start new pbs-config workspace
moved src/config/domains.rs
This commit is contained in:
parent
df12c9ec4e
commit
2121174827
@ -22,6 +22,7 @@ exclude = [ "build", "debian", "tests/catar_data/test_symlink/symlink1"]
|
||||
members = [
|
||||
"pbs-buildcfg",
|
||||
"pbs-client",
|
||||
"pbs-config",
|
||||
"pbs-datastore",
|
||||
"pbs-fuse-loop",
|
||||
"pbs-runtime",
|
||||
@ -102,6 +103,7 @@ proxmox-openid = "0.7.0"
|
||||
pbs-api-types = { path = "pbs-api-types" }
|
||||
pbs-buildcfg = { path = "pbs-buildcfg" }
|
||||
pbs-client = { path = "pbs-client" }
|
||||
pbs-config = { path = "pbs-config" }
|
||||
pbs-datastore = { path = "pbs-datastore" }
|
||||
pbs-runtime = { path = "pbs-runtime" }
|
||||
pbs-systemd = { path = "pbs-systemd" }
|
||||
|
1
Makefile
1
Makefile
@ -35,6 +35,7 @@ SUBCRATES := \
|
||||
pbs-api-types \
|
||||
pbs-buildcfg \
|
||||
pbs-client \
|
||||
pbs-config \
|
||||
pbs-datastore \
|
||||
pbs-fuse-loop \
|
||||
pbs-runtime \
|
||||
|
@ -152,6 +152,12 @@ pub const DATASTORE_SCHEMA: Schema = StringSchema::new("Datastore name.")
|
||||
.max_length(32)
|
||||
.schema();
|
||||
|
||||
pub const REALM_ID_SCHEMA: Schema = StringSchema::new("Realm name.")
|
||||
.format(&PROXMOX_SAFE_ID_FORMAT)
|
||||
.min_length(2)
|
||||
.max_length(32)
|
||||
.schema();
|
||||
|
||||
pub const FINGERPRINT_SHA256_FORMAT: ApiStringFormat =
|
||||
ApiStringFormat::Pattern(&FINGERPRINT_SHA256_REGEX);
|
||||
|
||||
|
20
pbs-config/Cargo.toml
Normal file
20
pbs-config/Cargo.toml
Normal file
@ -0,0 +1,20 @@
|
||||
[package]
|
||||
name = "pbs-config"
|
||||
version = "0.1.0"
|
||||
authors = ["Proxmox Support Team <support@proxmox.com>"]
|
||||
edition = "2018"
|
||||
description = "Configuration file management for PBS"
|
||||
|
||||
[dependencies]
|
||||
anyhow = "1.0"
|
||||
lazy_static = "1.4"
|
||||
serde = { version = "1.0", features = ["derive"] }
|
||||
openssl = "0.10"
|
||||
nix = "0.19.1"
|
||||
|
||||
|
||||
proxmox = { version = "0.13.0", default-features = false, features = [ "cli" ] }
|
||||
|
||||
pbs-api-types = { path = "../pbs-api-types" }
|
||||
pbs-buildcfg = { path = "../pbs-buildcfg" }
|
||||
pbs-tools = { path = "../pbs-tools" }
|
@ -13,8 +13,8 @@ use proxmox::api::{
|
||||
}
|
||||
};
|
||||
|
||||
use crate::api2::types::*;
|
||||
use crate::backup::{open_backup_lockfile, BackupLockGuard};
|
||||
use pbs_api_types::{REALM_ID_SCHEMA, SINGLE_LINE_COMMENT_SCHEMA};
|
||||
use crate::{open_backup_lockfile, replace_backup_config, BackupLockGuard};
|
||||
|
||||
lazy_static! {
|
||||
pub static ref CONFIG: SectionConfig = init();
|
||||
@ -115,7 +115,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
|
||||
|
||||
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
|
||||
let raw = CONFIG.write(DOMAINS_CFG_FILENAME, &config)?;
|
||||
crate::backup::replace_backup_config(DOMAINS_CFG_FILENAME, raw.as_bytes())
|
||||
replace_backup_config(DOMAINS_CFG_FILENAME, raw.as_bytes())
|
||||
}
|
||||
|
||||
// shell completion helper
|
83
pbs-config/src/lib.rs
Normal file
83
pbs-config/src/lib.rs
Normal file
@ -0,0 +1,83 @@
|
||||
pub mod domains;
|
||||
|
||||
use anyhow::{format_err, Error};
|
||||
|
||||
pub use pbs_buildcfg::{BACKUP_USER_NAME, BACKUP_GROUP_NAME};
|
||||
|
||||
/// Return User info for the 'backup' user (``getpwnam_r(3)``)
|
||||
pub fn backup_user() -> Result<nix::unistd::User, Error> {
|
||||
pbs_tools::sys::query_user(BACKUP_USER_NAME)?
|
||||
.ok_or_else(|| format_err!("Unable to lookup '{}' user.", BACKUP_USER_NAME))
|
||||
}
|
||||
|
||||
/// Return Group info for the 'backup' group (``getgrnam(3)``)
|
||||
pub fn backup_group() -> Result<nix::unistd::Group, Error> {
|
||||
pbs_tools::sys::query_group(BACKUP_GROUP_NAME)?
|
||||
.ok_or_else(|| format_err!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME))
|
||||
}
|
||||
pub struct BackupLockGuard(std::fs::File);
|
||||
|
||||
/// Open or create a lock file owned by user "backup" and lock it.
|
||||
///
|
||||
/// Owner/Group of the file is set to backup/backup.
|
||||
/// File mode is 0660.
|
||||
/// Default timeout is 10 seconds.
|
||||
///
|
||||
/// Note: This method needs to be called by user "root" or "backup".
|
||||
pub fn open_backup_lockfile<P: AsRef<std::path::Path>>(
|
||||
path: P,
|
||||
timeout: Option<std::time::Duration>,
|
||||
exclusive: bool,
|
||||
) -> Result<BackupLockGuard, Error> {
|
||||
let user = backup_user()?;
|
||||
let options = proxmox::tools::fs::CreateOptions::new()
|
||||
.perm(nix::sys::stat::Mode::from_bits_truncate(0o660))
|
||||
.owner(user.uid)
|
||||
.group(user.gid);
|
||||
|
||||
let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0));
|
||||
|
||||
let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?;
|
||||
Ok(BackupLockGuard(file))
|
||||
}
|
||||
|
||||
/// Atomically write data to file owned by "root:backup" with permission "0640"
|
||||
///
|
||||
/// Only the superuser can write those files, but group 'backup' can read them.
|
||||
pub fn replace_backup_config<P: AsRef<std::path::Path>>(
|
||||
path: P,
|
||||
data: &[u8],
|
||||
) -> Result<(), Error> {
|
||||
let backup_user = backup_user()?;
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
|
||||
// set the correct owner/group/permissions while saving file
|
||||
// owner(rw) = root, group(r)= backup
|
||||
let options = proxmox::tools::fs::CreateOptions::new()
|
||||
.perm(mode)
|
||||
.owner(nix::unistd::ROOT)
|
||||
.group(backup_user.gid);
|
||||
|
||||
proxmox::tools::fs::replace_file(path, data, options)?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Atomically write data to file owned by "root:root" with permission "0600"
|
||||
///
|
||||
/// Only the superuser can read and write those files.
|
||||
pub fn replace_secret_config<P: AsRef<std::path::Path>>(
|
||||
path: P,
|
||||
data: &[u8],
|
||||
) -> Result<(), Error> {
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
|
||||
// set the correct owner/group/permissions while saving file
|
||||
// owner(rw) = root, group(r)= root
|
||||
let options = proxmox::tools::fs::CreateOptions::new()
|
||||
.perm(mode)
|
||||
.owner(nix::unistd::ROOT)
|
||||
.group(nix::unistd::Gid::from_raw(0));
|
||||
|
||||
proxmox::tools::fs::replace_file(path, data, options)?;
|
||||
|
||||
Ok(())
|
||||
}
|
@ -8,7 +8,7 @@ use crate::api2::types::*;
|
||||
use crate::config::acl;
|
||||
use crate::config::acl::{Role, PRIV_SYS_AUDIT, PRIV_PERMISSIONS_MODIFY};
|
||||
use crate::config::cached_user_info::CachedUserInfo;
|
||||
use crate::backup::open_backup_lockfile;
|
||||
use pbs_config::open_backup_lockfile;
|
||||
|
||||
fn extract_acl_node_data(
|
||||
node: &acl::AclTreeNode,
|
||||
|
@ -7,8 +7,7 @@ use serde_json::{json, Value};
|
||||
|
||||
use proxmox::api::{api, Permission, Router, RpcEnvironment};
|
||||
|
||||
use crate::config;
|
||||
use crate::api2::types::*;
|
||||
use pbs_api_types::{REALM_ID_SCHEMA, SINGLE_LINE_COMMENT_SCHEMA};
|
||||
|
||||
#[api]
|
||||
#[derive(Deserialize, Serialize, PartialEq, Eq)]
|
||||
@ -81,7 +80,7 @@ fn list_domains(mut rpcenv: &mut dyn RpcEnvironment) -> Result<Vec<BasicRealmInf
|
||||
"comment": "Proxmox Backup authentication server",
|
||||
}))?);
|
||||
|
||||
let (config, digest) = config::domains::config()?;
|
||||
let (config, digest) = pbs_config::domains::config()?;
|
||||
|
||||
for (_, (section_type, v)) in config.sections.iter() {
|
||||
let mut entry = v.clone();
|
||||
|
@ -15,13 +15,13 @@ use proxmox_openid::{OpenIdAuthenticator, OpenIdConfig};
|
||||
use pbs_buildcfg::PROXMOX_BACKUP_RUN_DIR_M;
|
||||
use pbs_tools::auth::private_auth_key;
|
||||
use pbs_tools::ticket::Ticket;
|
||||
use pbs_config::domains::{OpenIdUserAttribute, OpenIdRealmConfig};
|
||||
|
||||
use crate::server::ticket::ApiTicket;
|
||||
|
||||
use crate::config::domains::{OpenIdUserAttribute, OpenIdRealmConfig};
|
||||
use crate::config::cached_user_info::CachedUserInfo;
|
||||
|
||||
use crate::backup::open_backup_lockfile;
|
||||
use pbs_config::open_backup_lockfile;
|
||||
|
||||
use crate::api2::types::*;
|
||||
use crate::auth_helpers::*;
|
||||
@ -88,7 +88,7 @@ pub fn openid_login(
|
||||
let (realm, private_auth_state) =
|
||||
OpenIdAuthenticator::verify_public_auth_state(PROXMOX_BACKUP_RUN_DIR_M!(), &state)?;
|
||||
|
||||
let (domains, _digest) = crate::config::domains::config()?;
|
||||
let (domains, _digest) = pbs_config::domains::config()?;
|
||||
let config: OpenIdRealmConfig = domains.lookup("openid", &realm)?;
|
||||
|
||||
let open_id = openid_authenticator(&config, &redirect_url)?;
|
||||
@ -182,7 +182,7 @@ fn openid_auth_url(
|
||||
_rpcenv: &mut dyn RpcEnvironment,
|
||||
) -> Result<String, Error> {
|
||||
|
||||
let (domains, _digest) = crate::config::domains::config()?;
|
||||
let (domains, _digest) = pbs_config::domains::config()?;
|
||||
let config: OpenIdRealmConfig = domains.lookup("openid", &realm)?;
|
||||
|
||||
let open_id = openid_authenticator(&config, &redirect_url)?;
|
||||
|
@ -18,7 +18,7 @@ use crate::config::user;
|
||||
use crate::config::token_shadow;
|
||||
use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_PERMISSIONS_MODIFY};
|
||||
use crate::config::cached_user_info::CachedUserInfo;
|
||||
use crate::backup::open_backup_lockfile;
|
||||
use pbs_config::open_backup_lockfile;
|
||||
|
||||
pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.")
|
||||
.format(&PASSWORD_FORMAT)
|
||||
|
@ -6,7 +6,7 @@ use ::serde::{Deserialize, Serialize};
|
||||
|
||||
use proxmox::api::{api, Permission, Router, RpcEnvironment};
|
||||
|
||||
use crate::config::domains::{self, OpenIdRealmConfig, OpenIdRealmConfigUpdater};
|
||||
use pbs_config::domains::{self, OpenIdRealmConfig, OpenIdRealmConfigUpdater};
|
||||
use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_REALM_ALLOCATE};
|
||||
use crate::api2::types::*;
|
||||
|
||||
|
@ -10,6 +10,7 @@ use proxmox::api::schema::{ApiType, parse_property_string};
|
||||
|
||||
use pbs_datastore::chunk_store::ChunkStore;
|
||||
use pbs_datastore::task::TaskState;
|
||||
use pbs_config::BackupLockGuard;
|
||||
|
||||
use crate::api2::config::sync::delete_sync_job;
|
||||
use crate::api2::config::verify::delete_verification_job;
|
||||
@ -19,7 +20,6 @@ use crate::api2::admin::{
|
||||
verify::list_verification_jobs,
|
||||
};
|
||||
use crate::api2::types::*;
|
||||
use crate::backup::BackupLockGuard;
|
||||
use crate::config::cached_user_info::CachedUserInfo;
|
||||
use crate::config::datastore::{self, DataStoreConfig, DataStoreConfigUpdater};
|
||||
use crate::config::acl::{PRIV_DATASTORE_ALLOCATE, PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_MODIFY};
|
||||
@ -68,7 +68,7 @@ pub(crate) fn do_create_datastore(
|
||||
) -> Result<(), Error> {
|
||||
let path: PathBuf = datastore.path.clone().into();
|
||||
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let _store = ChunkStore::create(&datastore.name, path, backup_user.uid, backup_user.gid, worker)?;
|
||||
|
||||
config.set_data(&datastore.name, "datastore", &datastore)?;
|
||||
|
@ -11,7 +11,7 @@ use crate::api2::types::*;
|
||||
use crate::config::cached_user_info::CachedUserInfo;
|
||||
use crate::config::remote;
|
||||
use crate::config::acl::{PRIV_REMOTE_AUDIT, PRIV_REMOTE_MODIFY};
|
||||
use crate::backup::open_backup_lockfile;
|
||||
use pbs_config::open_backup_lockfile;
|
||||
|
||||
#[api(
|
||||
input: {
|
||||
|
@ -17,7 +17,7 @@ use crate::config::acl::{
|
||||
|
||||
use crate::config::cached_user_info::CachedUserInfo;
|
||||
use crate::config::sync::{self, SyncJobConfig};
|
||||
use crate::backup::open_backup_lockfile;
|
||||
use pbs_config::open_backup_lockfile;
|
||||
|
||||
pub fn check_sync_job_read_access(
|
||||
user_info: &CachedUserInfo,
|
||||
|
@ -3,6 +3,7 @@ use serde_json::Value;
|
||||
use ::serde::{Deserialize, Serialize};
|
||||
|
||||
use proxmox::api::{api, Router, RpcEnvironment, Permission};
|
||||
use pbs_config::open_backup_lockfile;
|
||||
|
||||
use crate::{
|
||||
api2::types::{
|
||||
@ -16,7 +17,6 @@ use crate::{
|
||||
MEDIA_POOL_NAME_SCHEMA,
|
||||
SYNC_SCHEDULE_SCHEMA,
|
||||
},
|
||||
backup::open_backup_lockfile,
|
||||
config::{
|
||||
self,
|
||||
cached_user_info::CachedUserInfo,
|
||||
|
@ -14,6 +14,7 @@ use proxmox::{
|
||||
use pbs_api_types::Fingerprint;
|
||||
use pbs_datastore::{KeyInfo, Kdf};
|
||||
use pbs_datastore::key_derivation::KeyConfig;
|
||||
use pbs_config::open_backup_lockfile;
|
||||
|
||||
use crate::{
|
||||
config::{
|
||||
@ -35,7 +36,6 @@ use crate::{
|
||||
PROXMOX_CONFIG_DIGEST_SCHEMA,
|
||||
PASSWORD_HINT_SCHEMA,
|
||||
},
|
||||
backup::open_backup_lockfile,
|
||||
};
|
||||
|
||||
#[api(
|
||||
|
@ -13,7 +13,7 @@ use crate::config::acl::{
|
||||
|
||||
use crate::config::cached_user_info::CachedUserInfo;
|
||||
use crate::config::verify::{self, VerificationJobConfig};
|
||||
use crate::backup::open_backup_lockfile;
|
||||
use pbs_config::open_backup_lockfile;
|
||||
|
||||
#[api(
|
||||
input: {
|
||||
|
@ -17,7 +17,7 @@ use crate::server::WorkerTask;
|
||||
|
||||
use crate::api2::types::*;
|
||||
use crate::config::datastore::{self, DataStoreConfig};
|
||||
use crate::backup::open_backup_lockfile;
|
||||
use pbs_config::open_backup_lockfile;
|
||||
|
||||
#[api(
|
||||
properties: {
|
||||
|
@ -9,7 +9,7 @@ use crate::config::network::{self, NetworkConfig};
|
||||
use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_SYS_MODIFY};
|
||||
use crate::api2::types::*;
|
||||
use crate::server::{WorkerTask};
|
||||
use crate::backup::open_backup_lockfile;
|
||||
use pbs_config::open_backup_lockfile;
|
||||
|
||||
fn split_interface_list(list: &str) -> Result<Vec<String>, Error> {
|
||||
let value = parse_property_string(&list, &NETWORK_INTERFACE_ARRAY_SCHEMA)?;
|
||||
|
@ -331,12 +331,6 @@ pub const BLOCKDEVICE_NAME_SCHEMA: Schema = StringSchema::new("Block device name
|
||||
.max_length(64)
|
||||
.schema();
|
||||
|
||||
pub const REALM_ID_SCHEMA: Schema = StringSchema::new("Realm name.")
|
||||
.format(&PROXMOX_SAFE_ID_FORMAT)
|
||||
.min_length(2)
|
||||
.max_length(32)
|
||||
.schema();
|
||||
|
||||
// Complex type definitions
|
||||
|
||||
#[api(
|
||||
|
@ -95,7 +95,7 @@ pub fn generate_csrf_key() -> Result<(), Error> {
|
||||
|
||||
use nix::sys::stat::Mode;
|
||||
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
|
||||
replace_file(
|
||||
&path,
|
||||
@ -129,7 +129,7 @@ pub fn generate_auth_key() -> Result<(), Error> {
|
||||
|
||||
let public_pem = rsa.public_key_to_pem()?;
|
||||
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
|
||||
replace_file(
|
||||
&public_path,
|
||||
|
@ -31,7 +31,7 @@ use pbs_tools::fs::{lock_dir_noblock, DirLockGuard};
|
||||
|
||||
use crate::config::datastore::{self, DataStoreConfig};
|
||||
use crate::tools;
|
||||
use crate::backup::{open_backup_lockfile, BackupLockGuard};
|
||||
use pbs_config::{open_backup_lockfile, BackupLockGuard};
|
||||
|
||||
|
||||
lazy_static! {
|
||||
@ -700,7 +700,7 @@ impl DataStore {
|
||||
let mut path = self.base_path();
|
||||
path.push(".gc-status");
|
||||
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
|
||||
// set the correct owner/group/permissions while saving file
|
||||
// owner(rw) = backup, group(r)= backup
|
||||
|
@ -1,24 +1,8 @@
|
||||
//! Server/client-specific parts for what's otherwise in pbs-datastore.
|
||||
|
||||
use anyhow::{format_err, Error};
|
||||
|
||||
// Note: .pcat1 => Proxmox Catalog Format version 1
|
||||
pub const CATALOG_NAME: &str = "catalog.pcat1.didx";
|
||||
|
||||
pub use pbs_buildcfg::{BACKUP_USER_NAME, BACKUP_GROUP_NAME};
|
||||
|
||||
/// Return User info for the 'backup' user (``getpwnam_r(3)``)
|
||||
pub fn backup_user() -> Result<nix::unistd::User, Error> {
|
||||
pbs_tools::sys::query_user(BACKUP_USER_NAME)?
|
||||
.ok_or_else(|| format_err!("Unable to lookup '{}' user.", BACKUP_USER_NAME))
|
||||
}
|
||||
|
||||
/// Return Group info for the 'backup' group (``getgrnam(3)``)
|
||||
pub fn backup_group() -> Result<nix::unistd::Group, Error> {
|
||||
pbs_tools::sys::query_group(BACKUP_GROUP_NAME)?
|
||||
.ok_or_else(|| format_err!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME))
|
||||
}
|
||||
|
||||
// Split
|
||||
mod read_chunk;
|
||||
pub use read_chunk::*;
|
||||
@ -28,70 +12,3 @@ pub use datastore::*;
|
||||
|
||||
mod verify;
|
||||
pub use verify::*;
|
||||
|
||||
pub struct BackupLockGuard(std::fs::File);
|
||||
|
||||
/// Open or create a lock file owned by user "backup" and lock it.
|
||||
///
|
||||
/// Owner/Group of the file is set to backup/backup.
|
||||
/// File mode is 0660.
|
||||
/// Default timeout is 10 seconds.
|
||||
///
|
||||
/// Note: This method needs to be called by user "root" or "backup".
|
||||
pub fn open_backup_lockfile<P: AsRef<std::path::Path>>(
|
||||
path: P,
|
||||
timeout: Option<std::time::Duration>,
|
||||
exclusive: bool,
|
||||
) -> Result<BackupLockGuard, Error> {
|
||||
let user = backup_user()?;
|
||||
let options = proxmox::tools::fs::CreateOptions::new()
|
||||
.perm(nix::sys::stat::Mode::from_bits_truncate(0o660))
|
||||
.owner(user.uid)
|
||||
.group(user.gid);
|
||||
|
||||
let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0));
|
||||
|
||||
let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?;
|
||||
Ok(BackupLockGuard(file))
|
||||
}
|
||||
|
||||
/// Atomically write data to file owned by "root:backup" with permission "0640"
|
||||
///
|
||||
/// Only the superuser can write those files, but group 'backup' can read them.
|
||||
pub fn replace_backup_config<P: AsRef<std::path::Path>>(
|
||||
path: P,
|
||||
data: &[u8],
|
||||
) -> Result<(), Error> {
|
||||
let backup_user = backup_user()?;
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
|
||||
// set the correct owner/group/permissions while saving file
|
||||
// owner(rw) = root, group(r)= backup
|
||||
let options = proxmox::tools::fs::CreateOptions::new()
|
||||
.perm(mode)
|
||||
.owner(nix::unistd::ROOT)
|
||||
.group(backup_user.gid);
|
||||
|
||||
proxmox::tools::fs::replace_file(path, data, options)?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Atomically write data to file owned by "root:root" with permission "0600"
|
||||
///
|
||||
/// Only the superuser can read and write those files.
|
||||
pub fn replace_secret_config<P: AsRef<std::path::Path>>(
|
||||
path: P,
|
||||
data: &[u8],
|
||||
) -> Result<(), Error> {
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
|
||||
// set the correct owner/group/permissions while saving file
|
||||
// owner(rw) = root, group(r)= root
|
||||
let options = proxmox::tools::fs::CreateOptions::new()
|
||||
.perm(mode)
|
||||
.owner(nix::unistd::ROOT)
|
||||
.group(nix::unistd::Gid::from_raw(0));
|
||||
|
||||
proxmox::tools::fs::replace_file(path, data, options)?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
@ -53,8 +53,8 @@ use proxmox_backup::server::do_prune_job;
|
||||
fn main() -> Result<(), Error> {
|
||||
proxmox_backup::tools::setup_safe_path_env();
|
||||
|
||||
let backup_uid = proxmox_backup::backup::backup_user()?.uid;
|
||||
let backup_gid = proxmox_backup::backup::backup_group()?.gid;
|
||||
let backup_uid = pbs_config::backup_user()?.uid;
|
||||
let backup_gid = pbs_config::backup_group()?.gid;
|
||||
let running_uid = nix::unistd::Uid::effective();
|
||||
let running_gid = nix::unistd::Gid::effective();
|
||||
|
||||
|
@ -3,7 +3,9 @@ use serde_json::Value;
|
||||
|
||||
use proxmox::api::{api, cli::*, RpcEnvironment, ApiHandler};
|
||||
|
||||
use proxmox_backup::{config, api2, api2::types::REALM_ID_SCHEMA};
|
||||
use pbs_api_types::REALM_ID_SCHEMA;
|
||||
|
||||
use proxmox_backup::api2;
|
||||
|
||||
|
||||
#[api(
|
||||
@ -73,25 +75,25 @@ pub fn openid_commands() -> CommandLineInterface {
|
||||
.insert("list", CliCommand::new(&&API_METHOD_LIST_OPENID_REALMS))
|
||||
.insert("show", CliCommand::new(&&API_METHOD_SHOW_OPENID_REALM)
|
||||
.arg_param(&["realm"])
|
||||
.completion_cb("realm", config::domains::complete_openid_realm_name)
|
||||
.completion_cb("realm", pbs_config::domains::complete_openid_realm_name)
|
||||
)
|
||||
.insert("create",
|
||||
CliCommand::new(&api2::config::access::openid::API_METHOD_CREATE_OPENID_REALM)
|
||||
.arg_param(&["realm"])
|
||||
.arg_param(&["realm"])
|
||||
.completion_cb("realm", config::domains::complete_openid_realm_name)
|
||||
.completion_cb("realm", pbs_config::domains::complete_openid_realm_name)
|
||||
)
|
||||
.insert("update",
|
||||
CliCommand::new(&api2::config::access::openid::API_METHOD_UPDATE_OPENID_REALM)
|
||||
.arg_param(&["realm"])
|
||||
.arg_param(&["realm"])
|
||||
.completion_cb("realm", config::domains::complete_openid_realm_name)
|
||||
.completion_cb("realm", pbs_config::domains::complete_openid_realm_name)
|
||||
)
|
||||
.insert("delete",
|
||||
CliCommand::new(&api2::config::access::openid::API_METHOD_DELETE_OPENID_REALM)
|
||||
.arg_param(&["realm"])
|
||||
.arg_param(&["realm"])
|
||||
