ticket: add comments about auth key mtime

we cannot fully close this window, and don't need to anyway since we
apply +-300s when calculating ticket age ranges, but documenting where
mtime is used and what we expect seems like a good idea for future
readers.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 013226819579cb79be45d8749f478a5d88bc21e3..6ac99ac28d716d321d2778bfd4e80f441701044d 100644 (file)
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -171,6 +171,7 @@ sub rotate_authkey {
        if ($old) {
            eval {
                my $pem = $old->get_public_key_x509_string();
        if ($old) {
            eval {
                my $pem = $old->get_public_key_x509_string();

+               # mtime is used for caching and ticket age range calculation

                PVE::Tools::file_set_contents($pve_auth_key_files->{pubold}, $pem);
            };
            die "Failed to store old auth key: $@\n" if $@;
                PVE::Tools::file_set_contents($pve_auth_key_files->{pubold}, $pem);
            };
            die "Failed to store old auth key: $@\n" if $@;


@@ -178,6 +179,8 @@ sub rotate_authkey {
 
        eval {
            my $pem = $new->get_public_key_x509_string();
 
        eval {
            my $pem = $new->get_public_key_x509_string();

+           # mtime is used for caching and ticket age range calculation,
+           # should be close to that of pubold above

            PVE::Tools::file_set_contents($pve_auth_key_files->{pub}, $pem);
        };
        if ($@) {
            PVE::Tools::file_set_contents($pve_auth_key_files->{pub}, $pem);
        };
        if ($@) {