[pbs-devel] [PATCH proxmox-backup v2 1/2] fix #3853: api: add force option to tape key change-passphrase

Thomas Lamprecht t.lamprecht at proxmox.com
Mon Feb 14 10:57:46 CET 2022


On 14.02.22 10:20, Dominik Csapak wrote:
>> @@ -116,10 +126,29 @@ pub fn change_passphrase(
>>         let key_config = match config_map.get(&fingerprint) {
>>           Some(key_config) => key_config,
>> -        None => bail!("tape encryption key '{}' does not exist.", fingerprint),
>> +        None => bail!("tape encryption key configuration '{}' does not exist.", fingerprint),
>> +    };
>> +
>> +    let auth_id: Authid = rpcenv.get_auth_id().unwrap().parse()?;
>> +    let user_info = CachedUserInfo::new()?;
>> +
>> +    if force && !user_info.is_superuser(&auth_id) {
>> +        bail!("resetting the key's passphrase requires root privileges")
>> +    }
>> +
>> +    let (key, created, fingerprint) = match (force, &password) {
>> +        (true, Some(_)) => bail!("password is not allowed when using force"),
>> +        (false, None) => bail!("missing parameter: password"),
> 
> those two errors could make use of 'ParameterError'
> see proxmox-schema/src/schema.rs

But as we do not have any `raise_param_exc` like helper switching to that is not really useful
FWICT, as the complete error message would need to be constructed manually anyway and would be
more verbose.

(btw. please trim context on reply)


More information about the pbs-devel mailing list