From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 0DFBB1FF396 for ; Thu, 23 May 2024 13:25:55 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 13BB01E1F5; Thu, 23 May 2024 13:26:14 +0200 (CEST) From: Shannon Sterz To: pbs-devel@lists.proxmox.com Date: Thu, 23 May 2024 13:25:59 +0200 Message-Id: <20240523112559.257547-1-s.sterz@proxmox.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.066 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [auth.rs] Subject: [pbs-devel] [PATCH proxmox-backup] auth: add locking to `PbsAuthenticator` to avoid race conditions X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" currently we don't lock the shadow file when removing or storing a password. by adding locking here we avoid a situation where storing and/or removing a password concurrently could lead to a race condition. in this scenario it is possible that a password isn't persisted or a password isn't removed. we already do this for the "token.shadow" file, so just use the same mechanism here. Signed-off-by: Shannon Sterz --- src/auth.rs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/auth.rs b/src/auth.rs index 21468d4b..5134e41e 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -9,6 +9,7 @@ use std::pin::Pin; use anyhow::{bail, Error}; use futures::Future; use once_cell::sync::{Lazy, OnceCell}; +use pbs_config::open_backup_lockfile; use proxmox_router::http_bail; use serde_json::json; @@ -31,6 +32,7 @@ pub const TERM_PREFIX: &str = "PBSTERM"; struct PbsAuthenticator; pub(crate) const SHADOW_CONFIG_FILENAME: &str = configdir!("/shadow.json"); +pub(crate) const SHADOW_LOCK_FILENAME: &str = configdir!("/shadow.json.lock"); impl Authenticator for PbsAuthenticator { fn authenticate_user<'a>( @@ -69,6 +71,8 @@ impl Authenticator for PbsAuthenticator { _client_ip: Option<&IpAddr>, ) -> Result<(), Error> { let enc_password = proxmox_sys::crypt::encrypt_pw(password)?; + + let _guard = open_backup_lockfile(SHADOW_LOCK_FILENAME, None, true); let mut data = proxmox_sys::fs::file_get_json(SHADOW_CONFIG_FILENAME, Some(json!({})))?; data[username.as_str()] = enc_password.into(); @@ -85,6 +89,8 @@ impl Authenticator for PbsAuthenticator { } fn remove_password(&self, username: &UsernameRef) -> Result<(), Error> { + let _guard = open_backup_lockfile(SHADOW_LOCK_FILENAME, None, true); + let mut data = proxmox_sys::fs::file_get_json(SHADOW_CONFIG_FILENAME, Some(json!({})))?; if let Some(map) = data.as_object_mut() { map.remove(username.as_str()); -- 2.39.2 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel