[pve-devel] [PATCH container 1/1] fix #3748 changed regex-pattern to accept escape sequences on Comma

Wed Jan 19 13:04:22 CET 2022

old-pattern: '\w+=[^,]+(,\s*\w+=[^,]+)*'
the old pattern didn't allow LDAP base domain name to be like: dc=first\, second, dc=com
new-pattern: qr(\w+=([^,\\]|\\,)+(,\s*\w+=([^,\\]|\\,)+)*),

---
 src/PVE/Auth/LDAP.pm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/PVE/Auth/LDAP.pm b/src/PVE/Auth/LDAP.pm
index 97d0778..ad23cb2 100755
--- a/src/PVE/Auth/LDAP.pm
+++ b/src/PVE/Auth/LDAP.pm
@@ -19,7 +19,7 @@ sub properties {
 	base_dn => {
 	    description => "LDAP base domain name",
 	    type => 'string',
-	    pattern => '\w+=[^,]+(,\s*\w+=[^,]+)*',
+	    pattern => qr(\w+=([^,\\]|\\,)+(,\s*\w+=([^,\\]|\\,)+)*),
 	    optional => 1,
 	    maxLength => 256,
 	},
@@ -33,7 +33,7 @@ sub properties {
 	bind_dn => {
 	    description => "LDAP bind domain name",
 	    type => 'string',
-	    pattern => '\w+=[^,]+(,\s*\w+=[^,]+)*',
+	    pattern => qr(\w+=([^,\\]|\\,)+(,\s*\w+=([^,\\]|\\,)+)*),
 	    optional => 1,
 	    maxLength => 256,
 	},
@@ -91,7 +91,7 @@ sub properties {
 	    description => "LDAP base domain name for group sync. If not set, the"
 		." base_dn will be used.",
 	    type => 'string',
-	    pattern => '\w+=[^,]+(,\s*\w+=[^,]+)*',
+	    pattern => qr(\w+=([^,\\]|\\,)+(,\s*\w+=([^,\\]|\\,)+)*),
 	    optional => 1,
 	    maxLength => 256,
 	},
-- 
2.30.2




