proxmox-mirrors/pmg-api
1
0
Fork 0
mirror of https://git.proxmox.com/git/pmg-api synced 2025-10-06 07:34:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

utils: user schema: explicitly forbid @ in user-names

Browse Source 
PMGs terms are:
* 'userid' consists of 'username'@'realm'

without this patch it was possible to create a user through the api,
with @ in the username ('foo@bar@pmg'), and it got written to the
user-conf.
Reading that entry was not possible, as the verification on read was
stricter.

This patch forbids '@' in usernames, and additionally drops the
maxLength of 64, as 60 are already enforced by the regex pattern match
(leaving 4 as minimal length for '@pmg'/'@pam').

Potential for regression should be minimal (the users could not be
read-back from the config).

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
This commit is contained in:
Stoiko Ivanov 2025-02-26 21:58:58 +01:00 committed by Thomas Lamprecht
parent 1ad4ab089d
commit 9665bbc605
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/PMG/Utils.pm
View File

@ -49,7 +49,7 @@ postgres_admin_cmd
try_decode_utf8 try_decode_utf8
); );
my $user_regex = qr![^\s:/]+!; my $user_regex = qr![^\s:@/]+!;
PVE::JSONSchema::register_standard_option('pmg-starttime', { PVE::JSONSchema::register_standard_option('pmg-starttime', {
description => "Only consider entries newer than 'starttime' (unix epoch). Default is 'now - 1day'.", description => "Only consider entries newer than 'starttime' (unix epoch). Default is 'now - 1day'.",
@ -103,7 +103,6 @@ PVE::JSONSchema::register_standard_option('username', {
description => "Username (without realm)", description => "Username (without realm)",
type => 'string', type => 'string',
pattern => '[^\s:\/\@]{1,60}', pattern => '[^\s:\/\@]{1,60}',
maxLength => 64,
}); });
PVE::JSONSchema::register_standard_option('pmg-email-address', { PVE::JSONSchema::register_standard_option('pmg-email-address', {