From fc21d002f5713f7028e6fbaccbcc341ce92937ca Mon Sep 17 00:00:00 2001
From: John Mulligan <jmulligan@redhat.com>
Date: Thu, 2 May 2024 16:41:15 -0400
Subject: [PATCH] mgr/smb: add validation funcs for custom parameter
 dictionaries

Custom parameter dictionaries will be used to pass options to samba
config without much filtering and control by the smb mgr module. Because
the risks that it entails the user must "agree" that using these options
can break their setup with a "magic" key-value pair.
This pair will be filtered out of the eventual data passed to samba.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
---
 src/pybind/mgr/smb/validation.py | 43 ++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/src/pybind/mgr/smb/validation.py b/src/pybind/mgr/smb/validation.py
index 3e04650dea9..bd7c6f211cd 100644
--- a/src/pybind/mgr/smb/validation.py
+++ b/src/pybind/mgr/smb/validation.py
@@ -1,3 +1,5 @@
+from typing import Dict, Optional
+
 import posixpath
 import re
 
@@ -60,3 +62,44 @@ def check_path(value: str) -> None:
     """Raise ValueError if value is not a valid share path."""
     if not valid_path(value):
         raise ValueError(f'{value!r} is not a valid share path')
+
+
+CUSTOM_CAUTION_KEY = '_allow_customization'
+CUSTOM_CAUTION_VALUE = (
+    'i-take-responsibility-for-all-samba-configuration-errors'
+)
+
+
+def check_custom_options(opts: Optional[Dict[str, str]]) -> None:
+    """Raise ValueError if a custom configuration options dict is not valid."""
+    if opts is None:
+        return
+    if opts.get(CUSTOM_CAUTION_KEY) != CUSTOM_CAUTION_VALUE:
+        raise ValueError(
+            'options lack custom override permission key and value'
+            f' (review documentation pertaining to {CUSTOM_CAUTION_KEY})'
+        )
+    for key, value in opts.items():
+        if '[' in key or ']' in key:
+            raise ValueError(
+                f'custom option key may not contain square brackets: {key!r}'
+            )
+        if '\n' in key:
+            raise ValueError(
+                f'custom option key may not contain newlines: {key!r}'
+            )
+        if '\n' in value:
+            raise ValueError(
+                f'custom option value may not contain newlines: {key!r}'
+            )
+
+
+def clean_custom_options(
+    opts: Optional[Dict[str, str]]
+) -> Optional[Dict[str, str]]:
+    """Return a version of the custom options dictionary cleaned of special
+    validation parameters.
+    """
+    if opts is None:
+        return None
+    return {k: v for k, v in opts.items() if k != CUSTOM_CAUTION_KEY}
-- 
2.39.5