drop pbs_tools::auth

`pbs_client::connect_to_localhost` now requires the key as
optional parameter

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

src/api2/access/mod.rs

@@ -15,15 +15,13 @@ use pbs_api_types::{
     Userid, Authid, PASSWORD_SCHEMA, ACL_PATH_SCHEMA,
     PRIVILEGES, PRIV_PERMISSIONS_MODIFY, PRIV_SYS_AUDIT,
 };
-use pbs_tools::auth::private_auth_key;
 use pbs_tools::ticket::{self, Empty, Ticket};
 use pbs_config::acl::AclTreeNode;
+use pbs_config::CachedUserInfo;
 
 use crate::auth_helpers::*;
-use crate::server::ticket::ApiTicket;
-
-use pbs_config::CachedUserInfo;
 use crate::config::tfa::TfaChallenge;
+use crate::server::ticket::ApiTicket;
 
 pub mod acl;
 pub mod domain;

src/api2/access/openid.rs

@@ -13,16 +13,14 @@ use proxmox_openid::{OpenIdAuthenticator,  OpenIdConfig};
 
 use pbs_api_types::{Userid, User, REALM_ID_SCHEMA};
 use pbs_buildcfg::PROXMOX_BACKUP_RUN_DIR_M;
-use pbs_tools::auth::private_auth_key;
 use pbs_tools::ticket::Ticket;
 use pbs_config::domains::{OpenIdUserAttribute, OpenIdRealmConfig};
 
-use crate::server::ticket::ApiTicket;
 use pbs_config::CachedUserInfo;
-
 use pbs_config::open_backup_lockfile;
 
 use crate::auth_helpers::*;
+use crate::server::ticket::ApiTicket;
 
 fn openid_authenticator(realm_config: &OpenIdRealmConfig, redirect_url: &str) -> Result<OpenIdAuthenticator, Error> {
     let config = OpenIdConfig {

src/api2/node/mod.rs

@@ -20,12 +20,13 @@ use proxmox::list_subdirs_api_method;
 use proxmox::{identity, sortable};
 use proxmox_http::websocket::WebSocket;
 
+use proxmox_rest_server::WorkerTask;
+
 use pbs_api_types::{Authid, NODE_SCHEMA, PRIV_SYS_CONSOLE};
-use pbs_tools::auth::private_auth_key;
 use pbs_tools::ticket::{self, Empty, Ticket};
 
-use proxmox_rest_server::WorkerTask;
 use crate::tools;
+use crate::auth_helpers::private_auth_key;
 
 pub mod apt;
 pub mod certificates;

src/auth_helpers.rs

@@ -2,7 +2,7 @@ use std::path::PathBuf;
 
 use anyhow::{bail, format_err, Error};
 use lazy_static::lazy_static;
-use openssl::pkey::{PKey, Public};
+use openssl::pkey::{PKey, Private, Public};
 use openssl::rsa::Rsa;
 use openssl::sha;
 
@@ -170,3 +170,19 @@ pub fn public_auth_key() -> &'static PKey<Public> {
 
     &KEY
 }
+
+fn load_private_auth_key() -> Result<PKey<Private>, Error> {
+    let pem = file_get_contents(configdir!("/authkey.key"))?;
+    let rsa = Rsa::private_key_from_pem(&pem)?;
+    let key = PKey::from_rsa(rsa)?;
+
+    Ok(key)
+}
+
+pub fn private_auth_key() -> &'static PKey<Private> {
+    lazy_static! {
+        static ref KEY: PKey<Private> = load_private_auth_key().unwrap();
+    }
+
+    &KEY
+}

src/bin/proxmox-backup-api.rs

@@ -9,7 +9,6 @@ use proxmox::try_block;
 use proxmox::api::RpcEnvironmentType;
 use proxmox::tools::fs::CreateOptions;
 
-use pbs_tools::auth::private_auth_key;
 use proxmox_rest_server::{daemon, ApiConfig, RestServer};
 
 use proxmox_backup::server::auth::default_api_auth;

src/bin/proxmox-backup-manager.rs

@@ -7,7 +7,7 @@ use serde_json::{json, Value};
 use proxmox::api::{api, cli::*, RpcEnvironment};
 use proxmox::tools::fs::CreateOptions;
 
-use pbs_client::{connect_to_localhost, display_task_log, view_task_result};
+use pbs_client::{display_task_log, view_task_result};
 use pbs_tools::percent_encoding::percent_encode_component;
 use pbs_tools::json::required_string_param;
 use pbs_api_types::{
@@ -17,8 +17,9 @@ use pbs_api_types::{
 
 use proxmox_rest_server::wait_for_local_worker;
 
-use proxmox_backup::config;
 use proxmox_backup::api2;
+use proxmox_backup::client_helpers::connect_to_localhost;
+use proxmox_backup::config;
 
 mod proxmox_backup_manager;
 use proxmox_backup_manager::*;

src/bin/proxmox-tape.rs

@@ -14,7 +14,7 @@ use proxmox::{
     },
 };
 
-use pbs_client::{connect_to_localhost, view_task_result};
+use pbs_client::view_task_result;
 use pbs_tools::format::{
     HumanByte,
     render_epoch,
@@ -49,6 +49,7 @@ use proxmox_backup::{
             proxmox_tape_magic_to_text,
         },
     },
+    client_helpers::connect_to_localhost,
 };
 
 mod proxmox_tape;

src/bin/proxmox_backup_debug/api.rs

@@ -16,9 +16,11 @@ use proxmox::api::{
 };
 
 use pbs_api_types::{PROXMOX_UPID_REGEX, UPID};
-use pbs_client::{connect_to_localhost, view_task_result};
+use pbs_client::view_task_result;
 use proxmox_rest_server::normalize_uri_path;
 
+use proxmox_backup::client_helpers::connect_to_localhost;
+
 const PROG_NAME: &str = "proxmox-backup-debug api";
 const URL_ASCIISET: percent_encoding::AsciiSet = percent_encoding::NON_ALPHANUMERIC.remove(b'/');
 

src/bin/proxmox_backup_manager/datastore.rs

@@ -3,10 +3,11 @@ use serde_json::Value;
 
 use proxmox::api::{api, cli::*, RpcEnvironment, ApiHandler};
 
-use pbs_client::{connect_to_localhost, view_task_result};
+use pbs_client::view_task_result;
 use pbs_api_types::{DataStoreConfig, DATASTORE_SCHEMA};
 
 use proxmox_backup::api2;
+use proxmox_backup::client_helpers::connect_to_localhost;
 
 #[api(
     input: {

src/bin/proxmox_tape/backup_job.rs

@@ -4,9 +4,10 @@ use serde_json::Value;
 use proxmox::api::{api, cli::*, RpcEnvironment, ApiHandler};
 
 use pbs_api_types::JOB_ID_SCHEMA;
-use pbs_client::{connect_to_localhost, view_task_result};
+use pbs_client::view_task_result;
 
 use proxmox_backup::api2;
+use proxmox_backup::client_helpers::connect_to_localhost;
 
 #[api(
     input: {

src/client_helpers.rs

@@ -0,0 +1,13 @@
+use anyhow::Error;
+
+use crate::auth_helpers::private_auth_key;
+
+/// As root we have access to the private key file and can use it directly. Otherwise the connect
+/// call will interactively query the password.
+pub fn connect_to_localhost() -> Result<pbs_client::HttpClient, Error> {
+    pbs_client::connect_to_localhost(if nix::unistd::Uid::current().is_root() {
+        Some(private_auth_key())
+    } else {
+        None
+    })
+}

src/lib.rs

@@ -25,3 +25,5 @@ pub mod rrd;
 pub mod tape;
 
 pub mod acme;
+
+pub mod client_helpers;