From: Christoph Heiss <c.heiss@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH common v2 2/5] test: add test cases for new 'ldap-dn' schema format
Date: Mon, 24 Jul 2023 11:03:47 +0200 [thread overview]
Message-ID: <20230724090408.221672-3-c.heiss@proxmox.com> (raw)
In-Reply-To: <20230724090408.221672-1-c.heiss@proxmox.com>
Mostly from [0], slightly adapted to marginally different rules due to
using Net::LDAP::Util::canonical_dn() under the hood.
[0] https://lists.proxmox.com/pipermail/pve-devel/2023-May/056839.html
Co-authored-by: Stefan Sterz <s.sterz@proxmox.com>
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
Changes v1 -> v2:
* Removed (accidental) duplicate `TESTS` assignment in test/Makefile
debian/control | 1 +
test/Makefile | 1 +
test/ldap_dn_format_test.pl | 54 +++++++++++++++++++++++++++++++++++++
3 files changed, 56 insertions(+)
create mode 100755 test/ldap_dn_format_test.pl
diff --git a/debian/control b/debian/control
index 53cbb57..f59ce0d 100644
--- a/debian/control
+++ b/debian/control
@@ -11,6 +11,7 @@ Build-Depends: debhelper-compat (= 13),
libjson-perl,
liblinux-inotify2-perl,
libnet-ip-perl,
+ libnet-ldap-perl,
libnetaddr-ip-perl,
libproxmox-rs-perl,
libstring-shellquote-perl,
diff --git a/test/Makefile b/test/Makefile
index 82f40ab..e77ed73 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -4,6 +4,7 @@ TESTS = lock_file.test \
convert_size_test.test \
procfs_tests.test \
format_test.test \
+ ldap_dn_format_test.test \
section_config_test.test \
api_parameter_test.test \
diff --git a/test/ldap_dn_format_test.pl b/test/ldap_dn_format_test.pl
new file mode 100755
index 0000000..c41d324
--- /dev/null
+++ b/test/ldap_dn_format_test.pl
@@ -0,0 +1,54 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+use lib '../src';
+use PVE::JSONSchema;
+
+use Test::More;
+
+my @pass = (
+ "ou=a", # single AttributeTypeValue
+ "ou=orga,dc=com,cn=name", # multiple RelativeDistinguishedNames
+ "STREET=a,cn=a,C=c", # single character AttributeValues
+ "UID=tt,cn=\"#+,;<>\\ \"", # forbidden characters are allowed when quoted
+ "c=\\\"\\#\\+\\;\\<\\=\\>", # specific characters allowed when escaped
+ "a=\\\\", # escaped backslashes are allowed
+ "ST=a,cn=\"Test, User\"", # allow un-escaped commas in quoted AttributeValues
+ "o2u=bc,cn=Test\\, User", # allow escaped commas
+ "T2=a #b", # spaces (' ') and '#' are allowed in the middle of AttributeValues
+ "word4word=ab#", # allow '#' at the end of an AttributeValue
+ "ou=orga+sub=ab", # allow '+' as separators for multi-valued RelativeDistinguishedName
+ "dc=\\f0\\Ac\\93", # allow escaping hex values in unquoted AttributeValues
+ "ou=", # empty AttributeValue is allowed
+ "ou= or", # spaces at the front of an AttributeValue are allowed
+ "ou=orgs ", # spaces at the end of an AttributeValue are also allowed
+ "ou= foo ", # combination of the two cases above
+
+ # regression tests
+ "ou=adf-bd,dc=abcd+efOuId=BL:BL:sldkf:704004,dc=or,dc=com",
+ "gvGid=DE:8A:wordCaps,ou=Service,dc=alsdkj+abOuId=UK:A8:137100,dc=edu,dc=de",
+);
+
+my @fail = (
+ "", # no empty distinguished name
+ "ou=a,", # no empty AttributeTypeAndValue
+ "ou=a+", # no multi-valued RelativeDistinguishedName with empty second part
+ "ou", # missing separator and AttributeValue
+ "ou=+", # forbidden character '+' in AttributeValue
+ "ou=#value", # no '#' at the beginning an AttributeValue
+ "ou=\"+,;<>\\\0", # no un-escaped forbidden characters in unquoted AttributeValues
+ "ou=name\0", # no null value in AttributeValue
+ "ou=zy\\xw\\v" # no unescaped backslashes that are not escaping specific characters
+);
+
+for my $dn (@pass) {
+ is(PVE::JSONSchema::verify_ldap_dn($dn, 1), $dn, 'valid LDAP DN');
+}
+
+for my $dn (@fail) {
+ is(PVE::JSONSchema::verify_ldap_dn($dn, 1), undef, 'invalid LDAP DN');
+}
+
+done_testing();
--
2.41.0
next prev parent reply other threads:[~2023-07-24 9:04 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-24 9:03 [pve-devel] [PATCH common/access-control v2 0/5] improve LDAP DN and bind creds checking on creation/change Christoph Heiss
2023-07-24 9:03 ` [pve-devel] [PATCH common v2 1/5] schema: add `ldap-dn` format for validating LDAP distinguished names Christoph Heiss
2023-07-24 9:03 ` Christoph Heiss [this message]
2023-07-24 9:03 ` [pve-devel] [PATCH common v2 3/5] ldap: handle errors explicitly everywhere instead of simply `die`ing Christoph Heiss
2023-07-24 9:03 ` [pve-devel] [PATCH access-control v2 4/5] ldap: validate LDAP DNs using the `ldap-dn` schema format Christoph Heiss
2023-07-24 9:03 ` [pve-devel] [PATCH access-control v2 5/5] ldap: check bind credentials with LDAP directory directly on change Christoph Heiss
2023-07-24 13:18 ` [pve-devel] [PATCH common/access-control v2 0/5] improve LDAP DN and bind creds checking on creation/change Friedrich Weber
2023-07-27 9:54 ` Lukas Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230724090408.221672-3-c.heiss@proxmox.com \
--to=c.heiss@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal