all lists on lists.proxmox.com
 help / color / mirror / Atom feed
* [pbs-devel] [PATH proxmox-backup] fix bug #3189: fix change_password permission checks, run protected
@ 2020-12-05 15:22 Dietmar Maurer
  0 siblings, 0 replies; only message in thread
From: Dietmar Maurer @ 2020-12-05 15:22 UTC (permalink / raw)
  To: pbs-devel

---
 src/api2/access.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/api2/access.rs b/src/api2/access.rs
index 3b59b3d3..2f7fb6ec 100644
--- a/src/api2/access.rs
+++ b/src/api2/access.rs
@@ -181,6 +181,7 @@ fn create_ticket(
 }
 
 #[api(
+    protected: true,
     input: {
         properties: {
             userid: {
@@ -195,7 +196,6 @@ fn create_ticket(
         description: "Anybody is allowed to change there own password. In addition, users with 'Permissions:Modify' privilege may change any password.",
         permission: &Permission::Anybody,
     },
-
 )]
 /// Change user password
 ///
@@ -215,7 +215,7 @@ fn change_password(
 
     let mut allowed = userid == current_user;
 
-    if userid == "root@pam" { allowed = true; }
+    if current_user == "root@pam" { allowed = true; }
 
     if !allowed {
         let user_info = CachedUserInfo::new()?;
-- 
2.20.1




^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2020-12-05 15:23 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-05 15:22 [pbs-devel] [PATH proxmox-backup] fix bug #3189: fix change_password permission checks, run protected Dietmar Maurer

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal