From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 5BB131FF183 for ; Wed, 17 Dec 2025 17:24:59 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 811ED9099; Wed, 17 Dec 2025 17:25:43 +0100 (CET) From: Samuel Rufinatscha To: pbs-devel@lists.proxmox.com Date: Wed, 17 Dec 2025 17:25:17 +0100 Message-ID: <20251217162520.486520-7-s.rufinatscha@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20251217162520.486520-1-s.rufinatscha@proxmox.com> References: <20251217162520.486520-1-s.rufinatscha@proxmox.com> MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1765988726918 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.257 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox v2 3/3] proxmox-access-control: add TTL window to token secret cache X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" VmVyaWZ5X3NlY3JldCgpIGN1cnJlbnRseSBjYWxscyByZWZyZXNoX2NhY2hlX2lmX2ZpbGVfY2hh bmdlZCgpIG9uIGV2ZXJ5CnJlcXVlc3QsIHdoaWNoIHBlcmZvcm1zIGEgbWV0YWRhdGEoKSBjYWxs IG9uIHRva2VuLnNoYWRvdyBlYWNoIHRpbWUuClVuZGVyIGxvYWQgdGhpcyBhZGRzIHVubmVjZXNz YXJ5IG92ZXJoZWFkLCBjb25zaWRlcmluZyBhbHNvIHRoZSBmaWxlCnNob3VsZCByYXJlbHkgY2hh bmdlLgoKVGhpcyBwYXRjaCBpbnRyb2R1Y2VzIGEgVFRMIGJvdW5kYXJ5LCBjb250cm9sbGVkIGJ5 ClRPS0VOX1NFQ1JFVF9DQUNIRV9UVExfU0VDUy4gRmlsZSBtZXRhZGF0YSBpcyBvbmx5IHJlLWxv YWRlZCBvbmNlIHRoZQpUVEwgaGFzIGV4cGlyZWQuCgpUaGlzIHBhdGNoIHBhcnRseSBmaXhlcyBi dWcgIzcwMTcgWzFdLgoKWzFdIGh0dHBzOi8vYnVnemlsbGEucHJveG1veC5jb20vc2hvd19idWcu Y2dpP2lkPTcwMTcKClNpZ25lZC1vZmYtYnk6IFNhbXVlbCBSdWZpbmF0c2NoYSA8cy5ydWZpbmF0 c2NoYUBwcm94bW94LmNvbT4KLS0tCkNoYW5nZXMgZnJvbSB2MSB0byB2MjoKLSBBZGQgVE9LRU5f U0VDUkVUX0NBQ0hFX1RUTF9TRUNTIGFuZCBsYXN0X2NoZWNrZWQuCi0gSW1wbGVtZW50IGRvdWJs ZS1jaGVja2VkIFRUTDogY2hlY2sgd2l0aCB0cnlfcmVhZCBmaXJzdDsgb25seSBhdHRlbXB0CiAg cmVmcmVzaCB3aXRoIHRyeV93cml0ZSBpZiBleHBpcmVkL3Vua25vd24uCi0gRml4IFRUTCBib29r a2VlcGluZzogdXBkYXRlIGxhc3RfY2hlY2tlZCBvbiB0aGUg4oCcZmlsZSB1bmNoYW5nZWTigJ0g cGF0aAogIGFuZCBhZnRlciBBUEkgbXV0YXRpb25zLgoKIHByb3htb3gtYWNjZXNzLWNvbnRyb2wv c3JjL3Rva2VuX3NoYWRvdy5ycyB8IDQyICsrKysrKysrKysrKysrKysrKysrKy0KIDEgZmlsZSBj aGFuZ2VkLCA0MSBpbnNlcnRpb25zKCspLCAxIGRlbGV0aW9uKC0pCgpkaWZmIC0tZ2l0IGEvcHJv eG1veC1hY2Nlc3MtY29udHJvbC9zcmMvdG9rZW5fc2hhZG93LnJzIGIvcHJveG1veC1hY2Nlc3Mt Y29udHJvbC9zcmMvdG9rZW5fc2hhZG93LnJzCmluZGV4IGVmYWRjZTk0Li40Y2E1NmRlOSAxMDA2 NDQKLS0tIGEvcHJveG1veC1hY2Nlc3MtY29udHJvbC9zcmMvdG9rZW5fc2hhZG93LnJzCisrKyBi L3Byb3htb3gtYWNjZXNzLWNvbnRyb2wvc3JjL3Rva2VuX3NoYWRvdy5ycwpAQCAtMTEsNiArMTEs NyBAQCB1c2Ugc2VyZGVfanNvbjo6e2Zyb21fdmFsdWUsIFZhbHVlfTsKIAogdXNlIHByb3htb3hf YXV0aF9hcGk6OnR5cGVzOjpBdXRoaWQ7CiB1c2UgcHJveG1veF9wcm9kdWN0X2NvbmZpZzo6e29w ZW5fYXBpX2xvY2tmaWxlLCByZXBsYWNlX2NvbmZpZywgQXBpTG9ja0d1YXJkfTsKK3VzZSBwcm94 bW94X3RpbWU6OmVwb2NoX2k2NDsKIAogdXNlIGNyYXRlOjppbml0OjppbXBsX2ZlYXR1cmU6Ont0 b2tlbl9zaGFkb3csIHRva2VuX3NoYWRvd19sb2NrfTsKIApAQCAtMjQsMTIgKzI1LDE1IEBAIHN0 YXRpYyBUT0tFTl9TRUNSRVRfQ0FDSEU6IExhenlMb2NrPFJ3TG9jazxBcGlUb2tlblNlY3JldENh Y2hlPj4gPSBMYXp5TG9jazo6bmV3CiAgICAgICAgIHNlY3JldHM6IEhhc2hNYXA6Om5ldygpLAog ICAgICAgICBmaWxlX210aW1lOiBOb25lLAogICAgICAgICBmaWxlX2xlbjogTm9uZSwKKyAgICAg ICAgbGFzdF9jaGVja2VkOiBOb25lLAogICAgIH0pCiB9KTsKIC8vLyBBUEkgbXV0YXRpb24gZ2Vu ZXJhdGlvbiAoc2V0L2RlbGV0ZSkKIHN0YXRpYyBBUElfTVVUQVRJT05fR0VORVJBVElPTjogQXRv bWljVTY0ID0gQXRvbWljVTY0OjpuZXcoMCk7CiAvLy8gRXh0ZXJuYWwvbWFudWFsIGVkaXRzIGdl bmVyYXRpb24gZm9yIHRoZSB0b2tlbi5zaGFkb3cgZmlsZQogc3RhdGljIEZJTEVfR0VORVJBVElP TjogQXRvbWljVTY0ID0gQXRvbWljVTY0OjpuZXcoMCk7CisvLy8gTWF4IGFnZSBpbiBzZWNvbmRz IG9mIHRoZSB0b2tlbiBzZWNyZXQgY2FjaGUgYmVmb3JlIGNoZWNraW5nIGZvciBmaWxlIGNoYW5n ZXMuCitjb25zdCBUT0tFTl9TRUNSRVRfQ0FDSEVfVFRMX1NFQ1M6IGk2NCA9IDYwOwogCiAvLyBH ZXQgZXhjbHVzaXZlIGxvY2sKIGZuIGxvY2tfY29uZmlnKCkgLT4gUmVzdWx0PEFwaUxvY2tHdWFy ZCwgRXJyb3I+IHsKQEAgLTU2LDIyICs2MCw1NCBAQCBmbiB3cml0ZV9maWxlKGRhdGE6IEhhc2hN YXA8QXV0aGlkLCBTdHJpbmc+KSAtPiBSZXN1bHQ8KCksIEVycm9yPiB7CiAvLy8gUmVmcmVzaGVz IHRoZSBpbi1tZW1vcnkgY2FjaGUgaWYgdGhlIG9uLWRpc2sgdG9rZW4uc2hhZG93IGZpbGUgY2hh bmdlZC4KIC8vLyBSZXR1cm5zIHRydWUgaWYgdGhlIGNhY2hlIGlzIHZhbGlkIHRvIHVzZSwgZmFs c2UgaWYgbm90LgogZm4gcmVmcmVzaF9jYWNoZV9pZl9maWxlX2NoYW5nZWQoKSAtPiBib29sIHsK KyAgICBsZXQgbm93ID0gZXBvY2hfaTY0KCk7CisKKyAgICAvLyBDaGVjayBUVEwgKGJlc3QtZWZm b3J0KQorICAgIGxldCBTb21lKGNhY2hlKSA9IFRPS0VOX1NFQ1JFVF9DQUNIRS50cnlfcmVhZCgp IGVsc2UgeworICAgICAgICByZXR1cm4gZmFsc2U7IC8vIGNhbm5vdCB2YWxpZGF0ZSBleHRlcm5h bCBjaGFuZ2VzIC0+IGRvbid0IHRydXN0IGNhY2hlCisgICAgfTsKKworICAgIGxldCB0dGxfb2sg PSBjYWNoZQorICAgICAgICAubGFzdF9jaGVja2VkCisgICAgICAgIC5pc19zb21lX2FuZCh8bGFz dHwgbm93LnNhdHVyYXRpbmdfc3ViKGxhc3QpIDwgVE9LRU5fU0VDUkVUX0NBQ0hFX1RUTF9TRUNT KTsKKworICAgIGRyb3AoY2FjaGUpOworCisgICAgaWYgdHRsX29rIHsKKyAgICAgICAgcmV0dXJu IHRydWU7CisgICAgfQorCisgICAgLy8gVFRMIGV4cGlyZWQvdW5rbm93biBhdCB0aGlzIHBvaW50 IC0+IGRvIGJlc3QtZWZmb3J0IHJlZnJlc2guCiAgICAgbGV0IFNvbWUobXV0IGNhY2hlKSA9IFRP S0VOX1NFQ1JFVF9DQUNIRS50cnlfd3JpdGUoKSBlbHNlIHsKICAgICAgICAgcmV0dXJuIGZhbHNl OyAvLyBjYW5ub3QgdmFsaWRhdGUgZXh0ZXJuYWwgY2hhbmdlcyAtPiBkb24ndCB0cnVzdCBjYWNo ZQogICAgIH07CiAKKyAgICAvLyBDaGVjayBUVEwgYWZ0ZXIgYWNxdWlyaW5nIHdyaXRlIGxvY2su CisgICAgaWYgbGV0IFNvbWUobGFzdCkgPSBjYWNoZS5sYXN0X2NoZWNrZWQgeworICAgICAgICBp ZiBub3cuc2F0dXJhdGluZ19zdWIobGFzdCkgPCBUT0tFTl9TRUNSRVRfQ0FDSEVfVFRMX1NFQ1Mg eworICAgICAgICAgICAgcmV0dXJuIHRydWU7CisgICAgICAgIH0KKyAgICB9CisKKyAgICBsZXQg aGFkX3ByaW9yX3N0YXRlID0gY2FjaGUubGFzdF9jaGVja2VkLmlzX3NvbWUoKTsKKwogICAgIGxl dCBPaygobmV3X210aW1lLCBuZXdfbGVuKSkgPSBzaGFkb3dfbXRpbWVfbGVuKCkgZWxzZSB7CiAg ICAgICAgIHJldHVybiBmYWxzZTsgLy8gY2Fubm90IHZhbGlkYXRlIGV4dGVybmFsIGNoYW5nZXMg LT4gZG9uJ3QgdHJ1c3QgY2FjaGUKICAgICB9OwogCiAgICAgaWYgY2FjaGUuZmlsZV9tdGltZSA9 PSBuZXdfbXRpbWUgJiYgY2FjaGUuZmlsZV9sZW4gPT0gbmV3X2xlbiB7CisgICAgICAgIGNhY2hl Lmxhc3RfY2hlY2tlZCA9IFNvbWUobm93KTsKICAgICAgICAgcmV0dXJuIHRydWU7CiAgICAgfQog CiAgICAgY2FjaGUuc2VjcmV0cy5jbGVhcigpOwogICAgIGNhY2hlLmZpbGVfbXRpbWUgPSBuZXdf bXRpbWU7CiAgICAgY2FjaGUuZmlsZV9sZW4gPSBuZXdfbGVuOwotICAgIEZJTEVfR0VORVJBVElP Ti5mZXRjaF9hZGQoMSwgT3JkZXJpbmc6OkFjcVJlbCk7CisgICAgY2FjaGUubGFzdF9jaGVja2Vk ID0gU29tZShub3cpOworCisgICAgaWYgaGFkX3ByaW9yX3N0YXRlIHsKKyAgICAgICAgRklMRV9H RU5FUkFUSU9OLmZldGNoX2FkZCgxLCBPcmRlcmluZzo6QWNxUmVsKTsKKyAgICB9CiAKICAgICB0 cnVlCiB9CkBAIC0xNzAsNiArMjA2LDggQEAgc3RydWN0IEFwaVRva2VuU2VjcmV0Q2FjaGUgewog ICAgIGZpbGVfbXRpbWU6IE9wdGlvbjxTeXN0ZW1UaW1lPiwKICAgICAvLyBzaGFkb3cgZmlsZSBs ZW5ndGggdG8gZGV0ZWN0IGNoYW5nZXMKICAgICBmaWxlX2xlbjogT3B0aW9uPHU2ND4sCisgICAg Ly8gbGFzdCB0aW1lIHRoZSBmaWxlIG1ldGFkYXRhIHdhcyBjaGVja2VkCisgICAgbGFzdF9jaGVj a2VkOiBPcHRpb248aTY0PiwKIH0KIAogLy8vIENhY2hlZCBzZWNyZXQgYW5kIHRoZSBmaWxlIGdl bmVyYXRpb24gaXQgd2FzIGNhY2hlZCBhdC4KQEAgLTI2MiwxMCArMzAwLDEyIEBAIGZuIGFwcGx5 X2FwaV9tdXRhdGlvbigKICAgICAgICAgT2soKG10aW1lLCBsZW4pKSA9PiB7CiAgICAgICAgICAg ICBjYWNoZS5maWxlX210aW1lID0gbXRpbWU7CiAgICAgICAgICAgICBjYWNoZS5maWxlX2xlbiA9 IGxlbjsKKyAgICAgICAgICAgIGNhY2hlLmxhc3RfY2hlY2tlZCA9IFNvbWUoZXBvY2hfaTY0KCkp OwogICAgICAgICB9CiAgICAgICAgIEVycihfKSA9PiB7CiAgICAgICAgICAgICBjYWNoZS5maWxl X210aW1lID0gTm9uZTsKICAgICAgICAgICAgIGNhY2hlLmZpbGVfbGVuID0gTm9uZTsKKyAgICAg ICAgICAgIGNhY2hlLmxhc3RfY2hlY2tlZCA9IE5vbmU7IC8vIHRvIGZvcmNlIHJlZnJlc2ggbmV4 dCB0aW1lCiAgICAgICAgIH0KICAgICB9CiB9Ci0tIAoyLjQ3LjMKCgoKX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KcGJzLWRldmVsIG1haWxpbmcgbGlzdApw YnMtZGV2ZWxAbGlzdHMucHJveG1veC5jb20KaHR0cHM6Ly9saXN0cy5wcm94bW94LmNvbS9jZ2kt YmluL21haWxtYW4vbGlzdGluZm8vcGJzLWRldmVsCg==