From: Christoph Heiss <c.heiss@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH access-control 1/3] access: lookup: fix undef warning for case-insensitive realms
Date: Tue, 25 Mar 2025 11:38:31 +0100 [thread overview]
Message-ID: <20250325104053.491601-2-c.heiss@proxmox.com> (raw)
In-Reply-To: <20250325104053.491601-1-c.heiss@proxmox.com>
Originally reported in the forum [0].
This is only a cosmetic fix and has no user-visible impact, just fixing
a code warning in the syslog. Applies only for case-insensitive realms
too, where Active Directory is the only type to support that.
When looking up a non-existing username on case-insensitive realms, it
currently returns `undef`, which then causes the following warning in
the syslog:
Use of uninitialized value $username in concatenation (.) or string at /usr/share/perl5/PVE/API2/AccessControl.pm line 303.
authentication failure; rhost=::ffff:10.0.0.1 user= msg=user name '' is too short
This now follows the logic from the common, case-sensitive path, to just
return the original, given username (which is then later on validated in
the auth chain).
No functional changes.
[0] https://forum.proxmox.com/threads/new-ad-realm-not-working-blank-username.157859/
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
src/PVE/AccessControl.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index 47f2d38..d1e7d56 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -1231,7 +1231,7 @@ sub lookup_username {
die "ambiguous case insensitive match of username '$username', cannot safely grant access!\n"
if scalar @matches > 1 && !$noerr;
- return $matches[0]
+ return $matches[0] if defined($matches[0]);
}
return $username;
--
2.48.1
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-03-25 10:41 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-25 10:38 [pve-devel] [PATCH access-control 0/3] fix undef warning on login " Christoph Heiss
2025-03-25 10:38 ` Christoph Heiss [this message]
2025-03-25 10:38 ` [pve-devel] [PATCH access-control 2/3] access: lookup: avoid reading user.cfg from cfs unnecessarily Christoph Heiss
2025-03-25 10:38 ` [pve-devel] [PATCH access-control 3/3] gitignore: add rules for dpkg build artifacts Christoph Heiss
2025-04-04 16:55 ` [pve-devel] applied:-series [PATCH access-control 0/3] fix undef warning on login for case-insensitive realms Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250325104053.491601-2-c.heiss@proxmox.com \
--to=c.heiss@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal