[pve-devel] r4904 - pve-access-control/trunk
svn-commits at proxmox.com
svn-commits at proxmox.com
Fri Jul 16 08:00:02 CEST 2010
Author: dietmar
Date: 2010-07-16 06:00:01 +0000 (Fri, 16 Jul 2010)
New Revision: 4904
Modified:
pve-access-control/trunk/AccessControl.pm
pve-access-control/trunk/ChangeLog
Log:
* AccessControl.pm (parse_domains): borrowed code from Storage.pm to make it
+ less fragile to syntax errors in the domains.cfg file
Modified: pve-access-control/trunk/AccessControl.pm
===================================================================
--- pve-access-control/trunk/AccessControl.pm 2010-07-15 13:29:58 UTC (rev 4903)
+++ pve-access-control/trunk/AccessControl.pm 2010-07-16 06:00:01 UTC (rev 4904)
@@ -925,6 +925,10 @@
ident => 1,
};
+my $valid_params = {
+ server => '\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b',
+};
+
sub modify_role {
my ($role, $opts) = @_;
@@ -1233,43 +1237,62 @@
my $ad = {};
die "MODE: '$/'" if !$/;
+ while ($fh && defined (my $line = <$fh>)) {
+ chomp $line;
+ next if $line =~ m/^\#/; # skip comment lines
+ next if $line =~ m/^\s*$/; # skip empty lines
+ if ($line =~ m/^(\S+):\s*(\S+)\s*$/) {
+ my $type = $1;
+ my $domains = $2;
+ my $ignore = 0;
+ foreach my $domain (split_list($domains)) {
+ if (!parse_domain_name ($domain, 1)) {
+ $ignore = ($ad->{domains}) ? undef : 1;
+ warn "ignoring domain '$domain' - (invalid form)\n";
+ } elsif (($type ne "AD") && ($type ne "LDAP")) {
+ $ignore = 1;
+ warn "ignoring domains '$domains' - (unsupported authentication type '$type')\n";
+ } else {
+ push @{$ad->{domains}}, ($domain);
+ $ad->{type} = $type;
+ }
+ }
- if ($fh) {
- while (defined (my $line = <$fh>)) {
- chomp $line;
+ while ((defined ($line = <$fh>)) && (!$ignore)) {
+ next if $line =~ m/^\#/; #skip comment lines
- next if $line =~ m/^\s*$/; # skip empty lines
- $line =~ s/^\s+//; # delete leading blanks
- $line =~ s/\s+$//; # delete trailing blanks
- if ($line =~ m/^\S+:\s*\S+$/) {
- if ($ad->{domains}) {
- push(@$connlist, $ad);
- $ad = {};
- }
- my($type,$domains) = split (/:/, $line);
- $domains =~ s/^\s+//;
- die "invalid domain type line $.\n" if (($type ne "AD") && ($type ne "LDAP"));
- foreach my $domain (split_list($domains)) {
- die "invalid domain $domain at line $.\n" if ($domain !~ m/^\S+\.\S+$/);
- push @{$ad->{domains}}, ($domain);
- }
- $ad->{type} = $type;
- }
- elsif($line =~ /^\s*(.+?)\s(.+)\s*$/)
- {
- if ($1 eq "server") {
- $ad->{$1} = $2;
- } else {
- warn "ignoring invalid parameter line $.\n";
- }
-
- }
- }
+ if ($line =~ m/^\s+(\S+)(\s+(.*\S))?\s*$/) {
+ my ($k, $v) = ($1, $3);
+ if ($valid_params->{$k}) {
+ if ($v =~ m/^$valid_params->{$k}$/) {
+ $ad->{$k} = $v;
+ } else {
+ warn "ignoring value '$v' for parameter '$k' - invalid format\n";
+ }
+ } else {
+ warn "ignoring parameter '$k' - not supported\n";
+ }
+ } else {
+ push(@$connlist, $ad);
+ $ad = {};
+ last;
+ }
+ }
+ }
}
push(@$connlist, $ad);
return $connlist;
}
+sub parse_domain_name {
+ my ($domainname, $noerr) = @_;
+ if ($domainname !~ m/^[A-Za-z0-9][A-Za-z0-9.-]+\.[A-Za-z]{2,}$/) {
+ return undef if $noerr;
+ die "domain name '$domainname' is formed incorrectly\n";
+ }
+ return $domainname;
+}
+
my $user_config_cache;
sub load_user_config {
my ($reload) = @_;
Modified: pve-access-control/trunk/ChangeLog
===================================================================
--- pve-access-control/trunk/ChangeLog 2010-07-15 13:29:58 UTC (rev 4903)
+++ pve-access-control/trunk/ChangeLog 2010-07-16 06:00:01 UTC (rev 4904)
@@ -1,3 +1,8 @@
+2010-07-16 Seth Lauzon <seth.lauzon at gmail.com>A
+
+ * AccessControl.pm (parse_domains): borrowed code from Storage.pm to make it
+ less fragile to syntax errors in the domains.cfg file
+
2010-07-14 Proxmox Support Team <support at proxmox.com>
* AccessControl.pm (ldap_bind): rename to authenticate_user_ad (AD
More information about the pve-devel
mailing list