role => {
description => "User role. Role 'root' is reseved for the Unix Superuser.",
type => 'string',
- enum => ['root', 'admin', 'qmanager', 'audit'],
+ enum => ['root', 'admin', 'helpdesk', 'qmanager', 'audit'],
},
firstname => {
description => "First name.",
optional => 1,
};
-my $verity_entry = sub {
+my $verify_entry = sub {
my ($entry) = @_;
my $errors = {};
+ my $userid = $entry->{userid};
+ if (defined(my $username = $entry->{username})) {
+ if ($userid !~ /^\Q$username\E\@/) {
+ $errors->{'username'} = 'invalid username for userid';
+ }
+ } else {
+ # make sure the username's length is checked
+ $entry->{username} = ($userid =~ s/\@.*$//r);
+ }
PVE::JSONSchema::check_prop($entry, $schema, '', $errors);
if (scalar(%$errors)) {
raise "verify entry failed\n", errors => $errors;
$d->{$k} = $+{$k} if $+{$k};
}
eval {
- $verity_entry->($d);
+ $verify_entry->($d);
$cfg->{$d->{userid}} = $d;
die "role 'root' is reserved\n"
if $d->{role} eq 'root' && $d->{userid} ne 'root@pmg';
$d->{userid} = $userid;
die "invalid userid '$userid'\n" if $userid eq 'root@pmg';
+ $verify_entry->($d);
+ $cfg->{$d->{userid}} = $d;
- eval {
- $verity_entry->($d);
- $cfg->{$d->{userid}} = $d;
-
- if ($d->{userid} ne 'root@pam') {
- die "role 'root' is reserved\n" if $d->{role} eq 'root';
- die "unable to add users for realm '$d->{realm}'\n"
- if $d->{realm} && $d->{realm} ne 'pmg';
- }
- };
- if (my $err = $@) {
- die $err;
+ if ($d->{userid} ne 'root@pam') {
+ die "role 'root' is reserved\n" if $d->{role} eq 'root';
+ die "unable to add users for realm '$d->{realm}'\n"
+ if $d->{realm} && $d->{realm} ne 'pmg';
}
my $line;