[pve-devel] r4904 - pve-access-control/trunk

svn-commits at proxmox.com svn-commits at proxmox.com
Fri Jul 16 08:00:02 CEST 2010


Author: dietmar
Date: 2010-07-16 06:00:01 +0000 (Fri, 16 Jul 2010)
New Revision: 4904

Modified:
   pve-access-control/trunk/AccessControl.pm
   pve-access-control/trunk/ChangeLog
Log:
	* AccessControl.pm (parse_domains): borrowed code from Storage.pm to make it
+	less fragile to syntax errors in the domains.cfg file



Modified: pve-access-control/trunk/AccessControl.pm
===================================================================
--- pve-access-control/trunk/AccessControl.pm	2010-07-15 13:29:58 UTC (rev 4903)
+++ pve-access-control/trunk/AccessControl.pm	2010-07-16 06:00:01 UTC (rev 4904)
@@ -925,6 +925,10 @@
     ident => 1, 
 };
 
+my $valid_params = {
+    server => '\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b',
+};
+
 sub modify_role {
     my ($role, $opts) = @_;
 
@@ -1233,43 +1237,62 @@
     my $ad = {};
 
     die "MODE: '$/'" if !$/;
+    while ($fh && defined (my $line = <$fh>)) {
+	chomp $line;
+	next if $line =~ m/^\#/; # skip comment lines
+	next if $line =~ m/^\s*$/; # skip empty lines
+	if ($line =~ m/^(\S+):\s*(\S+)\s*$/) {
+	    my $type = $1;
+	    my $domains = $2;
+	    my $ignore = 0;
+	    foreach my $domain (split_list($domains)) {
+		if (!parse_domain_name ($domain, 1)) {
+		    $ignore = ($ad->{domains}) ? undef : 1;
+		    warn "ignoring domain '$domain' - (invalid form)\n";
+		} elsif (($type ne "AD") && ($type ne "LDAP")) {
+		    $ignore = 1;
+		    warn "ignoring domains '$domains' - (unsupported authentication type '$type')\n";
+		} else {
+		    push @{$ad->{domains}}, ($domain);
+	    	    $ad->{type} = $type;
+		}
+	    }
 
-    if ($fh) {
-        while (defined (my $line = <$fh>)) {
-            chomp $line;
+	    while ((defined ($line = <$fh>)) && (!$ignore)) {
+		next if $line =~ m/^\#/; #skip comment lines
 
-            next if $line =~ m/^\s*$/; # skip empty lines
-            $line =~ s/^\s+//; # delete leading blanks
-            $line =~ s/\s+$//; # delete trailing blanks
-            if ($line =~ m/^\S+:\s*\S+$/) {
-                if ($ad->{domains}) {
-                    push(@$connlist, $ad);
-                    $ad = {};
-                }
-                my($type,$domains) = split (/:/, $line);
-                $domains =~ s/^\s+//;
-                die "invalid domain type line $.\n" if (($type ne "AD") && ($type ne "LDAP"));
-                foreach my $domain (split_list($domains)) {
-                    die "invalid domain $domain at line $.\n" if ($domain !~ m/^\S+\.\S+$/);
-                    push @{$ad->{domains}}, ($domain);
-                }
-                $ad->{type} = $type;
-            }
-            elsif($line =~ /^\s*(.+?)\s(.+)\s*$/)
-            {
-                if ($1 eq "server") {
-                    $ad->{$1} = $2;
-                } else {
-                    warn "ignoring invalid parameter line $.\n";
-                }
-
-            }
-        }
+		if ($line =~ m/^\s+(\S+)(\s+(.*\S))?\s*$/) {
+		    my ($k, $v) = ($1, $3);
+		    if ($valid_params->{$k}) {
+			if ($v =~ m/^$valid_params->{$k}$/) {
+			    $ad->{$k} = $v;
+			} else {
+			    warn "ignoring value '$v' for parameter '$k' - invalid format\n";
+			}
+		    } else {
+			warn "ignoring parameter '$k' - not supported\n";
+		    }
+		} else {
+		    push(@$connlist, $ad);
+		    $ad = {};
+		    last;
+		}
+	    }
+	}
     }
     push(@$connlist, $ad);
     return $connlist;
 }
 
+sub parse_domain_name {
+    my ($domainname, $noerr) = @_;
+    if ($domainname !~ m/^[A-Za-z0-9][A-Za-z0-9.-]+\.[A-Za-z]{2,}$/) {
+        return undef if $noerr;
+        die "domain name '$domainname' is formed incorrectly\n";
+    }
+    return $domainname;
+}
+
 my $user_config_cache;
 sub load_user_config {
     my ($reload) = @_;

Modified: pve-access-control/trunk/ChangeLog
===================================================================
--- pve-access-control/trunk/ChangeLog	2010-07-15 13:29:58 UTC (rev 4903)
+++ pve-access-control/trunk/ChangeLog	2010-07-16 06:00:01 UTC (rev 4904)
@@ -1,3 +1,8 @@
+2010-07-16  Seth Lauzon <seth.lauzon at gmail.com>A
+
+	* AccessControl.pm (parse_domains): borrowed code from Storage.pm to make it
+	less fragile to syntax errors in the domains.cfg file
+
 2010-07-14  Proxmox Support Team  <support at proxmox.com>
 
 	* AccessControl.pm (ldap_bind): rename to authenticate_user_ad (AD



More information about the pve-devel mailing list