From: "Shannon Sterz" <s.sterz@proxmox.com>
To: "Thomas Lamprecht" <t.lamprecht@proxmox.com>,
"Proxmox Datacenter Manager development discussion"
<pdm-devel@lists.proxmox.com>,
"Christian Ebner" <c.ebner@proxmox.com>,
"Wolfgang Bumiller" <w.bumiller@proxmox.com>
Subject: Re: [pdm-devel] [PATCH datacenter-manager/proxmox v2 0/6] pbs client: fix PBS version 3 login ticket parsing compatibility
Date: Wed, 01 Oct 2025 11:33:39 +0200 [thread overview]
Message-ID: <DD6VS0H88OKP.2K0X9K5W17YJO@proxmox.com> (raw)
In-Reply-To: <4ac305a2-5d44-48f9-9286-48a2520e4369@proxmox.com>
On Tue Sep 30, 2025 at 2:34 PM CEST, Thomas Lamprecht wrote:
> Am 30.09.25 um 14:19 schrieb Christian Ebner:
>> On 9/30/25 1:49 PM, Wolfgang Bumiller wrote:
>>> On Tue, Sep 30, 2025 at 10:02:01AM +0200, Christian Ebner wrote:
>>>> This patches fix the ticket parsing when login to instances of PBS version 3
>>>> or lower. For this, the current pve_compat flags for `Login` and `Client`
>>>> are refactored to be an extendable enum variant instead, adding the ticket
>>>> parsing backwards compatibility. In that compatibility mode, response parsing
>>>> of the ticket does not interpret the presence of the `ticket-info` field as the
>>>> ticket being a `http-only` ticket and fallsback to the PBS version 3 and 4
>>>> compatible parsing, as the client never used `http-only` tickets.
>>>
>>> I thought this field was introduced only with http-only tickets, so why
>>> is it not a reliable indicator and shouldn't *that* be fixed instead?
>>
>> I'm not so familiar with the actual code and the changes over time here, so that might as well be the case.
>
> FYI: Shannon is back at work tomorrow and this is not really _that_
> pressing, so I'd wait at least until tomorrow to hopefully get some
> better rationale.
hi everyone and sorry if i am missing something (still catching up on
mail), but i think this is basically a more in-depth approach to a fix i
send a while back:
https://lore.proxmox.com/pbs-devel/20250520085549.56525-1-s.sterz@proxmox.com/
as chris has already pointed out in chat, there was a mishap on my end
when refactoring the auth api and the old authentication flow would
still send a `ticket-info` field alongside the `ticket` field.
proxmox-login would then think it is in the new HttpOnly flow and not
use the `ticket` field, even though it should.
this was already fixed in commit f7d8b8f682 (auth-api: remove ticket
info in old create ticket endpoint) [1], but it seems at least
proxmox-backup-server 3.4.6-1 still sends the `ticket-info` as well. i
rebuild pbs from latest stable-3 and stable-bookworm and there the
parameter is correctly dropped.
imo clients *should* use a ticket if they are provided with one and not
get confused with additional parameters. which is what the patch linked
above does. however, chris' approach to compatibility is a lot more
extensible, so we could go down that road too.
i'll check if my patch above works as inteded still and can resend a
rebased version later today.
[1]: https://git.proxmox.com/?p=proxmox.git;a=commitdiff;h=f7d8b8f682370cf0d8c3a0a238c958ceda2b8f7b
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
next prev parent reply other threads:[~2025-10-01 9:33 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-30 8:02 Christian Ebner
2025-09-30 8:02 ` [pdm-devel] [PATCH proxmox v2 1/3] proxmox-login: refactor PVE TFA compat mode Christian Ebner
2025-09-30 8:02 ` [pdm-devel] [PATCH proxmox v2 2/3] proxmox-client: adapt to new compat mode introduced for proxmox-login Christian Ebner
2025-09-30 8:02 ` [pdm-devel] [PATCH proxmox v2 3/3] proxmox-login: add compat mode to fallback to PBS3 ticket parsing Christian Ebner
2025-09-30 8:02 ` [pdm-devel] [PATCH datacenter-manager v2 1/3] server: adapt to proxmox-client compat mode changes Christian Ebner
2025-09-30 8:02 ` [pdm-devel] [PATCH datacenter-manager v2 2/3] server: pbs-client: check and fallback to PBS v3 ticket compat mode Christian Ebner
2025-09-30 8:02 ` [pdm-devel] [PATCH datacenter-manager v2 3/3] Revert "ui: add wizard: note that login currently only works for PBS 4" Christian Ebner
2025-09-30 11:49 ` [pdm-devel] [PATCH datacenter-manager/proxmox v2 0/6] pbs client: fix PBS version 3 login ticket parsing compatibility Wolfgang Bumiller
2025-09-30 12:19 ` Christian Ebner
2025-09-30 12:34 ` Thomas Lamprecht
2025-10-01 9:33 ` Shannon Sterz [this message]
2025-10-01 13:12 ` Shannon Sterz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DD6VS0H88OKP.2K0X9K5W17YJO@proxmox.com \
--to=s.sterz@proxmox.com \
--cc=c.ebner@proxmox.com \
--cc=pdm-devel@lists.proxmox.com \
--cc=t.lamprecht@proxmox.com \
--cc=w.bumiller@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.