From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pbs-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 8DE911FF15E
	for <inbox@lore.proxmox.com>; Wed, 21 Jan 2026 16:14:06 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 028E02477;
	Wed, 21 Jan 2026 16:14:21 +0100 (CET)
From: Samuel Rufinatscha <s.rufinatscha@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Wed, 21 Jan 2026 16:14:04 +0100
Message-ID: <20260121151408.731516-9-s.rufinatscha@proxmox.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260121151408.731516-1-s.rufinatscha@proxmox.com>
References: <20260121151408.731516-1-s.rufinatscha@proxmox.com>
MIME-Version: 1.0
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1769008397313
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.260 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pbs-devel] [PATCH proxmox v4 4/4] proxmox-access-control: add TTL
 window to token secret cache
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox Backup Server development discussion
 <pbs-devel@lists.proxmox.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: pbs-devel-bounces@lists.proxmox.com
Sender: "pbs-devel" <pbs-devel-bounces@lists.proxmox.com>

VmVyaWZ5X3NlY3JldCgpIGN1cnJlbnRseSBjYWxscyByZWZyZXNoX2NhY2hlX2lmX2ZpbGVfY2hh
bmdlZCgpIG9uIGV2ZXJ5CnJlcXVlc3QsIHdoaWNoIHBlcmZvcm1zIGEgbWV0YWRhdGEoKSBjYWxs
IG9uIHRva2VuLnNoYWRvdyBlYWNoIHRpbWUuClVuZGVyIGxvYWQgdGhpcyBhZGRzIHVubmVjZXNz
YXJ5IG92ZXJoZWFkLCBjb25zaWRlcmluZyBhbHNvIHRoZSBmaWxlCnVzdWFsbHkgc2hvdWxkIHJh
cmVseSBjaGFuZ2UuCgpUaGlzIHBhdGNoIGludHJvZHVjZXMgYSBUVEwgYm91bmRhcnksIGNvbnRy
b2xsZWQgYnkKVE9LRU5fU0VDUkVUX0NBQ0hFX1RUTF9TRUNTLiBGaWxlIG1ldGFkYXRhIGlzIG9u
bHkgcmUtbG9hZGVkIG9uY2UgdGhlClRUTCBoYXMgZXhwaXJlZDsgZG9jdW1lbnRzIFRUTCBlZmZl
Y3RzLgoKU2lnbmVkLW9mZi1ieTogU2FtdWVsIFJ1ZmluYXRzY2hhIDxzLnJ1ZmluYXRzY2hhQHBy
b3htb3guY29tPgotLS0KQ2hhbmdlcyBmcm9tIHYzIHRvIDQ6CiogQWRqdXN0ZWQgY29tbWl0IG1l
c3NhZ2UKCkNoYW5nZXMgZnJvbSB2MiB0byB2MzoKKiBSZWZhY3RvcmVkIHJlZnJlc2hfY2FjaGVf
aWZfZmlsZV9jaGFuZ2VkIFRUTCBsb2dpYy4KKiBSZW1vdmUgaGFkX3ByaW9yX3N0YXRlIGNoZWNr
IChyZXBsYWNlZCBieSBsYXN0X2NoZWNrZWQgbG9naWMpLgoqIEltcHJvdmUgVFRMIGJvdW5kIGNo
ZWNrcy4KKiBSZXdvcmQgZG9jdW1lbnRhdGlvbiB3YXJuaW5nIGZvciBjbGFyaXR5LgoKQ2hhbmdl
cyBmcm9tIHYxIHRvIHYyOgoqIEFkZCBUT0tFTl9TRUNSRVRfQ0FDSEVfVFRMX1NFQ1MgYW5kIGxh
c3RfY2hlY2tlZC4KKiBJbXBsZW1lbnQgZG91YmxlLWNoZWNrZWQgVFRMOiBjaGVjayB3aXRoIHRy
eV9yZWFkIGZpcnN0OyBvbmx5IGF0dGVtcHQKICByZWZyZXNoIHdpdGggdHJ5X3dyaXRlIGlmIGV4
cGlyZWQvdW5rbm93bi4KKiBGaXggVFRMIGJvb2trZWVwaW5nOiB1cGRhdGUgbGFzdF9jaGVja2Vk
IG9uIHRoZSDigJxmaWxlIHVuY2hhbmdlZOKAnSBwYXRoCiAgYW5kIGFmdGVyIEFQSSBtdXRhdGlv
bnMuCiogQWRkIGRvY3VtZW50YXRpb24gd2FybmluZyBhYm91dCBUVEwtZGVsYXllZCBlZmZlY3Qg
b2YgbWFudWFsCiAgdG9rZW4uc2hhZG93IGVkaXRzLgoKIHByb3htb3gtYWNjZXNzLWNvbnRyb2wv
c3JjL3Rva2VuX3NoYWRvdy5ycyB8IDMwICsrKysrKysrKysrKysrKysrKysrKy0KIDEgZmlsZSBj
aGFuZ2VkLCAyOSBpbnNlcnRpb25zKCspLCAxIGRlbGV0aW9uKC0pCgpkaWZmIC0tZ2l0IGEvcHJv
eG1veC1hY2Nlc3MtY29udHJvbC9zcmMvdG9rZW5fc2hhZG93LnJzIGIvcHJveG1veC1hY2Nlc3Mt
Y29udHJvbC9zcmMvdG9rZW5fc2hhZG93LnJzCmluZGV4IDA1ODEzYjUyLi5hMzYxZmQ3MiAxMDA2
NDQKLS0tIGEvcHJveG1veC1hY2Nlc3MtY29udHJvbC9zcmMvdG9rZW5fc2hhZG93LnJzCisrKyBi
L3Byb3htb3gtYWNjZXNzLWNvbnRyb2wvc3JjL3Rva2VuX3NoYWRvdy5ycwpAQCAtMjgsNiArMjgs
OSBAQCBzdGF0aWMgVE9LRU5fU0VDUkVUX0NBQ0hFOiBMYXp5TG9jazxSd0xvY2s8QXBpVG9rZW5T
ZWNyZXRDYWNoZT4+ID0gTGF6eUxvY2s6Om5ldwogICAgIH0pCiB9KTsKIAorLy8vIE1heCBhZ2Ug
aW4gc2Vjb25kcyBvZiB0aGUgdG9rZW4gc2VjcmV0IGNhY2hlIGJlZm9yZSBjaGVja2luZyBmb3Ig
ZmlsZSBjaGFuZ2VzLgorY29uc3QgVE9LRU5fU0VDUkVUX0NBQ0hFX1RUTF9TRUNTOiBpNjQgPSA2
MDsKKwogLy8gR2V0IGV4Y2x1c2l2ZSBsb2NrCiBmbiBsb2NrX2NvbmZpZygpIC0+IFJlc3VsdDxB
cGlMb2NrR3VhcmQsIEVycm9yPiB7CiAgICAgb3Blbl9hcGlfbG9ja2ZpbGUodG9rZW5fc2hhZG93
X2xvY2soKSwgTm9uZSwgdHJ1ZSkKQEAgLTU1LDExICs1OCwyOSBAQCBmbiB3cml0ZV9maWxlKGRh
dGE6IEhhc2hNYXA8QXV0aGlkLCBTdHJpbmc+KSAtPiBSZXN1bHQ8KCksIEVycm9yPiB7CiBmbiBy
ZWZyZXNoX2NhY2hlX2lmX2ZpbGVfY2hhbmdlZCgpIC0+IGJvb2wgewogICAgIGxldCBub3cgPSBl
cG9jaF9pNjQoKTsKIAotICAgIC8vIEJlc3QtZWZmb3J0IHJlZnJlc2ggdW5kZXIgd3JpdGUgbG9j
ay4KKyAgICAvLyBGYXN0IHBhdGg6IGNhY2hlIGlzIGZyZXNoIGlmIHNoYXJlZC1nZW4gbWF0Y2hl
cyBhbmQgVFRMIG5vdCBleHBpcmVkLgorICAgIGlmIGxldCAoU29tZShjYWNoZSksIFNvbWUoc2hh
cmVkX2dlbl9yZWFkKSkgPQorICAgICAgICAoVE9LRU5fU0VDUkVUX0NBQ0hFLnRyeV9yZWFkKCks
IHRva2VuX3NoYWRvd19zaGFyZWRfZ2VuKCkpCisgICAgeworICAgICAgICBpZiBjYWNoZS5zaGFy
ZWRfZ2VuID09IHNoYXJlZF9nZW5fcmVhZAorICAgICAgICAgICAgJiYgY2FjaGUuc2hhZG93LmFz
X3JlZigpLmlzX3NvbWVfYW5kKHxjYWNoZWR8IHsKKyAgICAgICAgICAgICAgICBub3cgPj0gY2Fj
aGVkLmxhc3RfY2hlY2tlZAorICAgICAgICAgICAgICAgICAgICAmJiAobm93IC0gY2FjaGVkLmxh
c3RfY2hlY2tlZCkgPCBUT0tFTl9TRUNSRVRfQ0FDSEVfVFRMX1NFQ1MKKyAgICAgICAgICAgIH0p
CisgICAgICAgIHsKKyAgICAgICAgICAgIHJldHVybiB0cnVlOworICAgICAgICB9CisgICAgICAg
IC8vIHJlYWQgbG9jayBkcm9wcyBoZXJlCisgICAgfSBlbHNlIHsKKyAgICAgICAgcmV0dXJuIGZh
bHNlOworICAgIH0KKworICAgIC8vIFNsb3cgcGF0aDogYmVzdC1lZmZvcnQgcmVmcmVzaCB1bmRl
ciB3cml0ZSBsb2NrLgogICAgIGxldCBTb21lKG11dCBjYWNoZSkgPSBUT0tFTl9TRUNSRVRfQ0FD
SEUudHJ5X3dyaXRlKCkgZWxzZSB7CiAgICAgICAgIHJldHVybiBmYWxzZTsKICAgICB9OwogCisg
ICAgLy8gUmUtcmVhZCBnZW5lcmF0aW9uIGFmdGVyIGFjcXVpcmluZyB0aGUgbG9jayAobWF5IGhh
dmUgY2hhbmdlZCBtZWFud2hpbGUpLgogICAgIGxldCBTb21lKHNoYXJlZF9nZW5fbm93KSA9IHRv
a2VuX3NoYWRvd19zaGFyZWRfZ2VuKCkgZWxzZSB7CiAgICAgICAgIHJldHVybiBmYWxzZTsKICAg
ICB9OwpAQCAtNjksNiArOTAsMTMgQEAgZm4gcmVmcmVzaF9jYWNoZV9pZl9maWxlX2NoYW5nZWQo
KSAtPiBib29sIHsKICAgICAgICAgaW52YWxpZGF0ZV9jYWNoZV9zdGF0ZV9hbmRfc2V0X2dlbigm
bXV0IGNhY2hlLCBzaGFyZWRfZ2VuX25vdyk7CiAgICAgfQogCisgICAgLy8gVFRMIGNoZWNrIGFn
YWluIGFmdGVyIGFjcXVpcmluZyB0aGUgbG9jaworICAgIGlmIGNhY2hlLnNoYWRvdy5hc19yZWYo
KS5pc19zb21lX2FuZCh8Y2FjaGVkfCB7CisgICAgICAgIG5vdyA+PSBjYWNoZWQubGFzdF9jaGVj
a2VkICYmIChub3cgLSBjYWNoZWQubGFzdF9jaGVja2VkKSA8IFRPS0VOX1NFQ1JFVF9DQUNIRV9U
VExfU0VDUworICAgIH0pIHsKKyAgICAgICAgcmV0dXJuIHRydWU7CisgICAgfQorCiAgICAgLy8g
U3RhdCB0aGUgZmlsZSB0byBkZXRlY3QgbWFudWFsIGVkaXRzLgogICAgIGxldCBPaygobmV3X210
aW1lLCBuZXdfbGVuKSkgPSBzaGFkb3dfbXRpbWVfbGVuKCkgZWxzZSB7CiAgICAgICAgIHJldHVy
biBmYWxzZTsKLS0gCjIuNDcuMwoKCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fXwpwYnMtZGV2ZWwgbWFpbGluZyBsaXN0CnBicy1kZXZlbEBsaXN0cy5wcm94
bW94LmNvbQpodHRwczovL2xpc3RzLnByb3htb3guY29tL2NnaS1iaW4vbWFpbG1hbi9saXN0aW5m
by9wYnMtZGV2ZWwK