From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 0E1237776C for ; Wed, 21 Jul 2021 10:47:39 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 023FE11BF1 for ; Wed, 21 Jul 2021 10:47:39 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 714EC11BE3 for ; Wed, 21 Jul 2021 10:47:38 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 49FF74241C for ; Wed, 21 Jul 2021 10:47:38 +0200 (CEST) Date: Wed, 21 Jul 2021 10:47:36 +0200 (CEST) From: Dietmar Maurer To: Thomas Lamprecht , Proxmox Backup Server development discussion Message-ID: <1061967662.248.1626857256576@webmail.proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Priority: 3 Importance: Normal X-Mailer: Open-Xchange Mailer v7.10.5-Rev16 X-Originating-Client: open-xchange-appsuite X-SPAM-LEVEL: Spam detection results: 0 AWL 0.853 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pbs-devel] [PATCH proxmox-backup 1/2] support more ENV vars to get secret values X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jul 2021 08:47:39 -0000 > what about newlines in secrets? I can have them in the "direct" use, where we may not > change that for backward compatibility, but not in the fd/file/command use? > > I can get where this comes from, and while it feels a bit inconsistent it can be OK but must > be at least documented a bit more explicitly. In general, passwords should be arbitrary binary data &[u8]. But this is clumsy because we want to use the password with our REST interface, which requires UTF8 (json). We also read password from the console and use newline as input terminator. So it is impossible to read password with newlines from the tty. Sigh... > > +/// > > +/// Only return the first line when reading from a file or command. > > +pub fn get_secret_from_env(base_name: &str) -> Result, Error> { > > + > > + match std::env::var(base_name) { > > + Ok(p) => return Ok(Some(p)), > > + Err(NotUnicode(_)) => bail!(format!("{} contains bad characters", base_name)), > > + Err(NotPresent) => {}, > > + }; > > + > > + let firstline = |data: String| -> String { > > + match data.lines().next() { > > + Some(line) => line.to_string(), > > + None => String::new(), > > + } > > + }; > > + > > + let env_name = format!("{}_FD", base_name); > > + match std::env::var(&env_name) { > > + Ok(fd_str) => { > > + let fd: i32 = fd_str.parse() > > + .map_err(|err| format_err!("unable to parse file descriptor in ENV({}): {}", env_name, err))?; > > + let mut file = unsafe { File::from_raw_fd(fd) }; > > + let mut buffer = String::new(); > > + let _ = file.read_to_string(&mut buffer)?; > > > Avoiding to read all of the file (which could be rather big in theory) > wouldn't be that much more code, i.e., above line would become > > let mut reader = BufReader::new(file); > let _ = reader.read_line(&mut line)?; Unfortunately, this returns the line including the '\n'. Instead, we need to use the "std::io::Lines" iterator: reader.lines().next() > > + return Ok(Some(firstline(buffer))); > > + } > > + _ => {} > > + } > > + > > + let env_name = format!("{}_FILE", base_name); > > + match std::env::var(&env_name) { > > + Ok(filename) => { > > + let data = proxmox::tools::fs::file_read_string(filename)?; > > why not proxmox::tools::fs::file_read_firstline ? Because that also includes the newline ... > looks OK besides that, and besides a more detailed rust-docs I have no hard feelings for the other things. Will send a v2 with your suggestions.