konevsa/proxmox
1
0
Fork 0
forked from Proxmox/proxmox
Code Pull Requests Activity

product-config: add method to detect config digest modifications.

Browse Source 
Using an object method with strong typing is considered cleaner.

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
This commit is contained in:
Dietmar Maurer 2024-05-06 12:34:21 +02:00
parent cb4e3776f2
commit 53ee3f92ea
2 changed files with 13 additions and 24 deletions
proxmox-product-config/src
digest.rslib.rs

32
proxmox-product-config/src/digest.rs

@ -31,6 +31,18 @@ impl ConfigDigest {
let digest = sha::sha256(data.as_ref());
ConfigDigest(digest)
}
/// Detect modified configuration files
///
/// This function fails with a reasonable error message if checksums do not match.
pub fn detect_modification(&self, user_digest: Option<&Self>) -> Result<(), Error> {
if let Some(user_digest) = user_digest {
if user_digest != self {
bail!("detected modified configuration - file changed by other user? Try again.");
}
}
Ok(())
}
}
impl ApiType for ConfigDigest {
@ -95,23 +107,3 @@ impl std::str::FromStr for ConfigDigest {
serde_plain::derive_deserialize_from_fromstr!(ConfigDigest, "valid configuration digest");
serde_plain::derive_serialize_from_display!(ConfigDigest);
/// Detect modified configuration files
///
/// This function fails with a reasonable error message if checksums do not match.
pub fn detect_modified_configuration_file(
user_digest: Option<&[u8; 32]>,
config_digest: &[u8; 32],
) -> Result<(), Error> {
use hex::FromHex;
let user_digest = match user_digest {
Some(digest) => <[u8; 32]>::from_hex(digest)?,
None => return Ok(()),
};
if user_digest != *config_digest {
bail!("detected modified configuration - file changed by other user? Try again.");
}
Ok(())
}

5
proxmox-product-config/src/lib.rs

@ -8,10 +8,7 @@ use nix::sys::stat::Mode;
use nix::unistd::{Gid, Uid};
mod digest;
pub use digest::{
detect_modified_configuration_file, ConfigDigest, PROXMOX_CONFIG_DIGEST_FORMAT,
PROXMOX_CONFIG_DIGEST_SCHEMA,
};
pub use digest::{ConfigDigest, PROXMOX_CONFIG_DIGEST_FORMAT, PROXMOX_CONFIG_DIGEST_SCHEMA};
static mut PRODUCT_CONFIG: Option<ProxmoxProductConfig> = None;