X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=blobdiff_plain;f=PVE%2FAccessControl.pm;h=2b7974dd6245fd44d92a9d3902c0f9cfe07c4bea;hp=c9d8e4e5b466482eab954c673784e94962a803cc;hb=dd2cfee072b8ebe8280595b250dafdb2786297af;hpb=cc7bdf33772cb790ae53e6cb6161c8b9058fa717 diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm index c9d8e4e..2b7974d 100644 --- a/PVE/AccessControl.pm +++ b/PVE/AccessControl.pm @@ -156,14 +156,15 @@ sub verify_ticket { my $rsa_pub = get_pubkey(); if ($rsa_pub->verify($plain, decode_base64($sig))) { - if ($plain =~ m/^PVE:(([A-Za-z0-9\.\-_]+)(\@([A-Za-z0-9\.\-_]+))?):([A-Z0-9]{8})$/) { + if ($plain =~ m/^PVE:(\S+):([A-Z0-9]{8})$/) { my $username = $1; - my $timestamp = $5; + my $timestamp = $2; my $ttime = hex($timestamp); my $age = time() - $ttime; - if (($age > -300) && ($age < $ticket_lifetime)) { + if (verify_username($username, 1) && + ($age > -300) && ($age < $ticket_lifetime)) { return wantarray ? ($username, $age) : $username; } } @@ -463,14 +464,14 @@ sub encrypt_pw { sub store_pam_password { my ($userid, $password) = @_; - my $cmd = ['/usr/sbin/usermod']; + my $cmd = ['usermod']; my $epw = encrypt_pw($password); push @$cmd, '-p', $epw; push @$cmd, $userid; - run_command($cmd); + run_command($cmd, errmsg => 'change password failed'); } sub domain_set_password {