* [pmg-devel] [PATCH pmg-api v2] utils: verify_username: allow quarantine logins again
@ 2025-02-27 9:53 Stoiko Ivanov
2025-02-27 10:12 ` [pmg-devel] applied: " Thomas Lamprecht
0 siblings, 1 reply; 2+ messages in thread
From: Stoiko Ivanov @ 2025-02-27 9:53 UTC (permalink / raw)
To: pmg-devel
verify_username is used in many places to split into realms (the part
after the last '@') and usernames (everthing before).
The commit disallowing '@' in usernames broke quarantine login
(users login with `localpart@domainname.com@quarantine`)
Fixes: 9665bbc ("utils: user schema: explicitly forbid @ in user-names")
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
v2: drop double `;` in the PMG::API2::Users patch
src/PMG/API2/Users.pm | 2 ++
src/PMG/Utils.pm | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/PMG/API2/Users.pm b/src/PMG/API2/Users.pm
index 132783d..1cc7a33 100644
--- a/src/PMG/API2/Users.pm
+++ b/src/PMG/API2/Users.pm
@@ -126,6 +126,8 @@ __PACKAGE__->register_method ({
my ($userid, $username, $realm) = PMG::Utils::verify_username($entry->{userid});
die "invalid realm '$realm' in userid\n" if !PMG::Auth::Plugin::is_valid_realm($realm);
+ die "'@' forbidden in username\n" if $username =~/@/;
+
if ($entry->{realm}) {
die "realm parameter does not fit userid ('$entry->{realm}' != '$realm')\n"
if $entry->{realm} ne $realm;
diff --git a/src/PMG/Utils.pm b/src/PMG/Utils.pm
index 70e8317..3e7adbb 100644
--- a/src/PMG/Utils.pm
+++ b/src/PMG/Utils.pm
@@ -49,7 +49,7 @@ postgres_admin_cmd
try_decode_utf8
);
-my $user_regex = qr![^\s:@/]+!;
+my $user_regex = qr![^\s:/]+!;
PVE::JSONSchema::register_standard_option('pmg-starttime', {
description => "Only consider entries newer than 'starttime' (unix epoch). Default is 'now - 1day'.",
--
2.39.5
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
* [pmg-devel] applied: [PATCH pmg-api v2] utils: verify_username: allow quarantine logins again
2025-02-27 9:53 [pmg-devel] [PATCH pmg-api v2] utils: verify_username: allow quarantine logins again Stoiko Ivanov
@ 2025-02-27 10:12 ` Thomas Lamprecht
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2025-02-27 10:12 UTC (permalink / raw)
To: Stoiko Ivanov, pmg-devel
Am 27.02.25 um 10:53 schrieb Stoiko Ivanov:
> verify_username is used in many places to split into realms (the part
> after the last '@') and usernames (everthing before).
>
> The commit disallowing '@' in usernames broke quarantine login
> (users login with `localpart@domainname.com@quarantine`)
>
> Fixes: 9665bbc ("utils: user schema: explicitly forbid @ in user-names")
> Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
> ---
> v2: drop double `;` in the PMG::API2::Users patch
> src/PMG/API2/Users.pm | 2 ++
> src/PMG/Utils.pm | 2 +-
> 2 files changed, 3 insertions(+), 1 deletion(-)
>
>
applied, thanks!
In the long run it might be nice to fully allow @ here, but as other places
in the code base do not expect that currently disallowing it here explicitly
is OK I think.
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-02-27 10:12 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-02-27 9:53 [pmg-devel] [PATCH pmg-api v2] utils: verify_username: allow quarantine logins again Stoiko Ivanov
2025-02-27 10:12 ` [pmg-devel] applied: " Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal