From d4cc727f74a127e354ba29fcd3f3f07988f6a763 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Tue, 30 Nov 2021 11:20:28 +0000 Subject: [PATCH] chore: factorize helpers header --- bin/helper/osh-accountAddGroupServer | 18 +---------- bin/helper/osh-accountCreate | 18 +---------- bin/helper/osh-accountDelete | 18 +---------- bin/helper/osh-accountGeneratePassword | 18 +---------- bin/helper/osh-accountGetPasswordInfo | 18 +---------- bin/helper/osh-accountListEgressKeys | 18 +---------- bin/helper/osh-accountListIngressKeys | 18 +---------- bin/helper/osh-accountListPasswords | 18 +---------- bin/helper/osh-accountMFAResetPassword | 18 +---------- bin/helper/osh-accountMFAResetTOTP | 18 +---------- bin/helper/osh-accountModify | 18 +---------- bin/helper/osh-accountModifyCommand | 18 +---------- bin/helper/osh-accountModifyPersonalAccess | 18 +---------- bin/helper/osh-accountPIV | 18 +---------- bin/helper/osh-accountUnexpire | 18 +---------- bin/helper/osh-adminMaintenance | 18 +---------- bin/helper/osh-groupAddServer | 18 +---------- bin/helper/osh-groupAddSymlinkToAccount | 18 +---------- bin/helper/osh-groupCreate | 18 +---------- bin/helper/osh-groupDelEgressKey | 18 +---------- bin/helper/osh-groupDelete | 18 +---------- bin/helper/osh-groupGenerateEgressKey | 18 +---------- bin/helper/osh-groupGeneratePassword | 18 +---------- bin/helper/osh-groupModify | 18 +---------- bin/helper/osh-groupSetRole | 18 +---------- bin/helper/osh-selfMFASetupPassword | 18 +---------- bin/helper/osh-selfMFASetupTOTP | 18 +---------- lib/perl/OVH/Bastion/Helper.pm | 35 ++++++++++++++++++++++ tests/functional/tests.d/330-selfkeys.sh | 2 +- 29 files changed, 63 insertions(+), 460 deletions(-) create mode 100644 lib/perl/OVH/Bastion/Helper.pm diff --git a/bin/helper/osh-accountAddGroupServer b/bin/helper/osh-accountAddGroupServer index 5b89b5f..2c26a32 100755 --- a/bin/helper/osh-accountAddGroupServer +++ b/bin/helper/osh-accountAddGroupServer @@ -12,23 +12,7 @@ use Getopt::Long; use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my $fnret; diff --git a/bin/helper/osh-accountCreate b/bin/helper/osh-accountCreate index 78f3797..74c6204 100755 --- a/bin/helper/osh-accountCreate +++ b/bin/helper/osh-accountCreate @@ -15,23 +15,7 @@ use POSIX (); use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my $fnret; diff --git a/bin/helper/osh-accountDelete b/bin/helper/osh-accountDelete index 075cca2..34fca24 100755 --- a/bin/helper/osh-accountDelete +++ b/bin/helper/osh-accountDelete @@ -15,23 +15,7 @@ use File::Copy qw(move); use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my $fnret; diff --git a/bin/helper/osh-accountGeneratePassword b/bin/helper/osh-accountGeneratePassword index 510ae33..2e9bdca 100755 --- a/bin/helper/osh-accountGeneratePassword +++ b/bin/helper/osh-accountGeneratePassword @@ -13,24 +13,8 @@ use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Result; use OVH::Bastion; +use OVH::Bastion::Helper; use OVH::Bastion::Plugin::generatePassword; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} # Fetch command options my ($result, @optwarns); diff --git a/bin/helper/osh-accountGetPasswordInfo b/bin/helper/osh-accountGetPasswordInfo index 518fc48..03bda9b 100755 --- a/bin/helper/osh-accountGetPasswordInfo +++ b/bin/helper/osh-accountGetPasswordInfo @@ -13,23 +13,7 @@ use Sys::Hostname (); use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my $fnret; diff --git a/bin/helper/osh-accountListEgressKeys b/bin/helper/osh-accountListEgressKeys index 4584541..ac5c3e4 100755 --- a/bin/helper/osh-accountListEgressKeys +++ b/bin/helper/osh-accountListEgressKeys @@ -12,23 +12,7 @@ use Getopt::Long; use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my $fnret; diff --git a/bin/helper/osh-accountListIngressKeys b/bin/helper/osh-accountListIngressKeys index ed238d9..575492f 100755 --- a/bin/helper/osh-accountListIngressKeys +++ b/bin/helper/osh-accountListIngressKeys @@ -12,23 +12,7 @@ use Getopt::Long; use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my $fnret; diff --git a/bin/helper/osh-accountListPasswords b/bin/helper/osh-accountListPasswords index 6cf3f9a..e823652 100755 --- a/bin/helper/osh-accountListPasswords +++ b/bin/helper/osh-accountListPasswords @@ -12,23 +12,7 @@ use Getopt::Long; use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my $fnret; diff --git a/bin/helper/osh-accountMFAResetPassword b/bin/helper/osh-accountMFAResetPassword index 676740e..6020554 100755 --- a/bin/helper/osh-accountMFAResetPassword +++ b/bin/helper/osh-accountMFAResetPassword @@ -13,23 +13,7 @@ use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Result; use OVH::Bastion; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my $fnret; diff --git a/bin/helper/osh-accountMFAResetTOTP b/bin/helper/osh-accountMFAResetTOTP index bc4a4cc..312d1da 100755 --- a/bin/helper/osh-accountMFAResetTOTP +++ b/bin/helper/osh-accountMFAResetTOTP @@ -13,23 +13,7 @@ use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Result; use OVH::Bastion; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my $fnret; diff --git a/bin/helper/osh-accountModify b/bin/helper/osh-accountModify index 289566a..aab652d 100755 --- a/bin/helper/osh-accountModify +++ b/bin/helper/osh-accountModify @@ -13,24 +13,8 @@ use Getopt::Long; use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; +use OVH::Bastion::Helper; use OVH::Result; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} # Fetch command options Getopt::Long::Configure("no_auto_abbrev"); diff --git a/bin/helper/osh-accountModifyCommand b/bin/helper/osh-accountModifyCommand index d1cc214..fac3683 100755 --- a/bin/helper/osh-accountModifyCommand +++ b/bin/helper/osh-accountModifyCommand @@ -16,23 +16,7 @@ use Getopt::Long; use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options Getopt::Long::Configure("no_auto_abbrev"); diff --git a/bin/helper/osh-accountModifyPersonalAccess b/bin/helper/osh-accountModifyPersonalAccess index 26c22d3..3b5769b 100755 --- a/bin/helper/osh-accountModifyPersonalAccess +++ b/bin/helper/osh-accountModifyPersonalAccess @@ -27,23 +27,7 @@ use Getopt::Long; use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my $fnret; diff --git a/bin/helper/osh-accountPIV b/bin/helper/osh-accountPIV index d4e9593..4cbeab9 100755 --- a/bin/helper/osh-accountPIV +++ b/bin/helper/osh-accountPIV @@ -14,24 +14,8 @@ use Getopt::Long; use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; +use OVH::Bastion::Helper; use OVH::Result; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} # Fetch command options Getopt::Long::Configure("no_auto_abbrev"); diff --git a/bin/helper/osh-accountUnexpire b/bin/helper/osh-accountUnexpire index 3911f1f..9947a6a 100755 --- a/bin/helper/osh-accountUnexpire +++ b/bin/helper/osh-accountUnexpire @@ -12,23 +12,7 @@ use Getopt::Long; use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my $fnret; diff --git a/bin/helper/osh-adminMaintenance b/bin/helper/osh-adminMaintenance index def478b..9a2daf8 100755 --- a/bin/helper/osh-adminMaintenance +++ b/bin/helper/osh-adminMaintenance @@ -12,23 +12,7 @@ use Getopt::Long; use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my $fnret; diff --git a/bin/helper/osh-groupAddServer b/bin/helper/osh-groupAddServer index 36bf0f8..0ff7ce3 100755 --- a/bin/helper/osh-groupAddServer +++ b/bin/helper/osh-groupAddServer @@ -14,23 +14,7 @@ use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Result; use OVH::Bastion; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my $fnret; diff --git a/bin/helper/osh-groupAddSymlinkToAccount b/bin/helper/osh-groupAddSymlinkToAccount index b1994dc..0f7e269 100755 --- a/bin/helper/osh-groupAddSymlinkToAccount +++ b/bin/helper/osh-groupAddSymlinkToAccount @@ -12,23 +12,7 @@ use Getopt::Long; use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my $fnret; diff --git a/bin/helper/osh-groupCreate b/bin/helper/osh-groupCreate index 02658e4..8abe07b 100755 --- a/bin/helper/osh-groupCreate +++ b/bin/helper/osh-groupCreate @@ -14,23 +14,7 @@ use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; use OVH::Bastion::Plugin::groupSetRole; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my $fnret; diff --git a/bin/helper/osh-groupDelEgressKey b/bin/helper/osh-groupDelEgressKey index d8957b7..93ff9d2 100755 --- a/bin/helper/osh-groupDelEgressKey +++ b/bin/helper/osh-groupDelEgressKey @@ -12,24 +12,8 @@ use Getopt::Long; use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; +use OVH::Bastion::Helper; use OVH::Result; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} # Fetch command options Getopt::Long::Configure("no_auto_abbrev"); diff --git a/bin/helper/osh-groupDelete b/bin/helper/osh-groupDelete index 4a3fbb6..803b147 100755 --- a/bin/helper/osh-groupDelete +++ b/bin/helper/osh-groupDelete @@ -15,23 +15,7 @@ use File::Copy qw(move); use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my $fnret; diff --git a/bin/helper/osh-groupGenerateEgressKey