From: Fiona Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com, pmg-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH common 4/4] pbs client: allow using password that would be auto-encoded as neither ASCII nor UTF-8
Date: Wed, 1 Oct 2025 12:47:13 +0200 [thread overview]
Message-ID: <20251001104729.70314-5-f.ebner@proxmox.com> (raw)
In-Reply-To: <20251001104729.70314-1-f.ebner@proxmox.com>
Using passwords that would be auto-encoded by Perl as either ASCII or
UTF-8 already worked, but other encodings would not, for example
ISO-8859 would result in:
> proxmox-backup-client failed: Error: error building client for
> repository latin@pbs@10.10.100.180:8007:bigone - PBS_PASSWORD
> contains bad characters (500)
The issue only affected PMG, because in PVE, the PBS storage plugin
uses its own implementation of {get,set}_password() which does handle
UTF-8 already since pve-storage commit 5245e04 ("fix #5181: pbs: store
and read passwords as unicode"). Follow that commit to align the
behavior. This is also in preparation to using the PBS Client more
from the storage plugin too.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
src/PVE/PBSClient.pm | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/PVE/PBSClient.pm b/src/PVE/PBSClient.pm
index 6333304..16d4740 100644
--- a/src/PVE/PBSClient.pm
+++ b/src/PVE/PBSClient.pm
@@ -4,6 +4,7 @@ package PVE::PBSClient;
use strict;
use warnings;
+use Encode qw(decode encode);
use Fcntl qw(F_GETFD F_SETFD FD_CLOEXEC);
use File::Temp qw(tempdir);
use IO::File;
@@ -72,7 +73,7 @@ sub set_password {
my $pwfile = password_file_name($self);
mkdir($self->{secret_dir});
- PVE::Tools::file_set_contents($pwfile, "$password\n", 0600);
+ PVE::Tools::file_set_contents($pwfile, "$password\n", 0600, 1);
}
sub delete_password {
@@ -88,7 +89,9 @@ sub get_password {
my $pwfile = password_file_name($self);
- return PVE::Tools::file_read_firstline($pwfile);
+ my $contents = PVE::Tools::file_read_firstline($pwfile);
+
+ return eval { decode('UTF-8', $contents, 1) } // $contents;
}
sub encryption_key_file_name {
@@ -185,7 +188,11 @@ my sub do_raw_client_cmd {
push(@$cmd, '--ns', $ns);
}
- local $ENV{PBS_PASSWORD} = $self->get_password();
+ my $password = $self->get_password();
+ # The password is saved as UTF-8 and is decoded upon reading. Need to re-encode when setting the
+ # environment variable.
+ $password = encode('UTF-8', $password, 1);
+ local $ENV{PBS_PASSWORD} = $password;
local $ENV{PBS_FINGERPRINT} = $scfg->{fingerprint};
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
prev parent reply other threads:[~2025-10-01 10:47 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-01 10:47 [pve-devel] [PATCH-SERIES qemu-server/storage/common 0/4] fix UTF-8 handling for PBS_PASSWORD Fiona Ebner
2025-10-01 10:47 ` [pve-devel] [PATCH qemu-server 1/4] qmp client: encode JSON as UTF-8 to fix PBS backup when password contains multi-byte UTF-8 Fiona Ebner
2025-10-01 10:47 ` [pve-devel] [PATCH qemu-server 2/4] pbs: properly encode PBS password as UTF-8 when setting the environment variable Fiona Ebner
2025-10-01 10:47 ` [pve-devel] [PATCH storage 3/4] pbs plugin: raw client command: " Fiona Ebner
2025-10-01 10:47 ` Fiona Ebner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251001104729.70314-5-f.ebner@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox