src/bin/proxmox-backup-proxy.rs: implement unpriviledged server

We want to run the public server as user www-data. Requests needing
root priviledges needs to be proxied to the proxmox-backup.service, which
now listens to 127.0.0.1:82.

debian/install

@@ -1,4 +1,5 @@
 target/release/proxmox-backup-api /usr/sbin
+target/release/proxmox-backup-proxy /usr/bin
 target/release/proxmox-backup-manager /usr/sbin
 target/release/proxmox-backup-client /usr/sbin
 target/release/catar /usr/sbin

debian/proxmox-backup-proxy.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Proxmox API Proxy Server
+ConditionPathExists=/usr/bin/proxmox-backup-proxy
+Wants=proxmox-backup.service
+After=syslog.service
+After=network.target
+
+[Service]
+User=www-data
+Group=www-data
+ExecStart=/usr/bin/proxmox-backup-proxy start
+Type=simple
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target

debian/rules

@@ -7,3 +7,7 @@
 %:
 	dh $@ --with=systemd --with=bash-completion
 
+
+override_dh_installinit:
+	dh_installinit
+	dh_installinit --name proxmox-backup-proxy

src/api/config.rs

@@ -9,15 +9,17 @@ pub struct ApiConfig {
     basedir: PathBuf,
     router: &'static Router,
     aliases: HashMap<String, PathBuf>,
+    env_type: RpcEnvironmentType,
 }
 
 impl ApiConfig {
 
-    pub fn new<B: Into<PathBuf>>(basedir: B, router: &'static Router) -> Self {
+    pub fn new<B: Into<PathBuf>>(basedir: B, router: &'static Router, env_type: RpcEnvironmentType) -> Self {
         Self {
             basedir: basedir.into(),
             router: router,
             aliases: HashMap::new(),
+            env_type,
         }
     }
 
@@ -58,4 +60,8 @@ impl ApiConfig {
     {
         self.aliases.insert(alias.into(), path.into());
     }
+
+    pub fn env_type(&self) -> RpcEnvironmentType {
+        self.env_type
+    }
 }

src/bin/proxmox-backup-api.rs

@@ -72,24 +72,14 @@ fn main() {
         },
     }
 
-    let addr = ([0,0,0,0,0,0,0,0], 8007).into();
+    let addr = ([127,0,0,1], 82).into();
 
     lazy_static!{
        static ref ROUTER: Router = proxmox_backup::api2::router();
     }
 
-    let mut config = ApiConfig::new("/usr/share/javascript/proxmox-backup", &ROUTER);
+    let config = ApiConfig::new(
-
+        "/usr/share/javascript/proxmox-backup", &ROUTER, RpcEnvironmentType::PRIVILEDGED);
-    // add default dirs which includes jquery and bootstrap
-    // my $base = '/usr/share/libpve-http-server-perl';
-    // add_dirs($self->{dirs}, '/css/' => "$base/css/");
-    // add_dirs($self->{dirs}, '/js/' => "$base/js/");
-    // add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/");
-    config.add_alias("novnc", "/usr/share/novnc-pve");
-    config.add_alias("extjs", "/usr/share/javascript/extjs");
-    config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
-    config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
-    config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
 
     let rest_server = RestServer::new(config);
 

src/bin/proxmox-backup-proxy.rs

@@ -0,0 +1,104 @@
+extern crate proxmox_backup;
+
+use std::sync::Arc;
+
+use proxmox_backup::api::schema::*;
+use proxmox_backup::api::router::*;
+use proxmox_backup::api::config::*;
+use proxmox_backup::server::rest::*;
+use proxmox_backup::getopts;
+
+//use failure::*;
+use lazy_static::lazy_static;
+
+use futures::future::Future;
+
+use hyper;
+
+fn main() {
+
+    if let Err(err) = syslog::init(
+        syslog::Facility::LOG_DAEMON,
+        log::LevelFilter::Info,
+        Some("proxmox-backup-proxy")) {
+        eprintln!("unable to inititialize syslog: {}", err);
+        std::process::exit(-1);
+    }
+
+    let command : Arc<Schema> = StringSchema::new("Command.")
+        .format(Arc::new(ApiStringFormat::Enum(vec![
+            "start".into(),
+            "status".into(),
+            "stop".into()
+        ])))
+        .into();
+
+    let schema = ObjectSchema::new("Parameters.")
+        .required("command", command);
+
+    let args: Vec<String> = std::env::args().skip(1).collect();
+
+    let options = match getopts::parse_arguments(&args, &vec!["command"], &schema) {
+        Ok((options, rest)) => {
+            if !rest.is_empty() {
+                eprintln!("Error: got additional arguments: {:?}", rest);
+                std::process::exit(-1);
+            }
+            options
+        }
+        Err(err) => {
+            eprintln!("Error: unable to parse arguments:\n{}", err);
+            std::process::exit(-1);
+        }
+    };
+
+    let command = options["command"].as_str().unwrap();
+
+    match command {
+        "start" => {
+            println!("Starting server.");
+        },
+        "stop" => {
+            println!("Stopping server.");
+            std::process::exit(0);
+        },
+        "status" => {
+            println!("Server status.");
+             std::process::exit(0);
+       },
+        _ => {
+            eprintln!("got unexpected command {}", command);
+            std::process::exit(-1);
+        },
+    }
+
+    let addr = ([0,0,0,0,0,0,0,0], 8007).into();
+
+    lazy_static!{
+       static ref ROUTER: Router = proxmox_backup::api2::router();
+    }
+
+    let mut config = ApiConfig::new(
+        "/usr/share/javascript/proxmox-backup", &ROUTER, RpcEnvironmentType::PUBLIC);
+
+    // add default dirs which includes jquery and bootstrap
+    // my $base = '/usr/share/libpve-http-server-perl';
+    // add_dirs($self->{dirs}, '/css/' => "$base/css/");
+    // add_dirs($self->{dirs}, '/js/' => "$base/js/");
+    // add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/");
+    config.add_alias("novnc", "/usr/share/novnc-pve");
+    config.add_alias("extjs", "/usr/share/javascript/extjs");
+    config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
+    config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
+    config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
+
+    let rest_server = RestServer::new(config);
+
+    let server = hyper::Server::bind(&addr)
+        .serve(rest_server)
+        .map_err(|e| eprintln!("server error: {}", e));
+
+
+    // Run this server for... forever!
+    hyper::rt::run(server);
+}

src/server/rest.rs

@@ -397,7 +397,7 @@ pub fn handle_request(api: Arc<ApiConfig>, req: Request<Body>) -> BoxFut {
     println!("REQUEST {} {}", method, path);
     println!("COMPO {:?}", components);
 
-    let mut rpcenv = RestEnvironment::new(RpcEnvironmentType::PRIVILEDGED);
+    let mut rpcenv = RestEnvironment::new(api.env_type());
 
     if comp_len >= 1 && components[0] == "api2" {
         println!("GOT API REQUEST");