fix #3038: check user before renewing ticket

Fixes a bug in which the userid of the ticket cache is updated,
when a user connects, but the ticket itself is not.
This means a newly connected user has a previously connected
user's ticket and thus, cannot do anything, as the client will
attempt to use the invalid ticket.

e.g. if john@pbs connected to the server first, followed by
mike@pbs, the following would be stored in the ticket cache.

{
  "localhost": {
    "mike@pbs": {
      "ticket": "PBS:john@pbs:AAAA",
      "timestamp": 1601039326,
      "token": "BBBB"
    }
  }
}

Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>

diff --git a/src/client/http_client.rs b/src/client/http_client.rs
index e3d18604dfdadf13c7cc39b5a14666ed0f61b6ae..02a58c2dced247e64261c028ecc6654d94a7ec1c 100644 (file)
--- a/src/client/http_client.rs
+++ b/src/client/http_client.rs
@@ -219,11 +219,13 @@ fn store_ticket_info(prefix: &str, server: &str, username: &str, ticket: &str, t
 
     let empty = serde_json::map::Map::new();
     for (server, info) in data.as_object().unwrap_or(&empty) {
-        for (_user, uinfo) in info.as_object().unwrap_or(&empty) {
-            if let Some(timestamp) = uinfo["timestamp"].as_i64() {
-                let age = now - timestamp;
-                if age < ticket_lifetime {
-                    new_data[server][username] = uinfo.clone();
+        for (user, uinfo) in info.as_object().unwrap_or(&empty) {
+            if user == username {
+                if let Some(timestamp) = uinfo["timestamp"].as_i64() {
+                    let age = now - timestamp;
+                    if age < ticket_lifetime {
+                        new_data[server][username] = uinfo.clone();
+                    }
                 }
             }
         }