From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <pve-devel-bounces@lists.proxmox.com> Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id BDD101FF15C for <inbox@lore.proxmox.com>; Wed, 19 Mar 2025 11:31:37 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 5A6026E11; Wed, 19 Mar 2025 11:31:24 +0100 (CET) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742380274; x=1742985074; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=M5pqPspT9a1yEmSTtZwrydif1WX5g0g6oAkqoP8Meh0=; b=Jm2A3KYgtgUqEr3uIoC/CqN0psEnlp5XH2qHx4jbM8CZFGRP+OXrfRdFuEipLFuSBt pBvTBZ+vPK6piL6HoRvmr7h/cAacGXfiri1FlZrVnvqsvLHb0w143ve55uoSr6pX7Qaw 6OJQW62Des4aH1TR9of02hRFXLEugi81eF0Oka5t3kns+KqCALy2KuH1Ej/h9IHZB8Jl EQPXx6J+9Q6oC1os9q9onzP/Ta9eGegyyhhhOyxK7k+H2EWgG4GIrVNKZQdRXQTD0hkU DPYfo9CATiTnaIlnRHUIZuxGIPB8KwQ4o1ZaRY1bhW8r9AHf/8qlXxKMbQbuKeyHJbwo tpjw== X-Forwarded-Encrypted: i=1; AJvYcCXrhfXOWeHZf3wMw4DuFdLsvlvpDHH+Vx0ouVt8DZVIO5m2jOjISRHVHyipbkxy1CqEy4HBd42Go4o=@lists.proxmox.com X-Gm-Message-State: AOJu0YyFB1Bke28uC1vlDy4MO4BT+W1Z3Cuo04s1kamLZ8fWfB+oNp3B 28nT2L/GQMdpscqJ0TaTkDfh9Lv+RA/4sfOIPsFihCh90pVeR2rXmRH0GHef X-Gm-Gg: ASbGncsWw5O7fGFX4Oo5tdzhWZx8trzU/E6ALaKjtXnmkwVXCUp21a7rxidzF3ZiDoc S1sitjnRFh6sfM27CZBzOHWLGQ9V3f9gA+/1WhYdLMhQBfjWVX/6Lz5kEUBpsyUcKnuOMAnjSuY 3uwClkMgcQgt3w0Uy5ds/sSgkaYeLfglIqoR772r8cmhfs7TBZ0tN0/GzyH65OkBJP9uif/PKYL Qc/f2PGGEWq1sqWec0pP4gKBgHLWJ2kA2BAiANRAIgbFaq/B8Z1qlGhqEBuanA1C9nxHByrc0x9 og/YULyxdNd+oJkjW/EMu0Nf/QJ8j9ziNJ78pCJRaP/5O7O7sI3jMi+7rdPIQIjicbi5wy2S4NT 1l5FU4kE= X-Google-Smtp-Source: AGHT+IEjMhWZUQ1Ww8Q2D7qPR0wWd90WjY3Q36GrKf3lH/f1TrAxVuYlrSkbKaWyta8weuSP+EFyhA== X-Received: by 2002:a17:907:6ea4:b0:aa6:b63a:4521 with SMTP id a640c23a62f3a-ac3b7d78764mr185663266b.15.1742380273098; Wed, 19 Mar 2025 03:31:13 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCVUsurFayaxsDs6n0sUNiPr4vvF4IQeO0Cl2OeZU7Iw9QwhMIuwSp49JaO+JEYSaVAL+xbJHMTLRCY=@lists.proxmox.com X-Received: by 2002:a05:600c:4fc8:b0:43c:f8fc:f686 with SMTP id 5b1f17b1804b1-43d43781832mr16970355e9.3.1742380272580; Wed, 19 Mar 2025 03:31:12 -0700 (PDT) MIME-Version: 1.0 References: <20250211054029.1269099-1-thomas@atskinner.net> <20250211054029.1269099-4-thomas@atskinner.net> <f3732723-d617-47a9-a7be-652f0893b6ed@proxmox.com> <542246635.6628.1739444630435@webmail.proxmox.com> <1742213599.xagtk502vp.astroid@yuna.none> <f5c1f44d-5b66-43ee-8217-463c6ab49193@proxmox.com> In-Reply-To: <f5c1f44d-5b66-43ee-8217-463c6ab49193@proxmox.com> From: Thomas Skinner <thomas@atskinner.net> Date: Wed, 19 Mar 2025 05:30:46 -0500 X-Gmail-Original-Message-ID: <CALn9RMcfOp1Fi9xwc_92tULWrwOkrrp_rO5rEHO+y1JcX9VaVg@mail.gmail.com> X-Gm-Features: AQ5f1JoIcZX24NZvNTyz5U1AE1gLmJfdqS47I_mWJRR9EJDgr9AdouPIcr39enY Message-ID: <CALn9RMcfOp1Fi9xwc_92tULWrwOkrrp_rO5rEHO+y1JcX9VaVg@mail.gmail.com> To: Mira Limbeck <m.limbeck@proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL -0.029 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy FREEMAIL_FORGED_FROMDOMAIN 0.001 2nd level domains in From and EnvelopeFrom freemail headers are different FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider HEADER_FROM_DIFFERENT_DOMAINS 0.001 From and EnvelopeFrom 2nd level mail domains are different KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust RCVD_IN_MSPIKE_H3 0.001 Good reputation (+3) RCVD_IN_MSPIKE_WL 0.001 Mailspike good senders RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH access-control v3 1/1] fix #4411: openid: add logic for openid groups support X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com> List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe> List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/> List-Post: <mailto:pve-devel@lists.proxmox.com> List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help> List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe> Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com> Cc: Proxmox VE development discussion <pve-devel@lists.proxmox.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com> T24gVHVlLCBNYXIgMTgsIDIwMjUgYXQgNDozNOKAr0FNIE1pcmEgTGltYmVjayA8bS5saW1iZWNr QHByb3htb3guY29tPiB3cm90ZToKPgo+IE9uIDMvMTcvMjUgMTM6MTgsIEZhYmlhbiBHcsO8bmJp Y2hsZXIgd3JvdGU6Cj4gPiBPbiBGZWJydWFyeSAxMywgMjAyNSAxMjowMyBwbSwgRmFiaWFuIEdy w7xuYmljaGxlciB3cm90ZToKPiA+Pgo+ID4+PiBNaXJhIExpbWJlY2sgPG0ubGltYmVja0Bwcm94 