public inbox for pmg-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Markus Frank <m.frank@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [pmg-devel] [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address
Date: Wed, 30 Mar 2022 14:32:15 +0200	[thread overview]
Message-ID: <20220330123215.41926-2-m.frank@proxmox.com> (raw)
In-Reply-To: <20220330123215.41926-1-m.frank@proxmox.com>

If a mail attribute contains special characters in ldap at the first
line, it will be set as primary email and results in a
"400 invalid format - value does not look like a valid email address"
Error-Statement in the webconsole. This mostly can happen if SIP
Addresses are in Active-Directory's proxyAddresses which begin with "SIP:".

To make the validation more strict I changed the api to use
pmg-email-address and added a regex which looks for protocolnames (sip:)
that could be in proxyAddresses but are not compatible and skips these
addresses.

Signed-off-by: Markus Frank <m.frank@proxmox.com>
---
 src/PMG/API2/LDAP.pm | 5 ++---
 src/PMG/LDAPCache.pm | 8 +++++++-
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/PMG/API2/LDAP.pm b/src/PMG/API2/LDAP.pm
index d2ee6a4..4922155 100644
--- a/src/PMG/API2/LDAP.pm
+++ b/src/PMG/API2/LDAP.pm
@@ -408,10 +408,9 @@ __PACKAGE__->register_method ({
 		description => "Profile ID.",
 		type => 'string', format => 'pve-configid',
 	    },
-	    email => {
+	    email => get_standard_option('pmg-email-address', {
 		description => "Email address.",
-		type => 'string', format => 'email',
-	    },
+	    }),
 	},
     },
     returns => {
diff --git a/src/PMG/LDAPCache.pm b/src/PMG/LDAPCache.pm
index 19e22a4..7a1d812 100755
--- a/src/PMG/LDAPCache.pm
+++ b/src/PMG/LDAPCache.pm
@@ -166,7 +166,13 @@ sub queryusers {
 
 		$mail =~ s/^smtp[\:\$]//gs;
 
-		if ($mail !~ m/[\{\}\\\/]/ && $mail =~ m/^\S+\@\S+$/) {
+		# exclude sip and x500 addresses in proxyAddresses
+		# https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/proxyaddresses-attribute-populate
+		if (
+		    $mail !~ m/[\{\}\\\/]/ && 
+		    $mail =~ m/^\S+\@\S+$/ && 
+		    $mail !~  m/^(sip|x500)[\:\$]/
+		) {
 		    $umails->{$mail} = 1;
 		    $pmail = $mail if !$pmail;
 		}
-- 
2.30.2





  reply	other threads:[~2022-03-30 12:32 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-03-30 12:32 [pmg-devel] [PATCH pmg-api v2 1/2] removed SMTP from regex Markus Frank
2022-03-30 12:32 ` Markus Frank [this message]
2022-04-06  8:12   ` [pmg-devel] applied: [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address Thomas Lamprecht
2022-04-04 13:33 ` [pmg-devel] applied: [PATCH pmg-api v2 1/2] removed SMTP from regex Thomas Lamprecht

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220330123215.41926-2-m.frank@proxmox.com \
    --to=m.frank@proxmox.com \
    --cc=pmg-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal