mirror of
https://github.com/ovh/the-bastion.git
synced 2025-09-04 12:04:11 +08:00
fix: Enable perl-tidy.sh test
* Move to ubuntu-20.04 runner * Remove check in dockers tests
This commit is contained in:
parent
d1ed88e296
commit
2a51a78b54
34 changed files with 95 additions and 103 deletions
4
.github/workflows/tests_basic.yml
vendored
4
.github/workflows/tests_basic.yml
vendored
|
@ -5,7 +5,7 @@ on: [push, pull_request]
|
|||
jobs:
|
||||
test:
|
||||
name: perlcritic, perltidy & shellcheck
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-20.04
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: install prerequisites
|
||||
|
@ -17,4 +17,4 @@ jobs:
|
|||
- name: perl critic
|
||||
run: bin/dev/perl-critic.sh
|
||||
- name: perl tidy
|
||||
run: bin/dev/perl-tidy.sh
|
||||
run: bin/dev/perl-tidy.sh test
|
||||
|
|
|
@ -269,7 +269,7 @@ sub check_file_rights {
|
|||
chomp @out;
|
||||
my $lineno = -1;
|
||||
$expectedOutput = [sort @$expectedOutput];
|
||||
@out = grep { /./ } sort @out;
|
||||
@out = grep { /./ } sort @out;
|
||||
foreach my $outLine (@out) {
|
||||
next if not $outLine;
|
||||
$lineno++;
|
||||
|
|
|
@ -91,7 +91,7 @@ if (not $d{ciphers} or not $d{kexalgorithms} or not $d{macs}) {
|
|||
}
|
||||
|
||||
my @myciphers = split /,/, $h{ciphers}[0];
|
||||
my %ciphers = (
|
||||
my %ciphers = (
|
||||
"3des-cbc" => 1,
|
||||
"blowfish-cbc" => 1,
|
||||
"cast128-cbc" => 1,
|
||||
|
@ -130,7 +130,7 @@ $list{'highon'} and ok "ciphers: found enabled high-grade ciphers " . join(',',
|
|||
$list{'highoff'} and wrn "ciphers: found disabled high-grade ciphers " . join(',', @{$list{'highoff'}});
|
||||
|
||||
my @mymacs = split /,/, $h{macs}[0];
|
||||
my %macs = (
|
||||
my %macs = (
|
||||
"hmac-sha1" => 1,
|
||||
"hmac-sha1-96" => 1,
|
||||
"hmac-sha2-256" => 2,
|
||||
|
@ -179,7 +179,7 @@ $list{'highon'} and ok "macs: found enabled high-grade MACs " . join(',', @{$lis
|
|||
$list{'highoff'} and wrn "macs: found disabled high-grade MACs " . join(',', @{$list{'highoff'}});
|
||||
|
||||
my @mykexs = split /,/, $h{kexalgorithms}[0];
|
||||
my %kexs = (
|
||||
my %kexs = (
|
||||
"diffie-hellman-group1-sha1" => 1,
|
||||
"diffie-hellman-group14-sha1" => 1,
|
||||
"diffie-hellman-group-exchange-sha1" => 1,
|
||||
|
@ -290,7 +290,7 @@ while (<$fh_myself>) {
|
|||
}
|
||||
close($fh_myself);
|
||||
my $decoded = decode_base64(join("\n", @xz));
|
||||
my $pid = open2(\*CHLD_OUT, \*CHLD_IN, 'unxz', '-c'); #TODO get rid of this call
|
||||
my $pid = open2(\*CHLD_OUT, \*CHLD_IN, 'unxz', '-c'); #TODO get rid of this call
|
||||
print CHLD_IN $decoded;
|
||||
close(CHLD_IN);
|
||||
my $rawlist;
|
||||
|
|
|
@ -95,7 +95,7 @@ sub test_config {
|
|||
my $gpgtest = GnuPG->new(trace => $config{'trace'});
|
||||
|
||||
# then, check we can encrypt to each of the recipients
|
||||
my $outfile = File::Temp->new(UNLINK => 1, TMPDIR => 1);
|
||||
my $outfile = File::Temp->new(UNLINK => 1, TMPDIR => 1);
|
||||
my $recipientparam = $isoldversion ? $recipient : [$recipient, $recipient];
|
||||
$gpgtest->encrypt(plaintext => $input . "", output => $outfile . "", recipient => $recipientparam);
|
||||
if (not -s $outfile) {
|
||||
|
@ -118,7 +118,7 @@ sub test_config {
|
|||
my $gpgtest = GnuPG->new(trace => $config{'trace'});
|
||||
|
||||
# then, encrypt to all the recipients, sign, and check the signature
|
||||
my $outfile = File::Temp->new(UNLINK => 1, TMPDIR => 1);
|
||||
my $outfile = File::Temp->new(UNLINK => 1, TMPDIR => 1);
|
||||
my $recipientparam = $isoldversion ? (keys %recipients_uniq)[0] : [keys %recipients_uniq];
|
||||
$gpgtest->encrypt(
|
||||
plaintext => $input . "",
|
||||
|
|
|
@ -52,7 +52,7 @@ foreach my $account (%{$fnret->value}) {
|
|||
|
||||
# we have PIV grace set for this account
|
||||
my $expiry = $fnret->value;
|
||||
my $human = OVH::Bastion::duration2human(seconds => ($expiry - time()))->value;
|
||||
my $human = OVH::Bastion::duration2human(seconds => ($expiry - time()))->value;
|
||||
_log "Account $account has PIV grace expiry set to $expiry (" . $human->{'human'} . ")";
|
||||
|
||||
# is PIV grace TTL expired?
|
||||
|
|
|
@ -88,7 +88,7 @@ $fnret->is_ok and HEXIT('KO_ALREADY_EXISTING', msg => "The group $account alread
|
|||
|
||||
if ($type eq 'realm') {
|
||||
$account = "realm_$account";
|
||||
$fnret = OVH::Bastion::is_account_valid(account => $account, accountType => "realm");
|
||||
$fnret = OVH::Bastion::is_account_valid(account => $account, accountType => "realm");
|
||||
$fnret or HEXIT($fnret);
|
||||
|
||||
$fnret = OVH::Bastion::is_account_existing(account => $account, accountType => "realm");
|
||||
|
@ -299,6 +299,7 @@ if (ref $config->{'accountCreateDefaultPersonalAccesses'} eq 'ARRAY' && $type eq
|
|||
push @command, '--action', 'add';
|
||||
push @command, '--account', $account;
|
||||
push @command, '--ip', $ip;
|
||||
|
||||
if ($user) {
|
||||
push @command, '--user', ($user eq 'ACCOUNT' ? $account : $user);
|
||||
}
|
||||
|
|
|
@ -39,7 +39,7 @@ eval {
|
|||
local $SIG{__WARN__} = sub { push @optwarns, shift };
|
||||
$result = GetOptions(
|
||||
"account=s" => sub { $account //= $_[1] },
|
||||
"modify=s" => \@modify,
|
||||
"modify=s" => \@modify,
|
||||
);
|
||||
};
|
||||
if ($@) { die $@ }
|
||||
|
|
|
@ -103,7 +103,7 @@ osh_debug("user -gatek or gatek");
|
|||
#>CODE
|
||||
my $msg;
|
||||
my $prefix = $remoteaccount ? "allowed_$remoteaccount" : "allowed";
|
||||
my $link = "/home/allowkeeper/$sysaccount/$prefix.ip.$shortGroup";
|
||||
my $link = "/home/allowkeeper/$sysaccount/$prefix.ip.$shortGroup";
|
||||
if ($action eq 'del') {
|
||||
osh_debug("Going to remove symlink");
|
||||
if (-l $link || -e _) {
|
||||
|
|
|
@ -121,7 +121,7 @@ $fnret->is_ok and HEXIT('KO_ALREADY_EXISTING', msg => "The account $group alread
|
|||
|
||||
#>PARAMS:ALGO/SIZE
|
||||
if (!$no_key) {
|
||||
$algo = lc($algo);
|
||||
$algo = lc($algo);
|
||||
$fnret = OVH::Bastion::is_allowed_algo_and_size(algo => $algo, size => $size, way => 'egress');
|
||||
$fnret or HEXIT($fnret);
|
||||
|
||||
|
|
|
@ -31,11 +31,11 @@ $fnret or osh_exit $fnret;
|
|||
my $result_hash = {};
|
||||
foreach my $name (sort keys %{$fnret->value}) {
|
||||
my @flags;
|
||||
push @flags, 'owner' if OVH::Bastion::is_group_owner(group => $name);
|
||||
push @flags, 'owner' if OVH::Bastion::is_group_owner(group => $name);
|
||||
push @flags, 'gatekeeper' if OVH::Bastion::is_group_gatekeeper(group => $name);
|
||||
push @flags, 'aclkeeper' if OVH::Bastion::is_group_aclkeeper(group => $name);
|
||||
push @flags, 'member' if OVH::Bastion::is_group_member(group => $name);
|
||||
push @flags, 'guest' if OVH::Bastion::is_group_guest(group => $name);
|
||||
push @flags, 'aclkeeper' if OVH::Bastion::is_group_aclkeeper(group => $name);
|
||||
push @flags, 'member' if OVH::Bastion::is_group_member(group => $name);
|
||||
push @flags, 'guest' if OVH::Bastion::is_group_guest(group => $name);
|
||||
if (@flags or $all) {
|
||||
push @flags, 'no-access' if not @flags;
|
||||
my $line = sprintf "%18s", $name;
|
||||
|
|
|
@ -48,7 +48,7 @@ if (not defined $pubKey) {
|
|||
$fnret = OVH::Bastion::get_supported_ssh_algorithms_list(way => 'ingress');
|
||||
$fnret or osh_exit $fnret;
|
||||
my @algoList = @{$fnret->value};
|
||||
my $algos = join(' ', @algoList);
|
||||
my $algos = join(' ', @algoList);
|
||||
osh_info "Please paste the SSH key you want to add. This bastion supports the following algorithms:\n";
|
||||
if (grep { 'ed25519' eq $_ } @algoList) {
|
||||
osh_info "ED25519: strongness[#####] speed[#####], use `ssh-keygen -t ed25519' to generate one";
|
||||
|
|
|
@ -48,7 +48,7 @@ my @validKeys;
|
|||
|
||||
foreach my $key (@{$fnret->value || []}) {
|
||||
OVH::Bastion::print_public_key(key => $key, id => $key->{'index'}, err => $key->{'err'});
|
||||
$allowedLines{$key->{'index'}} = 1;
|
||||
$allowedLines{$key->{'index'}} = 1;
|
||||
$allowedFingerprints{$key->{'fingerprint'}} = $key->{'index'} if (OVH::Bastion::is_valid_fingerprint(fingerprint => $key->{'fingerprint'}));
|
||||
push @validKeys, $key->{'index'} if $key->{'err'} eq 'OK';
|
||||
}
|
||||
|
|
|
@ -82,7 +82,7 @@ if (not $ok) {
|
|||
osh_exit 'ERR_INVALID_ALGORITHM', "Only the following list of algorithms is allowed: " . join(' ', @algoList);
|
||||
}
|
||||
|
||||
$size = 256 if (not $size and $algo eq 'ed25519');
|
||||
$size = 256 if (not $size and $algo eq 'ed25519');
|
||||
$fnret = OVH::Bastion::is_allowed_algo_and_size(algo => $algo, size => $size, way => 'egress');
|
||||
$fnret or osh_exit $fnret;
|
||||
|
||||
|
|
|
@ -63,13 +63,13 @@ else {
|
|||
$r->{params} = undef if ($r->{cmdtype} ne 'osh');
|
||||
$r->{returnvalue} = $r->{comment} if $r->{returnvalue} < 0;
|
||||
|
||||
osh_info sprintf "%8s: %s\n", "ID", $r->{uniqid};
|
||||
osh_info sprintf "%8s: %s\n", "Started", POSIX::strftime("%Y/%m/%d %H:%M:%S", localtime($r->{timestamp}));
|
||||
osh_info sprintf "%8s: %s\n", "Ended", $r->{timestampend} ? POSIX::strftime("%Y/%m/%d %H:%M:%S", localtime($r->{timestampend})) : 'n/a';
|
||||
osh_info sprintf "%8s: %s\n", "Duration", $delay;
|
||||
osh_info sprintf "%8s: %s\n", "Type", $r->{'cmdtype'} . ($r->{'plugin'} ? '-' . $r->{'plugin'} : '') . ($r->{allowed} ? '' : '/DENIED');
|
||||
osh_info sprintf "%8s: %s:%s (%s)\n", "From", $r->{'ipfrom'}, $r->{'portfrom'}, $r->{'hostfrom'};
|
||||
osh_info sprintf "%8s: %s@%s:%s\n", "Via", $r->{'account'}, $r->{'bastionip'}, $r->{'bastionport'};
|
||||
osh_info sprintf "%8s: %s\n", "ID", $r->{uniqid};
|
||||
osh_info sprintf "%8s: %s\n", "Started", POSIX::strftime("%Y/%m/%d %H:%M:%S", localtime($r->{timestamp}));
|
||||
osh_info sprintf "%8s: %s\n", "Ended", $r->{timestampend} ? POSIX::strftime("%Y/%m/%d %H:%M:%S", localtime($r->{timestampend})) : 'n/a';
|
||||
osh_info sprintf "%8s: %s\n", "Duration", $delay;
|
||||
osh_info sprintf "%8s: %s\n", "Type", $r->{'cmdtype'} . ($r->{'plugin'} ? '-' . $r->{'plugin'} : '') . ($r->{allowed} ? '' : '/DENIED');
|
||||
osh_info sprintf "%8s: %s:%s (%s)\n", "From", $r->{'ipfrom'}, $r->{'portfrom'}, $r->{'hostfrom'};
|
||||
osh_info sprintf "%8s: %s@%s:%s\n", "Via", $r->{'account'}, $r->{'bastionip'}, $r->{'bastionport'};
|
||||
if ($r->{user} || $r->{ipto} || $r->{portto} || $r->{hostto}) {
|
||||
osh_info sprintf "%8s: %s@%s:%s (%s)\n", "To", $r->{'user'}, $r->{'ipto'}, $r->{'portto'}, $r->{'hostto'};
|
||||
}
|
||||
|
|
|
@ -91,7 +91,7 @@ if (!$pubKey && !$noKey) {
|
|||
$fnret = OVH::Bastion::get_supported_ssh_algorithms_list(way => 'ingress');
|
||||
$fnret or osh_exit $fnret;
|
||||
my @algoList = @{$fnret->value};
|
||||
my $algos = join(' ', @algoList);
|
||||
my $algos = join(' ', @algoList);
|
||||
osh_info "Please paste the SSH key you want to add. This bastion supports the following algorithms:\n";
|
||||
if (grep { 'ed25519' eq $_ } @algoList) {
|
||||
osh_info "ED25519: strongness[#####] speed[#####], use `ssh-keygen -t ed25519' to generate one";
|
||||
|
|
|
@ -179,7 +179,7 @@ if (OVH::Bastion::is_auditor(account => $self)) {
|
|||
$fnret = OVH::Bastion::account_config(account => $account, public => 1, key => OVH::Bastion::OPT_ACCOUNT_INGRESS_PIV_GRACE);
|
||||
if ($fnret && $fnret->value > time()) {
|
||||
my $expiry = $fnret->value - time();
|
||||
my $human = OVH::Bastion::duration2human(seconds => $expiry)->value;
|
||||
my $human = OVH::Bastion::duration2human(seconds => $expiry)->value;
|
||||
osh_info "PIV grace period for this account is " . colored('set', 'green') . " and expires in " . $human->{'human'};
|
||||
$ret{'ingress_piv_grace'} = {
|
||||
enabled => 1,
|
||||
|
|
|
@ -101,7 +101,7 @@ my $shortGroup = $fnret->value->{'shortGroup'};
|
|||
|
||||
# check if algo is supported by system
|
||||
if ($algo) {
|
||||
$algo = lc($algo);
|
||||
$algo = lc($algo);
|
||||
$fnret = OVH::Bastion::is_allowed_algo_and_size(algo => $algo, size => $size, way => 'egress');
|
||||
$fnret or osh_exit $fnret;
|
||||
}
|
||||
|
|
|
@ -60,7 +60,7 @@ if (!$pubKey) {
|
|||
$fnret = OVH::Bastion::get_supported_ssh_algorithms_list(way => 'ingress');
|
||||
$fnret or osh_exit $fnret;
|
||||
my @algoList = @{$fnret->value};
|
||||
my $algos = join(' ', @algoList);
|
||||
my $algos = join(' ', @algoList);
|
||||
osh_info "Please paste the SSH key you want to add. This bastion supports the following algorithms:\n";
|
||||
if (grep { 'ed25519' eq $_ } @algoList) {
|
||||
osh_info "ED25519: strongness[#####] speed[#####], use `ssh-keygen -t ed25519' to generate one";
|
||||
|
|
|
@ -39,7 +39,7 @@ if (!$wantedRealm) {
|
|||
|
||||
my $pristineRealm = $wantedRealm;
|
||||
$wantedRealm = "realm_$wantedRealm";
|
||||
$fnret = OVH::Bastion::is_bastion_account_valid_and_existing(account => $wantedRealm, accountType => "realm");
|
||||
$fnret = OVH::Bastion::is_bastion_account_valid_and_existing(account => $wantedRealm, accountType => "realm");
|
||||
$fnret or osh_exit $fnret;
|
||||
$wantedRealm = $fnret->value->{'account'}; # untaint
|
||||
|
||||
|
|
|
@ -82,7 +82,7 @@ OVH::Bastion::ProxyHTTP->new()->run(
|
|||
timeout_idle => 3600,
|
||||
proxy_config => {
|
||||
insecure => $config->{'insecure'} ? 1 : 0,
|
||||
timeout => $config->{'timeout'}, # our worker will wait for up to this amount of time for the egress connection to complete
|
||||
timeout => $config->{'timeout'}, # our worker will wait for up to this amount of time for the egress connection to complete
|
||||
},
|
||||
) or die "Proxy launch failed!";
|
||||
|
||||
|
|
|
@ -287,13 +287,13 @@ $req->header('Accept-Encoding' => scalar HTTP::Message::decodable());
|
|||
$req->header('Authorization', 'Basic ' . encode_base64($user . ':' . $device_password, ''));
|
||||
undef $device_password; # no longer needed
|
||||
|
||||
$req->header('X-Bastion-Auth-Mode', $authmode);
|
||||
$req->header('X-Bastion-Ingress-Client-IP', $ENV{'REMOTE_ADDR'});
|
||||
$req->header('X-Bastion-Ingress-Client-Port', $ENV{'REMOTE_PORT'});
|
||||
$req->header('X-Bastion-Auth-Mode', $authmode);
|
||||
$req->header('X-Bastion-Ingress-Client-IP', $ENV{'REMOTE_ADDR'});
|
||||
$req->header('X-Bastion-Ingress-Client-Port', $ENV{'REMOTE_PORT'});
|
||||
$req->header('X-Bastion-Ingress-Client-User-Agent', $ENV{'HTTP_USER_AGENT'});
|
||||
$req->header('X-Bastion-Ingress-Account', $account);
|
||||
$req->header('X-Bastion-UniqID', $uniqid);
|
||||
$req->header('X-Bastion-Instance', Sys::Hostname::hostname());
|
||||
$req->header('X-Bastion-Ingress-Account', $account);
|
||||
$req->header('X-Bastion-UniqID', $uniqid);
|
||||
$req->header('X-Bastion-Instance', Sys::Hostname::hostname());
|
||||
|
||||
my $start_time = [Time::HiRes::gettimeofday()];
|
||||
|
||||
|
@ -392,11 +392,11 @@ my @now = Time::HiRes::gettimeofday();
|
|||
my @t = localtime($now[0]);
|
||||
|
||||
my $headers_as_string = $res ? join("", $res->{'_headers'}->as_string("\n")) : '';
|
||||
my $logfile = sprintf("%s/%s.txt", $finaldir, POSIX::strftime("%F", @t));
|
||||
my $logline = sprintf(
|
||||
"--- BASTION_REQUEST UNIQID=%s TIMESTAMP=%d.%06d DATE=%s ---\n%s\n".
|
||||
"--- DEVICE_ANSWER UNIQID=%s TIMESTAMP=%d.%06d DATE=%s ---\n%s\n".
|
||||
"--- END UNIQID=%s TIMESTAMP=%d.%06d DATE=%s ---\n\n",
|
||||
my $logfile = sprintf("%s/%s.txt", $finaldir, POSIX::strftime("%F", @t));
|
||||
my $logline = sprintf(
|
||||
"--- BASTION_REQUEST UNIQID=%s TIMESTAMP=%d.%06d DATE=%s ---\n%s\n"
|
||||
. "--- DEVICE_ANSWER UNIQID=%s TIMESTAMP=%d.%06d DATE=%s ---\n%s\n"
|
||||
. "--- END UNIQID=%s TIMESTAMP=%d.%06d DATE=%s ---\n\n",
|
||||
$uniqid, $now[0], $now[1], POSIX::strftime("%Y/%m/%d.%H:%M:%S", @t), $req->as_string(),
|
||||
$uniqid, $now[0], $now[1], POSIX::strftime("%Y/%m/%d.%H:%M:%S", @t),
|
||||
($res ? sprintf("%s %s\n%s\n%s", $res->protocol, $res->status_line, $headers_as_string, $res->decoded_content) : '(DEVICE TIMEOUT)'),
|
||||
|
@ -422,7 +422,7 @@ if ($res) {
|
|||
}
|
||||
}
|
||||
push @headers, ["X-Bastion-Local-Status" => ($res ? "200 OK" : "504 Device Timeout")];
|
||||
push @headers, ["X-Bastion-Remote-Status" => $res->code] if $res;
|
||||
push @headers, ["X-Bastion-Remote-Status" => $res->code] if $res;
|
||||
push @headers, ["X-Bastion-Remote-Server" => $res->header('server')] if ($res && $res->header('server'));
|
||||
push @headers, ["X-Bastion-Egress-Timing" => sprintf("%d", $delay * 1_000_000)];
|
||||
push @headers, ["X-Bastion-Downgraded" => 1] if $downgraded;
|
||||
|
|
|
@ -111,7 +111,7 @@ my $osh_debug = $config->{'debug'};
|
|||
# and the real remote account name (which doesn't have an account here because it's from another realm)
|
||||
# is passed through LC_BASTION
|
||||
if ($self =~ /^realm_([a-zA-Z0-9_.-]+)/) {
|
||||
$self = sprintf("%s/%s", $1, $ENV{'LC_BASTION'});
|
||||
$self = sprintf("%s/%s", $1, $ENV{'LC_BASTION'});
|
||||
$fnret = OVH::Bastion::is_bastion_account_valid_and_existing(account => $self, realmOnly => 1);
|
||||
$fnret or main_exit(OVH::Bastion::EXIT_ACCOUNT_INVALID, "account_invalid", "The realm-scoped account '$self' is invalid (" . $fnret->msg . ")");
|
||||
}
|
||||
|
@ -203,7 +203,7 @@ my $lastlog_filepath = $fnret->value->{'filepath'};
|
|||
my $lastlogmsg = sprintf("Welcome to $bastionName, $self, this is your first connection");
|
||||
if ($fnret && $fnret->value && $fnret->value->{'seconds'}) {
|
||||
my $lastloginfo = $fnret->value->{'info'} ? " from " . $fnret->value->{'info'} : "";
|
||||
$fnret = OVH::Bastion::duration2human(seconds => $fnret->value->{'seconds'}, tense => "past");
|
||||
$fnret = OVH::Bastion::duration2human(seconds => $fnret->value->{'seconds'}, tense => "past");
|
||||
$lastlogmsg = sprintf("Welcome to $bastionName, $self, your last login was %s ago (%s)%s", $fnret->value->{'duration'}, $fnret->value->{'date'}, $lastloginfo);
|
||||
}
|
||||
|
||||
|
@ -644,6 +644,7 @@ my $isMfaPasswordRequired = OVH::Bastion::is_user_in_group(account => $sysself
|
|||
my $hasMfaPasswordBypass = OVH::Bastion::is_user_in_group(account => $sysself, group => OVH::Bastion::MFA_PASSWORD_BYPASS_GROUP);
|
||||
my $isMfaTOTPRequired = OVH::Bastion::is_user_in_group(account => $sysself, group => OVH::Bastion::MFA_TOTP_REQUIRED_GROUP);
|
||||
my $hasMfaTOTPBypass = OVH::Bastion::is_user_in_group(account => $sysself, group => OVH::Bastion::MFA_TOTP_BYPASS_GROUP);
|
||||
|
||||
if ($mfaPolicy ne 'disabled' && !grep { $osh_command eq $_ } qw{ selfMFASetupPassword selfMFASetupTOTP help info }) {
|
||||
|
||||
if (($mfaPolicy eq 'password-required' && !$hasMfaPasswordBypass) || $isMfaPasswordRequired) {
|
||||
|
|
|
@ -178,7 +178,7 @@ sub is_account_nonexpired {
|
|||
my $isFirstLogin;
|
||||
my $lastlog;
|
||||
my $filepath = "/home/$sysaccount/lastlog" . ($remoteaccount ? "_$remoteaccount" : "");
|
||||
my $value = {filepath => $filepath};
|
||||
my $value = {filepath => $filepath};
|
||||
if (-e $filepath) {
|
||||
$isFirstLogin = 0;
|
||||
$lastlog = (stat(_))[9];
|
||||
|
@ -230,7 +230,7 @@ sub is_account_nonexpired {
|
|||
if ($accountMaxInactiveDays == 0) {
|
||||
|
||||
# no expiration configured, allow login and return some info
|
||||
return R('OK_FIRST_LOGIN', value => $value) if $isFirstLogin;
|
||||
return R('OK_FIRST_LOGIN', value => $value) if $isFirstLogin;
|
||||
return R('OK_EXPIRATION_NOT_CONFIGURED', value => $value);
|
||||
}
|
||||
else {
|
||||
|
@ -360,8 +360,8 @@ sub osh_header {
|
|||
my $versionline = 'the-bastion-' . $VERSION;
|
||||
my $output = '';
|
||||
$output .= colored('---' . $hostname . '-' x (80 - length($hostname) - length($versionline) - 6) . "$versionline---" . "\n", 'bold blue');
|
||||
$output .= colored("=> $text\n", "blue");
|
||||
$output .= colored('-' x 80 . "\n", 'blue');
|
||||
$output .= colored("=> $text\n", "blue");
|
||||
$output .= colored('-' x 80 . "\n", 'blue');
|
||||
|
||||
print $output unless ($ENV{'PLUGIN_QUIET'});
|
||||
return;
|
||||
|
@ -857,10 +857,10 @@ sub build_ttyrec_cmdline {
|
|||
my $bastionName = OVH::Bastion::config('bastionName')->value;
|
||||
my $ttyrecFilenameFormat = OVH::Bastion::config('ttyrecFilenameFormat')->value;
|
||||
$ttyrecFilenameFormat =~ s/&bastionname/$bastionName/g;
|
||||
$ttyrecFilenameFormat =~ s/&uniqid/$params{'uniqid'}/g if $params{'uniqid'};
|
||||
$ttyrecFilenameFormat =~ s/&ip/$params{'ip'}/g if $params{'ip'};
|
||||
$ttyrecFilenameFormat =~ s/&port/$params{'port'}/g if $params{'port'};
|
||||
$ttyrecFilenameFormat =~ s/&user/$params{'user'}/g if $params{'user'};
|
||||
$ttyrecFilenameFormat =~ s/&uniqid/$params{'uniqid'}/g if $params{'uniqid'};
|
||||
$ttyrecFilenameFormat =~ s/&ip/$params{'ip'}/g if $params{'ip'};
|
||||
$ttyrecFilenameFormat =~ s/&port/$params{'port'}/g if $params{'port'};
|
||||
$ttyrecFilenameFormat =~ s/&user/$params{'user'}/g if $params{'user'};
|
||||
$ttyrecFilenameFormat =~ s/&account/$params{'account'}/g if $params{'account'};
|
||||
|
||||
if ($ttyrecFilenameFormat =~ /&(bastionname|uniqid|ip|port|user|account)/) {
|
||||
|
|
|
@ -95,7 +95,7 @@ sub preconditions {
|
|||
my $neededright = 'unknown';
|
||||
if (grep { $type eq $_ } qw{ owner gatekeeper aclkeeper }) {
|
||||
$neededright = "owner";
|
||||
$fnret = OVH::Bastion::is_group_owner(account => $self, group => $shortGroup, superowner => 1, sudo => $sudo);
|
||||
$fnret = OVH::Bastion::is_group_owner(account => $self, group => $shortGroup, superowner => 1, sudo => $sudo);
|
||||
if (!$fnret) {
|
||||
osh_debug("user $self not an owner of $shortGroup");
|
||||
return R('ERR_NOT_GROUP_OWNER', msg => "Sorry, you're not an owner of group $shortGroup, which is needed to change its $type list");
|
||||
|
@ -108,7 +108,7 @@ sub preconditions {
|
|||
}
|
||||
elsif (grep { $type eq $_ } qw{ member guest }) {
|
||||
$neededright = "gatekeeper";
|
||||
$fnret = OVH::Bastion::is_group_gatekeeper(account => $self, group => $shortGroup, superowner => 1, sudo => $sudo);
|
||||
$fnret = OVH::Bastion::is_group_gatekeeper(account => $self, group => $shortGroup, superowner => 1, sudo => $sudo);
|
||||
if (!$fnret) {
|
||||
osh_debug("user $self not a gk of $shortGroup");
|
||||
return R('ERR_NOT_GROUP_GATEKEEPER', msg => "Sorry, you're not a gatekeeper of group $shortGroup, which is needed to change its $type list");
|
||||
|
@ -171,6 +171,7 @@ sub act {
|
|||
push @command, '--action', $action;
|
||||
$fnret = OVH::Bastion::helper(cmd => \@command);
|
||||
$fnret or return $fnret;
|
||||
|
||||
if ($fnret->err eq 'OK_NO_CHANGE') {
|
||||
|
||||
# make the error msg user friendly
|
||||
|
|
|
@ -117,7 +117,7 @@ sub log_and_exit {
|
|||
my $basedir = "/home/proxyhttp/ttyrec";
|
||||
-d $basedir || mkdir $basedir;
|
||||
|
||||
my $srcip = 'src_' . ($ENV{'REMOTE_ADDR'} || '0.0.0.0');
|
||||
my $srcip = 'src_' . ($ENV{'REMOTE_ADDR'} || '0.0.0.0');
|
||||
my $finaldir = "$basedir/$srcip";
|
||||
-d $finaldir || mkdir $finaldir;
|
||||
|
||||
|
@ -174,7 +174,7 @@ sub configure_hook { ## no critic (RequireFinalReturn)
|
|||
$self->{'server'}{'log_function'} = sub {
|
||||
my ($level, $msg) = @_;
|
||||
warn_syslog("osh-http-proxy-daemon: level $level: $msg");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# overrides parent func
|
||||
|
@ -301,7 +301,7 @@ sub process_http_request {
|
|||
}
|
||||
my ($account, $user_expression, $remotemachine, $remoteport) = ($1, $2, $3, $5); ## no critic (ProhibitCaptureWithoutTest)
|
||||
undef $loginpart; # no longer needed
|
||||
$remoteport = 443 if not defined $remoteport;
|
||||
$remoteport = 443 if not defined $remoteport;
|
||||
$self->{'_log'}{'hostto'} = $remotemachine;
|
||||
$self->{'_log'}{'portto'} = $remoteport;
|
||||
|
||||
|
@ -399,7 +399,8 @@ sub process_http_request {
|
|||
push @cmd, "--group", $group if $group;
|
||||
push @cmd, "--timeout", $timeout if $timeout;
|
||||
push @cmd, "--allow-downgrade" if $allow_downgrade;
|
||||
push @cmd, "--insecure" if ($self->{'proxy_config'}{'insecure'} && !$enforce_secure);
