fix buf in userid-param permission check

2025-07-17 12:38:50 +00:00 · 2012-02-22 10:53:08 +01:00 · 2012-02-22 10:53:08 +01:00 · a69bbe2e7e
commit a69bbe2e7e
parent d9483d9406
3 changed files with 8 additions and 2 deletions
--- a/2
+++ b/2
@ -2,7 +2,7 @@ RELEASE=2.0

 VERSION=1.0
 PACKAGE=libpve-access-control
-PKGREL=13
+PKGREL=14

 DESTDIR=
 PREFIX=/usr
--- a/PVE/RPCEnvironment.pm
+++ b/PVE/RPCEnvironment.pm
@ -424,10 +424,10 @@ sub exec_api2_perm_check {
 	return 1;
    } elsif ($test eq 'userid-param') {
 	my ($userid, undef, $realm) = PVE::AccessControl::verify_username($param->{userid});
-	return if !$self->check_user_exist($userid, $noerr);
 	my ($t, $subtest) = @$check;
 	die "missing parameters" if !$subtest;
 	if ($subtest eq 'self') {
+	    return 0 if !$self->check_user_exist($userid, $noerr);
 	    return 1 if $username eq 'userid';
 	    return 0 if $noerr;
 	    raise_perm_exc();
--- a/changelog.Debian
+++ b/changelog.Debian
@ -1,3 +1,9 @@
+libpve-access-control (1.0-14) unstable; urgency=low
+
+  * fix buf in userid-param permission check
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 22 Feb 2012 10:52:35 +0100
+
 libpve-access-control (1.0-13) unstable; urgency=low

  * allow more characters in ldap base_dn attribute