ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-09-04 12:04:11 +08:00
Code Issues Projects Releases Packages Wiki Activity

fix: groupCreate: deny groups starting with 'key'

Browse source 
Mitigates #178
This commit is contained in:
Stéphane Lesimple 2021-05-19 15:44:41 +00:00 committed by Stéphane Lesimple
parent f4c59ca96b
commit 344865884b
2 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
bin/plugin/restricted/groupCreate
View file

@ -83,6 +83,14 @@ if (!$group || !$owner) {
osh_exit 'ERR_MISSING_PARAMETER', "Group name or owner is missing";
}
# first, check that the name doesn't start with 'key' (see https://github.com/ovh/the-bastion/issues/178)
# as the is_valid_group() internally automatically guesses whether the input is from a user (in that case
# the $group is a bastion group name) or some other part of the code (in that case the $group might be
# the name of the OS group mapped to the bastion group name, hence starting with 'key')
if ($group =~ /^key/) {
osh_exit 'ERR_INVALID_PARAMETER', "The group name can't start with 'key' (reserved prefix)";
}
if ($algo && !$size && lc($algo) eq 'ed25519') {
$size = 256; # ed25519 size is always 256
}

6
tests/functional/tests.d/350-groups.sh
View file

@ -92,6 +92,12 @@ testsuite_groups()
contain "minimum configured key size"
json .command groupCreate .error_code KO_KEY_SIZE_TOO_SMALL .value null
plgfail groupCreate a0_fail_create_group_reserved_1 $a0 --osh groupCreate --group key --no-key --owner $account1
json .command groupCreate .error_code ERR_INVALID_PARAMETER
plgfail groupCreate a0_fail_create_group_reserved_2 $a0 --osh groupCreate --group keytothegate --no-key --owner $account1
json .command groupCreate .error_code ERR_INVALID_PARAMETER
success groupCreate a0_create_g1_with_a1_as_owner $a0 --osh groupCreate --group $group1 --algo rsa --size 4096 --owner $account1
contain "The public key of this group is"
json $(cat <<EOS