my $rsa_pub = get_pubkey();
if ($rsa_pub->verify($plain, decode_base64($sig))) {
- if ($plain =~ m/^PVE:(([A-Za-z0-9\.\-_]+)(\@([A-Za-z0-9\.\-_]+))?):([A-Z0-9]{8})$/) {
+ if ($plain =~ m/^PVE:(\S+):([A-Z0-9]{8})$/) {
my $username = $1;
- my $timestamp = $5;
+ my $timestamp = $2;
my $ttime = hex($timestamp);
my $age = time() - $ttime;
- if (($age > -300) && ($age < $ticket_lifetime)) {
+ if (verify_username($username, 1) &&
+ ($age > -300) && ($age < $ticket_lifetime)) {
return wantarray ? ($username, $age) : $username;
}
}
sub store_pam_password {
my ($userid, $password) = @_;
- my $cmd = ['/usr/sbin/usermod'];
+ my $cmd = ['usermod'];
my $epw = encrypt_pw($password);
push @$cmd, '-p', $epw;
push @$cmd, $userid;
- run_command($cmd);
+ run_command($cmd, errmsg => 'change password failed');
}
sub domain_set_password {
root => [],
admin => [
'VM.Config.Disk',
- 'VM.Config.CDROM', # change CDROM media
'VM.Config.CPU',
'VM.Config.Memory',
'VM.Config.Network',
'VM.Monitor',
],
user => [
+ 'VM.Config.CDROM', # change CDROM media
'VM.Console',
'VM.Backup',
'VM.PowerMgmt',
ldap => {
server1 => '[\w\d]+(.[\w\d]+)*',
server2 => '[\w\d]+(.[\w\d]+)*',
- base_dn => '\w+=[\w\s]+(,\s*\w+=[\w\s]+)*',
+ base_dn => '\w+=[^,]+(,\s*\w+=[^,]+)*',
user_attr => '\S{2,}',
secure => '',
port => '\d+',
my $realm_regex = qr/[A-Za-z][A-Za-z0-9\.\-_]+/;
+PVE::JSONSchema::register_format('pve-realm', \&pve_verify_realm);
sub pve_verify_realm {
my ($realm, $noerr) = @_;
PVE::JSONSchema::register_standard_option('realm', {
description => "Authentication domain ID",
- type => 'string', format => 'pve-configid',
+ type => 'string', format => 'pve-realm',
maxLength => 32,
});
}
foreach my $ug (split_list($uglist)) {
- if ($ug =~ m/^@(\w+)$/) {
+ if ($ug =~ m/^@(\S+)$/) {
my $group = $1;
if ($cfg->{groups}->{$group}) { # group exists
$cfg->{acl}->{$path}->{groups}->{$group}->{$role} = $propagate;