utils: verify_username: allow quarantine logins again

verify_username is used in many places to split into realms (the part
after the last '@') and usernames (everthing before).

The commit disallowing '@' in usernames broke quarantine login
(users login with `localpart@domainname.com@quarantine`)

Fixes: 9665bbc ("utils: user schema: explicitly forbid @ in user-names")
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>

src/PMG/API2/Users.pm

@@ -126,6 +126,8 @@ __PACKAGE__->register_method ({
 	    my ($userid, $username, $realm) = PMG::Utils::verify_username($entry->{userid});
 	    die "invalid realm '$realm' in userid\n" if !PMG::Auth::Plugin::is_valid_realm($realm);
 
+	    die "'@' forbidden in username\n" if $username =~/@/;
+
 	    if ($entry->{realm}) {
 		die "realm parameter does not fit userid ('$entry->{realm}' != '$realm')\n"
 		    if $entry->{realm} ne $realm;

src/PMG/Utils.pm

@@ -49,7 +49,7 @@ postgres_admin_cmd
 try_decode_utf8
 );
 
-my $user_regex = qr![^\s:@/]+!;
+my $user_regex = qr![^\s:/]+!;
 
 PVE::JSONSchema::register_standard_option('pmg-starttime', {
     description => "Only consider entries newer than 'starttime' (unix epoch). Default is 'now - 1day'.",