Skip to content

Commit

Permalink
fix: accountInfo: return always_active=1 for globally-always-active a…
Browse files Browse the repository at this point in the history 
…ccounts
  • Loading branch information
@speed47
speed47 committed Jan 11, 2024
1 parent 0502d13 commit 4981506
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 15 deletions.
43 changes: 29 additions & 14 deletions bin/plugin/restricted/accountInfo
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,26 +153,41 @@ foreach my $accHash (@accounts) {
}
$ret{'groups'} = $groups_hash;

my $canConnect = 1;
$ret{'always_active'} = OVH::Bastion::account_config(
account => $account,
key => OVH::Bastion::OPT_ACCOUNT_ALWAYS_ACTIVE,
public => 1
) ? 1 : 0;
if ($ret{'always_active'}) {
$ret{'is_active'} = 1;
if (
OVH::Bastion::account_config(
account => $account,
key => OVH::Bastion::OPT_ACCOUNT_ALWAYS_ACTIVE,
public => 1
)->value
)
{
$ret{'always_active'} = 1;
$ret{'always_active_reason'} = 'account_configuration';
}
else {
$fnret = OVH::Bastion::is_account_active(account => $account);
if ($fnret->is_ok) {
$ret{'is_active'} = 1;
# maybe always_active through global configuration?
my $alwaysActiveAccounts = OVH::Bastion::config('alwaysActiveAccounts');
if ($alwaysActiveAccounts and $alwaysActiveAccounts->value) {
if (grep { $sysaccount eq $_ } @{$alwaysActiveAccounts->value}) {
$ret{'always_active'} = 1;
$ret{'always_active_reason'} = 'global_configuration';
}
}
elsif ($fnret->is_ko) {
$canConnect = 0;
$ret{'is_active'} = 0;
else {
$ret{'always_active'} = 0;
}
}

my $canConnect = 1;
$fnret = OVH::Bastion::is_account_active(account => $account);
if ($fnret->is_ok) {
$ret{'is_active'} = 1;
}
elsif ($fnret->is_ko) {
$canConnect = 0;
$ret{'is_active'} = 0;
}

if (OVH::Bastion::is_auditor(account => $self)) {

# TTL check
Expand Down
2 changes: 1 addition & 1 deletion lib/perl/OVH/Bastion.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -373,7 +373,7 @@ sub is_account_active {
account => $sysaccount,
key => OVH::Bastion::OPT_ACCOUNT_ALWAYS_ACTIVE,
public => 1
)
)->value
)
{
return R('OK');
Expand Down

0 comments on commit 4981506

Please sign in to comment.