b/bin/helper/osh-groupGenerateEgressKey index b7e67f0..860583c 100755 --- a/bin/helper/osh-groupGenerateEgressKey +++ b/bin/helper/osh-groupGenerateEgressKey @@ -14,23 +14,7 @@ use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Result; use OVH::Bastion; use OVH::Bastion::Plugin::generateEgressKey; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my ($result, @optwarns); diff --git a/bin/helper/osh-groupGeneratePassword b/bin/helper/osh-groupGeneratePassword index ad55ec3..5968579 100755 --- a/bin/helper/osh-groupGeneratePassword +++ b/bin/helper/osh-groupGeneratePassword @@ -14,23 +14,7 @@ use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Result; use OVH::Bastion; use OVH::Bastion::Plugin::generatePassword; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my ($result, @optwarns); diff --git a/bin/helper/osh-groupModify b/bin/helper/osh-groupModify index 76d89b1..08eabdb 100755 --- a/bin/helper/osh-groupModify +++ b/bin/helper/osh-groupModify @@ -12,24 +12,8 @@ use Getopt::Long; use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; +use OVH::Bastion::Helper; use OVH::Result; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} # Fetch command options Getopt::Long::Configure("no_auto_abbrev"); diff --git a/bin/helper/osh-groupSetRole b/bin/helper/osh-groupSetRole index bb117fd..2fa2c49 100755 --- a/bin/helper/osh-groupSetRole +++ b/bin/helper/osh-groupSetRole @@ -22,23 +22,7 @@ use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Result; use OVH::Bastion; use OVH::Bastion::Plugin::groupSetRole; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options Getopt::Long::Configure("no_auto_abbrev"); diff --git a/bin/helper/osh-selfMFASetupPassword b/bin/helper/osh-selfMFASetupPassword index ed08f1d..fae41fb 100755 --- a/bin/helper/osh-selfMFASetupPassword +++ b/bin/helper/osh-selfMFASetupPassword @@ -11,23 +11,7 @@ use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Result; use OVH::Bastion; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my $fnret; diff --git a/bin/helper/osh-selfMFASetupTOTP b/bin/helper/osh-selfMFASetupTOTP index a00528a..ac625b8 100755 --- a/bin/helper/osh-selfMFASetupTOTP +++ b/bin/helper/osh-selfMFASetupTOTP @@ -12,23 +12,7 @@ use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Result; use OVH::Bastion; -local $| = 1; - -# -# Globals -# -$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) -$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal -$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; -my ($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; -if (not defined $self) { - if ($< == 0) { - $self = 'root'; - } - else { - HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); - } -} +use OVH::Bastion::Helper; # Fetch command options my $fnret; diff --git a/lib/perl/OVH/Bastion/Helper.pm b/lib/perl/OVH/Bastion/Helper.pm new file mode 100644 index 0000000..bd6311e --- /dev/null +++ b/lib/perl/OVH/Bastion/Helper.pm @@ -0,0 +1,35 @@ +package OVH::Bastion::Helper; + +# vim: set filetype=perl ts=4 sw=4 sts=4 et: +use common::sense; + +use File::Basename; +use lib dirname(__FILE__) . '/../../../../lib/perl'; +use OVH::Bastion; +use OVH::Result; + +# We handle our importer's '$self' var, this is by design. +use Exporter 'import'; +our $self; ## no critic (ProhibitPackageVars) +our @EXPORT = qw( $self ); ## no critic (ProhibitAutomaticExportation) + +$| = 1; + +# +# This code has to be ran for all helpers so we include it here directly +# + +$SIG{'HUP'} = 'IGNORE'; # continue even when attached terminal is closed (we're called with setsid on supported systems anyway) +$SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because there's no longer a terminal +$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/pkg/bin'; +($self) = $ENV{'SUDO_USER'} =~ m{^([a-zA-Z0-9._-]+)$}; +if (not defined $self) { + if ($< == 0) { + $self = 'root'; + } + else { + HEXIT('ERR_SUDO_NEEDED', msg => 'This command must be run under sudo'); + } +} + +1; diff --git a/tests/functional/tests.d/330-selfkeys.sh b/tests/functional/tests.d/330-selfkeys.sh index 21ebadb..907a035 100644 --- a/tests/functional/tests.d/330-selfkeys.sh +++ b/tests/functional/tests.d/330-selfkeys.sh @@ -179,7 +179,7 @@ EOS account1key1fp=$(get_json | $jq '.value.keys[0].fingerprint') script flood $a1 -osh selfAddIngressKey '<' /dev/urandom - retvalshouldbe 255 + retvalshouldbe 0 script privkey $a1 -osh selfAddIngressKey '<<< "-----BEGIN DSA PRIVATE KEY----- MIIBugIBAAKBgQCawvohH0r9B4NxdaYHiBT5pLWDe14o3MTE3WwtKF0l7az+zw0P"'