src/bin/proxmox-backup-proxy.rs: implement unpriviledged server

We want to run the public server as user www-data. Requests needing
root priviledges needs to be proxied to the proxmox-backup.service, which
now listens to 127.0.0.1:82.
This commit is contained in:
Dietmar Maurer 2019-01-28 13:17:03 +01:00
parent 48849593ee
commit 02c7a75520
7 changed files with 136 additions and 15 deletions

1
debian/install vendored
View File

@ -1,4 +1,5 @@
target/release/proxmox-backup-api /usr/sbin target/release/proxmox-backup-api /usr/sbin
target/release/proxmox-backup-proxy /usr/bin
target/release/proxmox-backup-manager /usr/sbin target/release/proxmox-backup-manager /usr/sbin
target/release/proxmox-backup-client /usr/sbin target/release/proxmox-backup-client /usr/sbin
target/release/catar /usr/sbin target/release/catar /usr/sbin

16
debian/proxmox-backup-proxy.service vendored Normal file
View File

@ -0,0 +1,16 @@
[Unit]
Description=Proxmox API Proxy Server
ConditionPathExists=/usr/bin/proxmox-backup-proxy
Wants=proxmox-backup.service
After=syslog.service
After=network.target
[Service]
User=www-data
Group=www-data
ExecStart=/usr/bin/proxmox-backup-proxy start
Type=simple
Restart=on-failure
[Install]
WantedBy=multi-user.target

4
debian/rules vendored
View File

@ -7,3 +7,7 @@
%: %:
dh $@ --with=systemd --with=bash-completion dh $@ --with=systemd --with=bash-completion
override_dh_installinit:
dh_installinit
dh_installinit --name proxmox-backup-proxy

View File

@ -9,15 +9,17 @@ pub struct ApiConfig {
basedir: PathBuf, basedir: PathBuf,
router: &'static Router, router: &'static Router,
aliases: HashMap<String, PathBuf>, aliases: HashMap<String, PathBuf>,
env_type: RpcEnvironmentType,
} }
impl ApiConfig { impl ApiConfig {
pub fn new<B: Into<PathBuf>>(basedir: B, router: &'static Router) -> Self { pub fn new<B: Into<PathBuf>>(basedir: B, router: &'static Router, env_type: RpcEnvironmentType) -> Self {
Self { Self {
basedir: basedir.into(), basedir: basedir.into(),
router: router, router: router,
aliases: HashMap::new(), aliases: HashMap::new(),
env_type,
} }
} }
@ -58,4 +60,8 @@ impl ApiConfig {
{ {
self.aliases.insert(alias.into(), path.into()); self.aliases.insert(alias.into(), path.into());
} }
pub fn env_type(&self) -> RpcEnvironmentType {
self.env_type
}
} }

View File

@ -72,24 +72,14 @@ fn main() {
}, },
} }
let addr = ([0,0,0,0,0,0,0,0], 8007).into(); let addr = ([127,0,0,1], 82).into();
lazy_static!{ lazy_static!{
static ref ROUTER: Router = proxmox_backup::api2::router(); static ref ROUTER: Router = proxmox_backup::api2::router();
} }
let mut config = ApiConfig::new("/usr/share/javascript/proxmox-backup", &ROUTER); let config = ApiConfig::new(
"/usr/share/javascript/proxmox-backup", &ROUTER, RpcEnvironmentType::PRIVILEDGED);
// add default dirs which includes jquery and bootstrap
// my $base = '/usr/share/libpve-http-server-perl';
// add_dirs($self->{dirs}, '/css/' => "$base/css/");
// add_dirs($self->{dirs}, '/js/' => "$base/js/");
// add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/");
config.add_alias("novnc", "/usr/share/novnc-pve");
config.add_alias("extjs", "/usr/share/javascript/extjs");
config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
let rest_server = RestServer::new(config); let rest_server = RestServer::new(config);

View File

@ -0,0 +1,104 @@
extern crate proxmox_backup;
use std::sync::Arc;
use proxmox_backup::api::schema::*;
use proxmox_backup::api::router::*;
use proxmox_backup::api::config::*;
use proxmox_backup::server::rest::*;
use proxmox_backup::getopts;
//use failure::*;
use lazy_static::lazy_static;
use futures::future::Future;
use hyper;
fn main() {
if let Err(err) = syslog::init(
syslog::Facility::LOG_DAEMON,
log::LevelFilter::Info,
Some("proxmox-backup-proxy")) {
eprintln!("unable to inititialize syslog: {}", err);
std::process::exit(-1);
}
let command : Arc<Schema> = StringSchema::new("Command.")
.format(Arc::new(ApiStringFormat::Enum(vec![
"start".into(),
"status".into(),
"stop".into()
])))
.into();
let schema = ObjectSchema::new("Parameters.")
.required("command", command);
let args: Vec<String> = std::env::args().skip(1).collect();
let options = match getopts::parse_arguments(&args, &vec!["command"], &schema) {
Ok((options, rest)) => {
if !rest.is_empty() {
eprintln!("Error: got additional arguments: {:?}", rest);
std::process::exit(-1);
}
options
}
Err(err) => {
eprintln!("Error: unable to parse arguments:\n{}", err);
std::process::exit(-1);
}
};
let command = options["command"].as_str().unwrap();
match command {
"start" => {
println!("Starting server.");
},
"stop" => {
println!("Stopping server.");
std::process::exit(0);
},
"status" => {
println!("Server status.");
std::process::exit(0);
},
_ => {
eprintln!("got unexpected command {}", command);
std::process::exit(-1);
},
}
let addr = ([0,0,0,0,0,0,0,0], 8007).into();
lazy_static!{
static ref ROUTER: Router = proxmox_backup::api2::router();
}
let mut config = ApiConfig::new(
"/usr/share/javascript/proxmox-backup", &ROUTER, RpcEnvironmentType::PUBLIC);
// add default dirs which includes jquery and bootstrap
// my $base = '/usr/share/libpve-http-server-perl';
// add_dirs($self->{dirs}, '/css/' => "$base/css/");
// add_dirs($self->{dirs}, '/js/' => "$base/js/");
// add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/");
config.add_alias("novnc", "/usr/share/novnc-pve");
config.add_alias("extjs", "/usr/share/javascript/extjs");
config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
let rest_server = RestServer::new(config);
let server = hyper::Server::bind(&addr)
.serve(rest_server)
.map_err(|e| eprintln!("server error: {}", e));
// Run this server for... forever!
hyper::rt::run(server);
}

View File

@ -397,7 +397,7 @@ pub fn handle_request(api: Arc<ApiConfig>, req: Request<Body>) -> BoxFut {
println!("REQUEST {} {}", method, path); println!("REQUEST {} {}", method, path);
println!("COMPO {:?}", components); println!("COMPO {:?}", components);
let mut rpcenv = RestEnvironment::new(RpcEnvironmentType::PRIVILEDGED); let mut rpcenv = RestEnvironment::new(api.env_type());
if comp_len >= 1 && components[0] == "api2" { if comp_len >= 1 && components[0] == "api2" {
println!("GOT API REQUEST"); println!("GOT API REQUEST");