You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/09/26 19:09:58 UTC

[29/40] airavata git commit: AIRAVATA-2500 Disallow overwriting LDAP SSH key

AIRAVATA-2500 Disallow overwriting LDAP SSH key


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/42059ecc
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/42059ecc
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/42059ecc

Branch: refs/heads/develop
Commit: 42059ecccc02eaf6493cda480a6edbaad0d09961
Parents: 2425187
Author: Marcus Christie <ma...@apache.org>
Authored: Wed Sep 20 16:29:26 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Wed Sep 20 16:29:26 2017 -0400

----------------------------------------------------------------------
 .../provisioner/IULdapSSHAccountProvisioner.java        | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/42059ecc/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java
----------------------------------------------------------------------
diff --git a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java
index 4f0ad07..69ed3f6 100644
--- a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java
+++ b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java
@@ -104,7 +104,17 @@ public class IULdapSSHAccountProvisioner implements SSHAccountProvisioner  {
                     modifyRequest.addModification(new DefaultAttribute(SSH_PUBLIC_KEY_ATTRIBUTE_NAME, sshPublicKey), ModificationOperation.ADD_ATTRIBUTE);
                 } else {
 
-                    modifyRequest.addModification(new DefaultAttribute(SSH_PUBLIC_KEY_ATTRIBUTE_NAME, sshPublicKey), ModificationOperation.REPLACE_ATTRIBUTE);
+                    String oldSshPublicKey = entry.get(SSH_PUBLIC_KEY_ATTRIBUTE_NAME).getString();
+                    if (!oldSshPublicKey.equals(sshPublicKey)) {
+                        // Disallow overwriting the SSH key
+                        throw new RuntimeException("User [" + username + "] already has an SSH public key in LDAP for ["
+                                + ldapBaseDN + "] and overwriting it isn't allowed.");
+                        // modifyRequest.addModification(new DefaultAttribute(SSH_PUBLIC_KEY_ATTRIBUTE_NAME,
+                        //        sshPublicKey), ModificationOperation.REPLACE_ATTRIBUTE);
+                    } else {
+                        // SSH key is already installed so just return
+                        return true;
+                    }
                 }
                 ModifyResponse modifyResponse = ldapConnection.modify(modifyRequest);
                 if (modifyResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS) {