[pve-devel] [PATCH common 4/4] pbs client: allow using password that would be auto-encoded as neither ASCII nor UTF-8

Fiona Ebner f.ebner at proxmox.com
Wed Oct 1 12:47:13 CEST 2025 

Using passwords that would be auto-encoded by Perl as either ASCII or
UTF-8 already worked, but other encodings would not, for example
ISO-8859 would result in:
> proxmox-backup-client failed: Error: error building client for
> repository latin at pbs@10.10.100.180:8007:bigone - PBS_PASSWORD
> contains bad characters (500)

The issue only affected PMG, because in PVE, the PBS storage plugin
uses its own implementation of {get,set}_password() which does handle
UTF-8 already since pve-storage commit 5245e04 ("fix #5181: pbs: store
and read passwords as unicode"). Follow that commit to align the
behavior. This is also in preparation to using the PBS Client more
from the storage plugin too.

Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
---
 src/PVE/PBSClient.pm | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/PVE/PBSClient.pm b/src/PVE/PBSClient.pm
index 6333304..16d4740 100644
--- a/src/PVE/PBSClient.pm
+++ b/src/PVE/PBSClient.pm
@@ -4,6 +4,7 @@ package PVE::PBSClient;
 use strict;
 use warnings;
 
+use Encode qw(decode encode);
 use Fcntl qw(F_GETFD F_SETFD FD_CLOEXEC);
 use File::Temp qw(tempdir);
 use IO::File;
@@ -72,7 +73,7 @@ sub set_password {
     my $pwfile = password_file_name($self);
     mkdir($self->{secret_dir});
 
-    PVE::Tools::file_set_contents($pwfile, "$password\n", 0600);
+    PVE::Tools::file_set_contents($pwfile, "$password\n", 0600, 1);
 }
 
 sub delete_password {
@@ -88,7 +89,9 @@ sub get_password {
 
     my $pwfile = password_file_name($self);
 
-    return PVE::Tools::file_read_firstline($pwfile);
+    my $contents = PVE::Tools::file_read_firstline($pwfile);
+
+    return eval { decode('UTF-8', $contents, 1) } // $contents;
 }
 
 sub encryption_key_file_name {
@@ -185,7 +188,11 @@ my sub do_raw_client_cmd {
         push(@$cmd, '--ns', $ns);
     }
 
-    local $ENV{PBS_PASSWORD} = $self->get_password();
+    my $password = $self->get_password();
+    # The password is saved as UTF-8 and is decoded upon reading. Need to re-encode when setting the
+    # environment variable.
+    $password = encode('UTF-8', $password, 1);
+    local $ENV{PBS_PASSWORD} = $password;
 
     local $ENV{PBS_FINGERPRINT} = $scfg->{fingerprint};
 
-- 
2.47.3

More information about the pve-devel mailing list