all lists on lists.proxmox.com
 help / color / mirror / Atom feed
* [pbs-devel] [PATCH proxmox-backup] auth: request a write lock when exposing the `LockedTfaConfig`
@ 2024-04-12 12:31 Stefan Sterz
  2024-04-24 19:28 ` [pbs-devel] applied: " Thomas Lamprecht
  0 siblings, 1 reply; 2+ messages in thread
From: Stefan Sterz @ 2024-04-12 12:31 UTC (permalink / raw)
  To: pbs-devel

this function is called every time a user tries to log in to check
whether a tfa challenge is required. since the tfa config may need to
be written by the auth api (e.g. when a recovery key is used) this
needs to use a write lock instead of a read lock in order to avoid
potential races.

Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
---
 src/auth.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/auth.rs b/src/auth.rs
index 04fb3a1d..e27d90d5 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -327,7 +327,7 @@ impl proxmox_auth_api::api::AuthContext for PbsAuthContext {
     /// Access the TFA config with an exclusive lock.
     fn tfa_config_write_lock(&self) -> Result<Box<dyn LockedTfaConfig>, Error> {
         Ok(Box::new(PbsLockedTfaConfig {
-            _lock: crate::config::tfa::read_lock()?,
+            _lock: crate::config::tfa::write_lock()?,
             config: crate::config::tfa::read()?,
         }))
     }
-- 
2.39.2





^ permalink raw reply	[flat|nested] 2+ messages in thread
* [pbs-devel] applied: [PATCH proxmox-backup] auth: request a write lock when exposing the `LockedTfaConfig`
  2024-04-12 12:31 [pbs-devel] [PATCH proxmox-backup] auth: request a write lock when exposing the `LockedTfaConfig` Stefan Sterz
@ 2024-04-24 19:28 ` Thomas Lamprecht
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2024-04-24 19:28 UTC (permalink / raw)
  To: Proxmox Backup Server development discussion, Stefan Sterz

Am 12/04/2024 um 14:31 schrieb Stefan Sterz:
> this function is called every time a user tries to log in to check
> whether a tfa challenge is required. since the tfa config may need to
> be written by the auth api (e.g. when a recovery key is used) this
> needs to use a write lock instead of a read lock in order to avoid
> potential races.
> 
> Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
> ---
>  src/auth.rs | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
>

applied, thanks!


_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-04-24 19:28 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-12 12:31 [pbs-devel] [PATCH proxmox-backup] auth: request a write lock when exposing the `LockedTfaConfig` Stefan Sterz
2024-04-24 19:28 ` [pbs-devel] applied: " Thomas Lamprecht

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal