From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 2CECB1FF136
	for <inbox@lore.proxmox.com>; Mon, 09 Mar 2026 14:07:22 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 750FD336D7;
	Mon,  9 Mar 2026 14:07:03 +0100 (CET)
From: Fiona Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH common v2 4/4] pbs client: allow using password that would be
 auto-encoded as neither ASCII nor UTF-8
Date: Mon,  9 Mar 2026 14:06:43 +0100
Message-ID: <20260309130653.90674-5-f.ebner@proxmox.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260309130653.90674-1-f.ebner@proxmox.com>
References: <20260309130653.90674-1-f.ebner@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1773061584259
X-SPAM-LEVEL: Spam detection results:  0
	AWL                    -1.072 Adjusted score from AWL reputation of From:
 address
	BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
	DMARC_MISSING             0.1 Missing DMARC policy
	KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict
 Alignment
	RCVD_IN_MSPIKE_H2       0.001 Average reputation (+2)
	RCVD_IN_VALIDITY_CERTIFIED_BLOCKED  0.408 ADMINISTRATOR NOTICE: The query to
 Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
	RCVD_IN_VALIDITY_RPBL_BLOCKED  0.819 ADMINISTRATOR NOTICE: The query to
 Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
	RCVD_IN_VALIDITY_SAFE_BLOCKED  0.903 ADMINISTRATOR NOTICE: The query to
 Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
	SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
	SPF_PASS               -0.001 SPF: sender matches SPF record
Message-ID-Hash: E6WOGA3OCYOV7WJXCAF2NMQLGOSLPCTZ
X-Message-ID-Hash: E6WOGA3OCYOV7WJXCAF2NMQLGOSLPCTZ
X-MailFrom: f.ebner@proxmox.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Owner: <mailto:pve-devel-owner@lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Subscribe: <mailto:pve-devel-join@lists.proxmox.com>
List-Unsubscribe: <mailto:pve-devel-leave@lists.proxmox.com>

Using passwords that would be auto-encoded by Perl as either ASCII or
UTF-8 already worked, but other encodings would not, for example
ISO-8859 would result in:
> proxmox-backup-client failed: Error: error building client for
> repository latin@pbs@10.10.100.180:8007:bigone - PBS_PASSWORD
> contains bad characters (500)

The issue only affected PMG, because in PVE, the PBS storage plugin
uses its own implementation of {get,set}_password() which does handle
UTF-8 already since pve-storage commit 5245e04 ("fix #5181: pbs: store
and read passwords as unicode"). Follow that commit to align the
behavior. This is also in preparation to using the PBS Client more
from the storage plugin too.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
 src/PVE/PBSClient.pm | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/PVE/PBSClient.pm b/src/PVE/PBSClient.pm
index 6333304..16d4740 100644
--- a/src/PVE/PBSClient.pm
+++ b/src/PVE/PBSClient.pm
@@ -4,6 +4,7 @@ package PVE::PBSClient;
 use strict;
 use warnings;
 
+use Encode qw(decode encode);
 use Fcntl qw(F_GETFD F_SETFD FD_CLOEXEC);
 use File::Temp qw(tempdir);
 use IO::File;
@@ -72,7 +73,7 @@ sub set_password {
     my $pwfile = password_file_name($self);
     mkdir($self->{secret_dir});
 
-    PVE::Tools::file_set_contents($pwfile, "$password\n", 0600);
+    PVE::Tools::file_set_contents($pwfile, "$password\n", 0600, 1);
 }
 
 sub delete_password {
@@ -88,7 +89,9 @@ sub get_password {
 
     my $pwfile = password_file_name($self);
 
-    return PVE::Tools::file_read_firstline($pwfile);
+    my $contents = PVE::Tools::file_read_firstline($pwfile);
+
+    return eval { decode('UTF-8', $contents, 1) } // $contents;
 }
 
 sub encryption_key_file_name {
@@ -185,7 +188,11 @@ my sub do_raw_client_cmd {
         push(@$cmd, '--ns', $ns);
     }
 
-    local $ENV{PBS_PASSWORD} = $self->get_password();
+    my $password = $self->get_password();
+    # The password is saved as UTF-8 and is decoded upon reading. Need to re-encode when setting the
+    # environment variable.
+    $password = encode('UTF-8', $password, 1);
+    local $ENV{PBS_PASSWORD} = $password;
 
     local $ENV{PBS_FINGERPRINT} = $scfg->{fingerprint};
 
-- 
2.47.3