Merge "Fix allow the use of blank in user group name to access the share"
This commit is contained in:
commit
1095fb7478
@ -309,14 +309,28 @@ def validate_common_name(access):
|
|||||||
exc_str = _('Invalid CN (common name). Must be 1-64 chars long.')
|
exc_str = _('Invalid CN (common name). Must be 1-64 chars long.')
|
||||||
raise webob.exc.HTTPBadRequest(explanation=exc_str)
|
raise webob.exc.HTTPBadRequest(explanation=exc_str)
|
||||||
|
|
||||||
|
'''
|
||||||
|
for the reference specification for AD usernames, reference below links:
|
||||||
|
|
||||||
|
1:https://msdn.microsoft.com/en-us/library/bb726984.aspx
|
||||||
|
2:https://technet.microsoft.com/en-us/library/cc733146.aspx
|
||||||
|
'''
|
||||||
|
|
||||||
|
|
||||||
def validate_username(access):
|
def validate_username(access):
|
||||||
valid_username_re = '[\w\$\.\-_\`;\'\{\}\[\]\\\\]{4,255}$'
|
sole_periods_spaces_re = '[\s|\.]+$'
|
||||||
|
valid_username_re = '.[^\"\/\\\[\]\:\;\|\=\,\+\*\?\<\>]{3,254}$'
|
||||||
username = access
|
username = access
|
||||||
|
|
||||||
|
if re.match(sole_periods_spaces_re, username):
|
||||||
|
exc_str = ('Invalid user or group name,cannot consist solely '
|
||||||
|
'of periods or spaces.')
|
||||||
|
raise webob.exc.HTTPBadRequest(explanation=exc_str)
|
||||||
|
|
||||||
if not re.match(valid_username_re, username):
|
if not re.match(valid_username_re, username):
|
||||||
exc_str = ('Invalid user or group name. Must be 4-255 characters '
|
exc_str = ('Invalid user or group name. Must be 4-255 characters '
|
||||||
'and consist of alphanumeric characters and '
|
'and consist of alphanumeric characters and '
|
||||||
'special characters $]{.-_\'`;}[\\')
|
'exclude special characters "/\[]:;|=,+*?<>')
|
||||||
raise webob.exc.HTTPBadRequest(explanation=exc_str)
|
raise webob.exc.HTTPBadRequest(explanation=exc_str)
|
||||||
|
|
||||||
|
|
||||||
|
@ -258,6 +258,8 @@ class MiscFunctionsTest(test.TestCase):
|
|||||||
@ddt.data(['ip', '1.1.1.1', False, False], ['user', 'alice', False, False],
|
@ddt.data(['ip', '1.1.1.1', False, False], ['user', 'alice', False, False],
|
||||||
['cert', 'alice', False, False], ['cephx', 'alice', True, False],
|
['cert', 'alice', False, False], ['cephx', 'alice', True, False],
|
||||||
['user', 'alice$', False, False],
|
['user', 'alice$', False, False],
|
||||||
|
['user', 'test group name', False, False],
|
||||||
|
['user', 'group$.-_\'`{}', False, False],
|
||||||
['ip', '172.24.41.0/24', False, False],
|
['ip', '172.24.41.0/24', False, False],
|
||||||
['ip', '1001::1001', False, True],
|
['ip', '1001::1001', False, True],
|
||||||
['ip', '1001::1000/120', False, True])
|
['ip', '1001::1000/120', False, True])
|
||||||
@ -270,7 +272,8 @@ class MiscFunctionsTest(test.TestCase):
|
|||||||
['ip', '255.255.255.265', False], ['ip', '1.1.1.0/34', False],
|
['ip', '255.255.255.265', False], ['ip', '1.1.1.0/34', False],
|
||||||
['cert', '', False], ['cephx', 'client.alice', True],
|
['cert', '', False], ['cephx', 'client.alice', True],
|
||||||
['group', 'alice', True], ['cephx', 'alice', False],
|
['group', 'alice', True], ['cephx', 'alice', False],
|
||||||
['cephx', '', True], ['user', 'bob', False],
|
['cephx', '', True], ['user', 'bob/', False],
|
||||||
|
['user', 'group<>', False], ['user', '+=*?group', False],
|
||||||
['ip', '1001::1001/256', False],
|
['ip', '1001::1001/256', False],
|
||||||
['ip', '1001:1001/256', False],)
|
['ip', '1001:1001/256', False],)
|
||||||
@ddt.unpack
|
@ddt.unpack
|
||||||
|
@ -787,8 +787,10 @@ class ShareActionsTest(test.TestCase):
|
|||||||
{'access_type': 'ip', 'access_to': '127.0.0.1'},
|
{'access_type': 'ip', 'access_to': '127.0.0.1'},
|
||||||
{'access_type': 'user', 'access_to': '1' * 4},
|
{'access_type': 'user', 'access_to': '1' * 4},
|
||||||
{'access_type': 'user', 'access_to': '1' * 255},
|
{'access_type': 'user', 'access_to': '1' * 255},
|
||||||
{'access_type': 'user', 'access_to': 'fake\\]{.-_\'`;}['},
|
{'access_type': 'user', 'access_to': 'fake{.-_\'`}'},
|
||||||
{'access_type': 'user', 'access_to': 'MYDOMAIN\\Administrator'},
|
{'access_type': 'user', 'access_to': 'MYDOMAIN-Administrator'},
|
||||||
|
{'access_type': 'user', 'access_to': 'test group name'},
|
||||||
|
{'access_type': 'user', 'access_to': 'group$.-_\'`{}'},
|
||||||
{'access_type': 'cert', 'access_to': 'x'},
|
{'access_type': 'cert', 'access_to': 'x'},
|
||||||
{'access_type': 'cert', 'access_to': 'tenant.example.com'},
|
{'access_type': 'cert', 'access_to': 'tenant.example.com'},
|
||||||
{'access_type': 'cert', 'access_to': 'x' * 64},
|
{'access_type': 'cert', 'access_to': 'x' * 64},
|
||||||
@ -821,7 +823,9 @@ class ShareActionsTest(test.TestCase):
|
|||||||
{'access_type': 'user', 'access_to': '1'},
|
{'access_type': 'user', 'access_to': '1'},
|
||||||
{'access_type': 'user', 'access_to': '1' * 3},
|
{'access_type': 'user', 'access_to': '1' * 3},
|
||||||
{'access_type': 'user', 'access_to': '1' * 256},
|
{'access_type': 'user', 'access_to': '1' * 256},
|
||||||
{'access_type': 'user', 'access_to': 'root^'},
|
{'access_type': 'user', 'access_to': 'root<>'},
|
||||||
|
{'access_type': 'user', 'access_to': 'group\\'},
|
||||||
|
{'access_type': 'user', 'access_to': '+=*?group'},
|
||||||
{'access_type': 'cert', 'access_to': ''},
|
{'access_type': 'cert', 'access_to': ''},
|
||||||
{'access_type': 'cert', 'access_to': ' '},
|
{'access_type': 'cert', 'access_to': ' '},
|
||||||
{'access_type': 'cert', 'access_to': 'x' * 65},
|
{'access_type': 'cert', 'access_to': 'x' * 65},
|
||||||
|
@ -1922,10 +1922,16 @@ class ShareActionsTest(test.TestCase):
|
|||||||
"version": "2.7"},
|
"version": "2.7"},
|
||||||
{"access": {'access_type': 'user', 'access_to': '1' * 255},
|
{"access": {'access_type': 'user', 'access_to': '1' * 255},
|
||||||
"version": "2.7"},
|
"version": "2.7"},
|
||||||
{"access": {'access_type': 'user', 'access_to': 'fake\\]{.-_\'`;}['},
|
{"access": {'access_type': 'user', 'access_to': 'fake{.-_\'`}'},
|
||||||
"version": "2.7"},
|
"version": "2.7"},
|
||||||
{"access": {'access_type': 'user',
|
{"access": {'access_type': 'user',
|
||||||
'access_to': 'MYDOMAIN\\Administrator'},
|
'access_to': 'MYDOMAIN-Administrator'},
|
||||||
|
"version": "2.7"},
|
||||||
|
{"access": {'access_type': 'user',
|
||||||
|
'access_to': 'test group name'},
|
||||||
|
"version": "2.7"},
|
||||||
|
{"access": {'access_type': 'user',
|
||||||
|
'access_to': 'group$.-_\'`{}'},
|
||||||
"version": "2.7"},
|
"version": "2.7"},
|
||||||
{"access": {'access_type': 'cert', 'access_to': 'x'},
|
{"access": {'access_type': 'cert', 'access_to': 'x'},
|
||||||
"version": "2.7"},
|
"version": "2.7"},
|
||||||
@ -1980,7 +1986,11 @@ class ShareActionsTest(test.TestCase):
|
|||||||
"version": "2.7"},
|
"version": "2.7"},
|
||||||
{"access": {'access_type': 'user', 'access_to': '1' * 256},
|
{"access": {'access_type': 'user', 'access_to': '1' * 256},
|
||||||
"version": "2.7"},
|
"version": "2.7"},
|
||||||
{"access": {'access_type': 'user', 'access_to': 'root^'},
|
{"access": {'access_type': 'user', 'access_to': 'root<>'},
|
||||||
|
"version": "2.7"},
|
||||||
|
{"access": {'access_type': 'user', 'access_to': 'group\\'},
|
||||||
|
"version": "2.7"},
|
||||||
|
{"access": {'access_type': 'user', 'access_to': '+=*?group'},
|
||||||
"version": "2.7"},
|
"version": "2.7"},
|
||||||
{"access": {'access_type': 'cert', 'access_to': ''},
|
{"access": {'access_type': 'cert', 'access_to': ''},
|
||||||
"version": "2.7"},
|
"version": "2.7"},
|
||||||
|
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- Allows the use of blank in user group name, since
|
||||||
|
the AD allow user group name to include blank.
|
Loading…
Reference in New Issue
Block a user