public inbox for pmg-devel@lists.proxmox.com
 help / color / mirror / Atom feed
* [pmg-devel] [PATCH proxmox] login: use 'PMG' as product for 'PMGQUAR' tickets
@ 2025-06-25  7:38 Dominik Csapak
  2025-07-03  7:49 ` [pmg-devel] applied: " Thomas Lamprecht
  0 siblings, 1 reply; 2+ messages in thread
From: Dominik Csapak @ 2025-06-25  7:38 UTC (permalink / raw)
  To: pmg-devel

We derive the product name from the beginning of the ticket normally,
but this does not work with PMGQUAR tickets. Since the cookie name uses
the product name, this results in a `PMGQUARAuthCookie`, but the cookie
still has to be `PMGAuthCookie` to work. To work around that, decouple
the userid range of the ticket from the product range, and modify it so
that PMGQUAR tickets return also PMG for the product. This will result
in the correct `PMGAuthCookie` name.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
this is actually not used anywhere yet, but is necessary when we'll want
to use rust/yew for the quarantine interface, since that uses this
ticket for setting cookies, etc.

 proxmox-login/src/ticket.rs | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/proxmox-login/src/ticket.rs b/proxmox-login/src/ticket.rs
index 4b28f26e..5e90c8cb 100644
--- a/proxmox-login/src/ticket.rs
+++ b/proxmox-login/src/ticket.rs
@@ -49,6 +49,7 @@ pub struct Ticket {
     data: Box<str>,
     timestamp: i64,
     product_len: u16,
+    userid_start: u16,
     userid_len: u16,
     // timestamp_len: u16,
 }
@@ -66,7 +67,7 @@ impl Ticket {
 
     /// The userid contained in the ticket.
     pub fn userid(&self) -> &str {
-        let start = usize::from(self.product_len) + 1;
+        let start = usize::from(self.userid_start);
         let len = usize::from(self.userid_len);
         &self.data[start..(start + len)]
     }
@@ -138,12 +139,17 @@ impl std::str::FromStr for Ticket {
         let data = s;
 
         // get product:
-        let product_len = s.find(':').ok_or(TicketError)?;
+        let mut product_len = s.find(':').ok_or(TicketError)?;
         if product_len >= 10 {
             // weird product
             return Err(TicketError);
         }
-        let s = &s[(product_len + 1)..];
+        let userid_start = product_len + 1;
+        // work around PMG quarantine tickets
+        if &s[..product_len] == "PMGQUAR" {
+            product_len = 3;
+        }
+        let s = &s[userid_start..];
 
         // get userid:
         let userid_len = s.find(':').ok_or(TicketError)?;
@@ -165,6 +171,7 @@ impl std::str::FromStr for Ticket {
 
         Ok(Self {
             product_len: u16::try_from(product_len).map_err(|_| TicketError)?,
+            userid_start: u16::try_from(userid_start).map_err(|_| TicketError)?,
             userid_len: u16::try_from(userid_len).map_err(|_| TicketError)?,
             //timestamp_len: u16::try_from(timestamp_len).map_err(|_| TicketError)?,
             timestamp,
-- 
2.39.5



_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel


^ permalink raw reply	[flat|nested] 2+ messages in thread
* [pmg-devel] applied: [PATCH proxmox] login: use 'PMG' as product for 'PMGQUAR' tickets
  2025-06-25  7:38 [pmg-devel] [PATCH proxmox] login: use 'PMG' as product for 'PMGQUAR' tickets Dominik Csapak
@ 2025-07-03  7:49 ` Thomas Lamprecht
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2025-07-03  7:49 UTC (permalink / raw)
  To: pve-devel, pmg-devel, Dominik Csapak

On Wed, 25 Jun 2025 09:38:44 +0200, Dominik Csapak wrote:
> We derive the product name from the beginning of the ticket normally,
> but this does not work with PMGQUAR tickets. Since the cookie name uses
> the product name, this results in a `PMGQUARAuthCookie`, but the cookie
> still has to be `PMGAuthCookie` to work. To work around that, decouple
> the userid range of the ticket from the product range, and modify it so
> that PMGQUAR tickets return also PMG for the product. This will result
> in the correct `PMGAuthCookie` name.
> 
> [...]

The shared cookie name is IMO not so great here in the first place, but works
OK-ish enough for all that are just spam quarantine users, and no PMG admins
or the like too. Maybe we can look into a clean seperation here for the future,
but nothing all to important for now.

Applied, thanks!

[1/1] login: use 'PMG' as product for 'PMGQUAR' tickets
      commit: 33f9c3a41ad95d2c885568a78b389579665fc959


_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-07-03  7:50 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-06-25  7:38 [pmg-devel] [PATCH proxmox] login: use 'PMG' as product for 'PMGQUAR' tickets Dominik Csapak
2025-07-03  7:49 ` [pmg-devel] applied: " Thomas Lamprecht

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal