chore: factorize user@host:port display in machine_display()

1 year ago · 58354cc305
parent 9e357333db
commit 58354cc305
8 changed files with 31 additions and 22 deletions
--- a/bin/helper/osh-accountModifyPersonalAccess
+++ b/bin/helper/osh-accountModifyPersonalAccess
@ -81,9 +81,7 @@ if (not grep { $action eq $_ } qw{ add del }) {
 #<PARAMS:ACTION

 #>CODE
-my $machine = $ip;
-$port and $machine .= ":$port";
-$user and $machine = $user . '@' . $machine;
+my $machine = OVH::Bastion::machine_display(ip => $ip, port => $port, user => $user)->value;

 my $plugin = ($target eq 'self' ? 'self' : 'account') . 'AddPersonalAccess';

--- a/bin/helper/osh-groupAddServer
+++ b/bin/helper/osh-groupAddServer
@ -86,9 +86,7 @@ $fnret = OVH::Bastion::Helper::acquire_lock($lock_fh);
 $fnret or HEXIT($fnret);

 #>CODE
-my $machine = $ip;
-$port and $machine .= ":$port";
-$user and $machine = $user . '@' . $machine;
+my $machine = OVH::Bastion::machine_display(ip => $ip, port => $port, user => $user)->value;

 # access_modify validates all its parameters, don't do it ourselves here for clarity
 $fnret = OVH::Bastion::access_modify(
--- a/bin/shell/osh.pl
+++ b/bin/shell/osh.pl
@ -1131,7 +1131,11 @@ $user = $user || $config->{'defaultLogin'} || $remoteself || $sysself;
 # log request
 osh_debug("final request : " . "$user\@$ip -p $port -- $command'\n");

-my $displayLine = "$hostfrom:$portfrom => $self\@$bastionhost:$bastionport => $user\@$hostto:$port";
+my $displayLine = sprintf("%s => %s => %s",
+    OVH::Bastion::machine_display(ip => $hostfrom,    port => $portfrom)->value,
+    OVH::Bastion::machine_display(ip => $bastionhost, port => $bastionport, user => $self)->value,
+    OVH::Bastion::machine_display(ip => $hostto,      port => $port, user => $user)->value,
+);

 if (!$quiet) {
    osh_print("$displayLine ...");
--- a/lib/perl/OVH/Bastion.pm
+++ b/lib/perl/OVH/Bastion.pm
@ -750,6 +750,19 @@ sub is_valid_remote_user {
    return R('ERR_INVALID_PARAMETER', msg => "Specified user doesn't seem to be valid");
 }

+sub machine_display {
+    my %params = @_;
+    my $ip     = $params{'ip'};
+    my $port   = $params{'port'};
+    my $user   = $params{'user'};
+
+    my $machine = (index($ip, ':') >= 0 ? "[$ip]" : $ip);
+    $machine .= ":$port" if $port;
+    $machine = $user . '@' . $machine if $user;
+
+    return R('OK', value => $machine);
+}
+
 sub touch_file {
    my $file  = shift;
    my $perms = shift;
--- a/lib/perl/OVH/Bastion/Plugin/groupSetRole.pm
+++ b/lib/perl/OVH/Bastion/Plugin/groupSetRole.pm
@ -206,10 +206,12 @@ sub act {

                # foreach guest access, delete
                foreach my $access (@acl) {
-                    my $machine = $access->{'ip'};
-                    $machine .= ':' . $access->{'port'} if defined $access->{'port'};
-                    $machine = $access->{'user'} . '@' . $machine if defined $access->{'user'};
-                    $fnret   = OVH::Bastion::Plugin::groupSetRole::act(
+                    my $machine = OVH::Bastion::machine_display(
+                        ip   => $access->{'ip'},
+                        port => $access->{'port'},
+                        user => $access->{'user'}
+                    )->value;
+                    $fnret = OVH::Bastion::Plugin::groupSetRole::act(
                        account => $account,
                        group   => $shortGroup,
                        action  => 'del',
@ -251,9 +253,7 @@ sub act {

        # in that case, we need to handle the add/del of the guest access to $user@$host:$port
        # check if group has access to $user@$ip:$port
-        my $machine = $host;
-        $port and $machine .= ":$port";
-        $user and $machine = $user . '@' . $machine;
+        my $machine = OVH::Bastion::machine_display(ip => $host, port => $port, user => $user)->value;
        osh_debug(
            "groupSetRole::act, checking if group $group has access to $machine to $action $type access to $account");

--- a/lib/perl/OVH/Bastion/Plugin/otherProtocol.pm
+++ b/lib/perl/OVH/Bastion/Plugin/otherProtocol.pm
@ -27,7 +27,7 @@ sub has_protocol_access {
        return R('ERR_MISSING_PARAMETERS', msg => "Missing mandatory parameters for has_protocol_access");
    }

-    my $machine = "$user\@$ip:$port";
+    my $machine = OVH::Bastion::machine_display(ip => $ip, port => $port, user => $user)->value;

    my %keys;
    osh_debug("Checking access 1/2 of $account to $machine...");
--- a/lib/perl/OVH/Bastion/allowdeny.inc
+++ b/lib/perl/OVH/Bastion/allowdeny.inc
@ -918,9 +918,7 @@ sub is_access_granted {

    return R('OK', value => \@grants) if @grants;

-    my $machine = $ip;
-    $machine .= ":$port" if $port;
-    $machine = $user . '@' . $machine if $user;
+    my $machine = OVH::Bastion::machine_display(ip => $ip, port => $port, user => $user)->value;
    return R('KO_ACCESS_DENIED', msg => "Access denied for $account to $machine");
 }

--- a/lib/perl/OVH/Bastion/allowkeeper.inc
+++ b/lib/perl/OVH/Bastion/allowkeeper.inc
@ -582,10 +582,8 @@ sub access_modify {
        }

        # build the line we're either adding or looking for (to delete it)
-        my $entry = $ip;
-        $entry = $user . "@" . $entry if defined $user;
-        $entry = $entry . ":" . $port if defined $port;
-        my $machine = $entry;
+        my $machine = OVH::Bastion::machine_display(ip => $ip, port => $port, user => $user)->value;
+        my $entry   = $machine;

        my $t            = localtime(time);
        my $fmt          = "%Y-%m-%d %H:%M:%S";