From: Stoiko Ivanov Date: Thu, 14 Mar 2019 17:20:45 +0000 (+0100) Subject: fix #2129: allow (some) filters for dnsbl-entry X-Git-Url: https://git.proxmox.com/?p=pmg-api.git;a=commitdiff_plain;h=9f165e3febb56cb6e0241e5d1749b070b9be2d78 fix #2129: allow (some) filters for dnsbl-entry currently we only handle dnsbl-sites with optional , but postfix also allows for an optional (which dns-answers to interpret as hit) [0]. The regex is extended to also allow for a filter with singular answers, as well as ranges ([0..255])for each octet. Filters relying on 'lists' of numbers split by ';' break the use of JSONSchema's '-list' format matching (it uses split_list, which splits on ';') and were thus excluded. [0] http://www.postfix.org/postconf.5.html#postscreen_dnsbl_sites Signed-off-by: Stoiko Ivanov --- diff --git a/PMG/Config.pm b/PMG/Config.pm index 21bc204..b2e1c6c 100755 --- a/PMG/Config.pm +++ b/PMG/Config.pm @@ -715,10 +715,15 @@ PVE::JSONSchema::register_format( sub pmg_verify_dnsbl_entry { my ($name, $noerr) = @_; - # like dns-name, but can contain trailing weight: 'domain*' + # like dns-name, but can contain trailing filter and weight: 'domain=*' + # see http://www.postfix.org/postconf.5.html#postscreen_dnsbl_sites + # we don't implement the ';' separated numbers in pattern, because this + # breaks at PVE::JSONSchema::split_list my $namere = "([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?)"; - if ($name !~ /^(${namere}\.)*${namere}(\*\-?\d+)?$/) { + my $dnsbloctet = qr/[0-9]+|\[(?:[0-9]+\.\.[0-9]+)\]/; + my $filterre = qr/=$dnsbloctet(:?\.$dnsbloctet){3}/; + if ($name !~ /^(${namere}\.)*${namere}(:?${filterre})?(?:\*\-?\d+)?$/) { return undef if $noerr; die "value '$name' does not look like a valid dnsbl entry\n"; }