|
||||
push @cmd, "--insecure" if ($self->{'proxy_config'}{'insecure'} && !$enforce_secure);
|
||||
|
||||
foreach my $key (qw{ accept content-type connection }) {
|
||||
push @cmd, "--header", $key . ':' . $req_headers->{$key} if (defined $req_headers->{$key});
|
||||
}
|
||||
|
|
|
@ -506,7 +506,7 @@ sub print_acls {
|
|||
my $addedDate = $entry->{'addedDate'} || '(unknown)';
|
||||
$addedDate = substr($addedDate, 0, 10);
|
||||
my $forceKey = $entry->{'forceKey'} || '-';
|
||||
my $expiry = $entry->{'expiry'} ? (duration2human(seconds => ($entry->{'expiry'} - time()))->value->{'human'}) : '-';
|
||||
my $expiry = $entry->{'expiry'} ? (duration2human(seconds => ($entry->{'expiry'} - time()))->value->{'human'}) : '-';
|
||||
|
||||
# type => member ('full'), guest ('partial'), personal or legacy
|
||||
my $ipReverse = OVH::Bastion::ip2host($entry->{'ip'})->value if $reverse;
|
||||
|
@ -726,11 +726,11 @@ sub is_access_granted {
|
|||
undef $fnret;
|
||||
my $mfaFnret;
|
||||
if ($access->{'type'} =~ /^group/ and $access->{'group'}) {
|
||||
$fnret = OVH::Bastion::get_group_keys(group => $access->{'group'}, listOnly => $listOnly, noexec => $noexec, forceKey => $access->{'forceKey'});
|
||||
$fnret = OVH::Bastion::get_group_keys(group => $access->{'group'}, listOnly => $listOnly, noexec => $noexec, forceKey => $access->{'forceKey'});
|
||||
$mfaFnret = OVH::Bastion::group_config(key => "mfa_required", group => $access->{'group'});
|
||||
}
|
||||
elsif ($access->{'type'} =~ /^personal/) {
|
||||
$fnret = OVH::Bastion::get_personal_account_keys(account => $sysaccount, listOnly => $listOnly, noexec => $noexec, forceKey => $access->{'forceKey'});
|
||||
$fnret = OVH::Bastion::get_personal_account_keys(account => $sysaccount, listOnly => $listOnly, noexec => $noexec, forceKey => $access->{'forceKey'});
|
||||
$mfaFnret = OVH::Bastion::account_config(key => "personal_egress_mfa_required", account => $sysaccount);
|
||||
}
|
||||
else {
|
||||
|
|
|
@ -95,8 +95,8 @@ sub get_next_available_uid {
|
|||
last if not scalar(getpwuid($next));
|
||||
$next--;
|
||||
}
|
||||
return R('OK', value => $next) if not scalar(getpwuid($next));
|
||||
return R('ERR_UID_COLLISION', msg => "No available UID in the allowed range");
|
||||
return R('OK', value => $next) if not scalar(getpwuid($next));
|
||||
return R('ERR_UID_COLLISION', msg => "No available UID in the allowed range");
|
||||
}
|
||||
|
||||
sub is_bastion_account_valid_and_existing {
|
||||
|
|
|
@ -175,17 +175,17 @@ sub load_configuration {
|
|||
|
||||
$C->{'interactiveModeTimeout'} = 15
|
||||
if (not defined $C->{'interactiveModeTimeout'} or $C->{'interactiveModeTimeout'} !~ /^\d+$/);
|
||||
$C->{'syslogFacility'} = 'local7' if (not defined $C->{'syslogFacility'} or $C->{'syslogFacility'} !~ /^\S+$/);
|
||||
$C->{'syslogFacility'} = 'local7' if (not defined $C->{'syslogFacility'} or $C->{'syslogFacility'} !~ /^\S+$/);
|
||||
$C->{'syslogDescription'} = 'bastion' if (not defined $C->{'syslogDescription'} or $C->{'syslogDescription'} !~ /^\S+$/);
|
||||
|
||||
$C->{'moshTimeoutNetwork'} = 86400 if (not defined $C->{'moshTimeoutNetwork'} or $C->{'moshTimeoutNetwork'} !~ /^\d+$/);
|
||||
$C->{'moshTimeoutSignal'} = 30 if (not defined $C->{'moshTimeoutSignal'} or $C->{'moshTimeoutSignal'} !~ /^\d+$/);
|
||||
$C->{'moshTimeoutSignal'} = 30 if (not defined $C->{'moshTimeoutSignal'} or $C->{'moshTimeoutSignal'} !~ /^\d+$/);
|
||||
$C->{'moshCommandLine'} = "" if (not defined $C->{'moshCommandLine'});
|
||||
|
||||
$C->{'ttyrecFilenameFormat'} = '%Y-%m-%d.%H-%M-%S.#usec#.&uniqid.ttyrec' if (not $C->{'ttyrecFilenameFormat'});
|
||||
|
||||
$C->{'idleLockTimeout'} = 0 if (not defined $C->{'idleLockTimeout'} or $C->{'idleLockTimeout'} !~ /^\d+$/);
|
||||
$C->{'idleKillTimeout'} = 0 if (not defined $C->{'idleKillTimeout'} or $C->{'idleKillTimeout'} !~ /^\d+$/);
|
||||
$C->{'idleLockTimeout'} = 0 if (not defined $C->{'idleLockTimeout'} or $C->{'idleLockTimeout'} !~ /^\d+$/);
|
||||
$C->{'idleKillTimeout'} = 0 if (not defined $C->{'idleKillTimeout'} or $C->{'idleKillTimeout'} !~ /^\d+$/);
|
||||
$C->{'warnBeforeLockSeconds'} = 0 if (not defined $C->{'warnBeforeLockSeconds'} or $C->{'warnBeforeLockSeconds'} !~ /^\d+$/);
|
||||
$C->{'warnBeforeKillSeconds'} = 0 if (not defined $C->{'warnBeforeKillSeconds'} or $C->{'warnBeforeKillSeconds'} !~ /^\d+$/);
|
||||
|
||||
|
@ -193,9 +193,9 @@ sub load_configuration {
|
|||
$C->{'accountMFAPolicy'} = 'enabled';
|
||||
}
|
||||
$C->{'MFAPasswordInactiveDays'} = -1 if (!defined $C->{'MFAPasswordInactiveDays'} || $C->{'MFAPasswordInactiveDays'} !~ /^-\d+$/);
|
||||
$C->{'MFAPasswordMinDays'} = 0 if (!defined $C->{'MFAPasswordMinDays'} || $C->{'MFAPasswordMinDays'} !~ /^-?\d+$/);
|
||||
$C->{'MFAPasswordMaxDays'} = 90 if (!defined $C->{'MFAPasswordMaxDays'} || $C->{'MFAPasswordMaxDays'} !~ /^-?\d+$/);
|
||||
$C->{'MFAPasswordWarnDays'} = 15 if (!defined $C->{'MFAPasswordWarnDays'} || $C->{'MFAPasswordWarnDays'} !~ /^-?\d+$/);
|
||||
$C->{'MFAPasswordMinDays'} = 0 if (!defined $C->{'MFAPasswordMinDays'} || $C->{'MFAPasswordMinDays'} !~ /^-?\d+$/);
|
||||
$C->{'MFAPasswordMaxDays'} = 90 if (!defined $C->{'MFAPasswordMaxDays'} || $C->{'MFAPasswordMaxDays'} !~ /^-?\d+$/);
|
||||
$C->{'MFAPasswordWarnDays'} = 15 if (!defined $C->{'MFAPasswordWarnDays'} || $C->{'MFAPasswordWarnDays'} !~ /^-?\d+$/);
|
||||
|
||||
# if kill timeout is lower than lock timeout, just unset lock timeout
|
||||
$C->{'idleLockTimeout'} = 0 if ($C->{'idleKillTimeout'} <= $C->{'idleLockTimeout'});
|
||||
|
@ -239,7 +239,7 @@ sub load_configuration {
|
|||
}
|
||||
$C->{'adminAccounts'} = [
|
||||
grep { OVH::Bastion::is_bastion_account_valid_and_existing(account => $_) }
|
||||
map { s/[^a-zA-Z0-9_-]//g; $_ } @{$C->{'adminAccounts'}}
|
||||
map { s/[^a-zA-Z0-9_-]//g; $_ } @{$C->{'adminAccounts'}}
|
||||
];
|
||||
|
||||
$C->{'documentationURL'} ||= "https://ovh.github.io/the-bastion/";
|
||||
|
@ -302,7 +302,7 @@ sub account_config {
|
|||
if (!-d $rootdir) {
|
||||
return R('ERR_DIRECTORY_NOT_FOUND', msg => "Home directory of $account ($rootdir) doesn't exist");
|
||||
}
|
||||
my $prefix = $remoteaccount ? "config_$remoteaccount" : "config";
|
||||
my $prefix = $remoteaccount ? "config_$remoteaccount" : "config";
|
||||
my $filename = "$rootdir/$prefix.$key";
|
||||
|
||||
if ($delete) {
|
||||
|
@ -480,7 +480,7 @@ sub json_load {
|
|||
my %params = @_;
|
||||
|
||||
# Check params
|
||||
my $file = $params{'file'};
|
||||
my $file = $params{'file'};
|
||||
my $keywords = $params{'keywords'} || [];
|
||||
|
||||
if (!$file) {
|
||||
|
|
|
@ -182,7 +182,7 @@ EOM
|
|||
while (defined(my $line = $term->readline($prompt))) {
|
||||
alarm(0); # disable timeout
|
||||
$line =~ s/^\s+|\s+$//g;
|
||||
next if (length($line) == 0); # ignore empty lines
|
||||
next if (length($line) == 0); # ignore empty lines
|
||||
last if ($line eq 'exit' or $line eq 'quit' or $line eq 'q'); # break out of loop if asked
|
||||
|
||||
$term->addhistory($line);
|
||||
|
|
|
@ -358,7 +358,7 @@ sub log_access_insert {
|
|||
$params{'timestamp'} = $timestamp;
|
||||
$params{'timestampusec'} = $timestampusec;
|
||||
|
||||
my @localtime = localtime(time());
|
||||
my @localtime = localtime(time());
|
||||
my $sqlfile_global = sprintf("/home/logkeeper/global-log-%04d.sqlite", $localtime[5] + 1900);
|
||||
my $sqlfile_account =
|
||||
sprintf("/home/%s/%s-log-%04d%02d.sqlite", $params{'loghome'}, $remoteaccount || $loghome, $localtime[5] + 1900, $localtime[4] + 1);
|
||||
|
|
|
@ -233,9 +233,9 @@ sub sys_addmembertogroup {
|
|||
}
|
||||
|
||||
if (is_openbsd() || is_netbsd()) {
|
||||
my $fnret = OVH::Bastion::execute(cmd => ["groups", $user], must_succeed => 1);
|
||||
my $fnret = OVH::Bastion::execute(cmd => ["groups", $user], must_succeed => 1);
|
||||
my @stdout = @{$fnret->value->{'stdout'} || []};
|
||||
my @cur = split(/ /, $stdout[0]);
|
||||
my @cur = split(/ /, $stdout[0]);
|
||||
return R('ERR_SYSTEM_LIMIT_REACHED') if @cur >= 16;
|
||||
}
|
||||
|
||||
|
@ -351,7 +351,7 @@ sub sys_changepassword {
|
|||
$stdin_str = "$user:$password";
|
||||
}
|
||||
elsif (is_freebsd()) {
|
||||
@cmd = ('pw', 'usermod', $user, '-h', '0');
|
||||
@cmd = ('pw', 'usermod', $user, '-h', '0');
|
||||
$stdin_str = $password;
|
||||
}
|
||||
elsif (is_openbsd() || is_netbsd()) {
|
||||
|
@ -391,7 +391,7 @@ sub sys_neutralizepassword {
|
|||
my $stdin_str;
|
||||
|
||||
if (is_linux()) {
|
||||
@cmd = ('chpasswd', '-e');
|
||||
@cmd = ('chpasswd', '-e');
|
||||
$stdin_str = "$user:*";
|
||||
}
|
||||
elsif (is_freebsd()) {
|
||||
|
@ -492,7 +492,7 @@ sub sys_getpasswordinfo {
|
|||
}
|
||||
require POSIX;
|
||||
$ret{'date_changed_timestamp'} = 86400 * delete($ret{'epoch_changed_days'}) + 0;
|
||||
$ret{'date_changed'} = $ret{'date_changed_timestamp'} ? POSIX::strftime("%Y-%m-%d", localtime($ret{'date_changed_timestamp'})) : undef;
|
||||
$ret{'date_changed'} = $ret{'date_changed_timestamp'} ? POSIX::strftime("%Y-%m-%d", localtime($ret{'date_changed_timestamp'})) : undef;
|
||||
$ret{'min_days'} += 0;
|
||||
$ret{'max_days'} += 0;
|
||||
$ret{'max_days'} = -1 if $ret{'max_days'} >= 9999;
|
||||
|
@ -500,7 +500,7 @@ sub sys_getpasswordinfo {
|
|||
$ret{'inactive_days'} = -1 if $ret{'inactive_days'} eq '';
|
||||
$ret{'inactive_days'} += 0;
|
||||
$ret{'date_disabled_timestamp'} = 86400 * delete($ret{'epoch_disabled_days'}) + 0;
|
||||
$ret{'date_disabled'} = $ret{'date_disabled_timestamp'} ? POSIX::strftime("%Y-%m-%d", localtime($ret{'date_disabled_timestamp'})) : undef;
|
||||
$ret{'date_disabled'} = $ret{'date_disabled_timestamp'} ? POSIX::strftime("%Y-%m-%d", localtime($ret{'date_disabled_timestamp'})) : undef;
|
||||
return R('OK', value => \%ret);
|
||||
}
|
||||
|
||||
|
@ -553,7 +553,7 @@ sub sys_setfacl {
|
|||
}
|
||||
|
||||
# apply the default ACL
|
||||
@cmd = ('setfacl', '-d', '-m', join(',', @perms), $target);
|
||||
@cmd = ('setfacl', '-d', '-m', join(',', @perms), $target);
|
||||
$fnret = OVH::Bastion::execute(cmd => \@cmd, must_succeed => 1, noisy_stderr => 1);
|
||||
$fnret or return R('ERR_SETFACL_FAILED_FREEBSD', msg => "Couldn't set the prerequisite default ACL");
|
||||
}
|
||||
|
|
|
@ -16,7 +16,7 @@ sub _get_key_from_password {
|
|||
my $salt = 'JPYWrLpoXcXFA46m9DUI5z02SqUd2baG';
|
||||
my $iterations = 10_000;
|
||||
|
||||
my $hash = hmac_sha256($salt . pack('N', 0), $password);
|
||||
my $hash = hmac_sha256($salt . pack('N', 0), $password);
|
||||
my $result = $hash;
|
||||
|
||||
for my $iter (2 .. $iterations) {
|
||||
|
|
|
@ -91,7 +91,7 @@ sub get_authorized_keys_from_file {
|
|||
$key->{'info'} = $info if $info;
|
||||
if ($pivAttestationCertificate && $pivKeyCertificate) {
|
||||
$fnret = OVH::Bastion::verify_piv(key => $key->{'line'}, attestationCertificate => $pivAttestationCertificate, keyCertificate => $pivKeyCertificate);
|
||||
$key->{'isPiv'} = ($fnret ? 1 : 0);
|
||||
$key->{'isPiv'} = ($fnret ? 1 : 0);
|
||||
$key->{'pivInfo'} = $fnret->value if $fnret;
|
||||
}
|
||||
if ($includePivDisabled && $pivDisabled) {
|
||||
|
@ -226,7 +226,7 @@ sub get_ssh_pub_key_info {
|
|||
|
||||
# put that in a tempfile for ssh-keygen inspection
|
||||
if (not $noexec) {
|
||||
my $fh = File::Temp->new(UNLINK => 1);
|
||||
my $fh = File::Temp->new(UNLINK => 1);
|
||||
my $filename = $fh->filename;
|
||||
print {$fh} $typecode . " " . $base64;
|
||||
close($fh);
|
||||
|
@ -388,7 +388,7 @@ sub get_from_for_user_key {
|
|||
# if we have a $key, modify it accordingly
|
||||
if ($key) {
|
||||
$key->{'prefix'} = $from;
|
||||
$key->{'line'} = ($from ? $from . " " : "") . $key->{'typecode'} . " " . $key->{'base64'};
|
||||
$key->{'line'} = ($from ? $from . " " : "") . $key->{'typecode'} . " " . $key->{'base64'};
|
||||
$key->{'line'} .= " " . $key->{'comment'} if $key->{'comment'};
|
||||
$key->{'fromList'} = \@ipListVerified;
|
||||
}
|
||||
|
@ -460,7 +460,7 @@ sub generate_ssh_key {
|
|||
$fnret->err eq 'OK' or return R('ERR_SSH_KEYGEN_FAILED', msg => "Error while generating group key (" . $fnret->msg . ")");
|
||||
|
||||
my %files = (
|
||||
$sshKeyName => ($group_readable ? 0440 : 0400),
|
||||
$sshKeyName => ($group_readable ? 0440 : 0400),
|
||||
$sshKeyName . '.pub' => 0444,
|
||||
);
|
||||
while (my ($file, $chmod) = each(%files)) {
|
||||
|
|
|
@ -7,18 +7,6 @@ basedir=$(readlink -f "$(dirname "$0")"/../../..)
|
|||
# shellcheck source=lib/shell/colors.inc
|
||||
. "$basedir"/lib/shell/colors.inc
|
||||
|
||||
|
||||
if [ "$TEST_QUICK" = 0 ]; then
|
||||
printf '%b>>> %b <<<%b\n' "$BOLD_CYAN" "SHELL CHECK" "$NOC"
|
||||
"$(dirname "$0")"/../../../bin/dev/shell-check.sh || exit 254
|
||||
|
||||
printf '%b>>> %b <<<%b\n' "$BOLD_CYAN" "PERL CRITIC" "$NOC"
|
||||
"$(dirname "$0")"/../../../bin/dev/perl-critic.sh || exit 254
|
||||
|
||||
printf '%b>>> %b <<<%b\n' "$BOLD_CYAN" "PERL TIDY" "$NOC"
|
||||
"$(dirname "$0")"/../../../bin/dev/perl-tidy.sh test || exit 254
|
||||
fi
|
||||
|
||||
printf '%b>>> %b <<<%b\n' "$BOLD_CYAN" "SETTING UP KEYS" "$NOC"
|
||||
base64 -d <<< "$USER_PRIVKEY_B64" > /root/user.privkey
|
||||
chmod 400 /root/user.privkey
|
||||
|
|
Loading…
Add table
Reference in a new issue