[pve-devel] [PATCH access-control 3/3] ticket: add comments about auth key mtime
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Jun 19 11:46:19 CEST 2019
we cannot fully close this window, and don't need to anyway since we
apply +-300s when calculating ticket age ranges, but documenting where
mtime is used and what we expect seems like a good idea for future
readers.
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
PVE/AccessControl.pm | 3 +++
1 file changed, 3 insertions(+)
diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 0132268..6ac99ac 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -171,6 +171,7 @@ sub rotate_authkey {
if ($old) {
eval {
my $pem = $old->get_public_key_x509_string();
+ # mtime is used for caching and ticket age range calculation
PVE::Tools::file_set_contents($pve_auth_key_files->{pubold}, $pem);
};
die "Failed to store old auth key: $@\n" if $@;
@@ -178,6 +179,8 @@ sub rotate_authkey {
eval {
my $pem = $new->get_public_key_x509_string();
+ # mtime is used for caching and ticket age range calculation,
+ # should be close to that of pubold above
PVE::Tools::file_set_contents($pve_auth_key_files->{pub}, $pem);
};
if ($@) {
--
2.20.1
More information about the pve-devel
mailing list