do not allow user names including slash

author Dietmar Maurer <dietmar@proxmox.com>

Tue, 24 Apr 2012 08:10:35 +0000 (10:10 +0200)

committer Dietmar Maurer <dietmar@proxmox.com>

Tue, 24 Apr 2012 08:10:35 +0000 (10:10 +0200)
author Dietmar Maurer <dietmar@proxmox.com>
Tue, 24 Apr 2012 08:10:35 +0000 (10:10 +0200)
committer Dietmar Maurer <dietmar@proxmox.com>
Tue, 24 Apr 2012 08:10:35 +0000 (10:10 +0200)
diff --git a/Makefile b/Makefile

index 9e3dd68c7d00717083b272e71edfebe00a845352..03310c4ff86d46f55dd4431f419a2dac012c638d 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,7 @@ RELEASE=2.0
  
  VERSION=1.0
  PACKAGE=libpve-access-control
  
  VERSION=1.0
  PACKAGE=libpve-access-control
-PKGREL=19
+PKGREL=21
  
  DESTDIR=
  PREFIX=/usr
  
  DESTDIR=
  PREFIX=/usr
diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm

index 2b7974dd6245fd44d92a9d3902c0f9cfe07c4bea..6943ed4a95feb9ea46501e0b3e9a45b0cafc9a85 100644 (file)
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -732,9 +732,12 @@ sub verify_username {
         return undef;
      }
  
         return undef;
      }
  
-    # we only allow a limited set of characters (colon is not allowed,
-    # because we store usernames in colon separated lists)!
-    if ($username =~ m/^([^\s:]+)\@(${realm_regex})$/) {
+    # we only allow a limited set of characters
+    # colon is not allowed, because we store usernames in 
+    # colon separated lists)!
+    # slash is not allowed because it is used as pve API delimiter
+    # also see "man useradd" 
+    if ($username =~ m!^([^\s:/]+)\@(${realm_regex})$!) {
         return wantarray ? ($username, $1, $2) : $username;
      }
  
         return wantarray ? ($username, $1, $2) : $username;
      }
  
diff --git a/changelog.Debian b/changelog.Debian

index 2bc47f48cff524467bfac86a49ba999e642f62e1..bc9c76f61ec70c17c34909a77c0e3ff76fb3be49 100644 (file)
--- a/changelog.Debian
+++ b/changelog.Debian
@@ -1,3 +1,15 @@
+libpve-access-control (1.0-21) unstable; urgency=low
+
+  * do not allow user names including slash
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 24 Apr 2012 10:07:47 +0200
+
+libpve-access-control (1.0-20) unstable; urgency=low
+
+  * add ability to fork cli workers in background
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 18 Apr 2012 08:28:20 +0200
+
  libpve-access-control (1.0-19) unstable; urgency=low
  
    * return set of privileges on login - can be used to adopt GUI
  libpve-access-control (1.0-19) unstable; urgency=low
  
    * return set of privileges on login - can be used to adopt GUI
author	Dietmar Maurer <dietmar@proxmox.com>
	Tue, 24 Apr 2012 08:10:35 +0000 (10:10 +0200)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Tue, 24 Apr 2012 08:10:35 +0000 (10:10 +0200)
Makefile		patch \| blob \| blame \| history
PVE/AccessControl.pm		patch \| blob \| blame \| history
changelog.Debian		patch \| blob \| blame \| history