From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 4CA931FF183 for ; Wed, 22 Oct 2025 14:06:24 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 7821616EE2; Wed, 22 Oct 2025 14:06:50 +0200 (CEST) From: Maximiliano Sandoval To: pmg-devel@lists.proxmox.com Date: Wed, 22 Oct 2025 14:06:16 +0200 Message-ID: <20251022120617.281408-1-m.sandoval@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1761134770274 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.097 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [clusterconfig.pm, pmgcm.pm, cluster.pm] Subject: [pmg-devel] [PATCH pmg-api] use fingerprint-sha256 option for fingerprints X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pmg-devel-bounces@lists.proxmox.com Sender: "pmg-devel" The previous parameter had a regex expression that allowed letters [A-Z] instead of [A-F] and it was uppercase-only. Tested via: ``` pmgcm join $HOST --fingerprint $FINGERPRINT pmgcm status ``` Additionally it was tested that 'pmgcm status' worked after changing the fingerprints at /etc/pmg/cluster.conf to lowercase. Here $FINGERPRINT was modified so it contained both upper-and-lowercase characters. Signed-off-by: Maximiliano Sandoval --- src/PMG/API2/Cluster.pm | 9 ++++----- src/PMG/CLI/pmgcm.pm | 12 ++++++------ src/PMG/ClusterConfig.pm | 12 +++++++----- 3 files changed, 17 insertions(+), 16 deletions(-) diff --git a/src/PMG/API2/Cluster.pm b/src/PMG/API2/Cluster.pm index fbfbcfc2..69096df6 100644 --- a/src/PMG/API2/Cluster.pm +++ b/src/PMG/API2/Cluster.pm @@ -421,11 +421,7 @@ __PACKAGE__->register_method({ type => 'string', format => 'ip', }, - fingerprint => { - description => "SSL certificate fingerprint.", - type => 'string', - pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$', - }, + fingerprint => get_standard_option('fingerprint-sha256'), password => { description => "Superuser password.", type => 'string', @@ -439,6 +435,9 @@ __PACKAGE__->register_method({ my $rpcenv = PMG::RESTEnvironment->get(); my $authuser = $rpcenv->get_user(); + if (my $fp = $param->{fingerprint}) { + $param->{fingerprint} = uc($fp); + } my $realcmd = sub { my $cinfo = PMG::ClusterConfig->new(); diff --git a/src/PMG/CLI/pmgcm.pm b/src/PMG/CLI/pmgcm.pm index 401f6801..07ea0741 100644 --- a/src/PMG/CLI/pmgcm.pm +++ b/src/PMG/CLI/pmgcm.pm @@ -6,6 +6,7 @@ use Data::Dumper; use POSIX qw(strftime); use JSON; +use PVE::JSONSchema qw(get_standard_option); use PVE::SafeSyslog; use PVE::Tools qw(extract_param); use PVE::INotify; @@ -171,18 +172,17 @@ __PACKAGE__->register_method({ type => 'string', format => 'ip', }, - fingerprint => { - description => "SSL certificate fingerprint.", - type => 'string', - pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$', - optional => 1, - }, + fingerprint => get_standard_option('fingerprint-sha256'), }, }, returns => { type => 'null' }, code => sub { my ($param) = @_; + if (my $fp = $param->{fingerprint}) { + $param->{fingerprint} = uc($fp); + } + my $code = sub { my $cinfo = PMG::ClusterConfig->new(); diff --git a/src/PMG/ClusterConfig.pm b/src/PMG/ClusterConfig.pm index bf8405c0..eeab326b 100644 --- a/src/PMG/ClusterConfig.pm +++ b/src/PMG/ClusterConfig.pm @@ -75,11 +75,7 @@ sub properties { type => 'string', pattern => valid_ssh_pubkey_regex(), }, - fingerprint => { - description => "SSL certificate fingerprint.", - type => 'string', - pattern => '^(:?[A-Z0-9][A-Z0-9]:){31}[A-Z0-9][A-Z0-9]$', - }, + fingerprint => PVE::JSONSchema::get_standard_option('fingerprint-sha256'), }; } @@ -203,6 +199,8 @@ sub read_cluster_conf { $maxcid = $d->{maxcid} if defined($d->{maxcid}) && $d->{maxcid} > $maxcid; $cinfo->{master} = $d if $d->{type} eq 'master'; $cinfo->{'local'} = $d if $d->{name} eq $localname; + + $d->{fingerprint} = uc($d->{fingerprint}); } if ($maxcid) { @@ -224,6 +222,10 @@ sub read_cluster_conf { sub write_cluster_conf { my ($filename, $fh, $cfg) = @_; + foreach my $entry (values %{ $cfg->{ids} }) { + $entry->{fingerprint} = uc($entry->{fingerprint}); + } + my $raw = PMG::ClusterConfig::Base->write_config($filename, $cfg); PVE::Tools::safe_print($filename, $fh, $raw); -- 2.47.3 _______________________________________________ pmg-devel mailing list pmg-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel