manager: check if offline subscription is for the correct product
previously when an offline key was set it wasn't verified that the subscription was for the correct product. while pom only applies subscriptions for the corresponding products, a user could manually invoke the `subscription set-offline-key` command to circumvent that. Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
This commit is contained in:
parent
2711e94e3a
commit
ad97a7a1aa
@ -76,7 +76,7 @@ proxmox-section-config = "2"
|
||||
proxmox-serde = "0.1.1"
|
||||
proxmox-shared-memory = "0.3.0"
|
||||
proxmox-sortable-macro = "0.1.2"
|
||||
proxmox-subscription = { version = "0.4", features = [ "api-types" ] }
|
||||
proxmox-subscription = { version = "0.4.2", features = [ "api-types" ] }
|
||||
proxmox-sys = "0.5.0"
|
||||
proxmox-tfa = { version = "4.0.4", features = [ "api", "api-types" ] }
|
||||
proxmox-time = "1.1.2"
|
||||
|
4
debian/control
vendored
4
debian/control
vendored
@ -85,8 +85,8 @@ Build-Depends: bash-completion,
|
||||
librust-proxmox-serde-0.1+serde-json-dev (>= 0.1.1-~~),
|
||||
librust-proxmox-shared-memory-0.3+default-dev,
|
||||
librust-proxmox-sortable-macro-0.1+default-dev (>= 0.1.2-~~),
|
||||
librust-proxmox-subscription-0.4+api-types-dev,
|
||||
librust-proxmox-subscription-0.4+default-dev,
|
||||
librust-proxmox-subscription-0.4+api-types-dev (>= 0.4.2-~~),
|
||||
librust-proxmox-subscription-0.4+default-dev (>= 0.4.2-~~),
|
||||
librust-proxmox-sys-0.5+acl-dev,
|
||||
librust-proxmox-sys-0.5+crypt-dev,
|
||||
librust-proxmox-sys-0.5+default-dev,
|
||||
|
@ -3,7 +3,7 @@ use serde_json::Value;
|
||||
|
||||
use proxmox_router::{cli::*, ApiHandler, RpcEnvironment};
|
||||
use proxmox_schema::api;
|
||||
use proxmox_subscription::SubscriptionInfo;
|
||||
use proxmox_subscription::{ProductType, SubscriptionInfo};
|
||||
|
||||
use proxmox_backup::api2::{self, node::subscription::subscription_file_opts};
|
||||
|
||||
@ -51,6 +51,12 @@ pub fn set_offline_subscription_key(data: String) -> Result<(), Error> {
|
||||
if !info.is_signed() {
|
||||
bail!("Offline subscription key must be signed!");
|
||||
}
|
||||
|
||||
let product_type = info.get_product_type()?;
|
||||
if product_type != ProductType::Pbs {
|
||||
bail!("Subscription is not a PBS subscription ({product_type})!");
|
||||
}
|
||||
|
||||
info.check_signature(&[proxmox_subscription::files::DEFAULT_SIGNING_KEY]);
|
||||
info.check_age(false);
|
||||
info.check_server_id();
|
||||
|
Loading…
Reference in New Issue
Block a user