From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id F13541FF13A for ; Wed, 01 Apr 2026 09:55:42 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 858B710C8E; Wed, 1 Apr 2026 09:56:05 +0200 (CEST) From: Christian Ebner To: pbs-devel@lists.proxmox.com Subject: [PATCH proxmox-backup 14/20] sync: pull: load encryption key if given in job config Date: Wed, 1 Apr 2026 09:55:15 +0200 Message-ID: <20260401075521.176354-15-c.ebner@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260401075521.176354-1-c.ebner@proxmox.com> References: <20260401075521.176354-1-c.ebner@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1775030090271 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.064 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: 3PHXNQZKCLFNMYMVYC26YT5WILMWBNZX X-Message-ID-Hash: 3PHXNQZKCLFNMYMVYC26YT5WILMWBNZX X-MailFrom: c.ebner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: If configured and passed in on PullParams construction, check access and load the encryption key. Any snapshots matching this key fingerprint should be decrypted during pull sync. Signed-off-by: Christian Ebner --- src/api2/pull.rs | 15 +++++++++++---- src/server/pull.rs | 11 +++++++++++ 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/src/api2/pull.rs b/src/api2/pull.rs index 4b1fd5e60..fb797a882 100644 --- a/src/api2/pull.rs +++ b/src/api2/pull.rs @@ -8,10 +8,10 @@ use proxmox_schema::api; use pbs_api_types::{ Authid, BackupNamespace, GroupFilter, RateLimitConfig, SyncJobConfig, DATASTORE_SCHEMA, - GROUP_FILTER_LIST_SCHEMA, NS_MAX_DEPTH_REDUCED_SCHEMA, PRIV_DATASTORE_BACKUP, - PRIV_DATASTORE_PRUNE, PRIV_REMOTE_READ, REMOTE_ID_SCHEMA, REMOVE_VANISHED_BACKUPS_SCHEMA, - RESYNC_CORRUPT_SCHEMA, SYNC_ENCRYPTED_ONLY_SCHEMA, SYNC_VERIFIED_ONLY_SCHEMA, - TRANSFER_LAST_SCHEMA, + ENCRYPTION_KEY_ID_SCHEMA, GROUP_FILTER_LIST_SCHEMA, NS_MAX_DEPTH_REDUCED_SCHEMA, + PRIV_DATASTORE_BACKUP, PRIV_DATASTORE_PRUNE, PRIV_REMOTE_READ, REMOTE_ID_SCHEMA, + REMOVE_VANISHED_BACKUPS_SCHEMA, RESYNC_CORRUPT_SCHEMA, SYNC_ENCRYPTED_ONLY_SCHEMA, + SYNC_VERIFIED_ONLY_SCHEMA, TRANSFER_LAST_SCHEMA, }; use pbs_config::CachedUserInfo; use proxmox_rest_server::WorkerTask; @@ -91,6 +91,7 @@ impl TryFrom<&SyncJobConfig> for PullParameters { sync_job.encrypted_only, sync_job.verified_only, sync_job.resync_corrupt, + sync_job.encryption_key.clone(), ) } } @@ -148,6 +149,10 @@ impl TryFrom<&SyncJobConfig> for PullParameters { schema: RESYNC_CORRUPT_SCHEMA, optional: true, }, + "encryption-key": { + schema: ENCRYPTION_KEY_ID_SCHEMA, + optional: true, + }, }, }, access: { @@ -175,6 +180,7 @@ async fn pull( encrypted_only: Option, verified_only: Option, resync_corrupt: Option, + encryption_key: Option, rpcenv: &mut dyn RpcEnvironment, ) -> Result { let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?; @@ -215,6 +221,7 @@ async fn pull( encrypted_only, verified_only, resync_corrupt, + encryption_key, )?; // fixme: set to_stdout to false? diff --git a/src/server/pull.rs b/src/server/pull.rs index 0ac6b5b8e..5374b4faf 100644 --- a/src/server/pull.rs +++ b/src/server/pull.rs @@ -8,6 +8,7 @@ use std::sync::{Arc, Mutex}; use std::time::SystemTime; use anyhow::{bail, format_err, Context, Error}; +use pbs_tools::crypt_config::CryptConfig; use proxmox_human_byte::HumanByte; use tracing::{info, warn}; @@ -65,6 +66,8 @@ pub(crate) struct PullParameters { verified_only: bool, /// Whether to re-sync corrupted snapshots resync_corrupt: bool, + /// Encryption key config to decrypt snapshots with matching key fingerprint + crypt_config: Option>, } impl PullParameters { @@ -85,6 +88,7 @@ impl PullParameters { encrypted_only: Option, verified_only: Option, resync_corrupt: Option, + encryption_key: Option, ) -> Result { if let Some(max_depth) = max_depth { ns.check_max_depth(max_depth)?; @@ -123,6 +127,12 @@ impl PullParameters { let group_filter = group_filter.unwrap_or_default(); + let crypt_config = if let Some(key_id) = &encryption_key { + crate::server::sync::check_privs_and_load_key_config(key_id, &owner)? + } else { + None + }; + Ok(Self { source, target, @@ -134,6 +144,7 @@ impl PullParameters { encrypted_only, verified_only, resync_corrupt, + crypt_config, }) } } -- 2.47.3