You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/09/26 19:09:58 UTC
[29/40] airavata git commit: AIRAVATA-2500 Disallow overwriting LDAP
SSH key
AIRAVATA-2500 Disallow overwriting LDAP SSH key
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/42059ecc
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/42059ecc
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/42059ecc
Branch: refs/heads/develop
Commit: 42059ecccc02eaf6493cda480a6edbaad0d09961
Parents: 2425187
Author: Marcus Christie <ma...@apache.org>
Authored: Wed Sep 20 16:29:26 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Wed Sep 20 16:29:26 2017 -0400
----------------------------------------------------------------------
.../provisioner/IULdapSSHAccountProvisioner.java | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/42059ecc/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java
----------------------------------------------------------------------
diff --git a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java
index 4f0ad07..69ed3f6 100644
--- a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java
+++ b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java
@@ -104,7 +104,17 @@ public class IULdapSSHAccountProvisioner implements SSHAccountProvisioner {
modifyRequest.addModification(new DefaultAttribute(SSH_PUBLIC_KEY_ATTRIBUTE_NAME, sshPublicKey), ModificationOperation.ADD_ATTRIBUTE);
} else {
- modifyRequest.addModification(new DefaultAttribute(SSH_PUBLIC_KEY_ATTRIBUTE_NAME, sshPublicKey), ModificationOperation.REPLACE_ATTRIBUTE);
+ String oldSshPublicKey = entry.get(SSH_PUBLIC_KEY_ATTRIBUTE_NAME).getString();
+ if (!oldSshPublicKey.equals(sshPublicKey)) {
+ // Disallow overwriting the SSH key
+ throw new RuntimeException("User [" + username + "] already has an SSH public key in LDAP for ["
+ + ldapBaseDN + "] and overwriting it isn't allowed.");
+ // modifyRequest.addModification(new DefaultAttribute(SSH_PUBLIC_KEY_ATTRIBUTE_NAME,
+ // sshPublicKey), ModificationOperation.REPLACE_ATTRIBUTE);
+ } else {
+ // SSH key is already installed so just return
+ return true;
+ }
}
ModifyResponse modifyResponse = ldapConnection.modify(modifyRequest);
if (modifyResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS) {