On 15/01/2026 14:17, Wolfgang Bumiller wrote:
+ if (my $usercfg = $oci_config_get_checked_scalar->('User')) {This code should be factored into a separate sub.+ my ($user, $group) = $usercfg =~ /^([^:]+)(?::([^:]+))?$/ + or die "OCI config value for 'User' has an invalid format\n"; + + my $etc_passwd = "$rootdir/etc/passwd"; + my $etc_group = "$rootdir/etc/group"; + + # Scan file, match column $match_index against $match_val, return value at $ret_index + my $lookup_field = sub { + my ($file, $match_index, $match_val, $ret_index) = @_; + + open(my $fh, '<', $file) or return undef; + while (my $line = <$fh>) { + my @fields = split(/:/, $line);A subtlety about this sub is that currently the last field also includes the trailing `\n`. Should probably add a comment, or `chomp` it away, even if we currently don't use the final field via `$ret_index`.+ if (defined($fields[$match_index]) && $fields[$match_index] eq $match_val) { + return $fields[$ret_index]; + } + } + return undef; + }; + + my $get_supplementary_groups = sub { + my ($username) = @_; + + my @groups; + open(my $fh, '<', $etc_group) or return undef; + while (defined(my $line = <$fh>)) { + push @groups, $1 + if ($line =~ m/^[^:]*:[^:]*:([^:]*):(?:[^,]*,)*$username(?:,|$)/);Username comes from the outside and is only limited to not containing a colon. To use it inside a regex you'd have to quote it as `\Q$username\E`. Safer would be to do what you do in `$lookup_field` and just split on `:` then `,` then grep with `eq`.
Feedback implemented in v2: https://lore.proxmox.com/pve-devel/[email protected] _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
