proxmox-backup/proxmox-restore-daemon/src/proxmox_restore_daemon/auth.rs

61 lines
1.8 KiB
Rust
Raw Normal View History

//! Authentication via a static ticket file
use std::fs::File;
use std::io::prelude::*;
use std::future::Future;
use std::pin::Pin;
use anyhow::{bail, format_err, Error};
use proxmox::api::UserInformation;
use proxmox_rest_server::{ApiAuth, AuthError};
const TICKET_FILE: &str = "/ticket";
struct SimpleUserInformation {}
impl UserInformation for SimpleUserInformation {
fn is_superuser(&self, userid: &str) -> bool {
userid == "root@pam"
}
fn is_group_member(&self, _userid: &str, _group: &str) -> bool { false }
fn lookup_privs(&self, _userid: &str, _path: &[&str]) -> u64 { 0 }
}
pub struct StaticAuth {
ticket: String,
}
impl ApiAuth for StaticAuth {
fn check_auth<'a>(
&'a self,
headers: &'a http::HeaderMap,
_method: &'a hyper::Method,
) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> {
Box::pin(async move {
match headers.get(hyper::header::AUTHORIZATION) {
Some(header) if header.to_str().unwrap_or("") == &self.ticket => {
let user_info: Box<dyn UserInformation + Send + Sync> = Box::new(SimpleUserInformation {});
Ok((String::from("root@pam"), user_info))
}
_ => {
return Err(AuthError::Generic(format_err!(
"invalid file restore ticket provided"
)));
}
}
})
}
}
pub fn ticket_auth() -> Result<StaticAuth, Error> {
let mut ticket_file = File::open(TICKET_FILE)?;
let mut ticket = String::new();
let len = ticket_file.read_to_string(&mut ticket)?;
if len <= 0 {
bail!("invalid ticket: cannot be empty");
}
Ok(StaticAuth { ticket })
}