From 9665bbc605e30fd4a1ace9f00d551425deb20abc Mon Sep 17 00:00:00 2001 From: Stoiko Ivanov Date: Wed, 26 Feb 2025 21:58:58 +0100 Subject: [PATCH] utils: user schema: explicitly forbid @ in user-names PMGs terms are: * 'userid' consists of 'username'@'realm' without this patch it was possible to create a user through the api, with @ in the username ('foo@bar@pmg'), and it got written to the user-conf. Reading that entry was not possible, as the verification on read was stricter. This patch forbids '@' in usernames, and additionally drops the maxLength of 64, as 60 are already enforced by the regex pattern match (leaving 4 as minimal length for '@pmg'/'@pam'). Potential for regression should be minimal (the users could not be read-back from the config). Signed-off-by: Stoiko Ivanov --- src/PMG/Utils.pm | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/PMG/Utils.pm b/src/PMG/Utils.pm index c187f93..70e8317 100644 --- a/src/PMG/Utils.pm +++ b/src/PMG/Utils.pm @@ -49,7 +49,7 @@ postgres_admin_cmd try_decode_utf8 ); -my $user_regex = qr![^\s:/]+!; +my $user_regex = qr![^\s:@/]+!; PVE::JSONSchema::register_standard_option('pmg-starttime', { description => "Only consider entries newer than 'starttime' (unix epoch). Default is 'now - 1day'.", @@ -103,7 +103,6 @@ PVE::JSONSchema::register_standard_option('username', { description => "Username (without realm)", type => 'string', pattern => '[^\s:\/\@]{1,60}', - maxLength => 64, }); PVE::JSONSchema::register_standard_option('pmg-email-address', {