* [pbs-devel] [PATCH proxmox-backup] auth: request a write lock when exposing the `LockedTfaConfig`
@ 2024-04-12 12:31 Stefan Sterz
2024-04-24 19:28 ` [pbs-devel] applied: " Thomas Lamprecht
0 siblings, 1 reply; 2+ messages in thread
From: Stefan Sterz @ 2024-04-12 12:31 UTC (permalink / raw)
To: pbs-devel
this function is called every time a user tries to log in to check
whether a tfa challenge is required. since the tfa config may need to
be written by the auth api (e.g. when a recovery key is used) this
needs to use a write lock instead of a read lock in order to avoid
potential races.
Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
---
src/auth.rs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/auth.rs b/src/auth.rs
index 04fb3a1d..e27d90d5 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -327,7 +327,7 @@ impl proxmox_auth_api::api::AuthContext for PbsAuthContext {
/// Access the TFA config with an exclusive lock.
fn tfa_config_write_lock(&self) -> Result<Box<dyn LockedTfaConfig>, Error> {
Ok(Box::new(PbsLockedTfaConfig {
- _lock: crate::config::tfa::read_lock()?,
+ _lock: crate::config::tfa::write_lock()?,
config: crate::config::tfa::read()?,
}))
}
--
2.39.2
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-04-24 19:28 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-12 12:31 [pbs-devel] [PATCH proxmox-backup] auth: request a write lock when exposing the `LockedTfaConfig` Stefan Sterz
2024-04-24 19:28 ` [pbs-devel] applied: " Thomas Lamprecht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox