access-control: use ConfigDigest for digests
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
parent
3545d67b1f
commit
e8b5ad6b45
@ -18,10 +18,11 @@ serde.workspace = true
|
||||
serde_json = { workspace = true, optional = true }
|
||||
|
||||
proxmox-auth-api = { workspace = true, features = [ "api-types" ] }
|
||||
proxmox-config-digest = { workspace = true, optional = true, features = [ "openssl" ] }
|
||||
proxmox-product-config = { workspace = true, optional = true }
|
||||
proxmox-router = { workspace = true, optional = true }
|
||||
proxmox-schema.workspace = true
|
||||
proxmox-section-config = { workspace = true, optional = true }
|
||||
proxmox-product-config = { workspace = true, optional = true }
|
||||
proxmox-shared-memory = { workspace = true, optional = true }
|
||||
proxmox-sys = { workspace = true, features = [ "crypt" ], optional = true }
|
||||
proxmox-time = { workspace = true }
|
||||
@ -31,6 +32,7 @@ default = []
|
||||
impl = [
|
||||
"dep:nix",
|
||||
"dep:openssl",
|
||||
"dep:proxmox-config-digest",
|
||||
"dep:proxmox-product-config",
|
||||
"dep:proxmox-router",
|
||||
"dep:proxmox-section-config",
|
||||
|
@ -6,6 +6,7 @@ use std::sync::{Arc, OnceLock, RwLock};
|
||||
use anyhow::{bail, Error};
|
||||
|
||||
use proxmox_auth_api::types::{Authid, Userid};
|
||||
use proxmox_config_digest::ConfigDigest;
|
||||
use proxmox_product_config::{open_api_lockfile, replace_privileged_config, ApiLockGuard};
|
||||
|
||||
use crate::init::{access_conf, acl_config, acl_config_lock};
|
||||
@ -455,7 +456,7 @@ impl AclTree {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn load(filename: &Path) -> Result<(Self, [u8; 32]), Error> {
|
||||
fn load(filename: &Path) -> Result<(Self, ConfigDigest), Error> {
|
||||
let mut tree = Self::new();
|
||||
|
||||
let raw = match std::fs::read_to_string(filename) {
|
||||
@ -469,7 +470,7 @@ impl AclTree {
|
||||
}
|
||||
};
|
||||
|
||||
let digest = openssl::sha::sha256(raw.as_bytes());
|
||||
let digest = ConfigDigest::from_slice(raw.as_bytes());
|
||||
|
||||
for (linenr, line) in raw.lines().enumerate() {
|
||||
let line = line.trim();
|
||||
@ -564,7 +565,7 @@ pub fn lock_config() -> Result<ApiLockGuard, Error> {
|
||||
}
|
||||
|
||||
/// Reads the [`AclTree`] from the [default path](ACL_CFG_FILENAME).
|
||||
pub fn config() -> Result<(AclTree, [u8; 32]), Error> {
|
||||
pub fn config() -> Result<(AclTree, ConfigDigest), Error> {
|
||||
let path = acl_config();
|
||||
AclTree::load(&path)
|
||||
}
|
||||
|
@ -4,6 +4,7 @@ use std::sync::{Arc, OnceLock, RwLock};
|
||||
use anyhow::{bail, Error};
|
||||
|
||||
use proxmox_auth_api::types::Authid;
|
||||
use proxmox_config_digest::ConfigDigest;
|
||||
use proxmox_product_config::{open_api_lockfile, replace_privileged_config, ApiLockGuard};
|
||||
use proxmox_schema::*;
|
||||
use proxmox_section_config::{SectionConfig, SectionConfigData, SectionConfigPlugin};
|
||||
@ -44,10 +45,10 @@ pub fn lock_config() -> Result<ApiLockGuard, Error> {
|
||||
open_api_lockfile(user_config_lock(), None, true)
|
||||
}
|
||||
|
||||
pub fn config() -> Result<(SectionConfigData, [u8; 32]), Error> {
|
||||
pub fn config() -> Result<(SectionConfigData, ConfigDigest), Error> {
|
||||
let content = proxmox_sys::fs::file_read_optional_string(user_config())?.unwrap_or_default();
|
||||
|
||||
let digest = openssl::sha::sha256(content.as_bytes());
|
||||
let digest = ConfigDigest::from_slice(content.as_bytes());
|
||||
let data = get_or_init_config().parse(user_config(), &content)?;
|
||||
|
||||
Ok((data, digest))
|
||||
|
Loading…
Reference in New Issue
Block a user