From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pbs-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 75C3C1FF15C
	for <inbox@lore.proxmox.com>; Fri, 25 Jul 2025 13:20:17 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id D63EE16680;
	Fri, 25 Jul 2025 13:21:37 +0200 (CEST)
From: Shannon Sterz <s.sterz@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Fri, 25 Jul 2025 13:20:18 +0200
Message-ID: <20250725112019.245838-4-s.sterz@proxmox.com>
X-Mailer: git-send-email 2.47.2
In-Reply-To: <20250725112019.245838-1-s.sterz@proxmox.com>
References: <20250725112019.245838-1-s.sterz@proxmox.com>
MIME-Version: 1.0
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1753442459646
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.028 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 PROLO_LEO1                0.1 Meta Catches all Leo drug variations so far
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pbs-devel] [PATCH proxmox 3/3] auth-api: allow log-in via
 parameters even if HttpOnly cookie is invalid
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox Backup Server development discussion
 <pbs-devel@lists.proxmox.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: pbs-devel-bounces@lists.proxmox.com
Sender: "pbs-devel" <pbs-devel-bounces@lists.proxmox.com>

cHJldmlvdXNseSB0aGUgbmV3IEh0dHBPbmx5IGVuZHBvaW50IHdvdWxkIGZhaWwgd2hlbiBhIGNv
b2tpZSB3YXMKcHJvdmlkZWQgZXZlbiBpZiB0aGUgYm9keSBvZiB0aGUgcmVxdWVzdCBjb250YWlu
ZWQgdmFsaWQgY3JlZGVudGlhbHMuCnRoaXMgbGVhZCB0byBpc3N1ZXMgd2hlbiBicm93c2VyLWJh
c2VkIGNsaWVudHMgbWF5IGhhdmUgZ290dGVuIGludmFsaWQKSHR0cE9ubHkgY29va2llcyBlLmcu
IGlmIGEgUHJveG1veCBCYWNrdXAgU2VydmVyIHdhcyByZS1pbnN0YWxsZWQgYXQKdGhlIHNhbWUg
SVAgYWRkcmVzcy4gdGhlIGNsaWVudCBjb3VsZCBub3QgcmVtb3ZlIHRoZSBjb29raWUgZHVlIHRv
IHRoZQpuZXcgcHJvdGVjdGlvbnMuIHdoaWxlIHRoZSBzZXJ2ZXIgZGlkIG5vdCBhbGxvdyB0aGUg
Y2xpZW50IHRvIGxvZyBpbgphcyBpdCB0cnVzdGVkIHRoZSBIdHRwT25seSBjb29raWUgb3ZlciB0
aGUgcGFyYW1ldGVycy4KCmFsbG93IHVzZXJzIHRvIGxvZyBpbiBhZ2FpbiBpbiBzdWNoIGEgc2Nl
bmFyaW8sIGJ1dCBkb24ndCBhbGxvdyBhCnRpY2tldCByZWZyZXNoLiBpZiB0aGUgY2xpZW50IGhh
cyBhIHZhbGlkIHRpY2tldCBidXQgY2Fubm90IHByb3ZpZGUgaXQKdmlhIEh0dHBPbmx5IGNvb2tp
ZSwgc29tZXRoaW5nIGlzIG9mZiBhbmQgZm9yY2luZyB0aGUgY2xpZW50IHRvCnJlLWF1dGhlbnRp
Y2F0ZSBpcyBwcm9iYWJseSB0aGUgc2FmZXIgb3B0aW9uLgoKUmVwb3J0ZWQtYnk6IExhdXJlbsib
aXUgTGVhaHUtVmzEg2R1Y3UgPGwubGVhaHUtdmxhZHVjdUBwcm94bW94LmNvbT4KU3VnZ2VzdGVk
LUJ5OiBEb21pbmlrIENzYXBhayA8ZC5jc2FwYWtAcHJveG1veC5jb20+ClNpZ25lZC1vZmYtYnk6
IFNoYW5ub24gU3RlcnogPHMuc3RlcnpAcHJveG1veC5jb20+Ci0tLQogcHJveG1veC1hdXRoLWFw
aS9zcmMvYXBpL2FjY2Vzcy5ycyB8IDUwICsrKysrKysrKysrKysrKysrKystLS0tLS0tLS0tLQog
cHJveG1veC1hdXRoLWFwaS9zcmMvdHlwZXMucnMgICAgICB8ICAyICstCiAyIGZpbGVzIGNoYW5n
ZWQsIDMzIGluc2VydGlvbnMoKyksIDE5IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL3Byb3ht
b3gtYXV0aC1hcGkvc3JjL2FwaS9hY2Nlc3MucnMgYi9wcm94bW94LWF1dGgtYXBpL3NyYy9hcGkv
YWNjZXNzLnJzCmluZGV4IDY3MWEzNzBiLi40OTBmZTVjOCAxMDA2NDQKLS0tIGEvcHJveG1veC1h
dXRoLWFwaS9zcmMvYXBpL2FjY2Vzcy5ycworKysgYi9wcm94bW94LWF1dGgtYXBpL3NyYy9hcGkv
YWNjZXNzLnJzCkBAIC01OSw3ICs1OSw3IEBAIHB1YiBhc3luYyBmbiBjcmVhdGVfdGlja2V0KAog
ICAgICAgICAuZG93bmNhc3RfcmVmOjo8UmVzdEVudmlyb25tZW50PigpCiAgICAgICAgIC5va19v
cl9lbHNlKHx8IGZvcm1hdF9lcnIhKCJkZXRlY3RlZCB3cm9uZyBScGNFbnZpcm9ubWVudCB0eXBl
IikpPzsKIAotICAgIGhhbmRsZV90aWNrZXRfY3JlYXRpb24oY3JlYXRlX3BhcmFtcywgZW52KQor
ICAgIGhhbmRsZV90aWNrZXRfY3JlYXRpb24oY3JlYXRlX3BhcmFtcywgdHJ1ZSwgZW52KQogICAg
ICAgICAuYXdhaXQKICAgICAgICAgLy8gcmVtb3ZlIHRoZSBzdXBlcmZsdW91cyB0aWNrZXRfaW5m
byB0byBub3QgY29uZnVzZSBjbGllbnRzCiAgICAgICAgIC5tYXAofG11dCBpbmZvfCB7CkBAIC0x
MjEsNiArMTIxLDcgQEAgZm4gY3JlYXRlX3RpY2tldF9odHRwX29ubHkoCiAgICAgICAgIGxldCBh
dXRoX2NvbnRleHQgPSBhdXRoX2NvbnRleHQoKT87CiAgICAgICAgIGxldCBob3N0X2Nvb2tpZSA9
IGF1dGhfY29udGV4dC5wcmVmaXhlZF9hdXRoX2Nvb2tpZV9uYW1lKCk7CiAgICAgICAgIGxldCBt
dXQgY3JlYXRlX3BhcmFtczogQ3JlYXRlVGlja2V0ID0gc2VyZGVfanNvbjo6ZnJvbV92YWx1ZShw
YXJhbSk/OworICAgICAgICBsZXQgcGFzc3dvcmQgPSBjcmVhdGVfcGFyYW1zLnBhc3N3b3JkLnRh
a2UoKTsKIAogICAgICAgICAvLyBwcmV2aW91c2x5IHRvIHJlZnJlc2ggYSB0aWNrZXQsIHRoZSBv
bGQgdGlja2V0IHdhcyBwcm92aWRlZCBhcyBhIHBhc3N3b3JkIHZpYSB0aGlzCiAgICAgICAgIC8v
IGVuZHBvaW50J3MgcGFyYW1ldGVycy4gaG93ZXZlciwgb25jZSB0aGUgdGlja2V0IGlzIHNldCBh
cyBhbiBIdHRwT25seSBjb29raWUsIHNvbWUKQEAgLTEzOSwxNiArMTQwLDIyIEBAIGZuIGNyZWF0
ZV90aWNrZXRfaHR0cF9vbmx5KAogICAgICAgICAgICAgLy8gYWZ0ZXIgdGhpcyBvbmx5IGBfX0hv
c3Qte0Nvb2tpZSBOYW1lfWAgY29va2llcyBhcmUgaW4gdGhlIGl0ZXJhdG9yCiAgICAgICAgICAg
ICAuZmlsdGVyX21hcCh8Y3wgZXh0cmFjdF9jb29raWUoYywgaG9zdF9jb29raWUpKQogICAgICAg
ICAgICAgLy8gc28gdGhpcyBzaG91bGQganVzdCBnaXZlIHVzIHRoZSBmaXJzdCBvbmUgaWYgaXQg
ZXhpc3RzCi0gICAgICAgICAgICAubmV4dCgpCi0gICAgICAgICAgICAvLyBpZiBub3QgdXNlIHRo
ZSBwYXJhbWV0ZXIKLSAgICAgICAgICAgIC5vcihjcmVhdGVfcGFyYW1zLnBhc3N3b3JkKTsKKyAg
ICAgICAgICAgIC5uZXh0KCk7CiAKICAgICAgICAgbGV0IGVudjogJlJlc3RFbnZpcm9ubWVudCA9
IHJwY2VudgogICAgICAgICAgICAgLmFzX2FueSgpCiAgICAgICAgICAgICAuZG93bmNhc3RfcmVm
Ojo8UmVzdEVudmlyb25tZW50PigpCiAgICAgICAgICAgICAub2tfb3IoZm9ybWF0X2VyciEoImRl
dGVjdGVkIHdyb25nIFJwY0Vudmlyb25tZW50IHR5cGUiKSk/OwogCi0gICAgICAgIGxldCBtdXQg
dGlja2V0X3Jlc3BvbnNlID0gaGFuZGxlX3RpY2tldF9jcmVhdGlvbihjcmVhdGVfcGFyYW1zLCBl
bnYpLmF3YWl0PzsKKyAgICAgICAgbGV0IG11dCB0aWNrZXRfcmVzcG9uc2UgPSBoYW5kbGVfdGlj
a2V0X2NyZWF0aW9uKGNyZWF0ZV9wYXJhbXMuY2xvbmUoKSwgdHJ1ZSwgZW52KS5hd2FpdDsKKwor
ICAgICAgICBpZiB0aWNrZXRfcmVzcG9uc2UuaXNfZXJyKCkgJiYgcGFzc3dvcmQuaXNfc29tZSgp
IHsKKyAgICAgICAgICAgIGNyZWF0ZV9wYXJhbXMucGFzc3dvcmQgPSBwYXNzd29yZDsKKyAgICAg
ICAgICAgIHRpY2tldF9yZXNwb25zZSA9IGhhbmRsZV90aWNrZXRfY3JlYXRpb24oY3JlYXRlX3Bh
cmFtcywgZmFsc2UsIGVudikuYXdhaXQ7CisgICAgICAgIH0KKworICAgICAgICBsZXQgbXV0IHRp
Y2tldF9yZXNwb25zZSA9IHRpY2tldF9yZXNwb25zZT87CisKICAgICAgICAgbGV0IG11dCByZXNw
b25zZSA9CiAgICAgICAgICAgICBSZXNwb25zZTo6YnVpbGRlcigpLmhlYWRlcihodHRwOjpoZWFk
ZXI6OkNPTlRFTlRfVFlQRSwgImFwcGxpY2F0aW9uL2pzb24iKTsKIApAQCAtMTg1LDYgKzE5Miw3
IEBAIGZuIGNyZWF0ZV90aWNrZXRfaHR0cF9vbmx5KAogCiBhc3luYyBmbiBoYW5kbGVfdGlja2V0
X2NyZWF0aW9uKAogICAgIGNyZWF0ZV9wYXJhbXM6IENyZWF0ZVRpY2tldCwKKyAgICBhbGxvd190
aWNrZXRfcmVmcmVzaDogYm9vbCwKICAgICBlbnY6ICZSZXN0RW52aXJvbm1lbnQsCiApIC0+IFJl
c3VsdDxDcmVhdGVUaWNrZXRSZXNwb25zZSwgRXJyb3I+IHsKICAgICBsZXQgdXNlcm5hbWUgPSBj
cmVhdGVfcGFyYW1zLnVzZXJuYW1lOwpAQCAtMTk5LDYgKzIwNyw3IEBAIGFzeW5jIGZuIGhhbmRs
ZV90aWNrZXRfY3JlYXRpb24oCiAgICAgICAgIGNyZWF0ZV9wYXJhbXMucHJpdnMsCiAgICAgICAg
