access-control: use ConfigDigest for digests

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2025-06-23 14:57:48 +00:00 · 2024-07-04 14:31:24 +02:00 · 2024-07-04 14:31:24 +02:00 · e8b5ad6b45
commit e8b5ad6b45
parent 3545d67b1f
3 changed files with 10 additions and 6 deletions
--- a/proxmox-access-control/Cargo.toml
+++ b/proxmox-access-control/Cargo.toml
@ -18,10 +18,11 @@ serde.workspace = true
 serde_json = { workspace = true, optional = true }
 proxmox-auth-api = { workspace = true, features = [ "api-types" ] }
 proxmox-config-digest = { workspace = true, optional = true, features = [ "openssl" ] }
 proxmox-product-config = { workspace = true, optional = true }
 proxmox-router = { workspace = true, optional = true }
 proxmox-schema.workspace = true
 proxmox-section-config = { workspace = true, optional = true }
 proxmox-product-config = { workspace = true, optional = true }
 proxmox-shared-memory = { workspace = true, optional = true }
 proxmox-sys = { workspace = true, features = [ "crypt" ], optional = true }
 proxmox-time = { workspace = true }
@ -31,6 +32,7 @@ default = []
 impl = [
    "dep:nix",
    "dep:openssl",
    "dep:proxmox-config-digest",
    "dep:proxmox-product-config",
    "dep:proxmox-router",
    "dep:proxmox-section-config",
--- a/proxmox-access-control/src/acl.rs
+++ b/proxmox-access-control/src/acl.rs
@ -6,6 +6,7 @@ use std::sync::{Arc, OnceLock, RwLock};
 use anyhow::{bail, Error};
 use proxmox_auth_api::types::{Authid, Userid};
 use proxmox_config_digest::ConfigDigest;
 use proxmox_product_config::{open_api_lockfile, replace_privileged_config, ApiLockGuard};
 use crate::init::{access_conf, acl_config, acl_config_lock};
@ -455,7 +456,7 @@ impl AclTree {
        Ok(())
    }
-    fn load(filename: &Path) -> Result<(Self, [u8; 32]), Error> {
+    fn load(filename: &Path) -> Result<(Self, ConfigDigest), Error> {
        let mut tree = Self::new();
        let raw = match std::fs::read_to_string(filename) {
@ -469,7 +470,7 @@ impl AclTree {
            }
        };
-        let digest = openssl::sha::sha256(raw.as_bytes());
+        let digest = ConfigDigest::from_slice(raw.as_bytes());
        for (linenr, line) in raw.lines().enumerate() {
            let line = line.trim();
@ -564,7 +565,7 @@ pub fn lock_config() -> Result<ApiLockGuard, Error> {
 }
 /// Reads the [`AclTree`] from the [default path](ACL_CFG_FILENAME).
-pub fn config() -> Result<(AclTree, [u8; 32]), Error> {
+pub fn config() -> Result<(AclTree, ConfigDigest), Error> {
    let path = acl_config();
    AclTree::load(&path)
 }
--- a/proxmox-access-control/src/user.rs
+++ b/proxmox-access-control/src/user.rs
@ -4,6 +4,7 @@ use std::sync::{Arc, OnceLock, RwLock};
 use anyhow::{bail, Error};
 use proxmox_auth_api::types::Authid;
 use proxmox_config_digest::ConfigDigest;
 use proxmox_product_config::{open_api_lockfile, replace_privileged_config, ApiLockGuard};
 use proxmox_schema::*;
 use proxmox_section_config::{SectionConfig, SectionConfigData, SectionConfigPlugin};
@ -44,10 +45,10 @@ pub fn lock_config() -> Result<ApiLockGuard, Error> {
    open_api_lockfile(user_config_lock(), None, true)
 }
-pub fn config() -> Result<(SectionConfigData, [u8; 32]), Error> {
+pub fn config() -> Result<(SectionConfigData, ConfigDigest), Error> {
    let content = proxmox_sys::fs::file_read_optional_string(user_config())?.unwrap_or_default();
-    let digest = openssl::sha::sha256(content.as_bytes());
+    let digest = ConfigDigest::from_slice(content.as_bytes());
    let data = get_or_init_config().parse(user_config(), &content)?;
    Ok((data, digest))