pbs: detect mismatch of encryption settings and key

if the key file doesn't exist (anymore), but the storage.cfg references
one, die on commands that should use encryption instead of falling back
to plain-text operations.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Tested-by: Stoiko Ivanov <s.ivanov@proxmox.com>

diff --git a/PVE/Storage/PBSPlugin.pm b/PVE/Storage/PBSPlugin.pm
index 56632caa63c0dd40c7205bc39205498641f30dc0..b90a2ddb7e262e81b3016d451fef6c40f73c83a4 100644 (file)
--- a/PVE/Storage/PBSPlugin.pm
+++ b/PVE/Storage/PBSPlugin.pm
@@ -155,7 +155,12 @@ sub pbs_open_encryption_key {
 
     my $keyfd;
     if (!open($keyfd, '<', $encryption_key_file)) {
-       return undef if $! == ENOENT;
+       if ($! == ENOENT) {
+           my $encryption_fp = $scfg->{'encryption-key'};
+           die "encryption configured ('$encryption_fp') but no encryption key file found!\n"
+               if $encryption_fp;
+           return undef;
+       }
        die "failed to open encryption key: $encryption_key_file: $!\n";
     }