From: "Shannon Sterz" <s.sterz@proxmox.com>
To: "Proxmox Datacenter Manager development discussion"
<pdm-devel@lists.proxmox.com>
Cc: "pdm-devel" <pdm-devel-bounces@lists.proxmox.com>
Subject: Re: [pdm-devel] [PATCH datacenter-manager 3/3] server: clean up acl tree entries and api tokens when deleting users
Date: Wed, 01 Oct 2025 17:29:48 +0200 [thread overview]
Message-ID: <DD73CPF37K7G.PPCM09FQHSJA@proxmox.com> (raw)
In-Reply-To: <1758878085.9rkx5o98e5.astroid@yuna.none>
On Fri Sep 26, 2025 at 11:18 AM CEST, Fabian Grünbichler wrote:
> On September 24, 2025 4:51 pm, Shannon Sterz wrote:
>> Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
>> ---
>> server/src/api/access/users.rs | 39 +++++++++++++++++++++++++++++-----
>> 1 file changed, 34 insertions(+), 5 deletions(-)
>>
>> diff --git a/server/src/api/access/users.rs b/server/src/api/access/users.rs
>> index da598d8..1d1accb 100644
>> --- a/server/src/api/access/users.rs
>> +++ b/server/src/api/access/users.rs
>> @@ -334,20 +334,19 @@ pub fn update_user(
>> /// Remove a user from the configuration file.
>> pub fn delete_user(userid: Userid, digest: Option<ConfigDigest>) -> Result<(), Error> {
>> let _lock = proxmox_access_control::user::lock_config()?;
>> + let _acl_lock = proxmox_access_control::acl::lock_config()?;
>> let _tfa_lock = crate::auth::tfa::write_lock()?;
>>
>> - let (mut config, config_digest) = proxmox_access_control::user::config()?;
>> + let (mut user_config, config_digest) = proxmox_access_control::user::config()?;
>> config_digest.detect_modification(digest.as_ref())?;
>>
>> - match config.sections.get(userid.as_str()) {
>> + match user_config.sections.get(userid.as_str()) {
>> Some(_) => {
>> - config.sections.remove(userid.as_str());
>> + user_config.sections.remove(userid.as_str());
>> }
>> None => bail!("user '{}' does not exist.", userid),
>> }
>>
>> - proxmox_access_control::user::save_config(&config)?;
>> -
>> let authenticator = crate::auth::lookup_authenticator(userid.realm())?;
>> match authenticator.remove_password(userid.name()) {
>> Ok(()) => {}
>> @@ -375,6 +374,36 @@ pub fn delete_user(userid: Userid, digest: Option<ConfigDigest>) -> Result<(), E
>> }
>> }
>>
>> + let user_tokens: Vec<ApiToken> = user_config
>> + .convert_to_typed_array::<ApiToken>("token")?
>> + .into_iter()
>> + .filter(|token| token.tokenid.user().eq(&userid))
>> + .collect();
>
> do we have any consistency checks between ACLs and users/tokens? if not,
> then..
>
>> +
>> + let (mut acl_config, _digest) = proxmox_access_control::acl::config()?;
>> +
>> + let auth_id = userid.clone().into();
>> + acl_config.delete_authid(&auth_id);
>> +
>> + for token in user_tokens {
>> + if let Some(token_name) = token.tokenid.tokenname() {
>> + let tokenid = Authid::from((userid.clone(), Some(token_name.to_owned())));
>> + let tokenid_string = tokenid.to_string();
>> + if user_config.sections.remove(&tokenid_string).is_none() {
>> + bail!(
>> + "token '{}' of user '{userid}' does not exist.",
>> + token_name.as_str()
>> + );
>> + }
>> +
>> + proxmox_access_control::token_shadow::delete_secret(&tokenid)?;
>> + acl_config.delete_authid(&tokenid);
>
> this is not enough to remove all ACLs, since removing a token via the
> token API currently does not clean up its ACL entries..
i added the clean up for tokens in a v2.
but im not entirely sure if i understand you here correctly. are you
worried about token acls not getting cleaned up if only the token is
deleted? because then yeah, that part was missing as you pointed out
there correctly. or is there another scenario you have in mind that i
currently don't see?
