X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?p=controller.git;a=blobdiff_plain;f=opendaylight%2Fusermanager%2Fimplementation%2Fsrc%2Fmain%2Fjava%2Forg%2Fopendaylight%2Fcontroller%2Fusermanager%2Finternal%2FUserManager.java;h=670124a1fae45d4e75506888513529fd806861c9;hp=736568c74ca67911db80bf6ee7efc6c0073a2e3c;hb=9b319de4171b7ab8335ab5a57c93e800a744cefd;hpb=6c7e9eaeb39a47103deb9a150035a00f29267caf diff --git a/opendaylight/usermanager/implementation/src/main/java/org/opendaylight/controller/usermanager/internal/UserManager.java b/opendaylight/usermanager/implementation/src/main/java/org/opendaylight/controller/usermanager/internal/UserManager.java index 736568c74c..670124a1fa 100644 --- a/opendaylight/usermanager/implementation/src/main/java/org/opendaylight/controller/usermanager/internal/UserManager.java +++ b/opendaylight/usermanager/implementation/src/main/java/org/opendaylight/controller/usermanager/internal/UserManager.java @@ -8,6 +8,8 @@ package org.opendaylight.controller.usermanager.internal; +import java.io.File; +import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.ObjectInputStream; @@ -72,13 +74,14 @@ import org.springframework.security.web.context.SecurityContextRepository; public class UserManager implements IUserManager, IObjectReader, IConfigurationAware, CommandProvider, AuthenticationProvider { private static final Logger logger = LoggerFactory.getLogger(UserManager.class); - private static final String defaultAdmin = "admin"; - private static final String defaultAdminPassword = "admin"; - private static final String defaultAdminRole = UserLevel.NETWORKADMIN.toString(); + private static final String DEFAULT_ADMIN = "admin"; + private static final String DEFAULT_ADMIN_PASSWORD = "admin"; + private static final String DEFAULT_ADMIN_ROLE = UserLevel.NETWORKADMIN.toString(); private static final String ROOT = GlobalConstants.STARTUPHOME.toString(); - private static final String usersFileName = ROOT + "users.conf"; - private static final String serversFileName = ROOT + "servers.conf"; - private static final String authFileName = ROOT + "authorization.conf"; + private static final String USERS_FILE_NAME = ROOT + "users.conf"; + private static final String SERVERS_FILE_NAME = ROOT + "servers.conf"; + private static final String AUTH_FILE_NAME = ROOT + "authorization.conf"; + private static final String RECOVERY_FILE = ROOT + "NETWORK_ADMIN_PASSWORD_RECOVERY"; private ConcurrentMap localUserConfigList; private ConcurrentMap remoteServerConfigList; // local authorization info for remotely authenticated users @@ -90,6 +93,25 @@ public class UserManager implements IUserManager, IObjectReader, private IContainerAuthorization containerAuthorizationClient; private Set applicationAuthorizationClients; private ISessionManager sessionMgr = new SessionManager(); + protected enum Command { + ADD("add", "added"), + MODIFY("modify", "modified"), + REMOVE("remove", "removed"); + private String action; + private String postAction; + private Command(String action, String postAction) { + this.action = action; + this.postAction = postAction; + } + + public String getAction() { + return action; + } + + public String getPostAction() { + return postAction; + } + } public boolean addAAAProvider(IAAAProvider provider) { if (provider == null || provider.getName() == null @@ -201,12 +223,44 @@ public class UserManager implements IUserManager, IObjectReader, } private void checkDefaultNetworkAdmin() { - // If startup config is not there, it's old or it was deleted, - // need to add Default Network Admin User - if (!localUserConfigList.containsKey(defaultAdmin)) { + /* + * If startup config is not there, it's old or it was deleted or if a + * password recovery was run, need to add Default Network Admin User + */ + if (!localUserConfigList.containsKey(DEFAULT_ADMIN)) { List roles = new ArrayList(1); - roles.add(defaultAdminRole); - localUserConfigList.put(defaultAdmin, new UserConfig(defaultAdmin, defaultAdminPassword, roles)); + roles.add(DEFAULT_ADMIN_ROLE); + // Need to skip the strong password check for the default admin + UserConfig defaultAdmin = UserConfig.getUncheckedUserConfig(UserManager.DEFAULT_ADMIN, + UserManager.DEFAULT_ADMIN_PASSWORD, roles); + localUserConfigList.put(UserManager.DEFAULT_ADMIN, defaultAdmin); + } + } + + private void checkPasswordRecovery() { + final String fileDescription = "Default Network Administrator password recovery file"; + try { + FileInputStream fis = new FileInputStream(UserManager.RECOVERY_FILE); + /* + * Recovery file detected, remove current default network + * administrator entry from local users configuration list. + * Warn user and delete recovery file. + */ + this.localUserConfigList.remove(UserManager.DEFAULT_ADMIN); + logger.info("Default Network Administrator password has been reset to factory default."); + logger.info("Please change the default Network Administrator password as soon as possible"); + File filePointer = new File(UserManager.RECOVERY_FILE); + boolean status = filePointer.delete(); + if (!status) { + logger.warn("Failed to delete {}", fileDescription); + } else { + logger.trace("{} deleted", fileDescription); + } + fis.close(); + } catch (FileNotFoundException fnf) { + logger.trace("{} not present", fileDescription); + } catch (IOException e) { + logger.warn("Failed to close file stream for {}", fileDescription); } } @@ -363,7 +417,7 @@ public class UserManager implements IUserManager, IObjectReader, private Status saveLocalUserListInternal() { ObjectWriter objWriter = new ObjectWriter(); return