Proxmox-Port/proxmox
1
0
Fork 0
forked from proxmox-mirrors/proxmox
Code Pull Requests Activity

proxmox-login: fix ticket userid check for PMG quarantine tickets

Browse Source 
We simply strip the "@quarantine" at the end.

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
This commit is contained in:
Dietmar Maurer 2023-08-02 14:30:04 +02:00
parent 25024fa687
commit 9599cb6fd6
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
proxmox-login/src/lib.rs
View File

@ -57,6 +57,13 @@ fn normalize_url(mut api_url: String) -> String {
api_url api_url
} }
fn check_ticket_userid(ticket_userid: &str, expected_userid: &str) -> Result<(), ResponseError> {
if ticket_userid != expected_userid.trim_end_matches("@quarantine") {
return Err("returned ticket contained unexpected userid".into());
}
Ok(())
}
impl Login { impl Login {
/// Prepare a request given an existing ticket string. /// Prepare a request given an existing ticket string.
pub fn renew( pub fn renew(
@ -152,9 +159,7 @@ impl Login {
Ok(match ticket { Ok(match ticket {
TicketResponse::Full(ticket) => { TicketResponse::Full(ticket) => {
if ticket.userid() != self.userid { check_ticket_userid(ticket.userid(), &self.userid)?;
return Err("returned ticket contained unexpected userid".into());
}
TicketResult::Full(Authentication { TicketResult::Full(Authentication {
csrfprevention_token: response csrfprevention_token: response
.csrfprevention_token .csrfprevention_token
@ -294,10 +299,7 @@ impl SecondFactorChallenge {
} }
let ticket: Ticket = response.ticket.ok_or("no ticket in response")?.parse()?; let ticket: Ticket = response.ticket.ok_or("no ticket in response")?.parse()?;
check_ticket_userid(ticket.userid(), &self.userid)?;
if ticket.userid() != self.userid {
return Err("returned ticket contained unexpected userid".into());
}
Ok(Authentication { Ok(Authentication {
ticket, ticket,