From: Christoph Heiss <c.heiss@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH access-control 1/3] access: lookup: fix undef warning for case-insensitive realms
Date: Tue, 25 Mar 2025 11:38:31 +0100 [thread overview]
Message-ID: <20250325104053.491601-2-c.heiss@proxmox.com> (raw)
In-Reply-To: <20250325104053.491601-1-c.heiss@proxmox.com>
Originally reported in the forum [0].
This is only a cosmetic fix and has no user-visible impact, just fixing
a code warning in the syslog. Applies only for case-insensitive realms
too, where Active Directory is the only type to support that.
When looking up a non-existing username on case-insensitive realms, it
currently returns `undef`, which then causes the following warning in
the syslog:
Use of uninitialized value $username in concatenation (.) or string at /usr/share/perl5/PVE/API2/AccessControl.pm line 303.
authentication failure; rhost=::ffff:10.0.0.1 user= msg=user name '' is too short
This now follows the logic from the common, case-sensitive path, to just
return the original, given username (which is then later on validated in
the auth chain).
No functional changes.
[0] https://forum.proxmox.com/threads/new-ad-realm-not-working-blank-username.157859/
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
src/PVE/AccessControl.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index 47f2d38..d1e7d56 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -1231,7 +1231,7 @@ sub lookup_username {
die "ambiguous case insensitive match of username '$username', cannot safely grant access!\n"
if scalar @matches > 1 && !$noerr;
- return $matches[0]
+ return $matches[0] if defined($matches[0]);
}
return $username;
--
2.48.1
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-03-25 10:41 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-25 10:38 [pve-devel] [PATCH access-control 0/3] fix undef warning on login " Christoph Heiss
2025-03-25 10:38 ` Christoph Heiss [this message]
2025-03-25 10:38 ` [pve-devel] [PATCH access-control 2/3] access: lookup: avoid reading user.cfg from cfs unnecessarily Christoph Heiss
2025-03-25 10:38 ` [pve-devel] [PATCH access-control 3/3] gitignore: add rules for dpkg build artifacts Christoph Heiss
2025-04-04 16:55 ` [pve-devel] applied:-series [PATCH access-control 0/3] fix undef warning on login for case-insensitive realms Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250325104053.491601-2-c.heiss@proxmox.com \
--to=c.heiss@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal