From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 6EE9B91551 for ; Wed, 14 Feb 2024 14:55:30 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 520305248 for ; Wed, 14 Feb 2024 14:55:00 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 14 Feb 2024 14:54:58 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 925F8481A1 for ; Wed, 14 Feb 2024 14:54:58 +0100 (CET) Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Wed, 14 Feb 2024 14:54:57 +0100 Message-Id: Cc: From: "Gabriel Goller" To: "Stoiko Ivanov" X-Mailer: aerc 0.16.0-149-g2d8b81f619fc References: <20240214091503.16979-1-g.goller@proxmox.com> <20240214125537.5af34979@rosa.proxmox.com> In-Reply-To: <20240214125537.5af34979@rosa.proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL -0.103 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [utils.pm, proxmox.com] Subject: Re: [pmg-devel] [PATCH] utils: cleanup username/userid regex and verify X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2024 13:55:30 -0000 Thanks for the review! On Wed Feb 14, 2024 at 12:55 PM CET, Stoiko Ivanov wrote: > > diff --git a/src/PMG/Utils.pm b/src/PMG/Utils.pm > > index 12b3ed5..8f7d438 100644 > > --- a/src/PMG/Utils.pm > > +++ b/src/PMG/Utils.pm > > @@ -72,13 +72,12 @@ PVE::JSONSchema::register_standard_option('pmg-endt= ime', { > > optional =3D> 1, > > }); > > =20 > > -PVE::JSONSchema::register_format('pmg-userid', \&verify_username); > why deregister the format here? (verify_username does a bit more than a > regex match - and reusing the same verification we use in the auth-code > also in the parts where the API comes in helps in not getting even more > matches-almost-the-same-regexes matching auth-data) - Currently I'd rathe= r > aim to reduce those and if possible unify PMG::UserConfig::verify_entry > with verify_username here as far as possible - see also: > https://lists.proxmox.com/pipermail/pmg-devel/2023-March/002381.html > and Fabian's follow-up to it. Right, yeah. I readded the register_format call... Hmm how would you unify verify_entry with verify_username though? It=20 seems to me that verify_entry just splits the username from the userid=20 (if needed) then checks if the username is in the userid (which we=20 could also check in verify_username) and then calls verify_username? > > sub verify_username { > > my ($username, $noerr) =3D @_; > > =20 > > $username =3D '' if !$username; > > my $len =3D length($username); > > - if ($len < 3) { > > + if ($len < 1) { > this "username" here is actually the one with the realm... > e.g. root@pam vs. root - so limiting the length to 1 is too little > restrictive - probably at least renaming the variable name to user_id > might help in reducing confusion.. Missed this :( How about I use a min length of 5 here?=20 shortest realm (pam/pmg) + @ + shortest username =3D 5