* [pmg-devel] [PATCH pmg-api v2 1/2] removed SMTP from regex @ 2022-03-30 12:32 Markus Frank 2022-03-30 12:32 ` [pmg-devel] [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address Markus Frank 2022-04-04 13:33 ` [pmg-devel] applied: [PATCH pmg-api v2 1/2] removed SMTP from regex Thomas Lamprecht 0 siblings, 2 replies; 4+ messages in thread From: Markus Frank @ 2022-03-30 12:32 UTC (permalink / raw) To: pmg-devel removed "SMTP" because of lowercase function is called before. Signed-off-by: Markus Frank <m.frank@proxmox.com> --- src/PMG/LDAPCache.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/PMG/LDAPCache.pm b/src/PMG/LDAPCache.pm index df61454..19e22a4 100755 --- a/src/PMG/LDAPCache.pm +++ b/src/PMG/LDAPCache.pm @@ -160,11 +160,11 @@ sub queryusers { foreach my $mail (@{$user->{attributes}->{$attr}}) { $mail = lc($mail); # Test if the Line starts with one of the following lines: - # proxyAddresses: [smtp|SMTP]: + # proxyAddresses: [smtp]: # and also discard this starting string, so that $mail is only the # address without any other characters... - $mail =~ s/^(smtp|SMTP)[\:\$]//gs; + $mail =~ s/^smtp[\:\$]//gs; if ($mail !~ m/[\{\}\\\/]/ && $mail =~ m/^\S+\@\S+$/) { $umails->{$mail} = 1; -- 2.30.2 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [pmg-devel] [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address 2022-03-30 12:32 [pmg-devel] [PATCH pmg-api v2 1/2] removed SMTP from regex Markus Frank @ 2022-03-30 12:32 ` Markus Frank 2022-04-06 8:12 ` [pmg-devel] applied: " Thomas Lamprecht 2022-04-04 13:33 ` [pmg-devel] applied: [PATCH pmg-api v2 1/2] removed SMTP from regex Thomas Lamprecht 1 sibling, 1 reply; 4+ messages in thread From: Markus Frank @ 2022-03-30 12:32 UTC (permalink / raw) To: pmg-devel If a mail attribute contains special characters in ldap at the first line, it will be set as primary email and results in a "400 invalid format - value does not look like a valid email address" Error-Statement in the webconsole. This mostly can happen if SIP Addresses are in Active-Directory's proxyAddresses which begin with "SIP:". To make the validation more strict I changed the api to use pmg-email-address and added a regex which looks for protocolnames (sip:) that could be in proxyAddresses but are not compatible and skips these addresses. Signed-off-by: Markus Frank <m.frank@proxmox.com> --- src/PMG/API2/LDAP.pm | 5 ++--- src/PMG/LDAPCache.pm | 8 +++++++- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/PMG/API2/LDAP.pm b/src/PMG/API2/LDAP.pm index d2ee6a4..4922155 100644 --- a/src/PMG/API2/LDAP.pm +++ b/src/PMG/API2/LDAP.pm @@ -408,10 +408,9 @@ __PACKAGE__->register_method ({ description => "Profile ID.", type => 'string', format => 'pve-configid', }, - email => { + email => get_standard_option('pmg-email-address', { description => "Email address.", - type => 'string', format => 'email', - }, + }), }, }, returns => { diff --git a/src/PMG/LDAPCache.pm b/src/PMG/LDAPCache.pm index 19e22a4..7a1d812 100755 --- a/src/PMG/LDAPCache.pm +++ b/src/PMG/LDAPCache.pm @@ -166,7 +166,13 @@ sub queryusers { $mail =~ s/^smtp[\:\$]//gs; - if ($mail !~ m/[\{\}\\\/]/ && $mail =~ m/^\S+\@\S+$/) { + # exclude sip and x500 addresses in proxyAddresses + # https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/proxyaddresses-attribute-populate + if ( + $mail !~ m/[\{\}\\\/]/ && + $mail =~ m/^\S+\@\S+$/ && + $mail !~ m/^(sip|x500)[\:\$]/ + ) { $umails->{$mail} = 1; $pmail = $mail if !$pmail; } -- 2.30.2 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [pmg-devel] applied: [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address 2022-03-30 12:32 ` [pmg-devel] [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address Markus Frank @ 2022-04-06 8:12 ` Thomas Lamprecht 0 siblings, 0 replies; 4+ messages in thread From: Thomas Lamprecht @ 2022-04-06 8:12 UTC (permalink / raw) To: Markus Frank, pmg-devel On 30.03.22 14:32, Markus Frank wrote: > If a mail attribute contains special characters in ldap at the first > line, it will be set as primary email and results in a > "400 invalid format - value does not look like a valid email address" > Error-Statement in the webconsole. This mostly can happen if SIP > Addresses are in Active-Directory's proxyAddresses which begin with "SIP:". > > To make the validation more strict I changed the api to use > pmg-email-address and added a regex which looks for protocolnames (sip:) > that could be in proxyAddresses but are not compatible and skips these > addresses. > > Signed-off-by: Markus Frank <m.frank@proxmox.com> > --- > src/PMG/API2/LDAP.pm | 5 ++--- > src/PMG/LDAPCache.pm | 8 +++++++- > 2 files changed, 9 insertions(+), 4 deletions(-) > > applied, thanks! Fixed up a few (trailing/extra) whitespace errors and shortened the m$ link. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [pmg-devel] applied: [PATCH pmg-api v2 1/2] removed SMTP from regex 2022-03-30 12:32 [pmg-devel] [PATCH pmg-api v2 1/2] removed SMTP from regex Markus Frank 2022-03-30 12:32 ` [pmg-devel] [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address Markus Frank @ 2022-04-04 13:33 ` Thomas Lamprecht 1 sibling, 0 replies; 4+ messages in thread From: Thomas Lamprecht @ 2022-04-04 13:33 UTC (permalink / raw) To: Markus Frank, pmg-devel On 30.03.22 14:32, Markus Frank wrote: > removed "SMTP" because of lowercase function is called before. > > Signed-off-by: Markus Frank <m.frank@proxmox.com> > --- > src/PMG/LDAPCache.pm | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > applied, thanks! just fyi, I reworded the commit subject slightly to: "ldap cache: removed superfluous uppercase SMTP from regex" It wasn't wrong at all, but a bit more context is nice to have when browsing the online short log or `git log --oneline` like I often do for assembling relevant items for the debian/changelog file on package bump. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-04-06 8:13 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-03-30 12:32 [pmg-devel] [PATCH pmg-api v2 1/2] removed SMTP from regex Markus Frank 2022-03-30 12:32 ` [pmg-devel] [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address Markus Frank 2022-04-06 8:12 ` [pmg-devel] applied: " Thomas Lamprecht 2022-04-04 13:33 ` [pmg-devel] applied: [PATCH pmg-api v2 1/2] removed SMTP from regex Thomas Lamprecht
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.