.completion_cb("realm", config::domains::complete_openid_realm_name)
|
||||
.completion_cb("realm", pbs_config::domains::complete_openid_realm_name)
|
||||
)
|
||||
;
|
||||
|
||||
|
@ -142,8 +142,8 @@ fn set_encryption(
|
||||
fn main() -> Result<(), Error> {
|
||||
|
||||
// check if we are user root or backup
|
||||
let backup_uid = proxmox_backup::backup::backup_user()?.uid;
|
||||
let backup_gid = proxmox_backup::backup::backup_group()?.gid;
|
||||
let backup_uid = pbs_config::backup_user()?.uid;
|
||||
let backup_gid = pbs_config::backup_group()?.gid;
|
||||
let running_uid = nix::unistd::Uid::current();
|
||||
let running_gid = nix::unistd::Gid::current();
|
||||
|
||||
|
@ -911,7 +911,7 @@ pub fn save_config(acl: &AclTree) -> Result<(), Error> {
|
||||
|
||||
acl.write_config(&mut raw)?;
|
||||
|
||||
crate::backup::replace_backup_config(ACL_CFG_FILENAME, &raw)
|
||||
pbs_config::replace_backup_config(ACL_CFG_FILENAME, &raw)
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
|
@ -9,8 +9,8 @@ use proxmox::api::{
|
||||
section_config::{SectionConfig, SectionConfigData, SectionConfigPlugin},
|
||||
};
|
||||
|
||||
use crate::api2::types::PROXMOX_SAFE_ID_FORMAT;
|
||||
use crate::backup::{open_backup_lockfile, BackupLockGuard};
|
||||
use pbs_config::{open_backup_lockfile, BackupLockGuard};
|
||||
use pbs_api_types::PROXMOX_SAFE_ID_FORMAT;
|
||||
|
||||
pub const PLUGIN_ID_SCHEMA: Schema = StringSchema::new("ACME Challenge Plugin ID.")
|
||||
.format(&PROXMOX_SAFE_ID_FORMAT)
|
||||
@ -162,7 +162,7 @@ pub fn config() -> Result<(PluginData, [u8; 32]), Error> {
|
||||
pub fn save_config(config: &PluginData) -> Result<(), Error> {
|
||||
super::make_acme_dir()?;
|
||||
let raw = CONFIG.write(ACME_PLUGIN_CFG_FILENAME, &config.data)?;
|
||||
crate::backup::replace_backup_config(ACME_PLUGIN_CFG_FILENAME, raw.as_bytes())
|
||||
pbs_config::replace_backup_config(ACME_PLUGIN_CFG_FILENAME, raw.as_bytes())
|
||||
}
|
||||
|
||||
pub struct PluginData {
|
||||
|
@ -13,8 +13,9 @@ use proxmox::api::{
|
||||
}
|
||||
};
|
||||
|
||||
use pbs_config::{open_backup_lockfile, BackupLockGuard};
|
||||
|
||||
use crate::api2::types::*;
|
||||
use crate::backup::{open_backup_lockfile, BackupLockGuard};
|
||||
|
||||
lazy_static! {
|
||||
pub static ref CONFIG: SectionConfig = init();
|
||||
@ -152,7 +153,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
|
||||
|
||||
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
|
||||
let raw = CONFIG.write(DATASTORE_CFG_FILENAME, &config)?;
|
||||
crate::backup::replace_backup_config(DATASTORE_CFG_FILENAME, raw.as_bytes())
|
||||
pbs_config::replace_backup_config(DATASTORE_CFG_FILENAME, raw.as_bytes())
|
||||
}
|
||||
|
||||
// shell completion helper
|
||||
|
@ -27,8 +27,9 @@ use proxmox::{
|
||||
},
|
||||
};
|
||||
|
||||
use pbs_config::{open_backup_lockfile, BackupLockGuard};
|
||||
|
||||
use crate::{
|
||||
backup::{open_backup_lockfile, BackupLockGuard},
|
||||
api2::types::{
|
||||
DRIVE_NAME_SCHEMA,
|
||||
VirtualTapeDrive,
|
||||
@ -93,7 +94,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
|
||||
/// Save the configuration file
|
||||
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
|
||||
let raw = CONFIG.write(DRIVE_CFG_FILENAME, &config)?;
|
||||
crate::backup::replace_backup_config(DRIVE_CFG_FILENAME, raw.as_bytes())
|
||||
pbs_config::replace_backup_config(DRIVE_CFG_FILENAME, raw.as_bytes())
|
||||
}
|
||||
|
||||
/// Check if the specified drive name exists in the config.
