From 2495be9ecfa8aea47e285f63b5bb27b0c133b1f8 Mon Sep 17 00:00:00 2001
From: Andrew Branson <andrew.branson@cern.ch>
Date: Mon, 30 Jun 2014 23:03:03 +0200
Subject: Separated modifying Lookup methods into LookupManager, which is only
 present in a server process. This stops clients trying to write to the
 directory without relying on their permissions.

---
 .../instance/predefined/agent/CreateAgentFromDescription.java      | 4 ++--
 .../c2kernel/lifecycle/instance/predefined/agent/RemoveAgent.java  | 7 +++++--
 .../lifecycle/instance/predefined/agent/SetAgentPassword.java      | 5 ++++-
 3 files changed, 11 insertions(+), 5 deletions(-)

(limited to 'src/main/java/com/c2kernel/lifecycle/instance/predefined/agent')

diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/CreateAgentFromDescription.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/CreateAgentFromDescription.java
index 78ef5a9..f311dc1 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/CreateAgentFromDescription.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/CreateAgentFromDescription.java
@@ -68,7 +68,7 @@ public class CreateAgentFromDescription extends CreateItemFromDescription
             CorbaServer factory = Gateway.getCorbaServer();
             if (factory == null) throw new AccessRightsException("This process cannot create new Items", "");
             ActiveEntity newAgent = (ActiveEntity)factory.createEntity(newAgentPath);
-            Gateway.getLookup().add(newAgentPath);
+            Gateway.getLookupManager().add(newAgentPath);
 
 
             // initialise it with its properties and workflow
@@ -85,7 +85,7 @@ public class CreateAgentFromDescription extends CreateItemFromDescription
             // add its domain path
             Logger.msg(3, "CreateItemFromDescription - Creating "+context);
             context.setEntity(newAgentPath);
-            Gateway.getLookup().add(context);
+            Gateway.getLookupManager().add(context);
             return requestData;
         } catch (Exception e) {
             Logger.error(e);
diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/RemoveAgent.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/RemoveAgent.java
index 80281cc..0630f6c 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/RemoveAgent.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/RemoveAgent.java
@@ -1,5 +1,6 @@
 package com.c2kernel.lifecycle.instance.predefined.agent;
 
+import com.c2kernel.common.CannotManageException;
 import com.c2kernel.common.InvalidDataException;
 import com.c2kernel.common.ObjectCannotBeUpdated;
 import com.c2kernel.common.ObjectNotFoundException;
@@ -41,6 +42,8 @@ public class RemoveAgent extends PredefinedStep {
 			} catch (ObjectNotFoundException e) {
 				Logger.error(e);
 				throw new InvalidDataException("Tried to remove "+agentName+" from Role "+role.getName()+" that doesn't exist.", "");
+			} catch (CannotManageException e) {
+				throw new InvalidDataException("Tried to alter roles in a non-server process.", "");
 			}
 		}
 		
@@ -54,8 +57,8 @@ public class RemoveAgent extends PredefinedStep {
         
         //remove entity path
         try {
-			Gateway.getLookup().delete(targetAgent);
-		} catch (ObjectCannotBeUpdated e) {
+			Gateway.getLookupManager().delete(targetAgent);
+		} catch (Exception e) {
 			throw new InvalidDataException("Error deleting AgentPath for  "+agentName, "");
 		}
         return requestData;
diff --git a/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/SetAgentPassword.java b/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/SetAgentPassword.java
index 102e8e2..09fdefe 100644
--- a/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/SetAgentPassword.java
+++ b/src/main/java/com/c2kernel/lifecycle/instance/predefined/agent/SetAgentPassword.java
@@ -2,6 +2,7 @@ package com.c2kernel.lifecycle.instance.predefined.agent;
 
 import java.security.NoSuchAlgorithmException;
 
+import com.c2kernel.common.CannotManageException;
 import com.c2kernel.common.InvalidDataException;
 import com.c2kernel.common.ObjectCannotBeUpdated;
 import com.c2kernel.common.ObjectNotFoundException;
@@ -36,7 +37,7 @@ public class SetAgentPassword extends PredefinedStep {
 			throw new InvalidDataException("Requires 1 param: new password", "");
 		
 		try {
-			Gateway.getLookup().setAgentPassword(targetAgent, params[0]);
+			Gateway.getLookupManager().setAgentPassword(targetAgent, params[0]);
 		} catch (ObjectNotFoundException e) {
 			Logger.error(e);
             throw new InvalidDataException("Agent "+agentName+" not found.", "");
@@ -46,6 +47,8 @@ public class SetAgentPassword extends PredefinedStep {
 		} catch (NoSuchAlgorithmException e) {
 			Logger.error(e);
             throw new InvalidDataException("Cryptographic libraries for password hashing not found.", "");
+		} catch (CannotManageException e) {
+			throw new InvalidDataException("Cannot set agent password in a non-server process.", "");
 		}
 		
 		params[1] = "REDACTED"; // censor user's password from outcome
-- 
cgit v1.2.3