From 790802e6dae30e9031d40af413ad2103b03924a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Tue, 15 Dec 2020 10:04:03 +0000 Subject: [PATCH] fix: osh.pl: plugin_config 'disabled' key is a boolean --- bin/shell/osh.pl | 2 +- lib/perl/OVH/Bastion/configuration.inc | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/bin/shell/osh.pl b/bin/shell/osh.pl index 57c89fe..582b54a 100755 --- a/bin/shell/osh.pl +++ b/bin/shell/osh.pl @@ -827,7 +827,7 @@ if ($osh_command) { my $isDisabled = OVH::Bastion::plugin_config(plugin => $osh_command, key => "disabled"); # plugin is enabled by default if not explicitly disabled - if ($isDisabled and $isDisabled->value() =~ /yes/) { + if ($isDisabled and $isDisabled->value()) { main_exit OVH::Bastion::EXIT_RESTRICTED_COMMAND, "plugin_disabled", "Sorry, this plugin has been disabled by policy."; } if ($isDisabled->is_err && $isDisabled->err ne 'KO_NO_SUCH_FILE') { diff --git a/lib/perl/OVH/Bastion/configuration.inc b/lib/perl/OVH/Bastion/configuration.inc index fb29050..c279a67 100644 --- a/lib/perl/OVH/Bastion/configuration.inc +++ b/lib/perl/OVH/Bastion/configuration.inc @@ -401,6 +401,15 @@ sub plugin_config { } } + # compat: we previously expected "yes" as a value for the 'disabled' option, instead of a boolean. + # To keep compatibility we still consider "yes" as a true value (as any non-empty string is), + # however we check that the user was not confused and didn't try to enable the plugin by using + # a string such as "no" or "false" instead of a real false boolean: + if (defined $config{'disabled'} && $config{'disabled'} =~ /no|false/) { + warn_syslog("Configuration error for plugin $plugin on the 'disabled' key: expected a boolean, casted '" . $config{'disabled'} . "' into false"); + $config{'disabled'} = 0; + } + $_plugin_config_cache{$plugin} = \%config; }