IGNyZWF0ZV9wYXJhbXMucG9ydCwKICAgICAgICAgY3JlYXRlX3BhcmFtcy50ZmFfY2hhbGxlbmdl
LAorICAgICAgICBhbGxvd190aWNrZXRfcmVmcmVzaCwKICAgICAgICAgZW52LAogICAgICkKICAg
ICAuYXdhaXQKQEAgLTI0MCw2ICsyNDksNyBAQCBhc3luYyBmbiBoYW5kbGVfdGlja2V0X2NyZWF0
aW9uKAogICAgIH0KIH0KIAorI1thbGxvdyhjbGlwcHk6OnRvb19tYW55X2FyZ3VtZW50cyldCiBh
c3luYyBmbiBhdXRoZW50aWNhdGVfdXNlcigKICAgICB1c2VyaWQ6ICZVc2VyaWQsCiAgICAgcGFz
c3dvcmQ6ICZzdHIsCkBAIC0yNDcsNiArMjU3LDcgQEAgYXN5bmMgZm4gYXV0aGVudGljYXRlX3Vz
ZXIoCiAgICAgcHJpdnM6IE9wdGlvbjxTdHJpbmc+LAogICAgIHBvcnQ6IE9wdGlvbjx1MTY+LAog
ICAgIHRmYV9jaGFsbGVuZ2U6IE9wdGlvbjxTdHJpbmc+LAorICAgIGFsbG93X3RpY2tldF9yZWZy
ZXNoOiBib29sLAogICAgIHJwY2VudjogJlJlc3RFbnZpcm9ubWVudCwKICkgLT4gUmVzdWx0PEF1
dGhSZXN1bHQsIEVycm9yPiB7CiAgICAgbGV0IGF1dGhfY29udGV4dCA9IGF1dGhfY29udGV4dCgp
PzsKQEAgLTI2MSwyMSArMjcyLDI0IEBAIGFzeW5jIGZuIGF1dGhlbnRpY2F0ZV91c2VyKAogICAg
ICAgICByZXR1cm4gYXV0aGVudGljYXRlXzJuZCh1c2VyaWQsICZ0ZmFfY2hhbGxlbmdlLCBwYXNz
d29yZCk7CiAgICAgfQogCi0gICAgaWYgcGFzc3dvcmQuc3RhcnRzX3dpdGgocHJlZml4KSAmJiBw
YXNzd29yZC5hc19ieXRlcygpLmdldChwcmVmaXgubGVuKCkpLmNvcGllZCgpID09IFNvbWUoYic6
JykKLSAgICB7Ci0gICAgICAgIGlmIGxldCBPayh0aWNrZXRfdXNlcmlkKSA9IFRpY2tldDo6PFVz
ZXJpZD46OnBhcnNlKHBhc3N3b3JkKQotICAgICAgICAgICAgLmFuZF90aGVuKHx0aWNrZXR8IHRp
Y2tldC52ZXJpZnkoYXV0aF9jb250ZXh0LmtleXJpbmcoKSwgcHJlZml4LCBOb25lKSkKKyAgICBp
ZiBhbGxvd190aWNrZXRfcmVmcmVzaCB7CisgICAgICAgIGlmIHBhc3N3b3JkLnN0YXJ0c193aXRo
KHByZWZpeCkKKyAgICAgICAgICAgICYmIHBhc3N3b3JkLmFzX2J5dGVzKCkuZ2V0KHByZWZpeC5s
ZW4oKSkuY29waWVkKCkgPT0gU29tZShiJzonKQogICAgICAgICB7Ci0gICAgICAgICAgICBpZiAq
dXNlcmlkID09IHRpY2tldF91c2VyaWQgewotICAgICAgICAgICAgICAgIHJldHVybiBPayhBdXRo
UmVzdWx0OjpDcmVhdGVUaWNrZXQpOworICAgICAgICAgICAgaWYgbGV0IE9rKHRpY2tldF91c2Vy
aWQpID0gVGlja2V0Ojo8VXNlcmlkPjo6cGFyc2UocGFzc3dvcmQpCisgICAgICAgICAgICAgICAg
LmFuZF90aGVuKHx0aWNrZXR8IHRpY2tldC52ZXJpZnkoYXV0aF9jb250ZXh0LmtleXJpbmcoKSwg
cHJlZml4LCBOb25lKSkKKyAgICAgICAgICAgIHsKKyAgICAgICAgICAgICAgICBpZiAqdXNlcmlk
ID09IHRpY2tldF91c2VyaWQgeworICAgICAgICAgICAgICAgICAgICByZXR1cm4gT2soQXV0aFJl
c3VsdDo6Q3JlYXRlVGlja2V0KTsKKyAgICAgICAgICAgICAgICB9CisgICAgICAgICAgICAgICAg