>> + }
>> + }
>> +
>> + proxmox_access_control::user::save_config(&user_config)?;
>> + proxmox_access_control::acl::save_config(&acl_config)?;
>> +
>> Ok(())
>> }
>>
>> --
>> 2.47.3
>>
>>
>>
>> _______________________________________________
>> pdm-devel mailing list
>> pdm-devel@lists.proxmox.com
>> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
>>
>>
>>
>
>
> _______________________________________________
> pdm-devel mailing list
> pdm-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
next prev parent reply other threads:[~2025-10-01 15:29 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-24 14:51 [pdm-devel] [RFC datacenter-manager/proxmox/yew-comp 0/8] token support for pdm Shannon Sterz
2025-09-24 14:51 ` [pdm-devel] [PATCH proxmox 1/3] access-control: refactor api module to be more hirachical Shannon Sterz
2025-09-26 8:26 ` Dominik Csapak
2025-10-01 15:29 ` Shannon Sterz
2025-09-24 14:51 ` [pdm-devel] [PATCH proxmox 2/3] access-control: move `ApiTokenSecret` to types module Shannon Sterz
2025-09-26 9:14 ` Fabian Grünbichler
2025-09-24 14:51 ` [pdm-devel] [PATCH proxmox 3/3] access-control: add api endpoints for handling tokens Shannon Sterz
2025-09-26 9:14 ` Fabian Grünbichler
2025-10-01 15:29 ` Shannon Sterz
2025-09-24 14:51 ` [pdm-devel] [PATCH yew-comp 1/2] utils/user_panel: factor out epoch_to_input_value helper Shannon Sterz
2025-09-27 16:57 ` [pdm-devel] applied: " Thomas Lamprecht
2025-09-27 16:57 ` [yew-devel] applied: [pdm-devel] " Thomas Lamprecht
2025-09-24 14:51 ` [pdm-devel] [PATCH yew-comp 2/2] token_panel: implement a token panel Shannon Sterz
2025-09-26 8:50 ` Dominik Csapak
2025-09-27 17:07 ` Thomas Lamprecht
2025-10-02 15:30 ` Shannon Sterz
2025-10-02 15:39 ` Thomas Lamprecht
2025-10-02 15:19 ` Shannon Sterz
2025-09-27 16:57 ` [pdm-devel] applied: " Thomas Lamprecht
2025-09-27 16:57 ` [yew-devel] applied: [pdm-devel] " Thomas Lamprecht
2025-09-24 14:51 ` [pdm-devel] [PATCH datacenter-manager 1/3] ui: add a token panel and a token acl edit menu in the permissions panel Shannon Sterz
2025-09-24 14:51 ` [pdm-devel] [PATCH datacenter-manager 2/3] server: access: use token endpoints from proxmox-access-control Shannon Sterz
2025-09-24 14:51 ` [pdm-devel] [PATCH datacenter-manager 3/3] server: clean up acl tree entries and api tokens when deleting users Shannon Sterz
2025-09-26 9:18 ` Fabian Grünbichler
2025-10-01 15:29 ` Shannon Sterz [this message]
2025-10-02 10:19 ` Fabian Grünbichler
2025-10-03 14:22 ` [pdm-devel] Superseded: Re: [RFC datacenter-manager/proxmox/yew-comp 0/8] token support for pdm Shannon Sterz
2025-10-03 14:21 [pdm-devel] [PATCH datacenter-manager/proxmox/yew-comp 0/8] add better " Shannon Sterz
2025-10-03 14:21 ` [pdm-devel] [PATCH datacenter-manager 3/3] server: clean up acl tree entries and api tokens when deleting users Shannon Sterz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DD73CPF37K7G.PPCM09FQHSJA@proxmox.com \
--to=s.sterz@proxmox.com \
--cc=pdm-devel-bounces@lists.proxmox.com \
--cc=pdm-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.