objWriter.write(new ConcurrentHashMap( - localUserConfigList), usersFileName); + localUserConfigList), USERS_FILE_NAME); } @Override @@ -374,7 +428,7 @@ public class UserManager implements IUserManager, IObjectReader, private Status saveAAAServerListInternal() { ObjectWriter objWriter = new ObjectWriter(); return objWriter.write(new ConcurrentHashMap( - remoteServerConfigList), serversFileName); + remoteServerConfigList), SERVERS_FILE_NAME); } @Override @@ -386,7 +440,7 @@ public class UserManager implements IUserManager, IObjectReader, ObjectWriter objWriter = new ObjectWriter(); return objWriter.write( new ConcurrentHashMap( - authorizationConfList), authFileName); + authorizationConfList), AUTH_FILE_NAME); } @Override @@ -401,7 +455,7 @@ public class UserManager implements IUserManager, IObjectReader, private void loadUserConfig() { ObjectReader objReader = new ObjectReader(); ConcurrentMap confList = (ConcurrentMap) objReader - .read(this, usersFileName); + .read(this, USERS_FILE_NAME); if (confList == null) { return; @@ -416,7 +470,7 @@ public class UserManager implements IUserManager, IObjectReader, private void loadServerConfig() { ObjectReader objReader = new ObjectReader(); ConcurrentMap confList = (ConcurrentMap) objReader - .read(this, serversFileName); + .read(this, SERVERS_FILE_NAME); if (confList == null) { return; @@ -431,7 +485,7 @@ public class UserManager implements IUserManager, IObjectReader, private void loadAuthConfig() { ObjectReader objReader = new ObjectReader(); ConcurrentMap confList = (ConcurrentMap) objReader - .read(this, authFileName); + .read(this, AUTH_FILE_NAME); if (confList == null) { return; @@ -445,7 +499,7 @@ public class UserManager implements IUserManager, IObjectReader, /* * Interaction with GUI START */ - private Status addRemoveLocalUser(UserConfig AAAconf, boolean delete) { + private Status changeLocalUser(UserConfig AAAconf, Command command) { // UserConfig Validation check Status validCheck = AAAconf.validate(); if (!validCheck.isSuccess()) { @@ -455,29 +509,52 @@ public class UserManager implements IUserManager, IObjectReader, String user = AAAconf.getUser(); // Check default admin user - if (user.equals(UserManager.defaultAdmin)) { - String msg = "Invalid Request: Default Network Admin User cannot be " + ((delete)? "removed" : "added"); + if (user.equals(UserManager.DEFAULT_ADMIN)) { + String msg = String.format("Invalid Request: Default Network Admin User cannot be %s", command.getPostAction()); logger.debug(msg); return new Status(StatusCode.NOTALLOWED, msg); } // Check user presence/conflict + UserConfig currentAAAconf = localUserConfigList.get(user); StatusCode statusCode = null; String reason = null; - if (delete && !localUserConfigList.containsKey(user)) { - reason = "not found"; - statusCode = StatusCode.NOTFOUND; - } else if (!delete && localUserConfigList.containsKey(user)) { - reason = "already present"; - statusCode = StatusCode.CONFLICT; + switch (command) { + case ADD: + if (currentAAAconf != null) { + reason = "already present"; + statusCode = StatusCode.CONFLICT; + } + break; + case MODIFY: + case REMOVE: + if (currentAAAconf == null) { + reason = "not found"; + statusCode = StatusCode.NOTFOUND; + } + break; + default: + break; + } if (statusCode != null) { + String action = String.format("Failed to %s user %s: ", command.getAction(), user); String msg = String.format("User %s %s in configuration database", user, reason); - logger.debug(msg); + logger.debug(action + msg); return new Status(statusCode, msg); } - return addRemoveLocalUserInternal(AAAconf, delete); + switch (command) { + case ADD: + return addRemoveLocalUserInternal(AAAconf, false); + case MODIFY: + addRemoveLocalUserInternal(currentAAAconf, true); + return addRemoveLocalUserInternal(AAAconf, false); + case REMOVE: + return addRemoveLocalUserInternal(AAAconf, true); + default: + return new Status(StatusCode.INTERNALERROR, "Unknown action"); + } } private Status addRemoveLocalUserInternal(UserConfig AAAconf, boolean delete) { @@ -536,12 +613,17 @@ public class UserManager implements IUserManager, IObjectReader, @Override public Status addLocalUser(UserConfig AAAconf) { - return addRemoveLocalUser(AAAconf, false); + return changeLocalUser(AAAconf, Command.ADD); + } + + @Override + public Status modifyLocalUser(UserConfig AAAconf) { + return changeLocalUser(AAAconf, Command.MODIFY); } @Override public Status removeLocalUser(UserConfig AAAconf) { - return addRemoveLocalUser(AAAconf, true); + return changeLocalUser(AAAconf, Command.REMOVE); } @Override @@ -554,7 +636,7 @@ public class UserManager implements IUserManager, IObjectReader, return new Status(StatusCode.NOTFOUND, "User does not exist"); } - return addRemoveLocalUser(localUserConfigList.get(userName), true); + return changeLocalUser(localUserConfigList.get(userName), Command.REMOVE); } @Override @@ -791,12 +873,14 @@ public class UserManager implements IUserManager, IObjectReader, // Read startup configuration and populate databases loadConfigurations(); + // Check if a password recovery was triggered for default network admin user + checkPasswordRecovery(); + // Make sure default Network Admin account is there checkDefaultNetworkAdmin(); - BundleContext bundleContext = FrameworkUtil.getBundle(this.getClass()) - .getBundleContext(); - bundleContext.registerService(CommandProvider.class.getName(), this, - null); + + BundleContext bundleContext = FrameworkUtil.getBundle(this.getClass()).getBundleContext(); + bundleContext.registerService(CommandProvider.class.getName(), this, null); } /**