proxmox-backup/pbs-config/src/lib.rs

pub mod domains;
pub mod drive;
pub mod key_config;
pub mod media_pool;
pub mod network;
pub mod remote;
pub mod sync;
pub mod tape_encryption_keys;
pub mod tape_job;
pub mod verify;

use anyhow::{format_err, Error};

pub use pbs_buildcfg::{BACKUP_USER_NAME, BACKUP_GROUP_NAME};

/// Return User info for the 'backup' user (``getpwnam_r(3)``)
pub fn backup_user() -> Result<nix::unistd::User, Error> {
    pbs_tools::sys::query_user(BACKUP_USER_NAME)?
        .ok_or_else(|| format_err!("Unable to lookup '{}' user.", BACKUP_USER_NAME))
}

/// Return Group info for the 'backup' group (``getgrnam(3)``)
pub fn backup_group() -> Result<nix::unistd::Group, Error> {
    pbs_tools::sys::query_group(BACKUP_GROUP_NAME)?
        .ok_or_else(|| format_err!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME))
}
pub struct BackupLockGuard(Option<std::fs::File>);

#[doc(hidden)]
/// Note: do not use for production code, this is only intended for tests
pub unsafe fn create_mocked_lock() -> BackupLockGuard {
    BackupLockGuard(None)
}

/// Open or create a lock file owned by user "backup" and lock it.
///
/// Owner/Group of the file is set to backup/backup.
/// File mode is 0660.
/// Default timeout is 10 seconds.
///
/// Note: This method needs to be called by user "root" or "backup".
pub fn open_backup_lockfile<P: AsRef<std::path::Path>>(
    path: P,
    timeout: Option<std::time::Duration>,
    exclusive: bool,
) -> Result<BackupLockGuard, Error> {
    let user = backup_user()?;
    let options = proxmox::tools::fs::CreateOptions::new()
        .perm(nix::sys::stat::Mode::from_bits_truncate(0o660))
        .owner(user.uid)
        .group(user.gid);

    let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0));

    let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?;
    Ok(BackupLockGuard(Some(file)))
}

/// Atomically write data to file owned by "root:backup" with permission "0640"
///
/// Only the superuser can write those files, but group 'backup' can read them.
pub fn replace_backup_config<P: AsRef<std::path::Path>>(
    path: P,
    data: &[u8],
) -> Result<(), Error> {
    let backup_user = backup_user()?;
    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
    // set the correct owner/group/permissions while saving file
    // owner(rw) = root, group(r)= backup
    let options = proxmox::tools::fs::CreateOptions::new()
        .perm(mode)
        .owner(nix::unistd::ROOT)
        .group(backup_user.gid);

    proxmox::tools::fs::replace_file(path, data, options)?;

    Ok(())
}

/// Atomically write data to file owned by "root:root" with permission "0600"
///
/// Only the superuser can read and write those files.
pub fn replace_secret_config<P: AsRef<std::path::Path>>(
    path: P,
    data: &[u8],
) -> Result<(), Error> {
    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
    // set the correct owner/group/permissions while saving file
    // owner(rw) = root, group(r)= root
    let options = proxmox::tools::fs::CreateOptions::new()
        .perm(mode)
        .owner(nix::unistd::ROOT)
        .group(nix::unistd::Gid::from_raw(0));

    proxmox::tools::fs::replace_file(path, data, options)?;

    Ok(())
}
start new pbs-config workspace moved src/config/domains.rs 2021-09-02 10:47:11 +00:00			`pub mod domains;`
move drive config to pbs_config workspace Also moved the tape type definitions to pbs_api_types. 2021-09-03 07:10:18 +00:00			`pub mod drive;`
moved key_derivation.rs from pbs_datastore to pbs-config/src/key_config.rs Also moved pbs-datastore/src/crypt_config.rs to pbs-tools/src/crypt_config.rs. We do not want to depend on pbs-api-types there, so I use [u8;32] instead of Fingerprint. 2021-09-07 07:22:14 +00:00			`pub mod key_config;`
move media_pool config to pbs_config workspace 2021-09-06 06:56:04 +00:00			`pub mod media_pool;`
move network config to pbs_config workspace 2021-09-08 10:22:48 +00:00			`pub mod network;`
move remote config into pbs-config workspace 2021-09-02 12:25:15 +00:00			`pub mod remote;`
move sync.rs to pbs_config workspace 2021-09-08 04:57:23 +00:00			`pub mod sync;`
move tape_encryption_keys.rs to pbs_config workspace 2021-09-07 08:37:08 +00:00			`pub mod tape_encryption_keys;`
moved tape_job.rs to pbs_config workspace 2021-09-07 10:32:01 +00:00			`pub mod tape_job;`
move verify.rs to pbs_config workspace 2021-09-08 06:01:07 +00:00			`pub mod verify;`
start new pbs-config workspace moved src/config/domains.rs 2021-09-02 10:47:11 +00:00
			`use anyhow::{format_err, Error};`

			`pub use pbs_buildcfg::{BACKUP_USER_NAME, BACKUP_GROUP_NAME};`

			/// Return User info for the 'backup' user (``getpwnam_r(3)``)
			`pub fn backup_user() -> Result<nix::unistd::User, Error> {`
			`pbs_tools::sys::query_user(BACKUP_USER_NAME)?`
			`.ok_or_else(\|\| format_err!("Unable to lookup '{}' user.", BACKUP_USER_NAME))`
			`}`

			/// Return Group info for the 'backup' group (``getgrnam(3)``)
			`pub fn backup_group() -> Result<nix::unistd::Group, Error> {`
			`pbs_tools::sys::query_group(BACKUP_GROUP_NAME)?`
			`.ok_or_else(\|\| format_err!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME))`
			`}`
pbs-config: add 'create_mocked_lock' helper by making the field an option and making it None in the mocked case this function is only intended for testing and hidden from the docs Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-09-06 15:00:25 +00:00			`pub struct BackupLockGuard(Option<std::fs::File>);`

			`#[doc(hidden)]`
			`/// Note: do not use for production code, this is only intended for tests`
			`pub unsafe fn create_mocked_lock() -> BackupLockGuard {`
			`BackupLockGuard(None)`
			`}`
start new pbs-config workspace moved src/config/domains.rs 2021-09-02 10:47:11 +00:00
			`/// Open or create a lock file owned by user "backup" and lock it.`
			`///`
			`/// Owner/Group of the file is set to backup/backup.`
			`/// File mode is 0660.`
			`/// Default timeout is 10 seconds.`
			`///`
			`/// Note: This method needs to be called by user "root" or "backup".`
			`pub fn open_backup_lockfile<P: AsRef<std::path::Path>>(`
			`path: P,`
			`timeout: Option<std::time::Duration>,`
			`exclusive: bool,`
			`) -> Result<BackupLockGuard, Error> {`
			`let user = backup_user()?;`
			`let options = proxmox::tools::fs::CreateOptions::new()`
			`.perm(nix::sys::stat::Mode::from_bits_truncate(0o660))`
			`.owner(user.uid)`
			`.group(user.gid);`

			`let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0));`

			`let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?;`
pbs-config: add 'create_mocked_lock' helper by making the field an option and making it None in the mocked case this function is only intended for testing and hidden from the docs Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-09-06 15:00:25 +00:00			`Ok(BackupLockGuard(Some(file)))`
start new pbs-config workspace moved src/config/domains.rs 2021-09-02 10:47:11 +00:00			`}`

			`/// Atomically write data to file owned by "root:backup" with permission "0640"`
			`///`
			`/// Only the superuser can write those files, but group 'backup' can read them.`
			`pub fn replace_backup_config<P: AsRef<std::path::Path>>(`
			`path: P,`
			`data: &[u8],`
			`) -> Result<(), Error> {`
			`let backup_user = backup_user()?;`
			`let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);`
			`// set the correct owner/group/permissions while saving file`
			`// owner(rw) = root, group(r)= backup`
			`let options = proxmox::tools::fs::CreateOptions::new()`
			`.perm(mode)`
			`.owner(nix::unistd::ROOT)`
			`.group(backup_user.gid);`

			`proxmox::tools::fs::replace_file(path, data, options)?;`

			`Ok(())`
			`}`

			`/// Atomically write data to file owned by "root:root" with permission "0600"`
			`///`
			`/// Only the superuser can read and write those files.`
			`pub fn replace_secret_config<P: AsRef<std::path::Path>>(`
			`path: P,`
			`data: &[u8],`
			`) -> Result<(), Error> {`
			`let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);`
			`// set the correct owner/group/permissions while saving file`
			`// owner(rw) = root, group(r)= root`
			`let options = proxmox::tools::fs::CreateOptions::new()`
			`.perm(mode)`
			`.owner(nix::unistd::ROOT)`
			`.group(nix::unistd::Gid::from_raw(0));`

			`proxmox::tools::fs::replace_file(path, data, options)?;`

			`Ok(())`
			`}`