From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 9532A1FF394 for ; Mon, 3 Jun 2024 11:13:06 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 240961E699; Mon, 3 Jun 2024 11:13:34 +0200 (CEST) Date: Mon, 3 Jun 2024 11:12:59 +0200 From: Gabriel Goller To: Wolfgang Bumiller Message-ID: <20240603091259.ylsghv7vj7vkzooo@luna.proxmox.com> References: <20240523112559.257547-1-s.sterz@proxmox.com> <20240523114647.g7tf64ins3hhh5e6@luna.proxmox.com> <4jt24gf7mcf7mt4a6isoz3szpq5f3pqpflsj55ti2itprzwpyz@mie5xdspzcqb> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <4jt24gf7mcf7mt4a6isoz3szpq5f3pqpflsj55ti2itprzwpyz@mie5xdspzcqb> X-SPAM-LEVEL: Spam detection results: 0 AWL -0.063 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: Re: [pbs-devel] [PATCH proxmox-backup] auth: add locking to `PbsAuthenticator` to avoid race conditions X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Cc: Proxmox Backup Server development discussion Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" On 03.06.2024 11:00, Wolfgang Bumiller wrote: >On Thu, May 23, 2024 at 01:46:47PM GMT, Gabriel Goller wrote: >> On 23.05.2024 13:25, Shannon Sterz wrote: >> > currently we don't lock the shadow file when removing or storing a >> > password. by adding locking here we avoid a situation where storing >> > and/or removing a password concurrently could lead to a race >> > condition. in this scenario it is possible that a password isn't >> > persisted or a password isn't removed. we already do this for >> > the "token.shadow" file, so just use the same mechanism here. >> > >> > Signed-off-by: Shannon Sterz >> >> Is there any reason why the store_password function does not lock the >> shadow.json file? > >I'm assuming you mean this as an alternative to having a separate file >for the locking. In this case the answer is yes: We use `repalce_file()` >to store the new version to make sure the update is atomic (and a >parallel `authenticat_user` does not read a *partial* file and fail). >When you hold a lock on a file and you *replace* it, the new file is a >separate thing with no lock on it. Old threads waiting for a lock on the >old file will continue when the lock is free, new threads waiting on the >lock on the new file will be able to acquire that simultaneously. > >Iow.: you can't lock something you're *replacing*. Nah, this was my bad... impl Authenticator for PbsAuthenticator { fn authenticate_user<'a>( @@ -69,6 +71,8 @@ impl Authenticator for PbsAuthenticator { _client_ip: Option<&IpAddr>, ) -> Result<(), Error> { let enc_password = proxmox_sys::crypt::encrypt_pw(password)?; + + let _guard = open_backup_lockfile(SHADOW_LOCK_FILENAME, None, true); let mut data = proxmox_sys::fs::file_get_json(SHADOW_CONFIG_FILENAME, Some(json!({})))?; data[username.as_str()] = enc_password.into(); It looks like the lines are added in `authenticate_user`, but they are actually added in `store_password`, so it's all fine :) _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel