Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
my $usercfg = cfs_read_file("user.cfg");
- die "user '$username' already exists\n"
- if $usercfg->{users}->{$username};
+ # ensure "user exists" check works for case insensitive realms
+ $username = PVE::AccessControl::lookup_username($username, 1);
+ die "user '$username' already exists\n" if $usercfg->{users}->{$username};
PVE::AccessControl::domain_set_password($realm, $ruid, $param->{password})
if defined($param->{password});
}
sub lookup_username {
- my ($username) = @_;
+ my ($username, $noerr) = @_;
$username =~ m!^(${PVE::Auth::Plugin::user_regex})\@(${PVE::Auth::Plugin::realm_regex})$!;
my @matches = grep { lc $username eq lc $_ } (keys %{$usercfg->{users}});
die "ambiguous case insensitive match of username '$username', cannot safely grant access!\n"
- if scalar @matches > 1;
+ if scalar @matches > 1 && !$noerr;
return $matches[0]
}