fix #3038: check user before renewing ticket
Fixes a bug in which the userid of the ticket cache is updated, when a user connects, but the ticket itself is not. This means a newly connected user has a previously connected user's ticket and thus, cannot do anything, as the client will attempt to use the invalid ticket. e.g. if john@pbs connected to the server first, followed by mike@pbs, the following would be stored in the ticket cache. { "localhost": { "mike@pbs": { "ticket": "PBS:john@pbs:AAAA", "timestamp": 1601039326, "token": "BBBB" } } } Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
This commit is contained in:
parent
b428af9781
commit
afef7f3bba
|
@ -219,7 +219,8 @@ fn store_ticket_info(prefix: &str, server: &str, username: &str, ticket: &str, t
|
||||||
|
|
||||||
let empty = serde_json::map::Map::new();
|
let empty = serde_json::map::Map::new();
|
||||||
for (server, info) in data.as_object().unwrap_or(&empty) {
|
for (server, info) in data.as_object().unwrap_or(&empty) {
|
||||||
for (_user, uinfo) in info.as_object().unwrap_or(&empty) {
|
for (user, uinfo) in info.as_object().unwrap_or(&empty) {
|
||||||
|
if user == username {
|
||||||
if let Some(timestamp) = uinfo["timestamp"].as_i64() {
|
if let Some(timestamp) = uinfo["timestamp"].as_i64() {
|
||||||
let age = now - timestamp;
|
let age = now - timestamp;
|
||||||
if age < ticket_lifetime {
|
if age < ticket_lifetime {
|
||||||
|
@ -228,6 +229,7 @@ fn store_ticket_info(prefix: &str, server: &str, username: &str, ticket: &str, t
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
replace_file(path, new_data.to_string().as_bytes(), CreateOptions::new().perm(mode))?;
|
replace_file(path, new_data.to_string().as_bytes(), CreateOptions::new().perm(mode))?;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue