Commit d0997eda authored by Nathan Ward's avatar Nathan Ward
Browse files

Error if a secret with a newline in it is presented.

I've implemented the logic like this so we can add other "illegal" chars easily if we find them.
parent 7a43a765
......@@ -42,6 +42,10 @@ define freeradius::client (
$fr_basepath = $::freeradius::params::fr_basepath
$fr_group = $::freeradius::params::fr_group
if ($secret !~ /\A[^\n]+\z/) {
fail('Secrets cannot have newlines in them')
}
file { "${fr_basepath}/clients.d/${shortname}.conf":
ensure => $ensure,
mode => '0640',
......
......@@ -24,4 +24,16 @@ describe 'freeradius::client' do
.that_requires('File[/etc/raddb/clients.d]')
.that_requires('Group[radiusd]')
end
context 'with secret containing a newline' do
let(:params) do
super().merge(
secret: "foo\nbar",
)
end
it do
is_expected.to compile.and_raise_error(%r{Secrets cannot have newlines in them})
end
end
end
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment