proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-10-04 11:32:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

assert tfa/user config lock order

Browse Source 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2021-11-10 13:49:00 +01:00 committed by Thomas Lamprecht
parent c55555ab74
commit 2ee46655a5
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/PVE/AccessControl.pm
View File

@ -12,6 +12,7 @@ use Digest::SHA;
use IO::File; use IO::File;
use File::stat; use File::stat;
use JSON; use JSON;
use Scalar::Util 'weaken';
use PVE::OTP; use PVE::OTP;
use PVE::Ticket; use PVE::Ticket;
@ -68,10 +69,20 @@ sub pve_verify_realm {
PVE::Auth::Plugin::pve_verify_realm(@_); PVE::Auth::Plugin::pve_verify_realm(@_);
} }
# Locking both config files together is only ever allowed in one order:
# 1) tfa config
# 2) user config
# If we permit the other way round, too, we might end up deadlocking!
my $user_config_locked;
sub lock_user_config { sub lock_user_config {
my ($code, $errmsg) = @_; my ($code, $errmsg) = @_;
my $locked = 1;
$user_config_locked = \$locked;
weaken $user_config_locked; # make this scope guard signal safe...
cfs_lock_file("user.cfg", undef, $code); cfs_lock_file("user.cfg", undef, $code);
$user_config_locked = undef;
if (my $err = $@) { if (my $err = $@) {
$errmsg ? die "$errmsg: $err" : die $err; $errmsg ? die "$errmsg: $err" : die $err;
} }
@ -80,6 +91,9 @@ sub lock_user_config {
sub lock_tfa_config { sub lock_tfa_config {
my ($code, $errmsg) = @_; my ($code, $errmsg) = @_;
die "tfa config lock cannot be acquired while holding user config lock\n"
if ($user_config_locked && $$user_config_locked);
my $res = cfs_lock_file("priv/tfa.cfg", undef, $code); my $res = cfs_lock_file("priv/tfa.cfg", undef, $code);
if (my $err = $@) { if (my $err = $@) {
$errmsg ? die "$errmsg: $err" : die $err; $errmsg ? die "$errmsg: $err" : die $err;