Fix OpenPGP key update

On openpgp update we can't set the objectClass again, ldap gives an
error. Let's only set it when we configure the first key.
master
meskio 7 months ago
parent 109afb27b8
commit 0fccacdd77
Signed by: meskio
GPG Key ID: 52B8F5AC97A2DA86
  1. 33
      ldap/openpgp.go
  2. 44
      ldap/openpgp_test.go

@ -1,6 +1,7 @@
package ldap
import (
"errors"
"strings"
"time"
@ -24,7 +25,14 @@ func (l Ldap) changeOpenPGPkey(dn string, fingerprint string, expiry time.Time,
defer conn.Close()
modifyRequest := ldap.NewModifyRequest(dn, nil)
modifyRequest.Add("objectClass", []string{"openPGP"})
_, err = l.getOpenPGPKey(dn, conn)
if err != nil {
if errors.Is(err, ErrNotFound) {
modifyRequest.Add("objectClass", []string{"openPGP"})
} else {
return err
}
}
modifyRequest.Replace("openPGPId", []string{fingerprint})
modifyRequest.Replace("openPGPExpiry", []string{expiry.Format(dateFormat)})
modifyRequest.Replace("openPGPKey", []string{string(key)})
@ -54,6 +62,29 @@ func (l Ldap) DeleteOpenPGPkey(dn string) error {
return conn.Modify(modifyRequest)
}
func (l Ldap) getOpenPGPKey(dn string, conn *ldap.Conn) (*OpenPGPkey, error) {
searchRequest := ldap.NewSearchRequest(
dn,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
"((objectClass=openPGP))",
openPGPAttributes,
nil,
)
sr, err := conn.Search(searchRequest)
if err != nil {
return nil, err
}
switch len(sr.Entries) {
case 1:
entry := sr.Entries[0]
return openPGPkey(entry), nil
case 0:
return nil, ErrNotFound
default:
return nil, errors.New("More than one user found!!!")
}
}
func openPGPkey(entry *ldap.Entry) *OpenPGPkey {
openPGPexpiry, _ := time.Parse(dateFormat, entry.GetAttributeValue("openPGPExpiry"))
key := OpenPGPkey{

@ -6,11 +6,16 @@ import (
"time"
)
func TestOpenPGPuser(t *testing.T) {
key := []byte("openpgpkey")
fingerprint := "AABBCCDDEEFF1122334455"
wkdHash := "hashhash"
const (
fingerprint = "AABBCCDDEEFF1122334455"
wkdHash = "hashhash"
)
var (
key = []byte("openpgpkey")
)
func TestOpenPGPuser(t *testing.T) {
l := testLdap(t)
u, err := l.GetUser(user)
if err != nil {
@ -61,10 +66,6 @@ func TestOpenPGPuser(t *testing.T) {
}
func TestOpenPGPgroup(t *testing.T) {
key := []byte("openpgpkey")
fingerprint := "AABBCCDDEEFF1122334455"
wkdHash := "hashhash"
l := testLdap(t)
g, err := l.GetGroup(group)
if err != nil {
@ -113,3 +114,30 @@ func TestOpenPGPgroup(t *testing.T) {
t.Errorf("user already has a key")
}
}
func TestUpdateOpenPGP(t *testing.T) {
l := testLdap(t)
u, err := l.GetUser(user)
if err != nil {
t.Errorf("GetUser() failed: %v", err)
}
if u.OpenPGPkey != nil {
t.Errorf("user already has a key")
}
dn := l.userDN(user)
err = l.changeOpenPGPkey(dn, fingerprint, time.Time{}, key, wkdHash, "")
if err != nil {
t.Errorf("ChangeOpenPGPkey() failed: %v", err)
}
err = l.changeOpenPGPkey(dn, fingerprint, time.Time{}, key, wkdHash, "")
if err != nil {
t.Errorf("ChangeOpenPGPkey() failed: %v", err)
}
err = l.DeleteOpenPGPkey(dn)
if err != nil {
t.Errorf("DeleteOpenPGPkey() failed: %v", err)
}
}

Loading…
Cancel
Save