mirror of
https://github.com/ovh/the-bastion.git
synced 2024-12-25 09:03:56 +08:00
chore: factorize user@host:port display in machine_display()
This commit is contained in:
parent
9e357333db
commit
58354cc305
8 changed files with 31 additions and 22 deletions
|
@ -81,9 +81,7 @@ if (not grep { $action eq $_ } qw{ add del }) {
|
|||
#<PARAMS:ACTION
|
||||
|
||||
#>CODE
|
||||
my $machine = $ip;
|
||||
$port and $machine .= ":$port";
|
||||
$user and $machine = $user . '@' . $machine;
|
||||
my $machine = OVH::Bastion::machine_display(ip => $ip, port => $port, user => $user)->value;
|
||||
|
||||
my $plugin = ($target eq 'self' ? 'self' : 'account') . 'AddPersonalAccess';
|
||||
|
||||
|
|
|
@ -86,9 +86,7 @@ $fnret = OVH::Bastion::Helper::acquire_lock($lock_fh);
|
|||
$fnret or HEXIT($fnret);
|
||||
|
||||
#>CODE
|
||||
my $machine = $ip;
|
||||
$port and $machine .= ":$port";
|
||||
$user and $machine = $user . '@' . $machine;
|
||||
my $machine = OVH::Bastion::machine_display(ip => $ip, port => $port, user => $user)->value;
|
||||
|
||||
# access_modify validates all its parameters, don't do it ourselves here for clarity
|
||||
$fnret = OVH::Bastion::access_modify(
|
||||
|
|
|
@ -1131,7 +1131,11 @@ $user = $user || $config->{'defaultLogin'} || $remoteself || $sysself;
|
|||
# log request
|
||||
osh_debug("final request : " . "$user\@$ip -p $port -- $command'\n");
|
||||
|
||||
my $displayLine = "$hostfrom:$portfrom => $self\@$bastionhost:$bastionport => $user\@$hostto:$port";
|
||||
my $displayLine = sprintf("%s => %s => %s",
|
||||
OVH::Bastion::machine_display(ip => $hostfrom, port => $portfrom)->value,
|
||||
OVH::Bastion::machine_display(ip => $bastionhost, port => $bastionport, user => $self)->value,
|
||||
OVH::Bastion::machine_display(ip => $hostto, port => $port, user => $user)->value,
|
||||
);
|
||||
|
||||
if (!$quiet) {
|
||||
osh_print("$displayLine ...");
|
||||
|
|
|
@ -750,6 +750,19 @@ sub is_valid_remote_user {
|
|||
return R('ERR_INVALID_PARAMETER', msg => "Specified user doesn't seem to be valid");
|
||||
}
|
||||
|
||||
sub machine_display {
|
||||
my %params = @_;
|
||||
my $ip = $params{'ip'};
|
||||
my $port = $params{'port'};
|
||||
my $user = $params{'user'};
|
||||
|
||||
my $machine = (index($ip, ':') >= 0 ? "[$ip]" : $ip);
|
||||
$machine .= ":$port" if $port;
|
||||
$machine = $user . '@' . $machine if $user;
|
||||
|
||||
return R('OK', value => $machine);
|
||||
}
|
||||
|
||||
sub touch_file {
|
||||
my $file = shift;
|
||||
my $perms = shift;
|
||||
|
|
|
@ -206,10 +206,12 @@ sub act {
|
|||
|
||||
# foreach guest access, delete
|
||||
foreach my $access (@acl) {
|
||||
my $machine = $access->{'ip'};
|
||||
$machine .= ':' . $access->{'port'} if defined $access->{'port'};
|
||||
$machine = $access->{'user'} . '@' . $machine if defined $access->{'user'};
|
||||
$fnret = OVH::Bastion::Plugin::groupSetRole::act(
|
||||
my $machine = OVH::Bastion::machine_display(
|
||||
ip => $access->{'ip'},
|
||||
port => $access->{'port'},
|
||||
user => $access->{'user'}
|
||||
)->value;
|
||||
$fnret = OVH::Bastion::Plugin::groupSetRole::act(
|
||||
account => $account,
|
||||
group => $shortGroup,
|
||||
action => 'del',
|
||||
|
@ -251,9 +253,7 @@ sub act {
|
|||
|
||||
# in that case, we need to handle the add/del of the guest access to $user@$host:$port
|
||||
# check if group has access to $user@$ip:$port
|
||||
my $machine = $host;
|
||||
$port and $machine .= ":$port";
|
||||
$user and $machine = $user . '@' . $machine;
|
||||
my $machine = OVH::Bastion::machine_display(ip => $host, port => $port, user => $user)->value;
|
||||
osh_debug(
|
||||
"groupSetRole::act, checking if group $group has access to $machine to $action $type access to $account");
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ sub has_protocol_access {
|
|||
return R('ERR_MISSING_PARAMETERS', msg => "Missing mandatory parameters for has_protocol_access");
|
||||
}
|
||||
|
||||
my $machine = "$user\@$ip:$port";
|
||||
my $machine = OVH::Bastion::machine_display(ip => $ip, port => $port, user => $user)->value;
|
||||
|
||||
my %keys;
|
||||
osh_debug("Checking access 1/2 of $account to $machine...");
|
||||
|
|
|
@ -918,9 +918,7 @@ sub is_access_granted {
|
|||
|
||||
return R('OK', value => \@grants) if @grants;
|
||||
|
||||
my $machine = $ip;
|
||||
$machine .= ":$port" if $port;
|
||||
$machine = $user . '@' . $machine if $user;
|
||||
my $machine = OVH::Bastion::machine_display(ip => $ip, port => $port, user => $user)->value;
|
||||
return R('KO_ACCESS_DENIED', msg => "Access denied for $account to $machine");
|
||||
}
|
||||
|
||||
|
|
|
@ -582,10 +582,8 @@ sub access_modify {
|
|||
}
|
||||
|
||||
# build the line we're either adding or looking for (to delete it)
|
||||
my $entry = $ip;
|
||||
$entry = $user . "@" . $entry if defined $user;
|
||||
$entry = $entry . ":" . $port if defined $port;
|
||||
my $machine = $entry;
|
||||
my $machine = OVH::Bastion::machine_display(ip => $ip, port => $port, user => $user)->value;
|
||||
my $entry = $machine;
|
||||
|
||||
my $t = localtime(time);
|
||||
my $fmt = "%Y-%m-%d %H:%M:%S";
|
||||
|
|
Loading…
Reference in a new issue