From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: c.ebner@proxmox.com
Cc: pbs-devel@lists.proxmox.com
Subject: Re: [PATCH proxmox-backup v3 10/30] sync: add helper to check encryption key acls and load key
Date: Sun, 19 Apr 2026 22:41:52 +0200 [thread overview]
Message-ID: <20260419210610.3915597-3-t.lamprecht@proxmox.com> (raw)
In-Reply-To: <20260414125923.892345-11-c.ebner@proxmox.com>
Am 14.04.26 um 14:59 schrieb Christian Ebner:
> diff --git a/src/server/sync.rs b/src/server/sync.rs
>
> +/// Helper to check user having access to the given encryption key and loading
> +/// the it using the passphrase from the config.
Two small doc nits:
- "loading the it" - typo, should be "and loading it".
- "using the passphrase from the config" might be slightly misleading.
> +pub(crate) fn check_privs_and_load_key_config(
> + key_id: &str,
> + user: &Authid,
> + fail_on_archived: bool,
> +) -> Result<Option<Arc<CryptConfig>>, Error> {
> + ...
> + let key_config = pbs_config::encryption_keys::load_key_config(key_id, fail_on_archived)?;
> + // pass empty passphrase to get raw key material of unprotected key
> + let (enc_key, _created, fingerprint) = key_config.decrypt(&|| Ok(Vec::new()))?;
> + ...
> + Ok(Some(crypt_config))
> +}
The return type is Option<Arc<CryptConfig>> but it seems that the function never
actually returns Ok(None), it's eithers Some() on success or an Err() on
failure. Caller like PullParameters::new, PushParameters::new, or
sync_user_can_access_optional_key then have basically dead code handling the
None case.
It's probably fine to just drop the Option wrapper and return
Result<Arc<CryptConfig>, Error> directly.
> + user_info.check_privs(
> + user,
> + &["system", "encryption-keys", key_id],
> + PRIV_SYS_MODIFY,
> + true,
> + )?;
Using PRIV_SYS_MODIFY here feels somewhat heavy for the "use a key for sync"
operation - SYS_MODIFY traditionally gates config-modifying actions, while
using a key to encrypt/decrypt is more of a "read/use" semantic. Not a
blocker since it's consistent with the other endpoints in the series, but
worth a design consideration for whether a dedicated privilege (or
PRIV_SYS_AUDIT for use-only) would fit better long-term (can definitively be
checked only after this landed first, no point in bloating up the scope now
to much).
next prev parent reply other threads:[~2026-04-19 21:08 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-14 12:58 [PATCH proxmox{,-backup} v3 00/30] fix #7251: implement server side encryption support for push sync jobs Christian Ebner
2026-04-14 12:58 ` [PATCH proxmox v3 01/30] pbs-api-types: define en-/decryption key type and schema Christian Ebner
2026-04-14 12:58 ` [PATCH proxmox v3 02/30] pbs-api-types: sync job: add optional cryptographic keys to config Christian Ebner
2026-04-14 12:58 ` [PATCH proxmox-backup v3 03/30] sync: push: use tracing macros instead of log Christian Ebner
2026-04-14 12:58 ` [PATCH proxmox-backup v3 04/30] datastore: blob: implement async reader for data blobs Christian Ebner
2026-04-14 12:58 ` [PATCH proxmox-backup v3 05/30] datastore: manifest: add helper for change detection fingerprint Christian Ebner
2026-04-14 12:58 ` [PATCH proxmox-backup v3 06/30] pbs-key-config: introduce store_with() for KeyConfig Christian Ebner
2026-04-14 12:59 ` [PATCH proxmox-backup v3 07/30] pbs-config: implement encryption key config handling Christian Ebner
2026-04-14 14:32 ` Michael Köppl
2026-04-15 6:48 ` Christian Ebner
2026-04-15 8:03 ` Daniel Kral
2026-04-15 8:21 ` Christian Ebner
2026-04-15 8:06 ` Thomas Lamprecht
2026-04-19 20:41 ` Thomas Lamprecht
2026-04-20 7:22 ` Christian Ebner
2026-04-14 12:59 ` [PATCH proxmox-backup v3 08/30] pbs-config: acls: add 'encryption-keys' as valid 'system' subpath Christian Ebner
