airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From machris...@apache.org
Subject [1/8] airavata git commit: AIRAVATA-2500 Disallow overwriting LDAP SSH key
Date Mon, 25 Sep 2017 21:10:41 GMT
Repository: airavata
Updated Branches:
  refs/heads/AIRAVATA-2500 2425187bb -> 50d7bb6a5


AIRAVATA-2500 Disallow overwriting LDAP SSH key


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/42059ecc
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/42059ecc
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/42059ecc

Branch: refs/heads/AIRAVATA-2500
Commit: 42059ecccc02eaf6493cda480a6edbaad0d09961
Parents: 2425187
Author: Marcus Christie <machristie@apache.org>
Authored: Wed Sep 20 16:29:26 2017 -0400
Committer: Marcus Christie <machristie@apache.org>
Committed: Wed Sep 20 16:29:26 2017 -0400

----------------------------------------------------------------------
 .../provisioner/IULdapSSHAccountProvisioner.java        | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/42059ecc/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java
----------------------------------------------------------------------
diff --git a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java
b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java
index 4f0ad07..69ed3f6 100644
--- a/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java
+++ b/modules/compute-account-provisioning/src/main/java/org/apache/airavata/accountprovisioning/provisioner/IULdapSSHAccountProvisioner.java
@@ -104,7 +104,17 @@ public class IULdapSSHAccountProvisioner implements SSHAccountProvisioner
 {
                     modifyRequest.addModification(new DefaultAttribute(SSH_PUBLIC_KEY_ATTRIBUTE_NAME,
sshPublicKey), ModificationOperation.ADD_ATTRIBUTE);
                 } else {
 
-                    modifyRequest.addModification(new DefaultAttribute(SSH_PUBLIC_KEY_ATTRIBUTE_NAME,
sshPublicKey), ModificationOperation.REPLACE_ATTRIBUTE);
+                    String oldSshPublicKey = entry.get(SSH_PUBLIC_KEY_ATTRIBUTE_NAME).getString();
+                    if (!oldSshPublicKey.equals(sshPublicKey)) {
+                        // Disallow overwriting the SSH key
+                        throw new RuntimeException("User [" + username + "] already has an
SSH public key in LDAP for ["
+                                + ldapBaseDN + "] and overwriting it isn't allowed.");
+                        // modifyRequest.addModification(new DefaultAttribute(SSH_PUBLIC_KEY_ATTRIBUTE_NAME,
+                        //        sshPublicKey), ModificationOperation.REPLACE_ATTRIBUTE);
+                    } else {
+                        // SSH key is already installed so just return
+                        return true;
+                    }
                 }
                 ModifyResponse modifyResponse = ldapConnection.modify(modifyRequest);
                 if (modifyResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS)
{


Mime
View raw message