From 6b8c7457d69e8016325b9fcda79b54d9800c349c Mon Sep 17 00:00:00 2001 From: Stoiko Ivanov Date: Thu, 27 Feb 2025 10:53:08 +0100 Subject: [PATCH] utils: verify_username: allow quarantine logins again verify_username is used in many places to split into realms (the part after the last '@') and usernames (everthing before). The commit disallowing '@' in usernames broke quarantine login (users login with `localpart@domainname.com@quarantine`) Fixes: 9665bbc ("utils: user schema: explicitly forbid @ in user-names") Signed-off-by: Stoiko Ivanov --- src/PMG/API2/Users.pm | 2 ++ src/PMG/Utils.pm | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/PMG/API2/Users.pm b/src/PMG/API2/Users.pm index 132783d..1cc7a33 100644 --- a/src/PMG/API2/Users.pm +++ b/src/PMG/API2/Users.pm @@ -126,6 +126,8 @@ __PACKAGE__->register_method ({ my ($userid, $username, $realm) = PMG::Utils::verify_username($entry->{userid}); die "invalid realm '$realm' in userid\n" if !PMG::Auth::Plugin::is_valid_realm($realm); + die "'@' forbidden in username\n" if $username =~/@/; + if ($entry->{realm}) { die "realm parameter does not fit userid ('$entry->{realm}' != '$realm')\n" if $entry->{realm} ne $realm; diff --git a/src/PMG/Utils.pm b/src/PMG/Utils.pm index 70e8317..3e7adbb 100644 --- a/src/PMG/Utils.pm +++ b/src/PMG/Utils.pm @@ -49,7 +49,7 @@ postgres_admin_cmd try_decode_utf8 ); -my $user_regex = qr![^\s:@/]+!; +my $user_regex = qr![^\s:/]+!; PVE::JSONSchema::register_standard_option('pmg-starttime', { description => "Only consider entries newer than 'starttime' (unix epoch). Default is 'now - 1day'.",