[pve-devel] [PATCH access-control 2/2] ticket: normalize path for verification
Fabian Grünbichler
f.gruenbichler at proxmox.com
Tue Apr 13 14:16:24 CEST 2021
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
PVE/AccessControl.pm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 9d9a4bd..7949fde 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -461,6 +461,8 @@ my $assemble_short_lived_ticket = sub {
my $verify_short_lived_ticket = sub {
my ($ticket, $prefix, $username, $path, $noerr) = @_;
+ $path = normalize_path($path);
+
my $secret_data = "$username:$path";
my ($rsa_pub, $rsa_mtime) = get_pubkey();
--
2.20.1
More information about the pve-devel
mailing list