return changeLocalUser(localUserConfigList.get(userName), Command.REMOVE);
}
@Override
// Trigger cluster update
localUserConfigList.put(user, targetConfigEntry);
- logger.info("Password changed for User \"{}\"", user);
+ logger.trace("Password changed for User \"{}\"", user);
return status;
}
// TODO: if user was authenticated through AAA server, send
// Acct-Status-Type=stop message to server with logout as reason
removeUserFromActiveList(userName);
- logger.info("User \"{}\" logged out", userName);
+ logger.trace("User \"{}\" logged out", userName);
}
/*
// TODO: if user was authenticated through AAA server, send
// Acct-Status-Type=stop message to server with timeout as reason
removeUserFromActiveList(userName);
- logger.info("User \"{}\" timed out", userName);
+ logger.trace("User \"{}\" timed out", userName);
}
@Override
Code Review / controller.git / blobdiff