mirror of
https://git.proxmox.com/git/pve-access-control
synced 2025-06-08 22:42:30 +00:00
rename user_enabled to check_user_enabled
And add $noerr parameter.
This commit is contained in:
Dietmar Maurer
parent
a427cecb2b
commit
7070c1aee5
@ -140,6 +140,9 @@ __PACKAGE__->register_method ({
|
|||||||
my $token;
|
my $token;
|
||||||
eval {
|
eval {
|
||||||
|
|
||||||
|
# test if user exists and is enabled
|
||||||
|
$rpcenv->check_user_enabled($username);
|
||||||
|
|
||||||
if ($param->{path} && $param->{privs}) {
|
if ($param->{path} && $param->{privs}) {
|
||||||
my $privs = [ PVE::Tools::split_list($param->{privs}) ];
|
my $privs = [ PVE::Tools::split_list($param->{privs}) ];
|
||||||
my $path = PVE::AccessControl::normalize_path($param->{path});
|
my $path = PVE::AccessControl::normalize_path($param->{path});
|
||||||
@ -154,9 +157,6 @@ __PACKAGE__->register_method ({
|
|||||||
# got valid ticket
|
# got valid ticket
|
||||||
# Note: root@pam can create tickets for other users
|
# Note: root@pam can create tickets for other users
|
||||||
|
|
||||||
# test if user exists and is enabled
|
|
||||||
my $usercfg = cfs_read_file('user.cfg');
|
|
||||||
die "no such user ('$username')\n" if !user_enabled($usercfg, $username);
|
|
||||||
} else {
|
} else {
|
||||||
$username = PVE::AccessControl::authenticate_user($username, $param->{password});
|
$username = PVE::AccessControl::authenticate_user($username, $param->{password});
|
||||||
}
|
}
|
||||||
|
|||||||
@ -323,10 +323,10 @@ sub authenticate_user_domain {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sub user_enabled {
|
sub check_user_enabled {
|
||||||
my ($usercfg, $username) = @_;
|
my ($usercfg, $username, $noerr) = @_;
|
||||||
|
|
||||||
$username = verify_username($username, 1);
|
$username = verify_username($username, $noerr);
|
||||||
return undef if !$username;
|
return undef if !$username;
|
||||||
|
|
||||||
return 1 if $usercfg && $usercfg->{users}->{$username} &&
|
return 1 if $usercfg && $usercfg->{users}->{$username} &&
|
||||||
@ -334,7 +334,9 @@ sub user_enabled {
|
|||||||
|
|
||||||
return 1 if $username eq 'root@pam'; # root is always enabled
|
return 1 if $username eq 'root@pam'; # root is always enabled
|
||||||
|
|
||||||
return 0;
|
die "no such user ('$username')\n" if !$noerr;
|
||||||
|
|
||||||
|
return undef;
|
||||||
}
|
}
|
||||||
|
|
||||||
# password should be utf8 encoded
|
# password should be utf8 encoded
|
||||||
@ -349,9 +351,10 @@ sub authenticate_user {
|
|||||||
|
|
||||||
my $usercfg = cfs_read_file('user.cfg');
|
my $usercfg = cfs_read_file('user.cfg');
|
||||||
|
|
||||||
if (!user_enabled($usercfg, $username)) {
|
eval { check_user_enabled($usercfg, $username); };
|
||||||
|
if (my $err = $@) {
|
||||||
sleep(2);
|
sleep(2);
|
||||||
die "no such user ('$username')\n";
|
die $err;
|
||||||
}
|
}
|
||||||
|
|
||||||
my $ctime = time();
|
my $ctime = time();
|
||||||
|
|||||||
@ -165,11 +165,11 @@ sub check {
|
|||||||
return 1;
|
return 1;
|
||||||
};
|
};
|
||||||
|
|
||||||
sub user_enabled {
|
sub check_user_enabled {
|
||||||
my ($self, $user) = @_;
|
my ($self, $user, $noerr) = @_;
|
||||||
|
|
||||||
my $cfg = $self->{user_cfg};
|
my $cfg = $self->{user_cfg};
|
||||||
return PVE::AccessControl::user_enabled($cfg, $user);
|
return PVE::AccessControl::check_user_enabled($cfg, $user, $noerr);
|
||||||
}
|
}
|
||||||
|
|
||||||
# initialize environment - must be called once at program startup
|
# initialize environment - must be called once at program startup
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user