rename user_enabled to check_user_enabled

[pve-access-control.git] / PVE / AccessControl.pm

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 5ba3d3930fc24146402ac69e24851efb1b7f16d1..b06ca3b2dfe7bfa87db6998d27df58852dd87845 100644 (file)
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -323,10 +323,10 @@ sub authenticate_user_domain {
     }
 }
 
-sub user_enabled {
-    my ($usercfg, $username) = @_;
+sub check_user_enabled {
+    my ($usercfg, $username, $noerr) = @_;
 
-    $username = verify_username($username, 1);
+    $username = verify_username($username, $noerr);
     return undef if !$username;
  
     return 1 if $usercfg && $usercfg->{users}->{$username} &&
@@ -334,7 +334,9 @@ sub user_enabled {
 
     return 1 if $username eq 'root@pam'; # root is always enabled
 
-    return 0;
+    die "no such user ('$username')\n" if !$noerr;
+ 
+    return undef;
 }
 
 # password should be utf8 encoded
@@ -349,9 +351,10 @@ sub authenticate_user {
 
     my $usercfg = cfs_read_file('user.cfg');
 
-    if (!user_enabled($usercfg, $username)) {
+    eval { check_user_enabled($usercfg, $username); };
+    if (my $err = $@) {
        sleep(2);
-       die "no such user ('$username')\n"
+       die $err;
     }
 
     my $ctime = time();
@@ -1040,8 +1043,6 @@ sub write_user_config {
     my $data = '';
 
     foreach my $user (keys %{$cfg->{users}}) {
-       next if $user eq 'root@pam';
-
        my $d = $cfg->{users}->{$user};
        my $firstname = $d->{firstname} ? PVE::Tools::encode_text($d->{firstname}) : '';
        my $lastname = $d->{lastname} ? PVE::Tools::encode_text($d->{lastname}) : '';