From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 5A1C91FF15E for ; Mon, 29 Sep 2025 17:48:31 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 67A8B16DD2; Mon, 29 Sep 2025 17:48:34 +0200 (CEST) From: Christian Ebner To: pdm-devel@lists.proxmox.com Date: Mon, 29 Sep 2025 17:48:19 +0200 Message-ID: <20250929154820.892720-6-c.ebner@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20250929154820.892720-1-c.ebner@proxmox.com> References: <20250929154820.892720-1-c.ebner@proxmox.com> MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1759160890965 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.107 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment POISEN_SPAM_PILL 0.1 Meta: its spam POISEN_SPAM_PILL_2 0.1 random spam to be learned in bayes POISEN_SPAM_PILL_4 0.1 random spam to be learned in bayes SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pdm-devel] [PATCH datacenter-manager 2/3] server: pbs-client: check and fallback to PBS v3 ticket compat mode X-BeenThere: pdm-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Datacenter Manager development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Datacenter Manager development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pdm-devel-bounces@lists.proxmox.com Sender: "pdm-devel" Since the proxmox-login ticket parsing assumes the ticket to be http-only if it contains the ticket-info field, but the PBS v3 API does return that in any case, signal the client to fallback to the old authentication flow. This is currently only used during adding of a new remote, namely to scan the remote and login for PBS API token creation/setting of its ACLs. Signed-off-by: Christian Ebner --- server/src/connection.rs | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/server/src/connection.rs b/server/src/connection.rs index 5530812..14f878e 100644 --- a/server/src/connection.rs +++ b/server/src/connection.rs @@ -179,14 +179,19 @@ async fn connect_or_login( connect(remote, target_endpoint) } else { let (client, _info) = prepare_connect_client(remote, target_endpoint)?; - match client - .login(proxmox_login::Login::new( - client.api_url().to_string(), - remote.authid.to_string(), - remote.token.to_string(), - )) - .await - { + let mut login = proxmox_login::Login::new( + client.api_url().to_string(), + remote.authid.to_string(), + remote.token.to_string(), + ); + + //FIXME: drop once PBS3 is EOL + if remote.ty == RemoteType::Pbs { + // Forces both, PBSv4 and PBSv3 to use the same logic (since no http-only for PBSv4) + login = login.set_compatibility(CompatMode::Pbs3Ticket); + } + + match client.login(login).await { Ok(Some(_)) => bail!("two factor auth not supported"), Ok(None) => {} Err(err) => match err { -- 2.47.3 _______________________________________________ pdm-devel mailing list pdm-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel