proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-07-15 01:03:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

api/users: catch existing user also on case insensitive realm

Browse Source 
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2020-09-29 07:09:51 +02:00
parent 2dd1e1d41e
commit f335d265b8
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
PVE/API2/User.pm
View File

@ -234,8 +234,9 @@ __PACKAGE__->register_method ({
my $usercfg = cfs_read_file("user.cfg");
die "user '$username' already exists\n"
if $usercfg->{users}->{$username};
# ensure "user exists" check works for case insensitive realms
$username = PVE::AccessControl::lookup_username($username, 1);
die "user '$username' already exists\n" if $usercfg->{users}->{$username};
PVE::AccessControl::domain_set_password($realm, $ruid, $param->{password})
if defined($param->{password});

4
PVE/AccessControl.pm
View File

@ -892,7 +892,7 @@ sub add_role_privs {
}
sub lookup_username {
my ($username) = @_;
my ($username, $noerr) = @_;
$username =~ m!^(${PVE::Auth::Plugin::user_regex})\@(${PVE::Auth::Plugin::realm_regex})$!;
@ -905,7 +905,7 @@ sub lookup_username {
my @matches = grep { lc $username eq lc $_ } (keys %{$usercfg->{users}});
die "ambiguous case insensitive match of username '$username', cannot safely grant access!\n"
if scalar @matches > 1;
if scalar @matches > 1 && !$noerr;
return $matches[0]
}