import cfs_read_file

[pve-access-control.git] / PVE / API2 / AccessControl.pm

diff --git a/PVE/API2/AccessControl.pm b/PVE/API2/AccessControl.pm
index 3d7c80d95d602ffbfbb42e011f26cf57eadf488b..916b1674bede08534d47270d64c893501d3dab7b 100644 (file)
--- a/PVE/API2/AccessControl.pm
+++ b/PVE/API2/AccessControl.pm
@@ -5,7 +5,7 @@ use warnings;
 
 use PVE::SafeSyslog;
 use PVE::RPCEnvironment;
-use PVE::Cluster;
+use PVE::Cluster qw(cfs_read_file);
 use PVE::RESTHandler;
 use PVE::AccessControl;
 use PVE::JSONSchema qw(get_standard_option);
@@ -153,6 +153,10 @@ __PACKAGE__->register_method ({
                ($tmp eq 'root@pam' || $tmp eq $username)) {
                # got valid ticket
                # Note: root@pam can create tickets for other users
+               
+               # test if user exists and is enabled
+               my $usercfg = cfs_read_file('user.cfg');
+               die "no such user ('$username')\n" if !user_enabled($usercfg, $username);
            } else {
                $username = PVE::AccessControl::authenticate_user($username, $param->{password});
            }