From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 23C791FF187 for ; Mon, 22 Sep 2025 13:10:18 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 7303718B3E; Mon, 22 Sep 2025 13:10:47 +0200 (CEST) From: Christian Ebner To: pdm-devel@lists.proxmox.com Date: Mon, 22 Sep 2025 13:09:53 +0200 Message-ID: <20250922110958.369653-2-c.ebner@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20250922110958.369653-1-c.ebner@proxmox.com> References: <20250922110958.369653-1-c.ebner@proxmox.com> MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1758539402338 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.041 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pdm-devel] [PATCH datacenter-manager 1/6] server: api: add TLS probe endpoint for PBS X-BeenThere: pdm-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Datacenter Manager development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Datacenter Manager development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pdm-devel-bounces@lists.proxmox.com Sender: "pdm-devel" Analogous to the TLS probe implementation of PVE, add and api endpoint allowing to probe the PBS hosts TLS certificate so this can be checked by the remote add wizard. Signed-off-by: Christian Ebner --- server/src/api/pbs/mod.rs | 42 +++++++++++++++++++++++++++++++++++---- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/server/src/api/pbs/mod.rs b/server/src/api/pbs/mod.rs index a31481e..0ca97cd 100644 --- a/server/src/api/pbs/mod.rs +++ b/server/src/api/pbs/mod.rs @@ -5,11 +5,11 @@ use proxmox_router::{list_subdirs_api_method, Permission, Router, SubdirMap}; use proxmox_schema::api; use proxmox_sortable_macro::sortable; -use pdm_api_types::remotes::REMOTE_ID_SCHEMA; -use pdm_api_types::PRIV_RESOURCE_AUDIT; +use pdm_api_types::remotes::{RemoteType, TlsProbeOutcome, REMOTE_ID_SCHEMA}; +use pdm_api_types::{HOST_OPTIONAL_PORT_FORMAT, PRIV_RESOURCE_AUDIT, PRIV_SYS_MODIFY}; use crate::{ - connection, + connection::{self, probe_tls_connection}, pbs_client::{self, get_remote}, }; @@ -20,7 +20,10 @@ pub const ROUTER: Router = Router::new() .subdirs(SUBDIRS); #[sortable] -const SUBDIRS: SubdirMap = &sorted!([("remotes", &REMOTES_ROUTER)]); +const SUBDIRS: SubdirMap = &sorted!([ + ("remotes", &REMOTES_ROUTER), + ("probe-tls", &Router::new().post(&API_METHOD_PROBE_TLS)), +]); const REMOTES_ROUTER: Router = Router::new().match_all("remote", &MAIN_ROUTER); @@ -112,3 +115,34 @@ async fn list_snapshots_2( } .into()) } + +#[api( + input: { + properties: { + hostname: { + type: String, + format: &HOST_OPTIONAL_PORT_FORMAT, + description: "Hostname (with optional port) of the target remote", + }, + fingerprint: { + type: String, + description: "Fingerprint of the target remote.", + optional: true, + }, + }, + }, + access: { + permission: + &Permission::Privilege(&["/"], PRIV_SYS_MODIFY, false), + }, +)] +/// Probe the hosts TLS certificate. +/// +/// If the certificate is not trusted with the given parameters, returns the certificate +/// information. +async fn probe_tls( + hostname: String, + fingerprint: Option, +) -> Result { + probe_tls_connection(RemoteType::Pbs, hostname, fingerprint).await +} -- 2.47.3 _______________________________________________ pdm-devel mailing list pdm-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel