[pve-devel] [PATCH common v2 2/5] test: add test cases for new 'ldap-dn' schema format
Christoph Heiss
c.heiss at proxmox.com
Mon Jul 24 11:03:47 CEST 2023
Mostly from [0], slightly adapted to marginally different rules due to
using Net::LDAP::Util::canonical_dn() under the hood.
[0] https://lists.proxmox.com/pipermail/pve-devel/2023-May/056839.html
Co-authored-by: Stefan Sterz <s.sterz at proxmox.com>
Signed-off-by: Christoph Heiss <c.heiss at proxmox.com>
---
Changes v1 -> v2:
* Removed (accidental) duplicate `TESTS` assignment in test/Makefile
debian/control | 1 +
test/Makefile | 1 +
test/ldap_dn_format_test.pl | 54 +++++++++++++++++++++++++++++++++++++
3 files changed, 56 insertions(+)
create mode 100755 test/ldap_dn_format_test.pl
diff --git a/debian/control b/debian/control
index 53cbb57..f59ce0d 100644
--- a/debian/control
+++ b/debian/control
@@ -11,6 +11,7 @@ Build-Depends: debhelper-compat (= 13),
libjson-perl,
liblinux-inotify2-perl,
libnet-ip-perl,
+ libnet-ldap-perl,
libnetaddr-ip-perl,
libproxmox-rs-perl,
libstring-shellquote-perl,
diff --git a/test/Makefile b/test/Makefile
index 82f40ab..e77ed73 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -4,6 +4,7 @@ TESTS = lock_file.test \
convert_size_test.test \
procfs_tests.test \
format_test.test \
+ ldap_dn_format_test.test \
section_config_test.test \
api_parameter_test.test \
diff --git a/test/ldap_dn_format_test.pl b/test/ldap_dn_format_test.pl
new file mode 100755
index 0000000..c41d324
--- /dev/null
+++ b/test/ldap_dn_format_test.pl
@@ -0,0 +1,54 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+use lib '../src';
+use PVE::JSONSchema;
+
+use Test::More;
+
+my @pass = (
+ "ou=a", # single AttributeTypeValue
+ "ou=orga,dc=com,cn=name", # multiple RelativeDistinguishedNames
+ "STREET=a,cn=a,C=c", # single character AttributeValues
+ "UID=tt,cn=\"#+,;<>\\ \"", # forbidden characters are allowed when quoted
+ "c=\\\"\\#\\+\\;\\<\\=\\>", # specific characters allowed when escaped
+ "a=\\\\", # escaped backslashes are allowed
+ "ST=a,cn=\"Test, User\"", # allow un-escaped commas in quoted AttributeValues
+ "o2u=bc,cn=Test\\, User", # allow escaped commas
+ "T2=a #b", # spaces (' ') and '#' are allowed in the middle of AttributeValues
+ "word4word=ab#", # allow '#' at the end of an AttributeValue
+ "ou=orga+sub=ab", # allow '+' as separators for multi-valued RelativeDistinguishedName
+ "dc=\\f0\\Ac\\93", # allow escaping hex values in unquoted AttributeValues
+ "ou=", # empty AttributeValue is allowed
+ "ou= or", # spaces at the front of an AttributeValue are allowed
+ "ou=orgs ", # spaces at the end of an AttributeValue are also allowed
+ "ou= foo ", # combination of the two cases above
+
+ # regression tests
+ "ou=adf-bd,dc=abcd+efOuId=BL:BL:sldkf:704004,dc=or,dc=com",
+ "gvGid=DE:8A:wordCaps,ou=Service,dc=alsdkj+abOuId=UK:A8:137100,dc=edu,dc=de",
+);
+
+my @fail = (
+ "", # no empty distinguished name
+ "ou=a,", # no empty AttributeTypeAndValue
+ "ou=a+", # no multi-valued RelativeDistinguishedName with empty second part
+ "ou", # missing separator and AttributeValue
+ "ou=+", # forbidden character '+' in AttributeValue
+ "ou=#value", # no '#' at the beginning an AttributeValue
+ "ou=\"+,;<>\\\0", # no un-escaped forbidden characters in unquoted AttributeValues
+ "ou=name\0", # no null value in AttributeValue
+ "ou=zy\\xw\\v" # no unescaped backslashes that are not escaping specific characters
+);
+
+for my $dn (@pass) {
+ is(PVE::JSONSchema::verify_ldap_dn($dn, 1), $dn, 'valid LDAP DN');
+}
+
+for my $dn (@fail) {
+ is(PVE::JSONSchema::verify_ldap_dn($dn, 1), undef, 'invalid LDAP DN');
+}
+
+done_testing();
--
2.41.0
More information about the pve-devel
mailing list