And add $noerr parameter.
my $token;
eval {
+ # test if user exists and is enabled
+ $rpcenv->check_user_enabled($username);
+
if ($param->{path} && $param->{privs}) {
my $privs = [ PVE::Tools::split_list($param->{privs}) ];
my $path = PVE::AccessControl::normalize_path($param->{path});
# got valid ticket
# Note: root@pam can create tickets for other users
- # test if user exists and is enabled
- my $usercfg = cfs_read_file('user.cfg');
- die "no such user ('$username')\n" if !user_enabled($usercfg, $username);
} else {
$username = PVE::AccessControl::authenticate_user($username, $param->{password});
}
}
}
-sub user_enabled {
- my ($usercfg, $username) = @_;
+sub check_user_enabled {
+ my ($usercfg, $username, $noerr) = @_;
- $username = verify_username($username, 1);
+ $username = verify_username($username, $noerr);
return undef if !$username;
return 1 if $usercfg && $usercfg->{users}->{$username} &&
return 1 if $username eq 'root@pam'; # root is always enabled
- return 0;
+ die "no such user ('$username')\n" if !$noerr;
+
+ return undef;
}
# password should be utf8 encoded
my $usercfg = cfs_read_file('user.cfg');
- if (!user_enabled($usercfg, $username)) {
+ eval { check_user_enabled($usercfg, $username); };
+ if (my $err = $@) {
sleep(2);
- die "no such user ('$username')\n";
+ die $err;
}
my $ctime = time();
return 1;
};
-sub user_enabled {
- my ($self, $user) = @_;
+sub check_user_enabled {
+ my ($self, $user, $noerr) = @_;
my $cfg = $self->{user_cfg};
- return PVE::AccessControl::user_enabled($cfg, $user);
+ return PVE::AccessControl::check_user_enabled($cfg, $user, $noerr);
}
# initialize environment - must be called once at program startup
projects / pve-access-control.git / commitdiff