From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pmg-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 976DA1FF17C
	for <inbox@lore.proxmox.com>; Wed, 25 Jun 2025 09:38:43 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id F058BF439;
	Wed, 25 Jun 2025 09:39:17 +0200 (CEST)
From: Dominik Csapak <d.csapak@proxmox.com>
To: pmg-devel@lists.proxmox.com
Date: Wed, 25 Jun 2025 09:38:44 +0200
Message-Id: <20250625073844.609286-1-d.csapak@proxmox.com>
X-Mailer: git-send-email 2.39.5
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.128 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 POISEN_SPAM_PILL          0.1 Meta: its spam
 POISEN_SPAM_PILL_2        0.1 random spam to be learned in bayes
 POISEN_SPAM_PILL_4        0.1 random spam to be learned in bayes
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [self.data, ticket.rs]
Subject: [pmg-devel] [PATCH proxmox] login: use 'PMG' as product for
 'PMGQUAR' tickets
X-BeenThere: pmg-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Mail Gateway development discussion
 <pmg-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pmg-devel>, 
 <mailto:pmg-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pmg-devel/>
List-Post: <mailto:pmg-devel@lists.proxmox.com>
List-Help: <mailto:pmg-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel>, 
 <mailto:pmg-devel-request@lists.proxmox.com?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pmg-devel-bounces@lists.proxmox.com
Sender: "pmg-devel" <pmg-devel-bounces@lists.proxmox.com>

We derive the product name from the beginning of the ticket normally,
but this does not work with PMGQUAR tickets. Since the cookie name uses
the product name, this results in a `PMGQUARAuthCookie`, but the cookie
still has to be `PMGAuthCookie` to work. To work around that, decouple
the userid range of the ticket from the product range, and modify it so
that PMGQUAR tickets return also PMG for the product. This will result
in the correct `PMGAuthCookie` name.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
this is actually not used anywhere yet, but is necessary when we'll want
to use rust/yew for the quarantine interface, since that uses this
ticket for setting cookies, etc.

 proxmox-login/src/ticket.rs | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/proxmox-login/src/ticket.rs b/proxmox-login/src/ticket.rs
index 4b28f26e..5e90c8cb 100644
--- a/proxmox-login/src/ticket.rs
+++ b/proxmox-login/src/ticket.rs
@@ -49,6 +49,7 @@ pub struct Ticket {
     data: Box<str>,
     timestamp: i64,
     product_len: u16,
+    userid_start: u16,
     userid_len: u16,
     // timestamp_len: u16,
 }
@@ -66,7 +67,7 @@ impl Ticket {
 
     /// The userid contained in the ticket.
     pub fn userid(&self) -> &str {
-        let start = usize::from(self.product_len) + 1;
+        let start = usize::from(self.userid_start);
         let len = usize::from(self.userid_len);
         &self.data[start..(start + len)]
     }
@@ -138,12 +139,17 @@ impl std::str::FromStr for Ticket {
         let data = s;
 
         // get product:
-        let product_len = s.find(':').ok_or(TicketError)?;
+        let mut product_len = s.find(':').ok_or(TicketError)?;
         if product_len >= 10 {
             // weird product
             return Err(TicketError);
         }
-        let s = &s[(product_len + 1)..];
+        let userid_start = product_len + 1;
+        // work around PMG quarantine tickets
+        if &s[..product_len] == "PMGQUAR" {
+            product_len = 3;
+        }
+        let s = &s[userid_start..];
 
         // get userid:
         let userid_len = s.find(':').ok_or(TicketError)?;
@@ -165,6 +171,7 @@ impl std::str::FromStr for Ticket {
 
         Ok(Self {
             product_len: u16::try_from(product_len).map_err(|_| TicketError)?,
+            userid_start: u16::try_from(userid_start).map_err(|_| TicketError)?,
             userid_len: u16::try_from(userid_len).map_err(|_| TicketError)?,
             //timestamp_len: u16::try_from(timestamp_len).map_err(|_| TicketError)?,
             timestamp,
-- 
2.39.5



_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel