[pve-devel] [PATCH access-control 2/2] ticket: normalize path for verification
Fabian Grünbichler
f.gruenbichler at proxmox.com
Fri Nov 5 14:03:44 CET 2021
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
src/PVE/AccessControl.pm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index dfd3af5..a80ed74 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -457,6 +457,8 @@ my $assemble_short_lived_ticket = sub {
my $verify_short_lived_ticket = sub {
my ($ticket, $prefix, $username, $path, $noerr) = @_;
+ $path = normalize_path($path);
+
my $secret_data = "$username:$path";
my ($rsa_pub, $rsa_mtime) = get_pubkey();
--
2.30.2
More information about the pve-devel
mailing list