You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2020/07/01 23:54:28 UTC

[GitHub] [nifi] alopresto commented on a change in pull request #4377: NIFI-7568 - Fixing Kerberos mappings

alopresto commented on a change in pull request #4377:
URL: https://github.com/apache/nifi/pull/4377#discussion_r448674389



##########
File path: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/impl/StandardKeyService.java
##########
@@ -119,10 +119,18 @@ public void deleteKey(String identity) {
 
             // delete the keys
             DeleteKeysAction deleteKeys = new DeleteKeysAction(identity);
-            transaction.execute(deleteKeys);
-
-            // commit the transaction
-            transaction.commit();
+            Integer rowsDeleted = transaction.execute(deleteKeys);
+
+            // commit the transaction if we found one and only one matching user identity
+            if(rowsDeleted == 0) {
+                rollback(transaction);
+                throw new AdministrationException("Unable to find user identity " + identity + " to remove token.");
+            } else if(rowsDeleted > 1) {

Review comment:
       Is there a legitimate scenario where there should be multiple identical identities in the database? If someone can take advantage of the identity mappings and cause their identity to match someone else's, this could be an attack vector. 




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org