[pdm-devel] [PATCH proxmox 2/3] auth-api: use Authid for path ticket validation
Fabian Grünbichler
f.gruenbichler at proxmox.com
Tue Nov 11 09:29:15 CET 2025
instead of Userid. technically a breaking change, callers that pass in a Userid
at the moment and want to restrict it as such need to add an extra check.
in practice, PDM already has such a check, and PBS drops it after this change.
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
Notes:
breaking change, needed by PBS
proxmox-auth-api/src/api/access.rs | 2 +-
proxmox-auth-api/src/api/mod.rs | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/proxmox-auth-api/src/api/access.rs b/proxmox-auth-api/src/api/access.rs
index a32739af..6921ea29 100644
--- a/proxmox-auth-api/src/api/access.rs
+++ b/proxmox-auth-api/src/api/access.rs
@@ -290,7 +290,7 @@ async fn authenticate_user(
bail!("ticket login failed - wrong userid");
}
} else if let Some(((path, privs), port)) = path.zip(privs).zip(port) {
- match auth_context.check_path_ticket(userid, password, path, privs, port)? {
+ match auth_context.check_path_ticket(&auth_id, password, path, privs, port)? {
None => (), // no path based tickets supported, just fall through.
Some(true) => return Ok(AuthResult::Success),
Some(false) => bail!("No such privilege"),
diff --git a/proxmox-auth-api/src/api/mod.rs b/proxmox-auth-api/src/api/mod.rs
index e176ea01..3c07ead3 100644
--- a/proxmox-auth-api/src/api/mod.rs
+++ b/proxmox-auth-api/src/api/mod.rs
@@ -78,13 +78,13 @@ pub trait AuthContext: Send + Sync {
/// Check path based tickets. (Used for terminal tickets).
fn check_path_ticket(
&self,
- userid: &Userid,
+ auth_id: &Authid,
password: &str,
path: String,
privs: String,
port: u16,
) -> Result<Option<bool>, Error> {
- let _ = (userid, password, path, privs, port);
+ let _ = (auth_id, password, path, privs, port);
Ok(None)
}
--
2.47.3
More information about the pdm-devel
mailing list