Mostly from [0], slightly adapted due to marginally different rules due to using Net::LDAP::Util::canonical_dn() under the hood.
[0] https://lists.proxmox.com/pipermail/pve-devel/2023-May/056839.html Co-authored-by: Stefan Sterz <s.st...@proxmox.com> Signed-off-by: Christoph Heiss <c.he...@proxmox.com> --- debian/control | 1 + test/Makefile | 9 +++++++ test/ldap_dn_format_test.pl | 54 +++++++++++++++++++++++++++++++++++++ 3 files changed, 64 insertions(+) create mode 100755 test/ldap_dn_format_test.pl diff --git a/debian/control b/debian/control index 53cbb57..f59ce0d 100644 --- a/debian/control +++ b/debian/control @@ -11,6 +11,7 @@ Build-Depends: debhelper-compat (= 13), libjson-perl, liblinux-inotify2-perl, libnet-ip-perl, + libnet-ldap-perl, libnetaddr-ip-perl, libproxmox-rs-perl, libstring-shellquote-perl, diff --git a/test/Makefile b/test/Makefile index 82f40ab..5e62f12 100644 --- a/test/Makefile +++ b/test/Makefile @@ -7,6 +7,15 @@ TESTS = lock_file.test \ section_config_test.test \ api_parameter_test.test \ +TESTS := \ + lock_file.test \ + calendar_event_test.test \ + convert_size_test.test \ + procfs_tests.test \ + format_test.test \ + ldap_dn_format_test.test \ + section_config_test.test + all: .PHONY: check install clean distclean diff --git a/test/ldap_dn_format_test.pl b/test/ldap_dn_format_test.pl new file mode 100755 index 0000000..c41d324 --- /dev/null +++ b/test/ldap_dn_format_test.pl @@ -0,0 +1,54 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +use lib '../src'; +use PVE::JSONSchema; + +use Test::More; + +my @pass = ( + "ou=a", # single AttributeTypeValue + "ou=orga,dc=com,cn=name", # multiple RelativeDistinguishedNames + "STREET=a,cn=a,C=c", # single character AttributeValues + "UID=tt,cn=\"#+,;<>\\ \"", # forbidden characters are allowed when quoted + "c=\\\"\\#\\+\\;\\<\\=\\>", # specific characters allowed when escaped + "a=\\\\", # escaped backslashes are allowed + "ST=a,cn=\"Test, User\"", # allow un-escaped commas in quoted AttributeValues + "o2u=bc,cn=Test\\, User", # allow escaped commas + "T2=a #b", # spaces (' ') and '#' are allowed in the middle of AttributeValues + "word4word=ab#", # allow '#' at the end of an AttributeValue + "ou=orga+sub=ab", # allow '+' as separators for multi-valued RelativeDistinguishedName + "dc=\\f0\\Ac\\93", # allow escaping hex values in unquoted AttributeValues + "ou=", # empty AttributeValue is allowed + "ou= or", # spaces at the front of an AttributeValue are allowed + "ou=orgs ", # spaces at the end of an AttributeValue are also allowed + "ou= foo ", # combination of the two cases above + + # regression tests + "ou=adf-bd,dc=abcd+efOuId=BL:BL:sldkf:704004,dc=or,dc=com", + "gvGid=DE:8A:wordCaps,ou=Service,dc=alsdkj+abOuId=UK:A8:137100,dc=edu,dc=de", +); + +my @fail = ( + "", # no empty distinguished name + "ou=a,", # no empty AttributeTypeAndValue + "ou=a+", # no multi-valued RelativeDistinguishedName with empty second part + "ou", # missing separator and AttributeValue + "ou=+", # forbidden character '+' in AttributeValue + "ou=#value", # no '#' at the beginning an AttributeValue + "ou=\"+,;<>\\\0", # no un-escaped forbidden characters in unquoted AttributeValues + "ou=name\0", # no null value in AttributeValue + "ou=zy\\xw\\v" # no unescaped backslashes that are not escaping specific characters +); + +for my $dn (@pass) { + is(PVE::JSONSchema::verify_ldap_dn($dn, 1), $dn, 'valid LDAP DN'); +} + +for my $dn (@fail) { + is(PVE::JSONSchema::verify_ldap_dn($dn, 1), undef, 'invalid LDAP DN'); +} + +done_testing(); -- 2.41.0 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
