[pve-devel] [PATCH common v2 2/5] test: add test cases for new 'ldap-dn' schema format

Christoph Heiss c.heiss at proxmox.com
Mon Jul 24 11:03:47 CEST 2023


Mostly from [0], slightly adapted to marginally different rules due to
using Net::LDAP::Util::canonical_dn() under the hood.

[0] https://lists.proxmox.com/pipermail/pve-devel/2023-May/056839.html

Co-authored-by: Stefan Sterz <s.sterz at proxmox.com>
Signed-off-by: Christoph Heiss <c.heiss at proxmox.com>
---
Changes v1 -> v2:
  * Removed (accidental) duplicate `TESTS` assignment in test/Makefile

 debian/control              |  1 +
 test/Makefile               |  1 +
 test/ldap_dn_format_test.pl | 54 +++++++++++++++++++++++++++++++++++++
 3 files changed, 56 insertions(+)
 create mode 100755 test/ldap_dn_format_test.pl

diff --git a/debian/control b/debian/control
index 53cbb57..f59ce0d 100644
--- a/debian/control
+++ b/debian/control
@@ -11,6 +11,7 @@ Build-Depends: debhelper-compat (= 13),
                libjson-perl,
                liblinux-inotify2-perl,
                libnet-ip-perl,
+               libnet-ldap-perl,
                libnetaddr-ip-perl,
                libproxmox-rs-perl,
                libstring-shellquote-perl,
diff --git a/test/Makefile b/test/Makefile
index 82f40ab..e77ed73 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -4,6 +4,7 @@ TESTS = lock_file.test			\
 	convert_size_test.test		\
 	procfs_tests.test		\
 	format_test.test		\
+	ldap_dn_format_test.test	\
 	section_config_test.test	\
 	api_parameter_test.test		\

diff --git a/test/ldap_dn_format_test.pl b/test/ldap_dn_format_test.pl
new file mode 100755
index 0000000..c41d324
--- /dev/null
+++ b/test/ldap_dn_format_test.pl
@@ -0,0 +1,54 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+use lib '../src';
+use PVE::JSONSchema;
+
+use Test::More;
+
+my @pass = (
+    "ou=a",			# single AttributeTypeValue
+    "ou=orga,dc=com,cn=name",	# multiple RelativeDistinguishedNames
+    "STREET=a,cn=a,C=c",	# single character AttributeValues
+    "UID=tt,cn=\"#+,;<>\\ \"",	# forbidden characters are allowed when quoted
+    "c=\\\"\\#\\+\\;\\<\\=\\>",	# specific characters allowed when escaped
+    "a=\\\\",			# escaped backslashes are allowed
+    "ST=a,cn=\"Test, User\"",	# allow un-escaped commas in quoted AttributeValues
+    "o2u=bc,cn=Test\\, User",	# allow escaped commas
+    "T2=a #b",			# spaces (' ') and '#' are allowed in the middle of AttributeValues
+    "word4word=ab#",		# allow '#' at the end of an AttributeValue
+    "ou=orga+sub=ab",		# allow '+' as separators for multi-valued RelativeDistinguishedName
+    "dc=\\f0\\Ac\\93",		# allow escaping hex values in unquoted AttributeValues
+    "ou=",			# empty AttributeValue is allowed
+    "ou= or",			# spaces at the front of an AttributeValue are allowed
+    "ou=orgs ",			# spaces at the end of an AttributeValue are also allowed
+    "ou= foo ",			# combination of the two cases above
+
+    # regression tests
+    "ou=adf-bd,dc=abcd+efOuId=BL:BL:sldkf:704004,dc=or,dc=com",
+    "gvGid=DE:8A:wordCaps,ou=Service,dc=alsdkj+abOuId=UK:A8:137100,dc=edu,dc=de",
+);
+
+my @fail = (
+    "",				# no empty distinguished name
+    "ou=a,",			# no empty AttributeTypeAndValue
+    "ou=a+",			# no multi-valued RelativeDistinguishedName with empty second part
+    "ou",			# missing separator and AttributeValue
+    "ou=+",			# forbidden character '+' in AttributeValue
+    "ou=#value",		# no '#' at the beginning an AttributeValue
+    "ou=\"+,;<>\\\0",		# no un-escaped forbidden characters in unquoted AttributeValues
+    "ou=name\0",		# no null value in AttributeValue
+    "ou=zy\\xw\\v"		# no unescaped backslashes that are not escaping specific characters
+);
+
+for my $dn (@pass) {
+    is(PVE::JSONSchema::verify_ldap_dn($dn, 1), $dn, 'valid LDAP DN');
+}
+
+for my $dn (@fail) {
+    is(PVE::JSONSchema::verify_ldap_dn($dn, 1), undef, 'invalid LDAP DN');
+}
+
+done_testing();
--
2.41.0






More information about the pve-devel mailing list