From a6f00d43131e16464bc3843244e76f20dcd73173 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Mon, 19 Aug 2024 00:48:13 +0200 Subject: [PATCH 1/2] Ensure user/db prefix has a `_` behind it --- src/core/protocol/server_responses.rs | 2 ++ src/server/input_sanitization.rs | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/core/protocol/server_responses.rs b/src/core/protocol/server_responses.rs index e5f56ec..e883ad4 100644 --- a/src/core/protocol/server_responses.rs +++ b/src/core/protocol/server_responses.rs @@ -76,6 +76,7 @@ impl OwnerValidationError { indoc! {r#" Invalid {} name prefix: '{}' does not match your username or any of your groups. Are you sure you are allowed to create {} names with this prefix? + The format should be: _<{} name> Allowed prefixes: - {} @@ -84,6 +85,7 @@ impl OwnerValidationError { db_or_user.lowercased(), name, db_or_user.lowercased(), + db_or_user.lowercased(), user.as_ref() .map(|u| u.username.clone()) .unwrap_or("???".to_string()), diff --git a/src/server/input_sanitization.rs b/src/server/input_sanitization.rs index 3026f05..bd6dd22 100644 --- a/src/server/input_sanitization.rs +++ b/src/server/input_sanitization.rs @@ -45,7 +45,7 @@ pub fn validate_ownership_by_prefixes( if prefixes .iter() - .filter(|p| name.starts_with(*p)) + .filter(|p| name.starts_with(&(p.to_string() + "_"))) .collect::>() .is_empty() { -- 2.44.2 From 5d049390b88f2c81faffb2ef1447a00d782acf0e Mon Sep 17 00:00:00 2001 From: h7x4 Date: Mon, 19 Aug 2024 00:49:20 +0200 Subject: [PATCH 2/2] `passwd-user`: check for user existence before password input --- src/cli/user_command.rs | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/src/cli/user_command.rs b/src/cli/user_command.rs index 2a5eaf3..fb10c28 100644 --- a/src/cli/user_command.rs +++ b/src/cli/user_command.rs @@ -6,7 +6,8 @@ use futures_util::{SinkExt, StreamExt}; use crate::core::protocol::{ print_create_users_output_status, print_drop_users_output_status, print_lock_users_output_status, print_set_password_output_status, - print_unlock_users_output_status, ClientToServerMessageStream, Request, Response, + print_unlock_users_output_status, ClientToServerMessageStream, ListUsersError, Request, + Response, }; use super::common::erroneous_server_response; @@ -207,6 +208,28 @@ async fn passwd_user( args: UserPasswdArgs, mut server_connection: ClientToServerMessageStream, ) -> anyhow::Result<()> { + // TODO: create a "user" exists check" command + let message = Request::ListUsers(Some(vec![args.username.clone()])); + if let Err(err) = server_connection.send(message).await { + server_connection.close().await.ok(); + anyhow::bail!(err); + } + let response = match server_connection.next().await { + Some(Ok(Response::ListUsers(users))) => users, + response => return erroneous_server_response(response), + }; + match response + .get(&args.username) + .unwrap_or(&Err(ListUsersError::UserDoesNotExist)) + { + Ok(_) => {} + Err(err) => { + server_connection.send(Request::Exit).await?; + server_connection.close().await.ok(); + anyhow::bail!("{}", err.to_error_message(&args.username)); + } + } + let password = if let Some(password_file) = args.password_file { std::fs::read_to_string(password_file) .context("Failed to read password file")? -- 2.44.2