From: Markus Frank <m.frank@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [pmg-devel] [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address
Date: Wed, 30 Mar 2022 14:32:15 +0200 [thread overview]
Message-ID: <20220330123215.41926-2-m.frank@proxmox.com> (raw)
In-Reply-To: <20220330123215.41926-1-m.frank@proxmox.com>
If a mail attribute contains special characters in ldap at the first
line, it will be set as primary email and results in a
"400 invalid format - value does not look like a valid email address"
Error-Statement in the webconsole. This mostly can happen if SIP
Addresses are in Active-Directory's proxyAddresses which begin with "SIP:".
To make the validation more strict I changed the api to use
pmg-email-address and added a regex which looks for protocolnames (sip:)
that could be in proxyAddresses but are not compatible and skips these
addresses.
Signed-off-by: Markus Frank <m.frank@proxmox.com>
---
src/PMG/API2/LDAP.pm | 5 ++---
src/PMG/LDAPCache.pm | 8 +++++++-
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/PMG/API2/LDAP.pm b/src/PMG/API2/LDAP.pm
index d2ee6a4..4922155 100644
--- a/src/PMG/API2/LDAP.pm
+++ b/src/PMG/API2/LDAP.pm
@@ -408,10 +408,9 @@ __PACKAGE__->register_method ({
description => "Profile ID.",
type => 'string', format => 'pve-configid',
},
- email => {
+ email => get_standard_option('pmg-email-address', {
description => "Email address.",
- type => 'string', format => 'email',
- },
+ }),
},
},
returns => {
diff --git a/src/PMG/LDAPCache.pm b/src/PMG/LDAPCache.pm
index 19e22a4..7a1d812 100755
--- a/src/PMG/LDAPCache.pm
+++ b/src/PMG/LDAPCache.pm
@@ -166,7 +166,13 @@ sub queryusers {
$mail =~ s/^smtp[\:\$]//gs;
- if ($mail !~ m/[\{\}\\\/]/ && $mail =~ m/^\S+\@\S+$/) {
+ # exclude sip and x500 addresses in proxyAddresses
+ # https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/proxyaddresses-attribute-populate
+ if (
+ $mail !~ m/[\{\}\\\/]/ &&
+ $mail =~ m/^\S+\@\S+$/ &&
+ $mail !~ m/^(sip|x500)[\:\$]/
+ ) {
$umails->{$mail} = 1;
$pmail = $mail if !$pmail;
}
--
2.30.2
next prev parent reply other threads:[~2022-03-30 12:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-30 12:32 [pmg-devel] [PATCH pmg-api v2 1/2] removed SMTP from regex Markus Frank
2022-03-30 12:32 ` Markus Frank [this message]
2022-04-06 8:12 ` [pmg-devel] applied: [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address Thomas Lamprecht
2022-04-04 13:33 ` [pmg-devel] applied: [PATCH pmg-api v2 1/2] removed SMTP from regex Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220330123215.41926-2-m.frank@proxmox.com \
--to=m.frank@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.