From: Markus Frank <m.frank@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [pmg-devel] [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address
Date: Wed, 30 Mar 2022 14:32:15 +0200 [thread overview]
Message-ID: <20220330123215.41926-2-m.frank@proxmox.com> (raw)
In-Reply-To: <20220330123215.41926-1-m.frank@proxmox.com>
If a mail attribute contains special characters in ldap at the first
line, it will be set as primary email and results in a
"400 invalid format - value does not look like a valid email address"
Error-Statement in the webconsole. This mostly can happen if SIP
Addresses are in Active-Directory's proxyAddresses which begin with "SIP:".
To make the validation more strict I changed the api to use
pmg-email-address and added a regex which looks for protocolnames (sip:)
that could be in proxyAddresses but are not compatible and skips these
addresses.
Signed-off-by: Markus Frank <m.frank@proxmox.com>
---
src/PMG/API2/LDAP.pm | 5 ++---
src/PMG/LDAPCache.pm | 8 +++++++-
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/PMG/API2/LDAP.pm b/src/PMG/API2/LDAP.pm
index d2ee6a4..4922155 100644
--- a/src/PMG/API2/LDAP.pm
+++ b/src/PMG/API2/LDAP.pm
@@ -408,10 +408,9 @@ __PACKAGE__->register_method ({
description => "Profile ID.",
type => 'string', format => 'pve-configid',
},
- email => {
+ email => get_standard_option('pmg-email-address', {
description => "Email address.",
- type => 'string', format => 'email',
- },
+ }),
},
},
returns => {
diff --git a/src/PMG/LDAPCache.pm b/src/PMG/LDAPCache.pm
index 19e22a4..7a1d812 100755
--- a/src/PMG/LDAPCache.pm
+++ b/src/PMG/LDAPCache.pm
@@ -166,7 +166,13 @@ sub queryusers {
$mail =~ s/^smtp[\:\$]//gs;
- if ($mail !~ m/[\{\}\\\/]/ && $mail =~ m/^\S+\@\S+$/) {
+ # exclude sip and x500 addresses in proxyAddresses
+ # https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/proxyaddresses-attribute-populate
+ if (
+ $mail !~ m/[\{\}\\\/]/ &&
+ $mail =~ m/^\S+\@\S+$/ &&
+ $mail !~ m/^(sip|x500)[\:\$]/
+ ) {
$umails->{$mail} = 1;
$pmail = $mail if !$pmail;
}
--
2.30.2
next prev parent reply other threads:[~2022-03-30 12:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-30 12:32 [pmg-devel] [PATCH pmg-api v2 1/2] removed SMTP from regex Markus Frank
2022-03-30 12:32 ` Markus Frank [this message]
2022-04-06 8:12 ` [pmg-devel] applied: [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address Thomas Lamprecht
2022-04-04 13:33 ` [pmg-devel] applied: [PATCH pmg-api v2 1/2] removed SMTP from regex Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220330123215.41926-2-m.frank@proxmox.com \
--to=m.frank@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox