* [pmg-devel] [PATCH pmg-api v2 1/2] removed SMTP from regex @ 2022-03-30 12:32 Markus Frank 2022-03-30 12:32 ` [pmg-devel] [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address Markus Frank 2022-04-04 13:33 ` [pmg-devel] applied: [PATCH pmg-api v2 1/2] removed SMTP from regex Thomas Lamprecht 0 siblings, 2 replies; 4+ messages in thread From: Markus Frank @ 2022-03-30 12:32 UTC (permalink / raw) To: pmg-devel removed "SMTP" because of lowercase function is called before. Signed-off-by: Markus Frank <m.frank@proxmox.com> --- src/PMG/LDAPCache.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/PMG/LDAPCache.pm b/src/PMG/LDAPCache.pm index df61454..19e22a4 100755 --- a/src/PMG/LDAPCache.pm +++ b/src/PMG/LDAPCache.pm @@ -160,11 +160,11 @@ sub queryusers { foreach my $mail (@{$user->{attributes}->{$attr}}) { $mail = lc($mail); # Test if the Line starts with one of the following lines: - # proxyAddresses: [smtp|SMTP]: + # proxyAddresses: [smtp]: # and also discard this starting string, so that $mail is only the # address without any other characters... - $mail =~ s/^(smtp|SMTP)[\:\$]//gs; + $mail =~ s/^smtp[\:\$]//gs; if ($mail !~ m/[\{\}\\\/]/ && $mail =~ m/^\S+\@\S+$/) { $umails->{$mail} = 1; -- 2.30.2 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [pmg-devel] [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address 2022-03-30 12:32 [pmg-devel] [PATCH pmg-api v2 1/2] removed SMTP from regex Markus Frank @ 2022-03-30 12:32 ` Markus Frank 2022-04-06 8:12 ` [pmg-devel] applied: " Thomas Lamprecht 2022-04-04 13:33 ` [pmg-devel] applied: [PATCH pmg-api v2 1/2] removed SMTP from regex Thomas Lamprecht 1 sibling, 1 reply; 4+ messages in thread From: Markus Frank @ 2022-03-30 12:32 UTC (permalink / raw) To: pmg-devel If a mail attribute contains special characters in ldap at the first line, it will be set as primary email and results in a "400 invalid format - value does not look like a valid email address" Error-Statement in the webconsole. This mostly can happen if SIP Addresses are in Active-Directory's proxyAddresses which begin with "SIP:". To make the validation more strict I changed the api to use pmg-email-address and added a regex which looks for protocolnames (sip:) that could be in proxyAddresses but are not compatible and skips these addresses. Signed-off-by: Markus Frank <m.frank@proxmox.com> --- src/PMG/API2/LDAP.pm | 5 ++--- src/PMG/LDAPCache.pm | 8 +++++++- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/PMG/API2/LDAP.pm b/src/PMG/API2/LDAP.pm index d2ee6a4..4922155 100644 --- a/src/PMG/API2/LDAP.pm +++ b/src/PMG/API2/LDAP.pm @@ -408,10 +408,9 @@ __PACKAGE__->register_method ({ description => "Profile ID.", type => 'string', format => 'pve-configid', }, - email => { + email => get_standard_option('pmg-email-address', { description => "Email address.", - type => 'string', format => 'email', - }, + }), }, }, returns => { diff --git a/src/PMG/LDAPCache.pm b/src/PMG/LDAPCache.pm index 19e22a4..7a1d812 100755 --- a/src/PMG/LDAPCache.pm +++ b/src/PMG/LDAPCache.pm @@ -166,7 +166,13 @@ sub queryusers { $mail =~ s/^smtp[\:\$]//gs; - if ($mail !~ m/[\{\}\\\/]/ && $mail =~ m/^\S+\@\S+$/) { + # exclude sip and x500 addresses in proxyAddresses + # https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/proxyaddresses-attribute-populate + if ( + $mail !~ m/[\{\}\\\/]/ && + $mail =~ m/^\S+\@\S+$/ && + $mail !~ m/^(sip|x500)[\:\$]/ + ) { $umails->{$mail} = 1; $pmail = $mail if !$pmail; } -- 2.30.2 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [pmg-devel] applied: [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address 2022-03-30 12:32 ` [pmg-devel] [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address Markus Frank @ 2022-04-06 8:12 ` Thomas Lamprecht 0 siblings, 0 replies; 4+ messages in thread From: Thomas Lamprecht @ 2022-04-06 8:12 UTC (permalink / raw) To: Markus Frank, pmg-devel On 30.03.22 14:32, Markus Frank wrote: > If a mail attribute contains special characters in ldap at the first > line, it will be set as primary email and results in a > "400 invalid format - value does not look like a valid email address" > Error-Statement in the webconsole. This mostly can happen if SIP > Addresses are in Active-Directory's proxyAddresses which begin with "SIP:". > > To make the validation more strict I changed the api to use > pmg-email-address and added a regex which looks for protocolnames (sip:) > that could be in proxyAddresses but are not compatible and skips these > addresses. > > Signed-off-by: Markus Frank <m.frank@proxmox.com> > --- > src/PMG/API2/LDAP.pm | 5 ++--- > src/PMG/LDAPCache.pm | 8 +++++++- > 2 files changed, 9 insertions(+), 4 deletions(-) > > applied, thanks! Fixed up a few (trailing/extra) whitespace errors and shortened the m$ link. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [pmg-devel] applied: [PATCH pmg-api v2 1/2] removed SMTP from regex 2022-03-30 12:32 [pmg-devel] [PATCH pmg-api v2 1/2] removed SMTP from regex Markus Frank 2022-03-30 12:32 ` [pmg-devel] [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address Markus Frank @ 2022-04-04 13:33 ` Thomas Lamprecht 1 sibling, 0 replies; 4+ messages in thread From: Thomas Lamprecht @ 2022-04-04 13:33 UTC (permalink / raw) To: Markus Frank, pmg-devel On 30.03.22 14:32, Markus Frank wrote: > removed "SMTP" because of lowercase function is called before. > > Signed-off-by: Markus Frank <m.frank@proxmox.com> > --- > src/PMG/LDAPCache.pm | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > applied, thanks! just fyi, I reworded the commit subject slightly to: "ldap cache: removed superfluous uppercase SMTP from regex" It wasn't wrong at all, but a bit more context is nice to have when browsing the online short log or `git log --oneline` like I often do for assembling relevant items for the debian/changelog file on package bump. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-04-06 8:13 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-03-30 12:32 [pmg-devel] [PATCH pmg-api v2 1/2] removed SMTP from regex Markus Frank 2022-03-30 12:32 ` [pmg-devel] [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address Markus Frank 2022-04-06 8:12 ` [pmg-devel] applied: " Thomas Lamprecht 2022-04-04 13:33 ` [pmg-devel] applied: [PATCH pmg-api v2 1/2] removed SMTP from regex Thomas Lamprecht
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox