access-control: use ConfigDigest for digests

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2024-07-04 14:31:24 +02:00
parent 3545d67b1f
commit e8b5ad6b45
3 changed files with 10 additions and 6 deletions

View File

@ -18,10 +18,11 @@ serde.workspace = true
serde_json = { workspace = true, optional = true }
proxmox-auth-api = { workspace = true, features = [ "api-types" ] }
proxmox-config-digest = { workspace = true, optional = true, features = [ "openssl" ] }
proxmox-product-config = { workspace = true, optional = true }
proxmox-router = { workspace = true, optional = true }
proxmox-schema.workspace = true
proxmox-section-config = { workspace = true, optional = true }
proxmox-product-config = { workspace = true, optional = true }
proxmox-shared-memory = { workspace = true, optional = true }
proxmox-sys = { workspace = true, features = [ "crypt" ], optional = true }
proxmox-time = { workspace = true }
@ -31,6 +32,7 @@ default = []
impl = [
"dep:nix",
"dep:openssl",
"dep:proxmox-config-digest",
"dep:proxmox-product-config",
"dep:proxmox-router",
"dep:proxmox-section-config",

View File

@ -6,6 +6,7 @@ use std::sync::{Arc, OnceLock, RwLock};
use anyhow::{bail, Error};
use proxmox_auth_api::types::{Authid, Userid};
use proxmox_config_digest::ConfigDigest;
use proxmox_product_config::{open_api_lockfile, replace_privileged_config, ApiLockGuard};
use crate::init::{access_conf, acl_config, acl_config_lock};
@ -455,7 +456,7 @@ impl AclTree {
Ok(())
}
fn load(filename: &Path) -> Result<(Self, [u8; 32]), Error> {
fn load(filename: &Path) -> Result<(Self, ConfigDigest), Error> {
let mut tree = Self::new();
let raw = match std::fs::read_to_string(filename) {
@ -469,7 +470,7 @@ impl AclTree {
}
};
let digest = openssl::sha::sha256(raw.as_bytes());
let digest = ConfigDigest::from_slice(raw.as_bytes());
for (linenr, line) in raw.lines().enumerate() {
let line = line.trim();
@ -564,7 +565,7 @@ pub fn lock_config() -> Result<ApiLockGuard, Error> {
}
/// Reads the [`AclTree`] from the [default path](ACL_CFG_FILENAME).
pub fn config() -> Result<(AclTree, [u8; 32]), Error> {
pub fn config() -> Result<(AclTree, ConfigDigest), Error> {
let path = acl_config();
AclTree::load(&path)
}

View File

@ -4,6 +4,7 @@ use std::sync::{Arc, OnceLock, RwLock};
use anyhow::{bail, Error};
use proxmox_auth_api::types::Authid;
use proxmox_config_digest::ConfigDigest;
use proxmox_product_config::{open_api_lockfile, replace_privileged_config, ApiLockGuard};
use proxmox_schema::*;
use proxmox_section_config::{SectionConfig, SectionConfigData, SectionConfigPlugin};
@ -44,10 +45,10 @@ pub fn lock_config() -> Result<ApiLockGuard, Error> {
open_api_lockfile(user_config_lock(), None, true)
}
pub fn config() -> Result<(SectionConfigData, [u8; 32]), Error> {
pub fn config() -> Result<(SectionConfigData, ConfigDigest), Error> {
let content = proxmox_sys::fs::file_read_optional_string(user_config())?.unwrap_or_default();
let digest = openssl::sha::sha256(content.as_bytes());
let digest = ConfigDigest::from_slice(content.as_bytes());
let data = get_or_init_config().parse(user_config(), &content)?;
Ok((data, digest))