From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id E6217F9AC for ; Mon, 24 Jul 2023 11:04:51 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C5D11BDC8 for ; Mon, 24 Jul 2023 11:04:21 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Mon, 24 Jul 2023 11:04:21 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 9303B43A89 for ; Mon, 24 Jul 2023 11:04:20 +0200 (CEST) From: Christoph Heiss To: pve-devel@lists.proxmox.com Date: Mon, 24 Jul 2023 11:03:47 +0200 Message-ID: <20230724090408.221672-3-c.heiss@proxmox.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230724090408.221672-1-c.heiss@proxmox.com> References: <20230724090408.221672-1-c.heiss@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.054 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH common v2 2/5] test: add test cases for new 'ldap-dn' schema format X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jul 2023 09:04:51 -0000 Mostly from [0], slightly adapted to marginally different rules due to using Net::LDAP::Util::canonical_dn() under the hood. [0] https://lists.proxmox.com/pipermail/pve-devel/2023-May/056839.html Co-authored-by: Stefan Sterz Signed-off-by: Christoph Heiss --- Changes v1 -> v2: * Removed (accidental) duplicate `TESTS` assignment in test/Makefile debian/control | 1 + test/Makefile | 1 + test/ldap_dn_format_test.pl | 54 +++++++++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+) create mode 100755 test/ldap_dn_format_test.pl diff --git a/debian/control b/debian/control index 53cbb57..f59ce0d 100644 --- a/debian/control +++ b/debian/control @@ -11,6 +11,7 @@ Build-Depends: debhelper-compat (= 13), libjson-perl, liblinux-inotify2-perl, libnet-ip-perl, + libnet-ldap-perl, libnetaddr-ip-perl, libproxmox-rs-perl, libstring-shellquote-perl, diff --git a/test/Makefile b/test/Makefile index 82f40ab..e77ed73 100644 --- a/test/Makefile +++ b/test/Makefile @@ -4,6 +4,7 @@ TESTS = lock_file.test \ convert_size_test.test \ procfs_tests.test \ format_test.test \ + ldap_dn_format_test.test \ section_config_test.test \ api_parameter_test.test \ diff --git a/test/ldap_dn_format_test.pl b/test/ldap_dn_format_test.pl new file mode 100755 index 0000000..c41d324 --- /dev/null +++ b/test/ldap_dn_format_test.pl @@ -0,0 +1,54 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +use lib '../src'; +use PVE::JSONSchema; + +use Test::More; + +my @pass = ( + "ou=a", # single AttributeTypeValue + "ou=orga,dc=com,cn=name", # multiple RelativeDistinguishedNames + "STREET=a,cn=a,C=c", # single character AttributeValues + "UID=tt,cn=\"#+,;<>\\ \"", # forbidden characters are allowed when quoted + "c=\\\"\\#\\+\\;\\<\\=\\>", # specific characters allowed when escaped + "a=\\\\", # escaped backslashes are allowed + "ST=a,cn=\"Test, User\"", # allow un-escaped commas in quoted AttributeValues + "o2u=bc,cn=Test\\, User", # allow escaped commas + "T2=a #b", # spaces (' ') and '#' are allowed in the middle of AttributeValues + "word4word=ab#", # allow '#' at the end of an AttributeValue + "ou=orga+sub=ab", # allow '+' as separators for multi-valued RelativeDistinguishedName + "dc=\\f0\\Ac\\93", # allow escaping hex values in unquoted AttributeValues + "ou=", # empty AttributeValue is allowed + "ou= or", # spaces at the front of an AttributeValue are allowed + "ou=orgs ", # spaces at the end of an AttributeValue are also allowed + "ou= foo ", # combination of the two cases above + + # regression tests + "ou=adf-bd,dc=abcd+efOuId=BL:BL:sldkf:704004,dc=or,dc=com", + "gvGid=DE:8A:wordCaps,ou=Service,dc=alsdkj+abOuId=UK:A8:137100,dc=edu,dc=de", +); + +my @fail = ( + "", # no empty distinguished name + "ou=a,", # no empty AttributeTypeAndValue + "ou=a+", # no multi-valued RelativeDistinguishedName with empty second part + "ou", # missing separator and AttributeValue + "ou=+", # forbidden character '+' in AttributeValue + "ou=#value", # no '#' at the beginning an AttributeValue + "ou=\"+,;<>\\\0", # no un-escaped forbidden characters in unquoted AttributeValues + "ou=name\0", # no null value in AttributeValue + "ou=zy\\xw\\v" # no unescaped backslashes that are not escaping specific characters +); + +for my $dn (@pass) { + is(PVE::JSONSchema::verify_ldap_dn($dn, 1), $dn, 'valid LDAP DN'); +} + +for my $dn (@fail) { + is(PVE::JSONSchema::verify_ldap_dn($dn, 1), undef, 'invalid LDAP DN'); +} + +done_testing(); -- 2.41.0