[pbs-devel] [PATCH proxmox-backup] auth: request a write lock when exposing the `LockedTfaConfig`
Stefan Sterz
s.sterz at proxmox.com
Fri Apr 12 14:31:56 CEST 2024
this function is called every time a user tries to log in to check
whether a tfa challenge is required. since the tfa config may need to
be written by the auth api (e.g. when a recovery key is used) this
needs to use a write lock instead of a read lock in order to avoid
potential races.
Signed-off-by: Stefan Sterz <s.sterz at proxmox.com>
---
src/auth.rs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/auth.rs b/src/auth.rs
index 04fb3a1d..e27d90d5 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -327,7 +327,7 @@ impl proxmox_auth_api::api::AuthContext for PbsAuthContext {
/// Access the TFA config with an exclusive lock.
fn tfa_config_write_lock(&self) -> Result<Box<dyn LockedTfaConfig>, Error> {
Ok(Box::new(PbsLockedTfaConfig {
- _lock: crate::config::tfa::read_lock()?,
+ _lock: crate::config::tfa::write_lock()?,
config: crate::config::tfa::read()?,
}))
}
--
2.39.2
More information about the pbs-devel
mailing list