From 072b0e9cf9f88f11e305553b1cc50ac654e6fa9d Mon Sep 17 00:00:00 2001
From: Lukas Wagner <l.wagner@proxmox.com>
Date: Wed, 29 Mar 2023 11:22:41 +0200
Subject: [PATCH] api-types: ldap: properly anchor DN regex

Otherwise, a substring match is enough to fulfill the constraint.

Fixes: c001aca0 ("api-types: ldap: add verification regex for LDAP DNs")
Reported-by: Friedrich Weber <f.weber@proxmox.com>
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
---
 pbs-api-types/src/ldap.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pbs-api-types/src/ldap.rs b/pbs-api-types/src/ldap.rs
index eabc5249..762f560a 100644
--- a/pbs-api-types/src/ldap.rs
+++ b/pbs-api-types/src/ldap.rs
@@ -150,11 +150,11 @@ macro_rules! DOMAIN_PART_REGEX {
 
 const_regex! {
     pub LDAP_DOMAIN_REGEX = concat!(
-        r#"\w+="#,
+        r#"^\w+="#,
         DOMAIN_PART_REGEX!(),
         r#"(,\s*\w+="#,
         DOMAIN_PART_REGEX!(),
-        ")*"
+        ")*$"
     );
 }