2026-04-14 12:59 ` [PATCH proxmox-backup v3 09/30] ui: expose 'encryption-keys' as acl subpath for 'system' Christian Ebner
2026-04-14 12:59 ` [PATCH proxmox-backup v3 10/30] sync: add helper to check encryption key acls and load key Christian Ebner
2026-04-19 20:41 ` Thomas Lamprecht [this message]
2026-04-14 12:59 ` [PATCH proxmox-backup v3 11/30] api: config: add endpoints for encryption key manipulation Christian Ebner
2026-04-14 12:59 ` [PATCH proxmox-backup v3 12/30] api: config: check sync owner has access to en-/decryption keys Christian Ebner
2026-04-14 12:59 ` [PATCH proxmox-backup v3 13/30] api: config: allow encryption key manipulation for sync job Christian Ebner
2026-04-19 20:41 ` Thomas Lamprecht
2026-04-20 8:21 ` Christian Ebner
2026-04-14 12:59 ` [PATCH proxmox-backup v3 14/30] sync: push: rewrite manifest instead of pushing pre-existing one Christian Ebner
2026-04-14 12:59 ` [PATCH proxmox-backup v3 15/30] api: push sync: expose optional encryption key for push sync Christian Ebner
2026-04-14 12:59 ` [PATCH proxmox-backup v3 16/30] sync: push: optionally encrypt data blob on upload Christian Ebner
2026-04-14 12:59 ` [PATCH proxmox-backup v3 17/30] sync: push: optionally encrypt client log on upload if key is given Christian Ebner
2026-04-14 12:59 ` [PATCH proxmox-backup v3 18/30] sync: push: add helper for loading known chunks from previous snapshot Christian Ebner
2026-04-19 20:41 ` Thomas Lamprecht
2026-04-20 8:59 ` Christian Ebner
2026-04-14 12:59 ` [PATCH proxmox-backup v3 19/30] fix #7251: api: push: encrypt snapshots using configured encryption key Christian Ebner
2026-04-15 14:49 ` Michael Köppl
2026-04-15 15:25 ` Christian Ebner
2026-04-19 20:41 ` Thomas Lamprecht
2026-04-20 9:46 ` Christian Ebner
2026-04-14 12:59 ` [PATCH proxmox-backup v3 20/30] ui: define and expose encryption key management menu item and windows Christian Ebner
2026-04-14 12:59 ` [PATCH proxmox-backup v3 21/30] ui: expose assigning encryption key to sync jobs Christian Ebner
2026-04-15 14:49 ` Michael Köppl
2026-04-15 15:20 ` Christian Ebner
2026-04-14 12:59 ` [PATCH proxmox-backup v3 22/30] sync: pull: load encryption key if given in job config Christian Ebner
2026-04-14 12:59 ` [PATCH proxmox-backup v3 23/30] sync: expand source chunk reader trait by crypt config Christian Ebner
2026-04-14 12:59 ` [PATCH proxmox-backup v3 24/30] sync: pull: introduce and use decrypt index writer if " Christian Ebner
2026-04-19 20:41 ` Thomas Lamprecht
2026-04-14 12:59 ` [PATCH proxmox-backup v3 25/30] sync: pull: extend encountered chunk by optional decrypted digest Christian Ebner
2026-04-19 20:41 ` Thomas Lamprecht
2026-04-14 12:59 ` [PATCH proxmox-backup v3 26/30] sync: pull: decrypt blob files on pull if encryption key is configured Christian Ebner
2026-04-19 20:41 ` Thomas Lamprecht
2026-04-14 12:59 ` [PATCH proxmox-backup v3 27/30] sync: pull: decrypt chunks and rewrite index file for matching key Christian Ebner
2026-04-14 12:59 ` [PATCH proxmox-backup v3 28/30] sync: pull: decrypt snapshots with matching encryption key fingerprint Christian Ebner
2026-04-19 20:41 ` Thomas Lamprecht
2026-04-14 12:59 ` [PATCH proxmox-backup v3 29/30] api: encryption keys: allow to toggle the archived state for keys Christian Ebner
2026-04-19 20:42 ` Thomas Lamprecht
2026-04-14 12:59 ` [PATCH proxmox-backup v3 30/30] docs: add section describing server side encryption for sync jobs Christian Ebner
2026-04-19 20:42 ` Thomas Lamprecht
2026-04-19 20:41 ` [PATCH proxmox{,-backup} v3 00/30] fix #7251: implement server side encryption support for push " Thomas Lamprecht
2026-04-20 6:48 ` Christian Ebner
2026-04-20 16:17 ` Christian Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260419210610.3915597-3-t.lamprecht@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=c.ebner@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox