From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gate001.proxmox.com (gate001.proxmox.com [IPv6:2a0f:8001:1:32::40]) by lore.proxmox.com (Postfix) with ESMTPS id B9B8B1FF13E for ; Wed, 01 Jul 2026 16:05:10 +0200 (CEST) Received: from gate001.proxmox.com (localhost.localdomain [127.0.0.1]) by gate001.proxmox.com (Proxmox) with ESMTP id 1979F2141D; Wed, 01 Jul 2026 16:05:06 +0200 (CEST) From: Christian Ebner To: pbs-devel@lists.proxmox.com Subject: [PATCH proxmox-backup v3 10/15] server: auth helpers: use proxmox-product-config create options helpers Date: Wed, 1 Jul 2026 16:04:07 +0200 Message-ID: <20260701140412.200920-11-c.ebner@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260701140412.200920-1-c.ebner@proxmox.com> References: <20260701140412.200920-1-c.ebner@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1782914662138 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.046 Adjusted score from AWL reputation of From: address DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment (newer systems) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: VRCGPHJDI6EIUAA5UVSRU6MDPJFPQPTB X-Message-ID-Hash: VRCGPHJDI6EIUAA5UVSRU6MDPJFPQPTB X-MailFrom: c.ebner@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Backup Server development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Instead of re-defining them again use the global helper providing them. Signed-off-by: Christian Ebner --- src/auth_helpers.rs | 27 ++++----------------------- 1 file changed, 4 insertions(+), 23 deletions(-) diff --git a/src/auth_helpers.rs b/src/auth_helpers.rs index 64222e7cc..8145027de 100644 --- a/src/auth_helpers.rs +++ b/src/auth_helpers.rs @@ -23,16 +23,10 @@ pub fn generate_csrf_key() -> Result<(), Error> { let key = HMACKey::generate()?.to_base64()?; - use nix::sys::stat::Mode; - let backup_user = pbs_config::backup_user()?; - replace_file( &path, key.as_bytes(), - CreateOptions::new() - .perm(Mode::from_bits_truncate(0o0640)) - .owner(nix::unistd::ROOT) - .group(backup_user.gid), + proxmox_product_config::privileged_create_options(), true, )?; @@ -60,15 +54,10 @@ pub fn generate_auth_key() -> Result<(), Error> { true, )?; - let backup_user = pbs_config::backup_user()?; - replace_file( &public_path, &key.public_key_to_pem()?, - CreateOptions::new() - .perm(Mode::from_bits_truncate(0o0640)) - .owner(nix::unistd::ROOT) - .group(backup_user.gid), + proxmox_product_config::privileged_create_options(), true, )?; @@ -122,11 +111,7 @@ pub fn store_ldap_bind_password( let mut data = proxmox_sys::fs::file_get_json(LDAP_PASSWORDS_FILENAME, Some(json!({})))?; data[realm] = password.into(); - let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600); - let options = proxmox_sys::fs::CreateOptions::new() - .perm(mode) - .owner(nix::unistd::ROOT) - .group(nix::unistd::Gid::from_raw(0)); + let options = proxmox_product_config::secret_create_options(); let data = serde_json::to_vec_pretty(&data)?; proxmox_sys::fs::replace_file(LDAP_PASSWORDS_FILENAME, &data, options, true)?; @@ -142,11 +127,7 @@ pub fn remove_ldap_bind_password(realm: &str, _domain_lock: &BackupLockGuard) -> map.remove(realm); } - let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600); - let options = proxmox_sys::fs::CreateOptions::new() - .perm(mode) - .owner(nix::unistd::ROOT) - .group(nix::unistd::Gid::from_raw(0)); + let options = proxmox_product_config::secret_create_options(); let data = serde_json::to_vec_pretty(&data)?; proxmox_sys::fs::replace_file(LDAP_PASSWORDS_FILENAME, &data, options, true)?; -- 2.47.3