ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2024-09-20 06:55:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: invalid suffixed account creation

Browse source
This commit is contained in:
Cédric Roussel 2023-01-30 14:49:38 +01:00 committed by Stéphane Lesimple
parent 036f921c40
commit 4d56c32853
3 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CONTRIBUTORS
View file

@ -12,4 +12,5 @@
# Please keep the list sorted.
#
Adrien Barreau <adrien.barreau@ovhcloud.com>
Cédric Roussel <cedric.roussel@ovhcloud.com>
Stéphane Lesimple <stephane.lesimple@ovhcloud.com>

2
lib/perl/OVH/Bastion/allowkeeper.inc
View file

@ -191,7 +191,7 @@ sub is_account_valid {
elsif ($account =~ m/^[-.]/) {
return R('KO_FORBIDDEN_PREFIX', msg => "$whatis name must not start with a '-' nor a '.'");
}
elsif ($account =~ m/-tty$/i) {
elsif ($account =~ m/-(?:tty|aclkeeper|gatekeeper|owner)$/i) {
return R('KO_FORBIDDEN_SUFFIX', msg => "$whatis name contains an unauthorized suffix");
}
elsif ($account =~ m/^key/i && $accountType ne 'group') {

5
tests/unit/run.pl
View file

@ -161,6 +161,11 @@ ok(OVH::Bastion::is_account_valid(account => "azerty")->is_ok, "is_account_valid
is(OVH::Bastion::is_account_valid(account => "in valid")->err, "KO_FORBIDDEN_CHARS", "is_account_valid('in valid')");
for my $suffix (qw{ tty aclkeeper gatekeeper owner }) {
is(OVH::Bastion::is_account_valid(account => "account-$suffix")->err,
"KO_FORBIDDEN_SUFFIX", "is_account_valid('account-$suffix')");
}
is(OVH::Bastion::is_account_valid(account => "root")->err, "KO_FORBIDDEN_NAME", "is_account_valid('root')");
ok(OVH::Bastion::is_bastion_account_valid_and_existing(account => "me")->is_ok,