From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id B7480611ED for ; Tue, 20 Oct 2020 11:29:52 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id A4A65D7ED for ; Tue, 20 Oct 2020 11:29:22 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id EE411D7E4 for ; Tue, 20 Oct 2020 11:29:21 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id B2ABC44AA5 for ; Tue, 20 Oct 2020 11:29:21 +0200 (CEST) From: Dylan Whyte To: pbs-devel@lists.proxmox.com Date: Tue, 20 Oct 2020 11:29:16 +0200 Message-Id: <20201020092916.11547-1-d.whyte@proxmox.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.021 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox-backup] fix #3038: check user before renewing ticket X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Oct 2020 09:29:52 -0000 Fixes a bug in which the userid of the ticket cache is updated, when a user connects, but the ticket itself is not. This means a newly connected user has a previously connected user's ticket and thus, cannot do anything, as the client will attempt to use the invalid ticket. e.g. if john@pbs connected to the server first, followed by mike@pbs, the following would be stored in the ticket cache. { "localhost": { "mike@pbs": { "ticket": "PBS:john@pbs:AAAA", "timestamp": 1601039326, "token": "BBBB" } } } Signed-off-by: Dylan Whyte --- src/client/http_client.rs | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/client/http_client.rs b/src/client/http_client.rs index e3d18604..02a58c2d 100644 --- a/src/client/http_client.rs +++ b/src/client/http_client.rs @@ -219,11 +219,13 @@ fn store_ticket_info(prefix: &str, server: &str, username: &str, ticket: &str, t let empty = serde_json::map::Map::new(); for (server, info) in data.as_object().unwrap_or(&empty) { - for (_user, uinfo) in info.as_object().unwrap_or(&empty) { - if let Some(timestamp) = uinfo["timestamp"].as_i64() { - let age = now - timestamp; - if age < ticket_lifetime { - new_data[server][username] = uinfo.clone(); + for (user, uinfo) in info.as_object().unwrap_or(&empty) { + if user == username { + if let Some(timestamp) = uinfo["timestamp"].as_i64() { + let age = now - timestamp; + if age < ticket_lifetime { + new_data[server][username] = uinfo.clone(); + } } } } -- 2.20.1