[pve-devel] applied: [PATCH access-control 1/1] fix #4609: allow valid DN in ldap/ad realm config

Thomas Lamprecht t.lamprecht at proxmox.com
Thu Mar 23 15:49:52 CET 2023


Am 23/03/2023 um 14:14 schrieb Dominik Csapak:
> we previously added support for ',' in the dns attribute by allowing a
> quoted format. the regex was sadly too restrictive:
> 
> in a quoted attribute we'd only allow \w (alphanumeric + _) and the
> restricted characters. this patch now changes that to everything
> except " (nearer to the original regex which allowed everything aside
> from ',')
> 
> the unquoted attributes now did not allow spaces, but reading the RFC[0]
> again, spaces are only forbidden at the beginning (also #) and end
> so fix the regex to accommodate for that
> 
> Fixes 1aa2355 ("ldap: Allow quoted values for DN attribute values")
> 
> 0: https://www.ietf.org/rfc/rfc2253.txt
> 
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
>  src/PVE/Auth/LDAP.pm | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
>

applied, with Friedrich's T-b, a small fixup that adds space to the not allowed
characters at the end of the single character branch of the regex like talked
off-list and a bit of rewording of the commit message, thanks!





More information about the pve-devel mailing list