[pve-devel] [PATCH access-control 1/3] access: lookup: fix undef warning for case-insensitive realms

Christoph Heiss c.heiss at proxmox.com
Tue Mar 25 11:38:31 CET 2025


Originally reported in the forum [0].

This is only a cosmetic fix and has no user-visible impact, just fixing
a code warning in the syslog. Applies only for case-insensitive realms
too, where Active Directory is the only type to support that.

When looking up a non-existing username on case-insensitive realms, it
currently returns `undef`, which then causes the following warning in
the syslog:

  Use of uninitialized value $username in concatenation (.) or string at /usr/share/perl5/PVE/API2/AccessControl.pm line 303.
  authentication failure; rhost=::ffff:10.0.0.1 user= msg=user name '' is too short

This now follows the logic from the common, case-sensitive path, to just
return the original, given username (which is then later on validated in
the auth chain).

No functional changes.

[0] https://forum.proxmox.com/threads/new-ad-realm-not-working-blank-username.157859/

Signed-off-by: Christoph Heiss <c.heiss at proxmox.com>
---
 src/PVE/AccessControl.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index 47f2d38..d1e7d56 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -1231,7 +1231,7 @@ sub lookup_username {
 	die "ambiguous case insensitive match of username '$username', cannot safely grant access!\n"
 	    if scalar @matches > 1 && !$noerr;
 
-	return $matches[0]
+	return $matches[0] if defined($matches[0]);
     }
 
     return $username;
-- 
2.48.1





More information about the pve-devel mailing list