Merge branch 'master' into adminSudo

2025-09-07 13:34:28 +08:00 · 2020-11-23 10:05:11 +01:00 · 2020-11-23 10:05:11 +01:00 · f07e00b1e9
commit f07e00b1e9
parent e2a64a9d8f d67141b10a
34 changed files with 95 additions and 103 deletions
--- a/.github/workflows/tests_basic.yml
+++ b/.github/workflows/tests_basic.yml
@ -5,7 +5,7 @@ on: [push, pull_request]
 jobs:
    test:
        name: perlcritic, perltidy & shellcheck
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-20.04
        steps:
        - uses: actions/checkout@v2
        - name: install prerequisites
@ -17,4 +17,4 @@ jobs:
        - name: perl critic
          run: bin/dev/perl-critic.sh
        - name: perl tidy
-          run: bin/dev/perl-tidy.sh
+          run: bin/dev/perl-tidy.sh test
--- a/bin/helper/osh-accountCreate
+++ b/bin/helper/osh-accountCreate
@ -299,6 +299,7 @@ if (ref $config->{'accountCreateDefaultPersonalAccesses'} eq 'ARRAY' && $type eq
        push @command, '--action', 'add';
        push @command, '--account', $account;
        push @command, '--ip', $ip;
+
        if ($user) {
            push @command, '--user', ($user eq 'ACCOUNT' ? $account : $user);
        }
--- a/bin/proxy/osh-http-proxy-worker
+++ b/bin/proxy/osh-http-proxy-worker
@ -394,9 +394,9 @@ my @t   = localtime($now[0]);
 my $headers_as_string = $res ? join("", $res->{'_headers'}->as_string("\n")) : '';
 my $logfile           = sprintf("%s/%s.txt", $finaldir, POSIX::strftime("%F", @t));
 my $logline           = sprintf(
-    "--- BASTION_REQUEST UNIQID=%s TIMESTAMP=%d.%06d DATE=%s ---\n%s\n".
-    "--- DEVICE_ANSWER UNIQID=%s TIMESTAMP=%d.%06d DATE=%s ---\n%s\n".
-    "--- END UNIQID=%s TIMESTAMP=%d.%06d DATE=%s ---\n\n",
+    "--- BASTION_REQUEST UNIQID=%s TIMESTAMP=%d.%06d DATE=%s ---\n%s\n"
+      . "--- DEVICE_ANSWER UNIQID=%s TIMESTAMP=%d.%06d DATE=%s ---\n%s\n"
+      . "--- END UNIQID=%s TIMESTAMP=%d.%06d DATE=%s ---\n\n",
    $uniqid, $now[0], $now[1], POSIX::strftime("%Y/%m/%d.%H:%M:%S", @t), $req->as_string(),
    $uniqid, $now[0], $now[1], POSIX::strftime("%Y/%m/%d.%H:%M:%S", @t),
    ($res ? sprintf("%s %s\n%s\n%s", $res->protocol, $res->status_line, $headers_as_string, $res->decoded_content) : '(DEVICE TIMEOUT)'),
--- a/bin/shell/osh.pl
+++ b/bin/shell/osh.pl
@ -644,6 +644,7 @@ my $isMfaPasswordRequired   = OVH::Bastion::is_user_in_group(account => $sysself
 my $hasMfaPasswordBypass    = OVH::Bastion::is_user_in_group(account => $sysself, group => OVH::Bastion::MFA_PASSWORD_BYPASS_GROUP);
 my $isMfaTOTPRequired       = OVH::Bastion::is_user_in_group(account => $sysself, group => OVH::Bastion::MFA_TOTP_REQUIRED_GROUP);
 my $hasMfaTOTPBypass        = OVH::Bastion::is_user_in_group(account => $sysself, group => OVH::Bastion::MFA_TOTP_BYPASS_GROUP);
+
 if ($mfaPolicy ne 'disabled' && !grep { $osh_command eq $_ } qw{ selfMFASetupPassword selfMFASetupTOTP help info }) {

    if (($mfaPolicy eq 'password-required' && !$hasMfaPasswordBypass) || $isMfaPasswordRequired) {
--- a/lib/perl/OVH/Bastion/Plugin/groupSetRole.pm
+++ b/lib/perl/OVH/Bastion/Plugin/groupSetRole.pm
@ -171,6 +171,7 @@ sub act {
        push @command, '--action', $action;
        $fnret = OVH::Bastion::helper(cmd => \@command);
        $fnret or return $fnret;
+
        if ($fnret->err eq 'OK_NO_CHANGE') {

            # make the error msg user friendly
--- a/lib/perl/OVH/Bastion/ProxyHTTP.pm
+++ b/lib/perl/OVH/Bastion/ProxyHTTP.pm
@ -400,6 +400,7 @@ sub process_http_request {
    push @cmd, "--timeout", $timeout if $timeout;
    push @cmd, "--allow-downgrade" if $allow_downgrade;
    push @cmd, "--insecure"        if ($self->{'proxy_config'}{'insecure'} && !$enforce_secure);
+
    foreach my $key (qw{ accept content-type connection }) {
        push @cmd, "--header", $key . ':' . $req_headers->{$key} if (defined $req_headers->{$key});
    }
--- a/tests/functional/docker/tester_role.sh
+++ b/tests/functional/docker/tester_role.sh
@ -7,18 +7,6 @@ basedir=$(readlink -f "$(dirname "$0")"/../../..)
 # shellcheck source=lib/shell/colors.inc
 . "$basedir"/lib/shell/colors.inc

-
-if [ "$TEST_QUICK" = 0 ]; then
-    printf '%b>>> %b <<<%b\n' "$BOLD_CYAN" "SHELL CHECK" "$NOC"
-    "$(dirname "$0")"/../../../bin/dev/shell-check.sh || exit 254
-
-    printf '%b>>> %b <<<%b\n' "$BOLD_CYAN" "PERL CRITIC" "$NOC"
-    "$(dirname "$0")"/../../../bin/dev/perl-critic.sh || exit 254
-
-    printf '%b>>> %b <<<%b\n' "$BOLD_CYAN" "PERL TIDY" "$NOC"
-    "$(dirname "$0")"/../../../bin/dev/perl-tidy.sh test || exit 254
-fi
-
 printf '%b>>> %b <<<%b\n' "$BOLD_CYAN" "SETTING UP KEYS" "$NOC"
 base64 -d <<< "$USER_PRIVKEY_B64" > /root/user.privkey
 chmod 400 /root/user.privkey