Proxmox/pve-access-control
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-access-control.git synced 2025-01-20 14:03:43 +03:00
Code Releases Activity

fix realm sync permissions

Browse Source 
The userid-* permission check variants work on
$param->{userid} directly which does not exist for this
call. Also, they work on the realm of the user being
checked, rather than the realm provided as parameter.

The result was that as non-root user this always failed
with the message "userid '' too short"

Fix this by making the check explicitly work like in the
description.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2021-12-20 11:31:15 +01:00 committed by Thomas Lamprecht
parent 2974aa3345
commit 0c50321183
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/PVE/API2/Domains.pm
View File

@ -397,8 +397,8 @@ __PACKAGE__->register_method ({
description => "'Realm.AllocateUser' on '/access/realm/<realm>' and "
." 'User.Modify' permissions to '/access/groups/'.",
check => [ 'and',
[ 'userid-param', 'Realm.AllocateUser' ],
[ 'userid-group', ['User.Modify'] ],
['perm', '/access/realm/{realm}', ['Realm.AllocateUser']],
['perm', '/access/groups', ['User.Modify']],
],
},
description => "Syncs users and/or groups from the configured LDAP to user.cfg."