d/control: bump debhelper compat to >= 12

[pve-access-control.git] / PVE / AccessControl.pm

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index d3bc6ea78120390f02438565c0530985bbbf4c53..f7d4e7829d31885f321ca508988af4b8ee2ebeea 100644 (file)
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -892,7 +892,7 @@ sub add_role_privs {
 }
 
 sub lookup_username {
-    my ($username) = @_;
+    my ($username, $noerr) = @_;
 
     $username =~ m!^(${PVE::Auth::Plugin::user_regex})\@(${PVE::Auth::Plugin::realm_regex})$!;
 
@@ -905,7 +905,7 @@ sub lookup_username {
        my @matches = grep { lc $username eq lc $_ } (keys %{$usercfg->{users}});
 
        die "ambiguous case insensitive match of username '$username', cannot safely grant access!\n"
-           if scalar @matches > 1;
+           if scalar @matches > 1 && !$noerr;
 
        return $matches[0]
     }
@@ -929,6 +929,25 @@ sub normalize_path {
     return $path;
 }
 
+sub check_path {
+    my ($path) = @_;
+    return $path =~ m!^(
+       /
+       |/access
+       |/access/groups
+       |/access/realm
+       |/nodes
+       |/nodes/[[:alnum:]\.\-\_]+
+       |/pool
+       |/pool/[[:alnum:]\.\-\_]+
+       |/sdn
+       |/storage
+       |/storage/[[:alnum:]\.\-\_]+
+       |/vms
+       |/vms/[1-9][0-9]{2,}
+    )$!xs;
+}
+
 PVE::JSONSchema::register_format('pve-groupid', \&verify_groupname);
 sub verify_groupname {
     my ($groupname, $noerr) = @_;