From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gate001.proxmox.com (gate001.proxmox.com [45.144.208.40]) by lore.proxmox.com (Postfix) with ESMTPS id 6BADE1FF150 for ; Mon, 06 Jul 2026 10:03:59 +0200 (CEST) Received: from gate001.proxmox.com (localhost.localdomain [127.0.0.1]) by gate001.proxmox.com (Proxmox) with ESMTP id DE3EE21471; Mon, 06 Jul 2026 10:03:57 +0200 (CEST) From: Maximiliano Sandoval To: pbs-devel@lists.proxmox.com Subject: [PATCH backup v4 1/4] fix #7054: client: remove trailing newlines from credentials Date: Mon, 6 Jul 2026 10:02:41 +0200 Message-ID: <20260706080246.108256-2-m.sandoval@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260706080246.108256-1-m.sandoval@proxmox.com> References: <20260706080246.108256-1-m.sandoval@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1783324991765 X-SPAM-LEVEL: Spam detection results: 0 DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment (newer systems) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: EAGVM55WKWAR25Z2QT3GHMGN3MO7LRFD X-Message-ID-Hash: EAGVM55WKWAR25Z2QT3GHMGN3MO7LRFD X-MailFrom: m.sandoval@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Some tools, like systemd-ask-password can add a trailing new line to the file. In order to improve usability we strip trailing newlines. For repositories and fingerprints we simply strip trailing whitespaces. For passwords, we refer to the password regex at proxmox-schema: `^[[:^cntrl:]]*$`, we can only strip trailing control characters without potentially breaking existing passwords. For the sake of avoiding to strip more than necessary we only strip trailing newlines. The encryption password is just a blob of bytes handled locally by the client, we cannot remove trailing whitespace here without potential breakage. Creation of such passwords (via proxmox_sys::tty::read_and_verify_password) only verifies valid utf-8 and len >= 5 and thus the password might contain newlines. Signed-off-by: Maximiliano Sandoval --- pbs-client/src/tools/mod.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pbs-client/src/tools/mod.rs b/pbs-client/src/tools/mod.rs index 700436f8c..ca64b239e 100644 --- a/pbs-client/src/tools/mod.rs +++ b/pbs-client/src/tools/mod.rs @@ -189,6 +189,7 @@ fn get_secret_impl(env_variable: &str, credential_name: &str) -> Result Result, Error> { get_secret_impl(ENV_VAR_PBS_PASSWORD, CRED_PBS_PASSWORD) + .map(|opt| opt.map(|s| s.trim_end_matches('\n').to_string())) } /// Gets an encryption password. @@ -214,6 +215,7 @@ pub fn get_default_repository() -> Option { .inspect_err(|err| { proxmox_log::error!("could not read default repository: {err:#}"); }) + .map(|opt| opt.map(|s| s.trim_end().to_string())) .unwrap_or_default() } @@ -232,6 +234,7 @@ pub fn get_fingerprint() -> Option { .inspect_err(|err| { proxmox_log::error!("could not read fingerprint: {err:#}"); }) + .map(|opt| opt.map(|s| s.trim_end().to_string())) .unwrap_or_default() } -- 2.47.3