From 7f0ec412a2bfe97a157022e8f3d68a9a3329bb3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Thu, 11 Jan 2024 08:38:41 +0000 Subject: [PATCH] fix: accountInfo: return always_active=1 for globally-always-active accounts --- bin/plugin/restricted/accountInfo | 43 +++++++++++++++++++++---------- lib/perl/OVH/Bastion.pm | 2 +- 2 files changed, 30 insertions(+), 15 deletions(-) diff --git a/bin/plugin/restricted/accountInfo b/bin/plugin/restricted/accountInfo index 5aa7f123b..2a12bd0d8 100755 --- a/bin/plugin/restricted/accountInfo +++ b/bin/plugin/restricted/accountInfo @@ -153,26 +153,41 @@ foreach my $accHash (@accounts) { } $ret{'groups'} = $groups_hash; - my $canConnect = 1; - $ret{'always_active'} = OVH::Bastion::account_config( - account => $account, - key => OVH::Bastion::OPT_ACCOUNT_ALWAYS_ACTIVE, - public => 1 - ) ? 1 : 0; - if ($ret{'always_active'}) { - $ret{'is_active'} = 1; + if ( + OVH::Bastion::account_config( + account => $account, + key => OVH::Bastion::OPT_ACCOUNT_ALWAYS_ACTIVE, + public => 1 + )->value + ) + { + $ret{'always_active'} = 1; + $ret{'always_active_reason'} = 'account local configuration'; } else { - $fnret = OVH::Bastion::is_account_active(account => $account); - if ($fnret->is_ok) { - $ret{'is_active'} = 1; + # maybe always_active through global configuration? + my $alwaysActiveAccounts = OVH::Bastion::config('alwaysActiveAccounts'); + if ($alwaysActiveAccounts and $alwaysActiveAccounts->value) { + if (grep { $sysaccount eq $_ } @{$alwaysActiveAccounts->value}) { + $ret{'always_active'} = 1; + $ret{'always_active_reason'} = 'account listed in global configuration'; + } } - elsif ($fnret->is_ko) { - $canConnect = 0; - $ret{'is_active'} = 0; + else { + $ret{'always_active'} = 0; } } + my $canConnect = 1; + $fnret = OVH::Bastion::is_account_active(account => $account); + if ($fnret->is_ok) { + $ret{'is_active'} = 1; + } + elsif ($fnret->is_ko) { + $canConnect = 0; + $ret{'is_active'} = 0; + } + if (OVH::Bastion::is_auditor(account => $self)) { # TTL check diff --git a/lib/perl/OVH/Bastion.pm b/lib/perl/OVH/Bastion.pm index 29ec2a793..34ee4ee88 100644 --- a/lib/perl/OVH/Bastion.pm +++ b/lib/perl/OVH/Bastion.pm @@ -373,7 +373,7 @@ sub is_account_active { account => $sysaccount, key => OVH::Bastion::OPT_ACCOUNT_ALWAYS_ACTIVE, public => 1 - ) + )->value ) { return R('OK');