2021-03-31 10:21:52 +00:00
|
|
|
//! Authentication via a static ticket file
|
|
|
|
use std::fs::File;
|
|
|
|
use std::io::prelude::*;
|
2021-10-01 05:29:11 +00:00
|
|
|
use std::future::Future;
|
|
|
|
use std::pin::Pin;
|
2021-03-31 10:21:52 +00:00
|
|
|
|
2021-09-01 12:37:11 +00:00
|
|
|
use anyhow::{bail, format_err, Error};
|
|
|
|
|
2021-09-21 05:58:48 +00:00
|
|
|
use proxmox::api::UserInformation;
|
|
|
|
|
2021-09-21 05:58:40 +00:00
|
|
|
use proxmox_rest_server::{ApiAuth, AuthError};
|
2021-03-31 10:21:52 +00:00
|
|
|
|
|
|
|
const TICKET_FILE: &str = "/ticket";
|
|
|
|
|
2021-09-21 05:58:48 +00:00
|
|
|
struct SimpleUserInformation {}
|
|
|
|
|
|
|
|
impl UserInformation for SimpleUserInformation {
|
|
|
|
fn is_superuser(&self, userid: &str) -> bool {
|
|
|
|
userid == "root@pam"
|
|
|
|
}
|
|
|
|
fn is_group_member(&self, _userid: &str, _group: &str) -> bool { false }
|
|
|
|
fn lookup_privs(&self, _userid: &str, _path: &[&str]) -> u64 { 0 }
|
|
|
|
}
|
|
|
|
|
2021-03-31 10:21:52 +00:00
|
|
|
pub struct StaticAuth {
|
|
|
|
ticket: String,
|
|
|
|
}
|
|
|
|
|
|
|
|
impl ApiAuth for StaticAuth {
|
2021-10-01 05:29:11 +00:00
|
|
|
fn check_auth<'a>(
|
|
|
|
&'a self,
|
|
|
|
headers: &'a http::HeaderMap,
|
|
|
|
_method: &'a hyper::Method,
|
|
|
|
) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> {
|
|
|
|
Box::pin(async move {
|
|
|
|
|
|
|
|
match headers.get(hyper::header::AUTHORIZATION) {
|
|
|
|
Some(header) if header.to_str().unwrap_or("") == &self.ticket => {
|
|
|
|
let user_info: Box<dyn UserInformation + Send + Sync> = Box::new(SimpleUserInformation {});
|
|
|
|
Ok((String::from("root@pam"), user_info))
|
|
|
|
}
|
|
|
|
_ => {
|
|
|
|
return Err(AuthError::Generic(format_err!(
|
|
|
|
"invalid file restore ticket provided"
|
|
|
|
)));
|
|
|
|
}
|
2021-03-31 10:21:52 +00:00
|
|
|
}
|
2021-10-01 05:29:11 +00:00
|
|
|
})
|
2021-03-31 10:21:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn ticket_auth() -> Result<StaticAuth, Error> {
|
|
|
|
let mut ticket_file = File::open(TICKET_FILE)?;
|
|
|
|
let mut ticket = String::new();
|
|
|
|
let len = ticket_file.read_to_string(&mut ticket)?;
|
|
|
|
if len <= 0 {
|
|
|
|
bail!("invalid ticket: cannot be empty");
|
|
|
|
}
|
|
|
|
Ok(StaticAuth { ticket })
|
|
|
|
}
|