optional: true,
schema: datastore::DIR_NAME_SCHEMA,
},
+ digest: {
+ optional: true,
+ schema: PROXMOX_CONFIG_DIGEST_SCHEMA,
+ },
},
},
)]
name: String,
comment: Option<String>,
path: Option<String>,
+ digest: Option<String>,
) -> Result<(), Error> {
let _lock = crate::tools::open_file_locked(datastore::DATASTORE_CFG_LOCKFILE, std::time::Duration::new(10, 0))?;
// pass/compare digest
- let (mut config, _digest) = datastore::config()?;
+ let (mut config, expected_digest) = datastore::config()?;
+
+ if let Some(ref digest) = digest {
+ let digest = proxmox::tools::hex_to_digest(digest)?;
+ crate::tools::detect_modified_configuration_file(&digest, &expected_digest)?;
+ }
let mut data: datastore::DataStoreConfig = config.lookup("datastore", &name)?;
optional: true,
schema: remotes::REMOTE_PASSWORD_SCHEMA,
},
+ digest: {
+ optional: true,
+ schema: PROXMOX_CONFIG_DIGEST_SCHEMA,
+ },
},
},
)]
host: Option<String>,
userid: Option<String>,
password: Option<String>,
+ digest: Option<String>,
) -> Result<(), Error> {
let _lock = crate::tools::open_file_locked(remotes::REMOTES_CFG_LOCKFILE, std::time::Duration::new(10, 0))?;
- // pass/compare digest
- let (mut config, _digest) = remotes::config()?;
+ let (mut config, expected_digest) = remotes::config()?;
+
+ if let Some(ref digest) = digest {
+ let digest = proxmox::tools::hex_to_digest(digest)?;
+ crate::tools::detect_modified_configuration_file(&digest, &expected_digest)?;
+ }
let mut data: remotes::Remote = config.lookup("remote", &name)?;
&ObjectSchema::new(
"Returns DNS server IPs and sreach domain.",
&sorted!([
- ("digest", false, &PVE_CONFIG_DIGEST_SCHEMA),
+ ("digest", false, &PROXMOX_CONFIG_DIGEST_SCHEMA),
("search", true, &SEARCH_DOMAIN_SCHEMA),
("dns1", true, &FIRST_DNS_SERVER_SCHEMA),
("dns2", true, &SECOND_DNS_SERVER_SCHEMA),
("dns1", true, &FIRST_DNS_SERVER_SCHEMA),
("dns2", true, &SECOND_DNS_SERVER_SCHEMA),
("dns3", true, &THIRD_DNS_SERVER_SCHEMA),
- ("digest", true, &PVE_CONFIG_DIGEST_SCHEMA),
+ ("digest", true, &PROXMOX_CONFIG_DIGEST_SCHEMA),
]),
)
).protected(true)
ApiStringFormat::Pattern(&PASSWORD_REGEX);
-pub const PVE_CONFIG_DIGEST_SCHEMA: Schema = StringSchema::new(r#"\
+pub const PROXMOX_CONFIG_DIGEST_SCHEMA: Schema = StringSchema::new(r#"\
Prevent changes if current configuration file has different SHA256 digest.
This can be used to prevent concurrent modifications.
"#
}
}
-
// cargo test test_section_config1 -- --nocapture
#[test]
fn test_section_config1() {
list
}
+/// Detect modified configuration files
+///
+/// This function fails with a resonable error message if checksums do not match.
+pub fn detect_modified_configuration_file(digest1: &[u8;32], digest2: &[u8;32]) -> Result<(), Error> {
+ if digest1 != digest2 {
+ bail!("detected modified configuration - file changed by other user? Try again.");
+ }
+ Ok(())
+}
+
/// normalize uri path
///
/// Do not allow ".", "..", or hidden files ".XXXX"