Merge pull request #63 from Alkorin/allowGroupWithDot

fix: Allow dot in group name as it is allowed in account
2025-02-27 17:14:14 +08:00 · 2020-11-23 19:14:53 +01:00 · 2020-11-23 19:14:53 +01:00 · 81194268e2
commit 81194268e2
parent 5e78c08d67 ecbb24282a
2 changed files with 3 additions and 3 deletions
--- a/lib/perl/OVH/Bastion/allowkeeper.inc
+++ b/lib/perl/OVH/Bastion/allowkeeper.inc
@ -561,7 +561,7 @@ sub is_valid_group {
    elsif ($group =~ /^(key)?(private|root|user|self|legacy|osh)(-(gatekeeper|aclkeeper|owner))?$/) {
        return R('KO_FORBIDDEN_NAME', msg => 'Forbidden group name');
    }
-    elsif ($group =~ m/^([a-zA-Z0-9_-]+)$/) {
+    elsif ($group =~ m/^([a-zA-Z0-9._-]+)$/) {
        $group = $1;    # untainted
        if ($groupType eq 'key' and $group !~ m/^key/) {
            return R('KO_MISSING_PREFIX', msg => "The group $group should have a prefix (group type $groupType)");
@ -968,7 +968,7 @@ sub get_remote_accounts_from_realm {
    my %accounts;
    if (opendir(my $dh, "/home/allowkeeper/$sysaccount")) {
        while (my $filename = readdir($dh)) {
-            next if $filename !~ /allowed_([a-zA-Z0-9_-]+)\./;
+            next if $filename !~ /allowed_([a-zA-Z0-9._-]+)\.(ip|partial|private)/;
            $accounts{$1} = 1;
        }
        closedir($dh);
--- a/tests/functional/launch_tests_on_instance.sh
+++ b/tests/functional/launch_tests_on_instance.sh
@ -49,7 +49,7 @@ fi
 # those vars are also used in all our modules
 # shellcheck disable=SC2034
 {
-    account1="testu_Ser1-"
+    account1="testu_Ser.1-"
    account2="tesT-user2_"
    account3=teStuser3
    account4=TeStUsEr4