From 58354cc305a9cf13d3ee82e41155bae13c9429ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 18 Dec 2024 10:16:15 +0000 Subject: [PATCH] chore: factorize user@host:port display in machine_display() --- bin/helper/osh-accountModifyPersonalAccess | 4 +--- bin/helper/osh-groupAddServer | 4 +--- bin/shell/osh.pl | 6 +++++- lib/perl/OVH/Bastion.pm | 13 +++++++++++++ lib/perl/OVH/Bastion/Plugin/groupSetRole.pm | 14 +++++++------- lib/perl/OVH/Bastion/Plugin/otherProtocol.pm | 2 +- lib/perl/OVH/Bastion/allowdeny.inc | 4 +--- lib/perl/OVH/Bastion/allowkeeper.inc | 6 ++---- 8 files changed, 31 insertions(+), 22 deletions(-) diff --git a/bin/helper/osh-accountModifyPersonalAccess b/bin/helper/osh-accountModifyPersonalAccess index 9945b07..5ec2574 100755 --- a/bin/helper/osh-accountModifyPersonalAccess +++ b/bin/helper/osh-accountModifyPersonalAccess @@ -81,9 +81,7 @@ if (not grep { $action eq $_ } qw{ add del }) { #CODE -my $machine = $ip; -$port and $machine .= ":$port"; -$user and $machine = $user . '@' . $machine; +my $machine = OVH::Bastion::machine_display(ip => $ip, port => $port, user => $user)->value; my $plugin = ($target eq 'self' ? 'self' : 'account') . 'AddPersonalAccess'; diff --git a/bin/helper/osh-groupAddServer b/bin/helper/osh-groupAddServer index 5c25d4e..c8e0526 100755 --- a/bin/helper/osh-groupAddServer +++ b/bin/helper/osh-groupAddServer @@ -86,9 +86,7 @@ $fnret = OVH::Bastion::Helper::acquire_lock($lock_fh); $fnret or HEXIT($fnret); #>CODE -my $machine = $ip; -$port and $machine .= ":$port"; -$user and $machine = $user . '@' . $machine; +my $machine = OVH::Bastion::machine_display(ip => $ip, port => $port, user => $user)->value; # access_modify validates all its parameters, don't do it ourselves here for clarity $fnret = OVH::Bastion::access_modify( diff --git a/bin/shell/osh.pl b/bin/shell/osh.pl index 8e969ca..c35a1c2 100755 --- a/bin/shell/osh.pl +++ b/bin/shell/osh.pl @@ -1131,7 +1131,11 @@ $user = $user || $config->{'defaultLogin'} || $remoteself || $sysself; # log request osh_debug("final request : " . "$user\@$ip -p $port -- $command'\n"); -my $displayLine = "$hostfrom:$portfrom => $self\@$bastionhost:$bastionport => $user\@$hostto:$port"; +my $displayLine = sprintf("%s => %s => %s", + OVH::Bastion::machine_display(ip => $hostfrom, port => $portfrom)->value, + OVH::Bastion::machine_display(ip => $bastionhost, port => $bastionport, user => $self)->value, + OVH::Bastion::machine_display(ip => $hostto, port => $port, user => $user)->value, +); if (!$quiet) { osh_print("$displayLine ..."); diff --git a/lib/perl/OVH/Bastion.pm b/lib/perl/OVH/Bastion.pm index 1a0b495..c02f57e 100644 --- a/lib/perl/OVH/Bastion.pm +++ b/lib/perl/OVH/Bastion.pm @@ -750,6 +750,19 @@ sub is_valid_remote_user { return R('ERR_INVALID_PARAMETER', msg => "Specified user doesn't seem to be valid"); } +sub machine_display { + my %params = @_; + my $ip = $params{'ip'}; + my $port = $params{'port'}; + my $user = $params{'user'}; + + my $machine = (index($ip, ':') >= 0 ? "[$ip]" : $ip); + $machine .= ":$port" if $port; + $machine = $user . '@' . $machine if $user; + + return R('OK', value => $machine); +} + sub touch_file { my $file = shift; my $perms = shift; diff --git a/lib/perl/OVH/Bastion/Plugin/groupSetRole.pm b/lib/perl/OVH/Bastion/Plugin/groupSetRole.pm index 018733b..ecd2baa 100644 --- a/lib/perl/OVH/Bastion/Plugin/groupSetRole.pm +++ b/lib/perl/OVH/Bastion/Plugin/groupSetRole.pm @@ -206,10 +206,12 @@ sub act { # foreach guest access, delete foreach my $access (@acl) { - my $machine = $access->{'ip'}; - $machine .= ':' . $access->{'port'} if defined $access->{'port'}; - $machine = $access->{'user'} . '@' . $machine if defined $access->{'user'}; - $fnret = OVH::Bastion::Plugin::groupSetRole::act( + my $machine = OVH::Bastion::machine_display( + ip => $access->{'ip'}, + port => $access->{'port'}, + user => $access->{'user'} + )->value; + $fnret = OVH::Bastion::Plugin::groupSetRole::act( account => $account, group => $shortGroup, action => 'del', @@ -251,9 +253,7 @@ sub act { # in that case, we need to handle the add/del of the guest access to $user@$host:$port # check if group has access to $user@$ip:$port - my $machine = $host; - $port and $machine .= ":$port"; - $user and $machine = $user . '@' . $machine; + my $machine = OVH::Bastion::machine_display(ip => $host, port => $port, user => $user)->value; osh_debug( "groupSetRole::act, checking if group $group has access to $machine to $action $type access to $account"); diff --git a/lib/perl/OVH/Bastion/Plugin/otherProtocol.pm b/lib/perl/OVH/Bastion/Plugin/otherProtocol.pm index bd89237..206a452 100644 --- a/lib/perl/OVH/Bastion/Plugin/otherProtocol.pm +++ b/lib/perl/OVH/Bastion/Plugin/otherProtocol.pm @@ -27,7 +27,7 @@ sub has_protocol_access { return R('ERR_MISSING_PARAMETERS', msg => "Missing mandatory parameters for has_protocol_access"); } - my $machine = "$user\@$ip:$port"; + my $machine = OVH::Bastion::machine_display(ip => $ip, port => $port, user => $user)->value; my %keys; osh_debug("Checking access 1/2 of $account to $machine..."); diff --git a/lib/perl/OVH/Bastion/allowdeny.inc b/lib/perl/OVH/Bastion/allowdeny.inc index 8fc7f7a..70ab3cd 100644 --- a/lib/perl/OVH/Bastion/allowdeny.inc +++ b/lib/perl/OVH/Bastion/allowdeny.inc @@ -918,9 +918,7 @@ sub is_access_granted { return R('OK', value => \@grants) if @grants; - my $machine = $ip; - $machine .= ":$port" if $port; - $machine = $user . '@' . $machine if $user; + my $machine = OVH::Bastion::machine_display(ip => $ip, port => $port, user => $user)->value; return R('KO_ACCESS_DENIED', msg => "Access denied for $account to $machine"); } diff --git a/lib/perl/OVH/Bastion/allowkeeper.inc b/lib/perl/OVH/Bastion/allowkeeper.inc index 6833987..8a3281f 100644 --- a/lib/perl/OVH/Bastion/allowkeeper.inc +++ b/lib/perl/OVH/Bastion/allowkeeper.inc @@ -582,10 +582,8 @@ sub access_modify { } # build the line we're either adding or looking for (to delete it) - my $entry = $ip; - $entry = $user . "@" . $entry if defined $user; - $entry = $entry . ":" . $port if defined $port; - my $machine = $entry; + my $machine = OVH::Bastion::machine_display(ip => $ip, port => $port, user => $user)->value; + my $entry = $machine; my $t = localtime(time); my $fmt = "%Y-%m-%d %H:%M:%S";