[pve-devel] r4906 - pve-access-control/trunk

svn-commits at proxmox.com svn-commits at proxmox.com
Fri Jul 16 08:52:09 CEST 2010


Author: dietmar
Date: 2010-07-16 06:52:09 +0000 (Fri, 16 Jul 2010)
New Revision: 4906

Modified:
   pve-access-control/trunk/AccessControl.pm
   pve-access-control/trunk/ChangeLog
Log:
	* AccessControl.pm (authenticate_user_domain): catch special
	case ($domain eq '')
	(parse_domains): fix various bugs, allow spaces between domains,
	skip duplicate parameters



Modified: pve-access-control/trunk/AccessControl.pm
===================================================================
--- pve-access-control/trunk/AccessControl.pm	2010-07-16 06:09:56 UTC (rev 4905)
+++ pve-access-control/trunk/AccessControl.pm	2010-07-16 06:52:09 UTC (rev 4906)
@@ -549,7 +549,8 @@
     foreach my $entry (@$domain_cfg, $pam, $shadow) {
 	foreach my $doms ($entry->{domains}) {    
 	    foreach my $dom (@$doms) {
-		if ($domain =~ m/^${dom}$/) {
+		if ((!$domain && ($dom eq '')) || 
+		    ($domain && ($domain =~ m/^${dom}$/))) {
 
 		    $found = 1;
 
@@ -1261,38 +1262,51 @@
     my ($filename, $fh) = @_;
 
     my $connlist = [];
-    my $ad = {};
+    my $ad;
 
     die "MODE: '$/'" if !$/;
+
     while ($fh && defined (my $line = <$fh>)) {
 	chomp $line;
+
 	next if $line =~ m/^\#/; # skip comment lines
 	next if $line =~ m/^\s*$/; # skip empty lines
-	if ($line =~ m/^(\S+):\s*(\S+)\s*$/) {
+
+	if ($line =~ m/^(\S+):\s*(.+)\s*$/) {
 	    my $type = $1;
 	    my $domains = $2;
 	    my $ignore = 0;
-	    foreach my $domain (split_list($domains)) {
-		if (!parse_domain_name ($domain, 1)) {
-		    $ignore = ($ad->{domains}) ? undef : 1;
-		    warn "ignoring domain '$domain' - (invalid form)\n";
-		} elsif (($type ne "AD") && ($type ne "LDAP")) {
-		    $ignore = 1;
-		    warn "ignoring domains '$domains' - (unsupported authentication type '$type')\n";
-		} else {
-		    push @{$ad->{domains}}, ($domain);
-	    	    $ad->{type} = $type;
+
+	    if (($type ne "AD") && ($type ne "LDAP")) {
+		$ignore = 1;
+		warn "ignoring domains '$domains' - (unsupported authentication type '$type')\n";
+	    } else {
+		$ad = { type => $type, domains => [] };
+
+		foreach my $domain (split_list($domains)) {
+		    if (!parse_domain_name ($domain, 1)) {
+			warn "ignoring domain '$domain' - (invalid form)\n";
+		    } else {
+			push @{$ad->{domains}}, $domain;
+		    }
 		}
 	    }
 
-	    while ((defined ($line = <$fh>)) && (!$ignore)) {
+	    while (defined ($line = <$fh>)) {
 		next if $line =~ m/^\#/; #skip comment lines
+		last if $line =~ m/^\s*$/;
+		    
+		next if $ignore; # skip
 
 		if ($line =~ m/^\s+(\S+)(\s+(.*\S))?\s*$/) {
 		    my ($k, $v) = ($1, $3);
 		    if ($valid_params->{$k}) {
 			if ($v =~ m/^$valid_params->{$k}$/) {
-			    $ad->{$k} = $v;
+			    if (!defined($ad->{$k})) {
+				$ad->{$k} = $v;
+			    } else {
+				warn "ignoring duplicate parameter '$k $v'\n";
+			    }
 			} else {
 			    warn "ignoring value '$v' for parameter '$k' - invalid format\n";
 			}
@@ -1300,14 +1314,18 @@
 			warn "ignoring parameter '$k' - not supported\n";
 		    }
 		} else {
-		    push(@$connlist, $ad);
-		    $ad = {};
-		    last;
+		    warn "ignore config line: $line\n";
 		}
 	    }
+	    push(@$connlist, $ad) if !$ignore;
+	    $ad = undef
+     
+	} else {
+	    warn "ignore config line: $line\n";
+
 	}
     }
-    push(@$connlist, $ad);
+
     return $connlist;
 }
 

Modified: pve-access-control/trunk/ChangeLog
===================================================================
--- pve-access-control/trunk/ChangeLog	2010-07-16 06:09:56 UTC (rev 4905)
+++ pve-access-control/trunk/ChangeLog	2010-07-16 06:52:09 UTC (rev 4906)
@@ -1,5 +1,12 @@
-2010-07-16  Seth Lauzon <seth.lauzon at gmail.com>A
+2010-07-16  Proxmox Support Team  <support at proxmox.com>
 
+	* AccessControl.pm (authenticate_user_domain): catch special
+	case ($domain eq '')
+	(parse_domains): fix various bugs, allow spaces between domains,
+	skip duplicate parameters
+
+2010-07-16  Seth Lauzon <seth.lauzon at gmail.com>
+
 	* AccessControl.pm (parse_domains): borrowed code from Storage.pm to make it
 	less fragile to syntax errors in the domains.cfg file
 



More information about the pve-devel mailing list