The Net::LDAP library conveniently provides a canonical_dn() function,
which can be used to (roughly) check if a DN is valid or not. This will
be used in future changes to replace the current dreaded regex to
validate DNs.
pve-common previously already (silently) depended on the Net::LDAP
library (see PVE::LDAP), but `libnet-ldap-perl` was missing in the
control file - fix it while at it.
Signed-off-by: Christoph Heiss <c.he...@proxmox.com>
---
debian/control | 1 +
src/PVE/JSONSchema.pm | 12 ++++++++++++
2 files changed, 13 insertions(+)
diff --git a/debian/control b/debian/control
index ac4cd66..53cbb57 100644
--- a/debian/control
+++ b/debian/control
@@ -34,6 +34,7 @@ Depends: libanyevent-perl,
libmime-base32-perl,
libnet-dbus-perl,
libnet-ip-perl,
+ libnet-ldap-perl,
libnetaddr-ip-perl,
libproxmox-acme-perl,
libproxmox-rs-perl,
diff --git a/src/PVE/JSONSchema.pm b/src/PVE/JSONSchema.pm
index 7589bba..8238281 100644
--- a/src/PVE/JSONSchema.pm
+++ b/src/PVE/JSONSchema.pm
@@ -12,6 +12,7 @@ use PVE::Exception qw(raise);
use HTTP::Status qw(:constants);
use JSON;
use Net::IP qw(:PROC);
+use Net::LDAP::Util;
use Data::Dumper;
use base 'Exporter';
@@ -414,6 +415,17 @@ sub verify_ldap_simple_attr {
return undef;
}
+PVE::JSONSchema::register_format('ldap-dn', \&verify_ldap_dn);
+sub verify_ldap_dn {
+ my ($attr, $noerr) = @_;
+
+ # canonical_dn() considers emtpy strings as valid DNs, so reject them
explicitly.
+ return $attr if $attr ne '' &&
defined(Net::LDAP::Util::canonical_dn($attr));
+
+ die "value '$attr' does not look like a valid LDAP distinguished name\n"
if !$noerr;
+ return undef;
+}
+
my $ipv4_mask_hash = {
'0.0.0.0' => 0,
'128.0.0.0' => 1,
--
2.41.0
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