YmFpbCEoInRpY2tldCBsb2dpbiBmYWlsZWQgLSB3cm9uZyB1c2VyaWQiKTsKKyAgICAgICAgICAg
IH0KKyAgICAgICAgfSBlbHNlIGlmIGxldCBTb21lKCgocGF0aCwgcHJpdnMpLCBwb3J0KSkgPSBw
YXRoLnppcChwcml2cykuemlwKHBvcnQpIHsKKyAgICAgICAgICAgIG1hdGNoIGF1dGhfY29udGV4
dC5jaGVja19wYXRoX3RpY2tldCh1c2VyaWQsIHBhc3N3b3JkLCBwYXRoLCBwcml2cywgcG9ydCk/
IHsKKyAgICAgICAgICAgICAgICBOb25lID0+ICgpLCAvLyBubyBwYXRoIGJhc2VkIHRpY2tldHMg
c3VwcG9ydGVkLCBqdXN0IGZhbGwgdGhyb3VnaC4KKyAgICAgICAgICAgICAgICBTb21lKHRydWUp
ID0+IHJldHVybiBPayhBdXRoUmVzdWx0OjpTdWNjZXNzKSwKKyAgICAgICAgICAgICAgICBTb21l
KGZhbHNlKSA9PiBiYWlsISgiTm8gc3VjaCBwcml2aWxlZ2UiKSwKICAgICAgICAgICAgIH0KLSAg
ICAgICAgICAgIGJhaWwhKCJ0aWNrZXQgbG9naW4gZmFpbGVkIC0gd3JvbmcgdXNlcmlkIik7Ci0g
ICAgICAgIH0KLSAgICB9IGVsc2UgaWYgbGV0IFNvbWUoKChwYXRoLCBwcml2cyksIHBvcnQpKSA9
IHBhdGguemlwKHByaXZzKS56aXAocG9ydCkgewotICAgICAgICBtYXRjaCBhdXRoX2NvbnRleHQu
Y2hlY2tfcGF0aF90aWNrZXQodXNlcmlkLCBwYXNzd29yZCwgcGF0aCwgcHJpdnMsIHBvcnQpPyB7
Ci0gICAgICAgICAgICBOb25lID0+ICgpLCAvLyBubyBwYXRoIGJhc2VkIHRpY2tldHMgc3VwcG9y
dGVkLCBqdXN0IGZhbGwgdGhyb3VnaC4KLSAgICAgICAgICAgIFNvbWUodHJ1ZSkgPT4gcmV0dXJu
IE9rKEF1dGhSZXN1bHQ6OlN1Y2Nlc3MpLAotICAgICAgICAgICAgU29tZShmYWxzZSkgPT4gYmFp
bCEoIk5vIHN1Y2ggcHJpdmlsZWdlIiksCiAgICAgICAgIH0KICAgICB9CiAKZGlmZiAtLWdpdCBh
L3Byb3htb3gtYXV0aC1hcGkvc3JjL3R5cGVzLnJzIGIvcHJveG1veC1hdXRoLWFwaS9zcmMvdHlw
ZXMucnMKaW5kZXggMDk2NGUwNzIuLjliZGU2NjFjIDEwMDY0NAotLS0gYS9wcm94bW94LWF1dGgt
YXBpL3NyYy90eXBlcy5ycworKysgYi9wcm94bW94LWF1dGgtYXBpL3NyYy90eXBlcy5ycwpAQCAt
Njc4LDcgKzY3OCw3IEBAIGltcGwgVHJ5RnJvbTxTdHJpbmc+IGZvciBBdXRoaWQgewogCiAjW2Fw
aV0KIC8vLyBUaGUgcGFyYW1ldGVyIG9iamVjdCBmb3IgY3JlYXRpbmcgbmV3IHRpY2tldC4KLSNb
ZGVyaXZlKERlYnVnLCBEZXNlcmlhbGl6ZSwgU2VyaWFsaXplKV0KKyNbZGVyaXZlKERlYnVnLCBD
bG9uZSwgRGVzZXJpYWxpemUsIFNlcmlhbGl6ZSldCiBwdWIgc3RydWN0IENyZWF0ZVRpY2tldCB7
CiAgICAgLy8vIFVzZXIgbmFtZQogICAgIHB1YiB1c2VybmFtZTogVXNlcmlkLAotLSAKMi40Ny4y
CgoKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCnBicy1k
ZXZlbCBtYWlsaW5nIGxpc3QKcGJzLWRldmVsQGxpc3RzLnByb3htb3guY29tCmh0dHBzOi8vbGlz
dHMucHJveG1veC5jb20vY2dpLWJpbi9tYWlsbWFuL2xpc3RpbmZvL3Bicy1kZXZlbAo=