bW94LmNvbT4gaGF0IGFtIDEyLjAyLjIwMjUgMTU6NTEgQ0VUIGdlc2NocmllYmVuOgo+ID4+Pgo+ ID4+Pgo+ID4+PiBPbiAyLzExLzI1IDA2OjQwLCBUaG9tYXMgU2tpbm5lciB3cm90ZToKPiA+Pj4+ IFNpZ25lZC1vZmYtYnk6IFRob21hcyBTa2lubmVyIDx0aG9tYXNAYXRza2lubmVyLm5ldD4KPiA+ Pj4+IC0tLQo+ID4+Pj4gIHNyYy9QVkUvQVBJMi9PcGVuSWQucG0gICB8IDc5ICsrKysrKysrKysr KysrKysrKysrKysrKysrKysrKysrKysrKysrKysKPiA+Pj4+ICBzcmMvUFZFL0FjY2Vzc0NvbnRy b2wucG0gfCAgMiArLQo+ID4+Pj4gIHNyYy9QVkUvQXV0aC9PcGVuSWQucG0gICB8IDMzICsrKysr KysrKysrKysrKysrCj4gPj4+PiAgc3JjL1BWRS9BdXRoL1BsdWdpbi5wbSAgIHwgIDEgKwo+ID4+ Pj4gIDQgZmlsZXMgY2hhbmdlZCwgMTE0IGluc2VydGlvbnMoKyksIDEgZGVsZXRpb24oLSkKPiA+ Pj4+Cj4gPj4+PiBkaWZmIC0tZ2l0IGEvc3JjL1BWRS9BUEkyL09wZW5JZC5wbSBiL3NyYy9QVkUv QVBJMi9PcGVuSWQucG0KPiA+Pj4+IGluZGV4IDc3NDEwZTYuLjgxODE3NWUgMTAwNjQ0Cj4gPj4+ PiAtLS0gYS9zcmMvUFZFL0FQSTIvT3BlbklkLnBtCj4gPj4+PiArKysgYi9zcmMvUFZFL0FQSTIv T3BlbklkLnBtCj4gPj4+PiBAQCAtMTMsNiArMTMsNyBAQCB1c2UgUFZFOjpDbHVzdGVyIHF3KGNm c19yZWFkX2ZpbGUgY2ZzX3dyaXRlX2ZpbGUpOwo+ID4+Pj4gIHVzZSBQVkU6OkFjY2Vzc0NvbnRy b2w7Cj4gPj4+PiAgdXNlIFBWRTo6SlNPTlNjaGVtYSBxdyhnZXRfc3RhbmRhcmRfb3B0aW9uKTsK PiA+Pj4+ICB1c2UgUFZFOjpBdXRoOjpQbHVnaW47Cj4gPj4+PiArdXNlIFBWRTo6QXV0aDo6T3Bl bklkOwo+ID4+Pj4KPiA+Pj4+ICB1c2UgUFZFOjpSRVNUSGFuZGxlcjsKPiA+Pj4+Cj4gPj4+PiBA QCAtMjIwLDYgKzIyMSw4NCBAQCBfX1BBQ0tBR0VfXy0+cmVnaXN0ZXJfbWV0aG9kICh7Cj4gPj4+ PiAgICAgICAgICAgICRycGNlbnYtPmNoZWNrX3VzZXJfZW5hYmxlZCgkdXNlcm5hbWUpOwo+ID4+ Pj4gICAgICAgIH0KPiA+Pj4+Cj4gPj4+PiArICAgICAgaWYgKGRlZmluZWQobXkgJGdyb3Vwc19j bGFpbSA9ICRjb25maWctPnsnZ3JvdXBzLWNsYWltJ30pKSB7Cj4gPj4+PiArICAgICAgICAgIGlm IChkZWZpbmVkKG15ICRncm91cHNfbGlzdCA9ICRpbmZvLT57JGdyb3Vwc19jbGFpbX0pKSB7Cj4g Pj4+PiArICAgICAgICAgICAgICBpZiAocmVmKCRncm91cHNfbGlzdCkgZXEgJ0FSUkFZJykgewo+ ID4+Pj4gKyAgICAgICAgICAgICAgICAgIFBWRTo6QWNjZXNzQ29udHJvbDo6bG9ja191c2VyX2Nv bmZpZyhzdWIgewo+ID4+Pj4gKyAgICAgICAgICAgICAgICAgICAgICBteSAkdXNlcmNmZyA9IGNm c19yZWFkX2ZpbGUoInVzZXIuY2ZnIik7Cj4gPj4+PiArCj4gPj4+PiArICAgICAgICAgICAgICAg ICAgICAgICMgcmVwbGFjZSBhbnkgaW52YWxpZCBjaGFyYWN0ZXJzIHdpdGgKPiA+Pj4+ICsgICAg ICAgICAgICAgICAgICAgICAgbXkgJHJlcGxhY2VfY2hhcmFjdGVyID0gJGNvbmZpZy0+eydncm91 cHMtcmVwbGFjZS1jaGFyYWN0ZXInfSAvLyAnXyc7Cj4gPj4+PiArICAgICAgICAgICAgICAgICAg ICAgIG15ICRvaWRjX2dyb3VwcyA9IHsgbWFwIHsKPiA+Pj4+ICsgICAgICAgICAgICAgICAgICAg ICAgICAgICRfID1+IHMvW14kUFZFOjpBdXRoOjpQbHVnaW46Omdyb3VwbmFtZV9yZWdleF9jaGFy c10vJHJlcGxhY2VfY2hhcmFjdGVyL2dyID0+IDEKPiA+Pj4+ICsgICAgICAgICAgICAgICAgICAg ICAgfSAkZ3JvdXBzX2xpc3QtPkAqIH07Cj4gPj4+IG1heWJlIHdlIGNvdWxkIGxvZyBhbnkgb2Yg dGhvc2UgcmVwbGFjZW1lbnRzIGhlcmU/IGRvaW5nIHRoaXMgc2lsZW50bHkKPiA+Pj4gbWF5IGxl YWQgdG8gY29uZnVzaW9uIHdoZW4gZ3JvdXBzIGRvbid0IG1hdGNoCj4gPj4KPiA+PiBhIHNpbWls YXIgaXNzdWUgaXMgZmlsZWQgZm9yIExEQVAvQUQgc3luYyBhcyB3ZWxsIC0gYW5kIEkgbm93IHdv bmRlciBiYXNlZCBvbiB0aGUgZGlzY3Vzc2lvbiB0aGVyZSAtIGRvIHdlIHJlYWxseSB3YW50IHRv IG1ha2UgdGhpcyBjb25maWd1cmFibGU/IGhvdyBkbyB3ZSB3YW50IHRvIGhhbmRsZSBjb25mbGlj dHM/IHdoaWxlIGl0J3MgYSBiaXQgbGVzcyBjcml0aWNhbCBmb3IgdHdvIG9yIG1vcmUgT0lEQyBn cm91cHMgdG8gYmUgbWFwcGVkIHRvIHRoZSBzYW1lIFBWRS1zaWRlIGdyb3VwIChjb21wYXJlZCB0 byB0aGUgc2FtZSBoYXBwZW5pbmcgd2l0aCB1c2VycyA7KSksIGlmIGl0J3MgcG9zc2libGUgdG8g YXZvaWQgaXQgdGhhdCB3b3VsZCBzdGlsbCBiZSBncmVhdC4uCj4gPj4KPiA+PiBncm91cHMgY3Vy cmVudGx5IGFsbG93IC4tXyBhcyBzcGVjaWFsIGNoYXJhY3RlcnMsIHNvIHdlIGNvdWxkIGRlc2ln bmF0ZSBvbmUgb2YgdGhlbSBhcyBlc2NhcGUgY2hhcmFjdGVyIGFuZCB0aGVuIGhhdmUgYSB1bmlx dWUgbWFwcGluZyBmb3IgZWFjaCBjaGFyYWN0ZXIgdGhhdCBpc24ndCBhbGxvd2VkIG9uIHRoZSBQ VkUgc2lkZSAoaW5jbHVkaW5nIHRoYXQgZXNjYXBlIGNoYXJhY3RlciA7KSkKPiA+Pgo+ID4+IGUu Zy4sIGFuIE9JREMgZ3JvdXAgY2FsbGVkICJmb28gYmFyIiBjb3VsZCBiZSBlbmNvZGVkIGFzICJm b29fMzJfYmFyIiAod2hlcmUgMzIgaXMgaGV4IGZvciBBU0NJSS0iICIpLiBjb3JyZXNwb25kaW5n bHksIGEgZ3JvdXAgY2FsbGVkICJmb29fYmFyIiB3b3VsZCBuZWVkIHRvIGJlIGVuY29kZWQgYXMg ImZvb181Rl9iYXIiLiAodGhlIHNlY29uZCAnXycgY291bGQgb2YgY291cnNlIGJlIGxlZnQgb2Zm IGlmIGRlc2lyZWQpLgo+ID4+Cj4gPj4gdW5mb3J0dW5hdGVseSwgYWRkaW5nIGFuIGVudGlyZWx5 IG5ldyBlc2NhcGUgY2hhcmFjdGVyIGlzIG5vdCByZWFsbHkgcG9zc2libGUgdW5sZXNzIHdlIHdh bnQgdG8gd2FpdCBmb3IgOS4wLCBhcyB0aGF0IHdvdWxkIHRoZW4gYnJlYWsgcGFyc2luZyBvZiB1 c2VyLmNmZyBpbiBhIG1peGVkIGNsdXN0ZXIgd2hpY2ggY2FuIGhhdmUgcmVhbGx5IGRhbmdlcm91 cyBzaWRlLWVmZmVjdHMuLgo+ID4+Cj4gPj4gb3Igd2UgY291bGQgbGl2ZSB3aXRoIHN1Y2ggYSBw b3RlbnRpYWxseSBsb3NzeSBtYXBwaW5nLCBidXQgdGhlbiBJIGFtIG5vdCBzdXJlIHdoZXRoZXIg YSBzaW5nbGUsIGhhcmQtY29kZWQsIGRvY3VtZW50ZWQgdmFsdWUgd291bGRuJ3QgYmUgYmV0dGVy PyB0aGUgbWFpbiBpc3N1ZSB3aXRoIHRoYXQgaXMgaWYgeW91IGFsbG93ICh1bnByaXZpbGVnZWQp IGNyZWF0aW9uIGFuZCBqb2luaW5nIG9mIGdyb3VwcyBvbiB0aGUgT0lEQyBzaWRlLCBhcyB0aGVu IGlmIHRoZXJlIGFscmVhZHkgaXMgYSBncm91cCBjYWxsZWQgIlN5c3RlbSBBZG1pbmlzdHJhdG9y cyIgdGhhdCBnb3QgbWFwcGVkIHRvICJTeXN0ZW1fQWRtaW5zdHJhdG9ycyIgb24gdGhlIFBWRSBz aWRlLCBhIHVzZXIgY291bGQgY3JlYXRlIGFuZCBqb2luICJTeXN0ZW0hQWRtaW5pc3RyYXRvcnMi IG9uIHRoZSBPSURDIHNpZGUgYW5kIGdldCBtYXBwZWQgdG8gdGhlIGV4aXN0aW5nLCBwcm9iYWJs eSBwcml2aWxlZ2VkICJTeXN0ZW1fQWRtaW5pc3RyYXRvcnMiIGdyb3VwLi4KPiA+Cj4gPiB0aGlz IHBhcnQgbm93IGdvdCBzcGxpdCBvdXQgaW50byBpdHMgb3duIGRpc2N1c3Npb246Cj4gPgo+ID4g aHR0cHM6Ly9sb3JlLnByb3htb3guY29tL3B2ZS1kZXZlbC9iOGZiYTlmNi02YzgzLTQ4NDYtOTIz Zi0yZjdiOTM4NTZiY2ZAcHJveG1veC5jb20vVC8jdQoKSSd2ZSBiZWVuIGxpZ2h0bHkgZm9sbG93 aW5nIHRoaXMsIGJ1dCBpdCdzIGNsZWFyIHRoZXJlJ3Mgbm90IHF1aXRlIGEKZGV0ZXJtaW5hdGlv biB5ZXQuIEdyb3VwcyB3aXRoIHNwYWNlcyBpbiB0aGUgbmFtZXMgd291bGQgYmUgaGlnaGx5CnVz ZWZ1bCBmb3IgQWN0aXZlIERpcmVjdG9yeSBlbnZpcm9ubWVudHMuCgo+ID4KPiA+IHdoYXQgZG8g eW91IHRoaW5rIGFib3V0IHRoZSBmb2xsb3dpbmcgdG8gbm90IGtlZXAgdGhpcyBibG9ja2VkIGxv bmdlcjoKPiA+Cj4gPiAtIHJlYmFzZSB0aGlzIHNlcmllcwo+ID4gLSBkcm9wIHRoZSBuYW1lIG1h bmdsaW5nLy4uIHBhcnQgZm9yIG5vdywgYW5kIG9ubHkgYWxsb3cgZ3JvdXBzIHRoYXQKPiA+ICAg d29yayB3aXRoIHRoZSBQVkUgY29uc3RyYWludHMgZm9yIHRoZSB0aW1lIGJlaW5nCj4gPgo+ID4g d2UgY2FuIGltcGxlbWVudCBpdCB3aGVuIHdlJ3ZlIGRlY2lkZWQgaG93IHRvIGhhbmRsZSB0aGUg bmFtZQo+ID4gbWFuZ2xpbmcvY29sbGlzaW9uLy4uIGlzc3VlLCBhbmQgZW5zdXJlIHdlIGdldCBh IGNvbnNpc3RlbnQKPiA+IGltcGxlbWVudGF0aW9uIGZvciBib3RoIExEQVAvQUQgYW5kIE9JREMu Cj4gPgo+Cj4gU291bmRzIGdvb2QgdG8gbWUuIEdyb3VwIHN1cHBvcnQgaXMgYSBodWdlIGltcHJv dmVtZW50IGV2ZW4gd2l0aCB0aGlzCj4gbGltaXRhdGlvbiBmb3Igbm93Lgo+CgpHb29kIHdpdGgg bWUsIHRvby4gSSdsbCB1c2UgdGhlIHNhbWUgbG9naWMgYXMgdGhlIGN1cnJlbnQgTERBUCBncm91 cApzeW5jIHRvIG9ubHkgYWxsb3cgdGhlIGdyb3VwcyB0aGF0IGFyZSBhbHJlYWR5IHdpdGhpbiBj b25zdHJhaW50cyB0bwpnZXQgdGhyb3VnaC4gSSdsbCBzdWJtaXQgaXQgYnkgdGhpcyB3ZWVrZW5k LiBUaGFua3MhCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f XwpwdmUtZGV2ZWwgbWFpbGluZyBsaXN0CnB2ZS1kZXZlbEBsaXN0cy5wcm94bW94LmNvbQpodHRw czovL2xpc3RzLnByb3htb3guY29tL2NnaS1iaW4vbWFpbG1hbi9saXN0aW5mby9wdmUtZGV2ZWwK