[pbs-devel] [PATCH proxmox-backup] fix #3038: check user before renewing ticket

Dylan Whyte d.whyte at proxmox.com
Tue Oct 20 11:29:16 CEST 2020


Fixes a bug in which the userid of the ticket cache is updated,
when a user connects, but the ticket itself is not.
This means a newly connected user has a previously connected
user's ticket and thus, cannot do anything, as the client will
attempt to use the invalid ticket.

e.g. if john at pbs connected to the server first, followed by
mike at pbs, the following would be stored in the ticket cache.

{
  "localhost": {
    "mike at pbs": {
      "ticket": "PBS:john at pbs:AAAA",
      "timestamp": 1601039326,
      "token": "BBBB"
    }
  }
}

Signed-off-by: Dylan Whyte <d.whyte at proxmox.com>
---
 src/client/http_client.rs | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/client/http_client.rs b/src/client/http_client.rs
index e3d18604..02a58c2d 100644
--- a/src/client/http_client.rs
+++ b/src/client/http_client.rs
@@ -219,11 +219,13 @@ fn store_ticket_info(prefix: &str, server: &str, username: &str, ticket: &str, t
 
     let empty = serde_json::map::Map::new();
     for (server, info) in data.as_object().unwrap_or(&empty) {
-        for (_user, uinfo) in info.as_object().unwrap_or(&empty) {
-            if let Some(timestamp) = uinfo["timestamp"].as_i64() {
-                let age = now - timestamp;
-                if age < ticket_lifetime {
-                    new_data[server][username] = uinfo.clone();
+        for (user, uinfo) in info.as_object().unwrap_or(&empty) {
+            if user == username {
+                if let Some(timestamp) = uinfo["timestamp"].as_i64() {
+                    let age = now - timestamp;
+                    if age < ticket_lifetime {
+                        new_data[server][username] = uinfo.clone();
+                    }
                 }
             }
         }
-- 
2.20.1






More information about the pbs-devel mailing list