fix vnc ticket verification without authkey lifetime

[pve-access-control.git] / PVE / AccessControl.pm

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 19d008c0be94fc14130d2d1420a0f4912583b007..51ef3ee12a54107ec0e6d8c777d25de32e18f306 100644 (file)
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -158,7 +158,7 @@ sub check_authkey {
 sub rotate_authkey {
     return if $authkey_lifetime == 0;
 
-    cfs_lock_authkey(undef, sub {
+    PVE::Cluster::cfs_lock_authkey(undef, sub {
        # re-check with lock to avoid double rotation in clusters
        return if check_authkey();
 
@@ -327,7 +327,7 @@ sub verify_vnc_ticket {
     my $secret_data = "$username:$path";
 
     my ($rsa_pub, $rsa_mtime) = get_pubkey();
-    if (!$rsa_pub || (time() - $rsa_mtime > $authkey_lifetime)) {
+    if (!$rsa_pub || (time() - $rsa_mtime > $authkey_lifetime && $authkey_lifetime > 0)) {
        if ($noerr) {
            return undef;
        } else {