[pve-devel] [PATCH access-control 1/1] fix #3748 changed regex-pattern to accept escape sequences on Comma

Markus Frank m.frank at proxmox.com
Wed Jan 19 13:21:41 CET 2022


Correction: Patch for access-control and not for container

> On 19.01.2022 13:04 markus frank <m.frank at proxmox.com> wrote:
> 
>  
> old-pattern: '\w+=[^,]+(,\s*\w+=[^,]+)*'
> the old pattern didn't allow LDAP base domain name to be like: dc=first\, second, dc=com
> new-pattern: qr(\w+=([^,\\]|\\,)+(,\s*\w+=([^,\\]|\\,)+)*),
> 
> ---
>  src/PVE/Auth/LDAP.pm | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/src/PVE/Auth/LDAP.pm b/src/PVE/Auth/LDAP.pm
> index 97d0778..ad23cb2 100755
> --- a/src/PVE/Auth/LDAP.pm
> +++ b/src/PVE/Auth/LDAP.pm
> @@ -19,7 +19,7 @@ sub properties {
>  	base_dn => {
>  	    description => "LDAP base domain name",
>  	    type => 'string',
> -	    pattern => '\w+=[^,]+(,\s*\w+=[^,]+)*',
> +	    pattern => qr(\w+=([^,\\]|\\,)+(,\s*\w+=([^,\\]|\\,)+)*),
>  	    optional => 1,
>  	    maxLength => 256,
>  	},
> @@ -33,7 +33,7 @@ sub properties {
>  	bind_dn => {
>  	    description => "LDAP bind domain name",
>  	    type => 'string',
> -	    pattern => '\w+=[^,]+(,\s*\w+=[^,]+)*',
> +	    pattern => qr(\w+=([^,\\]|\\,)+(,\s*\w+=([^,\\]|\\,)+)*),
>  	    optional => 1,
>  	    maxLength => 256,
>  	},
> @@ -91,7 +91,7 @@ sub properties {
>  	    description => "LDAP base domain name for group sync. If not set, the"
>  		." base_dn will be used.",
>  	    type => 'string',
> -	    pattern => '\w+=[^,]+(,\s*\w+=[^,]+)*',
> +	    pattern => qr(\w+=([^,\\]|\\,)+(,\s*\w+=([^,\\]|\\,)+)*),
>  	    optional => 1,
>  	    maxLength => 256,
>  	},
> -- 
> 2.30.2
> 
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel




More information about the pve-devel mailing list