From 163dc16c0bd1f0e147c89278e7a1a48d03f43750 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Mon, 13 Jan 2020 14:17:22 +0100
Subject: [PATCH] src/api2/types.rs: define PROXMOX_AUTH_REALM_SCHEMA and
 PROXMOX_USER_ID_SCHEMA

And try to use nbew schemas with config api...
---
 src/api2/config/remotes.rs |  4 ++--
 src/api2/types.rs          | 28 +++++++++++++++++++++++++++-
 src/config/remotes.rs      | 10 +++++-----
 3 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/src/api2/config/remotes.rs b/src/api2/config/remotes.rs
index 8c6dae87..a33daea6 100644
--- a/src/api2/config/remotes.rs
+++ b/src/api2/config/remotes.rs
@@ -42,10 +42,10 @@ pub fn list_remotes(
                 schema: SINGLE_LINE_COMMENT_SCHEMA,
             },
             host: {
-                schema: remotes::REMOTE_HOST_SCHEMA,
+                schema: DNS_NAME_OR_IP_SCHEMA,
             },
             userid: {
-                schema: remotes::REMOTE_USERID_SCHEMA,
+                schema: PROXMOX_USER_ID_SCHEMA,
             },
             password: {
                 schema: remotes::REMOTE_PASSWORD_SCHEMA,
diff --git a/src/api2/types.rs b/src/api2/types.rs
index 9d724415..04905c66 100644
--- a/src/api2/types.rs
+++ b/src/api2/types.rs
@@ -18,6 +18,15 @@ pub const FILENAME_FORMAT: ApiStringFormat = ApiStringFormat::VerifyFn(|name| {
 macro_rules! DNS_LABEL { () => (r"(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?)") }
 macro_rules! DNS_NAME { () => (concat!(r"(?:", DNS_LABEL!() , r"\.)*", DNS_LABEL!())) }
 
+// we only allow a limited set of characters
+// colon is not allowed, because we store usernames in
+// colon separated lists)!
+// slash is not allowed because it is used as pve API delimiter
+// also see "man useradd"
+macro_rules! USER_NAME_REGEX_STR { () => (r"(?:[^\s:/[[:cntrl:]]]+)") }
+
+macro_rules! PROXMOX_SAFE_ID_REGEX_STR {  () => (r"(?:[A-Za-z0-9_][A-Za-z0-9._\-]*)") }
+
 const_regex!{
     pub IP_FORMAT_REGEX = IPRE!();
     pub SHA256_HEX_REGEX = r"^[a-f0-9]{64}$"; // fixme: define in common_regex ?
@@ -30,7 +39,7 @@ const_regex!{
     /// contains further information why it is reasonable to restict
     /// names this way. This is not only useful for filenames, but for
     /// any identifier command line tools work with.
-    pub PROXMOX_SAFE_ID_REGEX = r"^[A-Za-z0-9_][A-Za-z0-9._\-]*";
+    pub PROXMOX_SAFE_ID_REGEX = concat!(r"^", PROXMOX_SAFE_ID_REGEX_STR!(), r"$");
 
     pub SINGLE_LINE_COMMENT_REGEX = r"^[[:^cntrl:]]*$";
 
@@ -39,6 +48,8 @@ const_regex!{
     pub DNS_NAME_REGEX =  concat!(r"^", DNS_NAME!(), r")$");
 
     pub DNS_NAME_OR_IP_REGEX = concat!(r"^", DNS_NAME!(), "|",  IPRE!(), r")$");
+
+    pub PROXMOX_USER_ID_REGEX = concat!(r"^",  USER_NAME_REGEX_STR!(), r"@", PROXMOX_SAFE_ID_REGEX_STR!(), r"$");
 }
 
 pub const SYSTEMD_DATETIME_FORMAT: ApiStringFormat =
@@ -65,6 +76,9 @@ pub const DNS_NAME_FORMAT: ApiStringFormat =
 pub const DNS_NAME_OR_IP_FORMAT: ApiStringFormat =
     ApiStringFormat::Pattern(&DNS_NAME_OR_IP_REGEX);
 
+pub const PROXMOX_USER_ID_FORMAT: ApiStringFormat =
+    ApiStringFormat::Pattern(&PROXMOX_USER_ID_REGEX);
+
 
 pub const PVE_CONFIG_DIGEST_SCHEMA: Schema = StringSchema::new(r#"\
 Prevent changes if current configuration file has different SHA256 digest.
@@ -158,6 +172,18 @@ pub const DNS_NAME_OR_IP_SCHEMA: Schema = StringSchema::new("DNS name or IP addr
     .format(&DNS_NAME_OR_IP_FORMAT)
     .schema();
 
+pub const PROXMOX_AUTH_REALM_SCHEMA: Schema = StringSchema::new("Authentication domain ID")
+    .format(&PROXMOX_SAFE_ID_FORMAT)
+    .min_length(3)
+    .max_length(32)
+    .schema();
+
+pub const PROXMOX_USER_ID_SCHEMA: Schema = StringSchema::new("User ID")
+    .format(&PROXMOX_USER_ID_FORMAT)
+    .min_length(3)
+    .max_length(64)
+    .schema();
+
 
 // Complex type definitions
 
diff --git a/src/config/remotes.rs b/src/config/remotes.rs
index e2dbfc4b..8fc26a51 100644
--- a/src/config/remotes.rs
+++ b/src/config/remotes.rs
@@ -16,9 +16,9 @@ lazy_static! {
 
 // fixme: define better schemas
 
-pub const REMOTE_HOST_SCHEMA: Schema = StringSchema::new("Host IP address or DNS name.").schema();
-pub const REMOTE_USERID_SCHEMA: Schema = StringSchema::new("User ID").schema();
-pub const REMOTE_PASSWORD_SCHEMA: Schema = StringSchema::new("Password or auth token.").schema();
+pub const REMOTE_PASSWORD_SCHEMA: Schema = StringSchema::new("Password or auth token for remote host.")
+    .max_length(1024)
+    .schema();
 
 #[api(
     properties: {
@@ -27,10 +27,10 @@ pub const REMOTE_PASSWORD_SCHEMA: Schema = StringSchema::new("Password or auth t
             schema: SINGLE_LINE_COMMENT_SCHEMA,
         },
         host: {
-            schema: REMOTE_HOST_SCHEMA,
+            schema: DNS_NAME_OR_IP_SCHEMA,
         },
         userid: {
-            schema: REMOTE_USERID_SCHEMA,
+            schema: PROXMOX_USER_ID_SCHEMA,
         },
         password: {
             schema: REMOTE_PASSWORD_SCHEMA,