From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id EE61291503 for ; Wed, 14 Feb 2024 12:56:09 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C8011365E for ; Wed, 14 Feb 2024 12:55:39 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 14 Feb 2024 12:55:39 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id CD1FC4815E for ; Wed, 14 Feb 2024 12:55:38 +0100 (CET) Date: Wed, 14 Feb 2024 12:55:37 +0100 From: Stoiko Ivanov To: Gabriel Goller Cc: pmg-devel@lists.proxmox.com Message-ID: <20240214125537.5af34979@rosa.proxmox.com> In-Reply-To: <20240214091503.16979-1-g.goller@proxmox.com> References: <20240214091503.16979-1-g.goller@proxmox.com> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.086 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [utils.pm, proxmox.com] Subject: Re: [pmg-devel] [PATCH] utils: cleanup username/userid regex and verify X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2024 11:56:10 -0000 Thanks for addressing this so promptly a few notes inline: On Wed, 14 Feb 2024 10:15:01 +0100 Gabriel Goller wrote: > Cleaned up the verify_username function and userid regex after the > recent changes to minLength have been applied [0]. > > [0]: https://lists.proxmox.com/pipermail/pmg-devel/2023-September/002521.html > > Signed-off-by: Gabriel Goller > --- > src/PMG/Utils.pm | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) > > diff --git a/src/PMG/Utils.pm b/src/PMG/Utils.pm > index 12b3ed5..8f7d438 100644 > --- a/src/PMG/Utils.pm > +++ b/src/PMG/Utils.pm > @@ -72,13 +72,12 @@ PVE::JSONSchema::register_standard_option('pmg-endtime', { > optional => 1, > }); > > -PVE::JSONSchema::register_format('pmg-userid', \&verify_username); why deregister the format here? (verify_username does a bit more than a regex match - and reusing the same verification we use in the auth-code also in the parts where the API comes in helps in not getting even more matches-almost-the-same-regexes matching auth-data) - Currently I'd rather aim to reduce those and if possible unify PMG::UserConfig::verify_entry with verify_username here as far as possible - see also: https://lists.proxmox.com/pipermail/pmg-devel/2023-March/002381.html and Fabian's follow-up to it. > sub verify_username { > my ($username, $noerr) = @_; > > $username = '' if !$username; > my $len = length($username); > - if ($len < 3) { > + if ($len < 1) { this "username" here is actually the one with the realm... e.g. root@pam vs. root - so limiting the length to 1 is too little restrictive - probably at least renaming the variable name to user_id might help in reducing confusion.. > die "user name '$username' is too short\n" if !$noerr; > return undef; > } > @@ -102,8 +101,8 @@ sub verify_username { > > PVE::JSONSchema::register_standard_option('userid', { > description => "User ID", > - type => 'string', format => 'pmg-userid', > - minLength => 4, > + type => 'string', > + pattern => '[^\s:\/]{1,60}', the pattern you add here.. > maxLength => 64, effectively sets the maxLength to 60 here (you get a different error-message if you're over 64, but still cannot enter anything over 60..) some thorough testing (especially with corner-cases) would be appreciated (not only for your direct patch) > }); >