[pve-devel] [PATCH access-control] api: domains: fix setting only the realm authentication password

Christoph Heiss c.heiss at proxmox.com
Thu Jul 20 16:48:47 CEST 2023

Previously, if one tried to only update e.g. the bind password for an
LDAP realm, it would fail with an rather unhelpful error message:

  # pveum realm modify ldap -password foo
  update auth server failed: no options specified

The root cause was that the `password` parameter was removed early from
the parameter object, which than would fail the check whether it is
empty or not.

Thus, additionally check if only `password` was specified and if so,
allow it.

Reported-by: Friedrich Weber <f.weber at proxmox.com>
Signed-off-by: Christoph Heiss <c.heiss at proxmox.com>
 src/PVE/API2/Domains.pm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/PVE/API2/Domains.pm b/src/PVE/API2/Domains.pm
index aa8e716..9332aa7 100644
--- a/src/PVE/API2/Domains.pm
+++ b/src/PVE/API2/Domains.pm
@@ -203,7 +203,8 @@ __PACKAGE__->register_method ({
 		    if !$ids->{$realm};

 		my $delete_str = extract_param($param, 'delete');
-		die "no options specified\n" if !$delete_str && !scalar(keys %$param);
+		die "no options specified\n"
+		    if !$delete_str && !scalar(keys %$param) && !defined($password);

 		my $delete_pw = 0;
 		foreach my $opt (PVE::Tools::split_list($delete_str)) {

More information about the pve-devel mailing list