Merge "Fix allow the use of blank in user group name to access the share"

This commit is contained in:
Zuul 2018-05-07 15:27:21 +00:00 committed by Gerrit Code Review
commit 1095fb7478
5 changed files with 44 additions and 9 deletions

View File

@ -309,14 +309,28 @@ def validate_common_name(access):
exc_str = _('Invalid CN (common name). Must be 1-64 chars long.') exc_str = _('Invalid CN (common name). Must be 1-64 chars long.')
raise webob.exc.HTTPBadRequest(explanation=exc_str) raise webob.exc.HTTPBadRequest(explanation=exc_str)
'''
for the reference specification for AD usernames, reference below links:
1:https://msdn.microsoft.com/en-us/library/bb726984.aspx
2:https://technet.microsoft.com/en-us/library/cc733146.aspx
'''
def validate_username(access): def validate_username(access):
valid_username_re = '[\w\$\.\-_\`;\'\{\}\[\]\\\\]{4,255}$' sole_periods_spaces_re = '[\s|\.]+$'
valid_username_re = '.[^\"\/\\\[\]\:\;\|\=\,\+\*\?\<\>]{3,254}$'
username = access username = access
if re.match(sole_periods_spaces_re, username):
exc_str = ('Invalid user or group name,cannot consist solely '
'of periods or spaces.')
raise webob.exc.HTTPBadRequest(explanation=exc_str)
if not re.match(valid_username_re, username): if not re.match(valid_username_re, username):
exc_str = ('Invalid user or group name. Must be 4-255 characters ' exc_str = ('Invalid user or group name. Must be 4-255 characters '
'and consist of alphanumeric characters and ' 'and consist of alphanumeric characters and '
'special characters $]{.-_\'`;}[\\') 'exclude special characters "/\[]:;|=,+*?<>')
raise webob.exc.HTTPBadRequest(explanation=exc_str) raise webob.exc.HTTPBadRequest(explanation=exc_str)

View File

@ -258,6 +258,8 @@ class MiscFunctionsTest(test.TestCase):
@ddt.data(['ip', '1.1.1.1', False, False], ['user', 'alice', False, False], @ddt.data(['ip', '1.1.1.1', False, False], ['user', 'alice', False, False],
['cert', 'alice', False, False], ['cephx', 'alice', True, False], ['cert', 'alice', False, False], ['cephx', 'alice', True, False],
['user', 'alice$', False, False], ['user', 'alice$', False, False],
['user', 'test group name', False, False],
['user', 'group$.-_\'`{}', False, False],
['ip', '172.24.41.0/24', False, False], ['ip', '172.24.41.0/24', False, False],
['ip', '1001::1001', False, True], ['ip', '1001::1001', False, True],
['ip', '1001::1000/120', False, True]) ['ip', '1001::1000/120', False, True])
@ -270,7 +272,8 @@ class MiscFunctionsTest(test.TestCase):
['ip', '255.255.255.265', False], ['ip', '1.1.1.0/34', False], ['ip', '255.255.255.265', False], ['ip', '1.1.1.0/34', False],
['cert', '', False], ['cephx', 'client.alice', True], ['cert', '', False], ['cephx', 'client.alice', True],
['group', 'alice', True], ['cephx', 'alice', False], ['group', 'alice', True], ['cephx', 'alice', False],
['cephx', '', True], ['user', 'bob', False], ['cephx', '', True], ['user', 'bob/', False],
['user', 'group<>', False], ['user', '+=*?group', False],
['ip', '1001::1001/256', False], ['ip', '1001::1001/256', False],
['ip', '1001:1001/256', False],) ['ip', '1001:1001/256', False],)
@ddt.unpack @ddt.unpack

View File

@ -787,8 +787,10 @@ class ShareActionsTest(test.TestCase):
{'access_type': 'ip', 'access_to': '127.0.0.1'}, {'access_type': 'ip', 'access_to': '127.0.0.1'},
{'access_type': 'user', 'access_to': '1' * 4}, {'access_type': 'user', 'access_to': '1' * 4},
{'access_type': 'user', 'access_to': '1' * 255}, {'access_type': 'user', 'access_to': '1' * 255},
{'access_type': 'user', 'access_to': 'fake\\]{.-_\'`;}['}, {'access_type': 'user', 'access_to': 'fake{.-_\'`}'},
{'access_type': 'user', 'access_to': 'MYDOMAIN\\Administrator'}, {'access_type': 'user', 'access_to': 'MYDOMAIN-Administrator'},
{'access_type': 'user', 'access_to': 'test group name'},
{'access_type': 'user', 'access_to': 'group$.-_\'`{}'},
{'access_type': 'cert', 'access_to': 'x'}, {'access_type': 'cert', 'access_to': 'x'},
{'access_type': 'cert', 'access_to': 'tenant.example.com'}, {'access_type': 'cert', 'access_to': 'tenant.example.com'},
{'access_type': 'cert', 'access_to': 'x' * 64}, {'access_type': 'cert', 'access_to': 'x' * 64},
@ -821,7 +823,9 @@ class ShareActionsTest(test.TestCase):
{'access_type': 'user', 'access_to': '1'}, {'access_type': 'user', 'access_to': '1'},
{'access_type': 'user', 'access_to': '1' * 3}, {'access_type': 'user', 'access_to': '1' * 3},
{'access_type': 'user', 'access_to': '1' * 256}, {'access_type': 'user', 'access_to': '1' * 256},
{'access_type': 'user', 'access_to': 'root^'}, {'access_type': 'user', 'access_to': 'root<>'},
{'access_type': 'user', 'access_to': 'group\\'},
{'access_type': 'user', 'access_to': '+=*?group'},
{'access_type': 'cert', 'access_to': ''}, {'access_type': 'cert', 'access_to': ''},
{'access_type': 'cert', 'access_to': ' '}, {'access_type': 'cert', 'access_to': ' '},
{'access_type': 'cert', 'access_to': 'x' * 65}, {'access_type': 'cert', 'access_to': 'x' * 65},

View File

@ -1922,10 +1922,16 @@ class ShareActionsTest(test.TestCase):
"version": "2.7"}, "version": "2.7"},
{"access": {'access_type': 'user', 'access_to': '1' * 255}, {"access": {'access_type': 'user', 'access_to': '1' * 255},
"version": "2.7"}, "version": "2.7"},
{"access": {'access_type': 'user', 'access_to': 'fake\\]{.-_\'`;}['}, {"access": {'access_type': 'user', 'access_to': 'fake{.-_\'`}'},
"version": "2.7"}, "version": "2.7"},
{"access": {'access_type': 'user', {"access": {'access_type': 'user',
'access_to': 'MYDOMAIN\\Administrator'}, 'access_to': 'MYDOMAIN-Administrator'},
"version": "2.7"},
{"access": {'access_type': 'user',
'access_to': 'test group name'},
"version": "2.7"},
{"access": {'access_type': 'user',
'access_to': 'group$.-_\'`{}'},
"version": "2.7"}, "version": "2.7"},
{"access": {'access_type': 'cert', 'access_to': 'x'}, {"access": {'access_type': 'cert', 'access_to': 'x'},
"version": "2.7"}, "version": "2.7"},
@ -1980,7 +1986,11 @@ class ShareActionsTest(test.TestCase):
"version": "2.7"}, "version": "2.7"},
{"access": {'access_type': 'user', 'access_to': '1' * 256}, {"access": {'access_type': 'user', 'access_to': '1' * 256},
"version": "2.7"}, "version": "2.7"},
{"access": {'access_type': 'user', 'access_to': 'root^'}, {"access": {'access_type': 'user', 'access_to': 'root<>'},
"version": "2.7"},
{"access": {'access_type': 'user', 'access_to': 'group\\'},
"version": "2.7"},
{"access": {'access_type': 'user', 'access_to': '+=*?group'},
"version": "2.7"}, "version": "2.7"},
{"access": {'access_type': 'cert', 'access_to': ''}, {"access": {'access_type': 'cert', 'access_to': ''},
"version": "2.7"}, "version": "2.7"},

View File

@ -0,0 +1,4 @@
---
fixes:
- Allows the use of blank in user group name, since
the AD allow user group name to include blank.