X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=blobdiff_plain;f=PVE%2FAPI2%2FUser.pm;h=8b063641178197feecb376ecd42041e2675feca9;hp=6272cadbb1d366816ab86cec30e3ff6411cb1714;hb=930dcfc8b0cd396bb682fae4fd08f52ecc12bdf1;hpb=cb6f2f93ed18ee259ff2aae4434974fddcc53c57

diff --git a/PVE/API2/User.pm b/PVE/API2/User.pm
index 6272cad..8b06364 100644
--- a/PVE/API2/User.pm
+++ b/PVE/API2/User.pm
@@ -36,6 +36,7 @@ __PACKAGE__->register_method ({
     path => '', 
     method => 'GET',
     description => "User index.",
+    permissions => { user => 'all' },
     parameters => {
 	additionalProperties => 0,
 	properties => {
@@ -59,13 +60,17 @@ __PACKAGE__->register_method ({
     code => sub {
 	my ($param) = @_;
     
+	my $rpcenv = PVE::RPCEnvironment::get();
+	my $authuser = $rpcenv->get_user();
+
 	my $res = [];
 
 	my $usercfg = cfs_read_file("user.cfg");
  
 	foreach my $user (keys %{$usercfg->{users}}) {
-	    next if $user eq 'root';
-	    
+	    # root sees all entries, a user only sees its own entry
+	    next if $authuser ne 'root@pam' && $user ne $authuser;
+
 	    my $entry = &$extract_user_data($usercfg->{users}->{$user});
 
 	    if (defined($param->{enabled})) {
@@ -90,7 +95,7 @@ __PACKAGE__->register_method ({
    	additionalProperties => 0,
 	properties => {
 	    userid => get_standard_option('userid'),
-	    password => { type => 'string', optional => 1 },
+	    password => { type => 'string', optional => 1, minLength => 5, maxLength => 64 },
 	    groups => { type => 'string', optional => 1, format => 'pve-groupid-list'},
 	    firstname => { type => 'string', optional => 1 },
 	    lastname => { type => 'string', optional => 1 },
@@ -125,7 +130,7 @@ __PACKAGE__->register_method ({
 		    if $usercfg->{users}->{$username};
 			 
 		PVE::AccessControl::domain_set_password($realm, $ruid, $param->{password})
-		    if $param->{password};
+		    if defined($param->{password});
 
 		my $enable = defined($param->{enable}) ? $param->{enable} : 1;
 		$usercfg->{users}->{$username} = { enable => $enable };
@@ -200,7 +205,7 @@ __PACKAGE__->register_method ({
    	additionalProperties => 0,
 	properties => {
 	    userid => get_standard_option('userid'),
-	    password => { type => 'string', optional => 1 },
+	    password => { type => 'string', optional => 1, minLength => 5, maxLength => 64 },
 	    groups => { type => 'string', optional => 1,  format => 'pve-groupid-list'  },
 	    append => { 
 		type => 'boolean', 
@@ -240,14 +245,14 @@ __PACKAGE__->register_method ({
 		    if !$usercfg->{users}->{$username};
 
 		PVE::AccessControl::domain_set_password($realm, $ruid, $param->{password})
-		    if $param->{password};
+		    if defined($param->{password});
 
 		$usercfg->{users}->{$username}->{enable} = $param->{enable} if defined($param->{enable});
 
 		$usercfg->{users}->{$username}->{expire} = $param->{expire} if defined($param->{expire});
 
 		PVE::AccessControl::delete_user_group($username, $usercfg) 
-		    if (!$param->{append} && $param->{groups});
+		    if (!$param->{append} && defined($param->{groups}));
 
 		if ($param->{groups}) {
 		    foreach my $group (split_list($param->{groups})) {