From: Hannes Laimer <h.laimer@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup 3/5] fix #4382: api2: remove permissions and tokens of user on deletion
Date: Tue, 20 Dec 2022 15:57:12 +0100 [thread overview]
Message-ID: <20221220145714.63985-4-h.laimer@proxmox.com> (raw)
In-Reply-To: <20221220145714.63985-1-h.laimer@proxmox.com>
Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
---
src/api2/access/user.rs | 24 +++++++++++++++++++++++-
1 file changed, 23 insertions(+), 1 deletion(-)
diff --git a/src/api2/access/user.rs b/src/api2/access/user.rs
index ce676252..40177c8d 100644
--- a/src/api2/access/user.rs
+++ b/src/api2/access/user.rs
@@ -346,7 +346,7 @@ pub fn update_user(
)]
/// Remove a user from the configuration file.
pub fn delete_user(userid: Userid, digest: Option<String>) -> Result<(), Error> {
- let _lock = pbs_config::user::lock_config()?;
+ let _user_lock = pbs_config::user::lock_config()?;
let _tfa_lock = crate::config::tfa::write_lock()?;
let (mut config, expected_digest) = pbs_config::user::config()?;
@@ -390,6 +390,28 @@ pub fn delete_user(userid: Userid, digest: Option<String>) -> Result<(), Error>
}
}
+ // delete_token needs the user config lock, therefore we have to drop it here
+ drop(_user_lock);
+
+ let user_tokens: Vec<ApiToken> = config
+ .convert_to_typed_array::<ApiToken>("token")?
+ .into_iter()
+ .filter(|token| token.tokenid.user().eq(&userid))
+ .collect();
+ for token in user_tokens {
+ if let Some(name) = token.tokenid.tokenname() {
+ let user = token.tokenid.user();
+ delete_token(user.clone(), name.to_owned(), None)?
+ }
+ }
+
+ // delete_token needs the acl config lock, that's why it is not aquired at the beginning
+ let _acl_lock = pbs_config::acl::lock_config()?;
+
+ let (mut tree, _digest) = pbs_config::acl::config()?;
+ tree.delete_authid(&Authid::from(userid));
+ pbs_config::acl::save_config(&tree)?;
+
Ok(())
}
--
2.30.2
next prev parent reply other threads:[~2022-12-20 14:57 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-20 14:57 [pbs-devel] [PATCH proxmox-backup 0/5] ACL removal on user/token deletion + token regeneration Hannes Laimer
2022-12-20 14:57 ` [pbs-devel] [PATCH proxmox-backup 1/5] pbs-config: add delete_authid to ACL-tree Hannes Laimer
2022-12-20 14:57 ` [pbs-devel] [PATCH proxmox-backup 2/5] fix #4382: api2: remove permissions of token on deletion Hannes Laimer
2022-12-20 14:57 ` Hannes Laimer [this message]
2022-12-21 9:23 ` [pbs-devel] [PATCH proxmox-backup 3/5] fix #4382: api2: remove permissions and tokens of user " Thomas Lamprecht
2022-12-20 14:57 ` [pbs-devel] [PATCH proxmox-backup 4/5] fix #3887: api2: add regenerate token endpoint Hannes Laimer
2022-12-21 9:56 ` Thomas Lamprecht
2022-12-21 10:53 ` Fabian Grünbichler
2022-12-21 13:06 ` Thomas Lamprecht
2022-12-20 14:57 ` [pbs-devel] [PATCH proxmox-backup 5/5] fix #3887: ui: add regenerate token button Hannes Laimer
2022-12-21 11:04 ` Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221220145714.63985-4-h.laimer@proxmox.com \
--to=h.laimer@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.