Merge "Fix allow the use of blank in user group name to access the share"
This commit is contained in:
commit
1095fb7478
@ -309,14 +309,28 @@ def validate_common_name(access):
|
||||
exc_str = _('Invalid CN (common name). Must be 1-64 chars long.')
|
||||
raise webob.exc.HTTPBadRequest(explanation=exc_str)
|
||||
|
||||
'''
|
||||
for the reference specification for AD usernames, reference below links:
|
||||
|
||||
1:https://msdn.microsoft.com/en-us/library/bb726984.aspx
|
||||
2:https://technet.microsoft.com/en-us/library/cc733146.aspx
|
||||
'''
|
||||
|
||||
|
||||
def validate_username(access):
|
||||
valid_username_re = '[\w\$\.\-_\`;\'\{\}\[\]\\\\]{4,255}$'
|
||||
sole_periods_spaces_re = '[\s|\.]+$'
|
||||
valid_username_re = '.[^\"\/\\\[\]\:\;\|\=\,\+\*\?\<\>]{3,254}$'
|
||||
username = access
|
||||
|
||||
if re.match(sole_periods_spaces_re, username):
|
||||
exc_str = ('Invalid user or group name,cannot consist solely '
|
||||
'of periods or spaces.')
|
||||
raise webob.exc.HTTPBadRequest(explanation=exc_str)
|
||||
|
||||
if not re.match(valid_username_re, username):
|
||||
exc_str = ('Invalid user or group name. Must be 4-255 characters '
|
||||
'and consist of alphanumeric characters and '
|
||||
'special characters $]{.-_\'`;}[\\')
|
||||
'exclude special characters "/\[]:;|=,+*?<>')
|
||||
raise webob.exc.HTTPBadRequest(explanation=exc_str)
|
||||
|
||||
|
||||
|
@ -258,6 +258,8 @@ class MiscFunctionsTest(test.TestCase):
|
||||
@ddt.data(['ip', '1.1.1.1', False, False], ['user', 'alice', False, False],
|
||||
['cert', 'alice', False, False], ['cephx', 'alice', True, False],
|
||||
['user', 'alice$', False, False],
|
||||
['user', 'test group name', False, False],
|
||||
['user', 'group$.-_\'`{}', False, False],
|
||||
['ip', '172.24.41.0/24', False, False],
|
||||
['ip', '1001::1001', False, True],
|
||||
['ip', '1001::1000/120', False, True])
|
||||
@ -270,7 +272,8 @@ class MiscFunctionsTest(test.TestCase):
|
||||
['ip', '255.255.255.265', False], ['ip', '1.1.1.0/34', False],
|
||||
['cert', '', False], ['cephx', 'client.alice', True],
|
||||
['group', 'alice', True], ['cephx', 'alice', False],
|
||||
['cephx', '', True], ['user', 'bob', False],
|
||||
['cephx', '', True], ['user', 'bob/', False],
|
||||
['user', 'group<>', False], ['user', '+=*?group', False],
|
||||
['ip', '1001::1001/256', False],
|
||||
['ip', '1001:1001/256', False],)
|
||||
@ddt.unpack
|
||||
|
@ -787,8 +787,10 @@ class ShareActionsTest(test.TestCase):
|
||||
{'access_type': 'ip', 'access_to': '127.0.0.1'},
|
||||
{'access_type': 'user', 'access_to': '1' * 4},
|
||||
{'access_type': 'user', 'access_to': '1' * 255},
|
||||
{'access_type': 'user', 'access_to': 'fake\\]{.-_\'`;}['},
|
||||
{'access_type': 'user', 'access_to': 'MYDOMAIN\\Administrator'},
|
||||
{'access_type': 'user', 'access_to': 'fake{.-_\'`}'},
|
||||
{'access_type': 'user', 'access_to': 'MYDOMAIN-Administrator'},
|
||||
{'access_type': 'user', 'access_to': 'test group name'},
|
||||
{'access_type': 'user', 'access_to': 'group$.-_\'`{}'},
|
||||
{'access_type': 'cert', 'access_to': 'x'},
|
||||
{'access_type': 'cert', 'access_to': 'tenant.example.com'},
|
||||
{'access_type': 'cert', 'access_to': 'x' * 64},
|
||||
@ -821,7 +823,9 @@ class ShareActionsTest(test.TestCase):
|
||||
{'access_type': 'user', 'access_to': '1'},
|
||||
{'access_type': 'user', 'access_to': '1' * 3},
|
||||
{'access_type': 'user', 'access_to': '1' * 256},
|
||||
{'access_type': 'user', 'access_to': 'root^'},
|
||||
{'access_type': 'user', 'access_to': 'root<>'},
|
||||
{'access_type': 'user', 'access_to': 'group\\'},
|
||||
{'access_type': 'user', 'access_to': '+=*?group'},
|
||||
{'access_type': 'cert', 'access_to': ''},
|
||||
{'access_type': 'cert', 'access_to': ' '},
|
||||
{'access_type': 'cert', 'access_to': 'x' * 65},
|
||||
|
@ -1922,10 +1922,16 @@ class ShareActionsTest(test.TestCase):
|
||||
"version": "2.7"},
|
||||
{"access": {'access_type': 'user', 'access_to': '1' * 255},
|
||||
"version": "2.7"},
|
||||
{"access": {'access_type': 'user', 'access_to': 'fake\\]{.-_\'`;}['},
|
||||
{"access": {'access_type': 'user', 'access_to': 'fake{.-_\'`}'},
|
||||
"version": "2.7"},
|
||||
{"access": {'access_type': 'user',
|
||||
'access_to': 'MYDOMAIN\\Administrator'},
|
||||
'access_to': 'MYDOMAIN-Administrator'},
|
||||
"version": "2.7"},
|
||||
{"access": {'access_type': 'user',
|
||||
'access_to': 'test group name'},
|
||||
"version": "2.7"},
|
||||
{"access": {'access_type': 'user',
|
||||
'access_to': 'group$.-_\'`{}'},
|
||||
"version": "2.7"},
|
||||
{"access": {'access_type': 'cert', 'access_to': 'x'},
|
||||
"version": "2.7"},
|
||||
@ -1980,7 +1986,11 @@ class ShareActionsTest(test.TestCase):
|
||||
"version": "2.7"},
|
||||
{"access": {'access_type': 'user', 'access_to': '1' * 256},
|
||||
"version": "2.7"},
|
||||
{"access": {'access_type': 'user', 'access_to': 'root^'},
|
||||
{"access": {'access_type': 'user', 'access_to': 'root<>'},
|
||||
"version": "2.7"},
|
||||
{"access": {'access_type': 'user', 'access_to': 'group\\'},
|
||||
"version": "2.7"},
|
||||
{"access": {'access_type': 'user', 'access_to': '+=*?group'},
|
||||
"version": "2.7"},
|
||||
{"access": {'access_type': 'cert', 'access_to': ''},
|
||||
"version": "2.7"},
|
||||
|
@ -0,0 +1,4 @@
|
||||
---
|
||||
fixes:
|
||||
- Allows the use of blank in user group name, since
|
||||
the AD allow user group name to include blank.
|
Loading…
Reference in New Issue
Block a user