[pmg-devel] [PATCH pmg-api v2 2/2] fix #3924: ldap: accept only valid email-address
Markus Frank
m.frank at proxmox.com
Wed Mar 30 14:32:15 CEST 2022
If a mail attribute contains special characters in ldap at the first
line, it will be set as primary email and results in a
"400 invalid format - value does not look like a valid email address"
Error-Statement in the webconsole. This mostly can happen if SIP
Addresses are in Active-Directory's proxyAddresses which begin with "SIP:".
To make the validation more strict I changed the api to use
pmg-email-address and added a regex which looks for protocolnames (sip:)
that could be in proxyAddresses but are not compatible and skips these
addresses.
Signed-off-by: Markus Frank <m.frank at proxmox.com>
---
src/PMG/API2/LDAP.pm | 5 ++---
src/PMG/LDAPCache.pm | 8 +++++++-
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/PMG/API2/LDAP.pm b/src/PMG/API2/LDAP.pm
index d2ee6a4..4922155 100644
--- a/src/PMG/API2/LDAP.pm
+++ b/src/PMG/API2/LDAP.pm
@@ -408,10 +408,9 @@ __PACKAGE__->register_method ({
description => "Profile ID.",
type => 'string', format => 'pve-configid',
},
- email => {
+ email => get_standard_option('pmg-email-address', {
description => "Email address.",
- type => 'string', format => 'email',
- },
+ }),
},
},
returns => {
diff --git a/src/PMG/LDAPCache.pm b/src/PMG/LDAPCache.pm
index 19e22a4..7a1d812 100755
--- a/src/PMG/LDAPCache.pm
+++ b/src/PMG/LDAPCache.pm
@@ -166,7 +166,13 @@ sub queryusers {
$mail =~ s/^smtp[\:\$]//gs;
- if ($mail !~ m/[\{\}\\\/]/ && $mail =~ m/^\S+\@\S+$/) {
+ # exclude sip and x500 addresses in proxyAddresses
+ # https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/proxyaddresses-attribute-populate
+ if (
+ $mail !~ m/[\{\}\\\/]/ &&
+ $mail =~ m/^\S+\@\S+$/ &&
+ $mail !~ m/^(sip|x500)[\:\$]/
+ ) {
$umails->{$mail} = 1;
$pmail = $mail if !$pmail;
}
--
2.30.2
More information about the pmg-devel
mailing list