From: Dietmar Maurer <dietmar@proxmox.com>
Date: Thu, 19 Jan 2012 05:49:02 +0000 (+0100)
Subject: rename user_enabled to check_user_enabled
X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=commitdiff_plain;h=7070c1aee526ad755c7afeb632e28f2f29e27d2b

rename user_enabled to check_user_enabled

And add $noerr parameter.
---

diff --git a/PVE/API2/AccessControl.pm b/PVE/API2/AccessControl.pm
index 916b167..5967c50 100644
--- a/PVE/API2/AccessControl.pm
+++ b/PVE/API2/AccessControl.pm
@@ -140,6 +140,9 @@ __PACKAGE__->register_method ({
 	my $token;
 	eval {
 
+	    # test if user exists and is enabled
+	    $rpcenv->check_user_enabled($username);
+
 	    if ($param->{path} && $param->{privs}) {
 		my $privs = [ PVE::Tools::split_list($param->{privs}) ];
 		my $path = PVE::AccessControl::normalize_path($param->{path});
@@ -154,9 +157,6 @@ __PACKAGE__->register_method ({
 		# got valid ticket
 		# Note: root@pam can create tickets for other users
 		
-		# test if user exists and is enabled
-		my $usercfg = cfs_read_file('user.cfg');
-		die "no such user ('$username')\n" if !user_enabled($usercfg, $username);
 	    } else {
 		$username = PVE::AccessControl::authenticate_user($username, $param->{password});
 	    }
diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 9396537..b06ca3b 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -323,10 +323,10 @@ sub authenticate_user_domain {
     }
 }
 
-sub user_enabled {
-    my ($usercfg, $username) = @_;
+sub check_user_enabled {
+    my ($usercfg, $username, $noerr) = @_;
 
-    $username = verify_username($username, 1);
+    $username = verify_username($username, $noerr);
     return undef if !$username;
  
     return 1 if $usercfg && $usercfg->{users}->{$username} &&
@@ -334,7 +334,9 @@ sub user_enabled {
 
     return 1 if $username eq 'root@pam'; # root is always enabled
 
-    return 0;
+    die "no such user ('$username')\n" if !$noerr;
+ 
+    return undef;
 }
 
 # password should be utf8 encoded
@@ -349,9 +351,10 @@ sub authenticate_user {
 
     my $usercfg = cfs_read_file('user.cfg');
 
-    if (!user_enabled($usercfg, $username)) {
+    eval { check_user_enabled($usercfg, $username); };
+    if (my $err = $@) {
 	sleep(2);
-	die "no such user ('$username')\n";
+	die $err;
     }
 
     my $ctime = time();
diff --git a/PVE/RPCEnvironment.pm b/PVE/RPCEnvironment.pm
index f65a776..19276ba 100644
--- a/PVE/RPCEnvironment.pm
+++ b/PVE/RPCEnvironment.pm
@@ -165,11 +165,11 @@ sub check {
     return 1;
 };
 
-sub user_enabled {
-    my ($self, $user) = @_;
+sub check_user_enabled {
+    my ($self, $user, $noerr) = @_;
     
     my $cfg = $self->{user_cfg};
-    return PVE::AccessControl::user_enabled($cfg, $user);
+    return PVE::AccessControl::check_user_enabled($cfg, $user, $noerr);
 }
 
 # initialize environment - must be called once at program startup