|
||||
|
@ -22,8 +22,9 @@ use proxmox::{
|
||||
},
|
||||
};
|
||||
|
||||
use pbs_config::{open_backup_lockfile, BackupLockGuard};
|
||||
|
||||
use crate::{
|
||||
backup::{open_backup_lockfile, BackupLockGuard},
|
||||
api2::types::{
|
||||
MEDIA_POOL_NAME_SCHEMA,
|
||||
MediaPoolConfig,
|
||||
@ -72,7 +73,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
|
||||
/// Save the configuration file
|
||||
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
|
||||
let raw = CONFIG.write(MEDIA_POOL_CFG_FILENAME, &config)?;
|
||||
crate::backup::replace_backup_config(MEDIA_POOL_CFG_FILENAME, raw.as_bytes())
|
||||
pbs_config::replace_backup_config(MEDIA_POOL_CFG_FILENAME, raw.as_bytes())
|
||||
}
|
||||
|
||||
// shell completion helper
|
||||
|
@ -30,7 +30,6 @@ pub mod drive;
|
||||
pub mod media_pool;
|
||||
pub mod tape_encryption_keys;
|
||||
pub mod tape_job;
|
||||
pub mod domains;
|
||||
|
||||
/// Check configuration directory permissions
|
||||
///
|
||||
@ -40,7 +39,7 @@ pub mod domains;
|
||||
pub fn check_configdir_permissions() -> Result<(), Error> {
|
||||
let cfgdir = pbs_buildcfg::CONFIGDIR;
|
||||
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let backup_uid = backup_user.uid.as_raw();
|
||||
let backup_gid = backup_user.gid.as_raw();
|
||||
|
||||
@ -85,7 +84,7 @@ pub fn create_configdir() -> Result<(), Error> {
|
||||
),
|
||||
}
|
||||
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
|
||||
nix::unistd::chown(cfgdir, Some(backup_user.uid), Some(backup_user.gid))
|
||||
.map_err(|err| {
|
||||
@ -197,9 +196,9 @@ pub(crate) fn set_proxy_certificate(cert_pem: &[u8], key_pem: &[u8]) -> Result<(
|
||||
let cert_path = PathBuf::from(configdir!("/proxy.pem"));
|
||||
|
||||
create_configdir()?;
|
||||
crate::backup::replace_backup_config(&key_path, key_pem)
|
||||
pbs_config::replace_backup_config(&key_path, key_pem)
|
||||
.map_err(|err| format_err!("error writing certificate private key - {}", err))?;
|
||||
crate::backup::replace_backup_config(&cert_path, &cert_pem)
|
||||
pbs_config::replace_backup_config(&cert_path, &cert_pem)
|
||||
.map_err(|err| format_err!("error writing certificate file - {}", err))?;
|
||||
|
||||
Ok(())
|
||||
|
@ -9,8 +9,8 @@ use proxmox::api::schema::{ApiStringFormat, ApiType, Updater};
|
||||
use proxmox_http::ProxyConfig;
|
||||
|
||||
use pbs_buildcfg::configdir;
|
||||
use pbs_config::{open_backup_lockfile, BackupLockGuard};
|
||||
|
||||
use crate::backup::{open_backup_lockfile, BackupLockGuard};
|
||||
use crate::acme::AcmeClient;
|
||||
use crate::api2::types::{
|
||||
AcmeAccountName, AcmeDomain, ACME_DOMAIN_PROPERTY_SCHEMA, HTTP_PROXY_SCHEMA,
|
||||
@ -39,7 +39,7 @@ pub fn save_config(config: &NodeConfig) -> Result<(), Error> {
|
||||
config.validate()?;
|
||||
|
||||
let raw = crate::tools::config::to_bytes(config, &NodeConfig::API_SCHEMA)?;
|
||||
crate::backup::replace_backup_config(CONF_FILE, &raw)
|
||||
pbs_config::replace_backup_config(CONF_FILE, &raw)
|
||||
}
|
||||
|
||||
#[api(
|
||||
|
@ -122,7 +122,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
|
||||
|
||||
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
|
||||
let raw = CONFIG.write(REMOTE_CFG_FILENAME, &config)?;
|
||||
crate::backup::replace_backup_config(REMOTE_CFG_FILENAME, raw.as_bytes())
|
||||
pbs_config::replace_backup_config(REMOTE_CFG_FILENAME, raw.as_bytes())
|
||||
}
|
||||
|
||||
// shell completion helper
|
||||
|
@ -118,7 +118,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
|
||||
|
||||
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
|
||||
let raw = CONFIG.write(SYNC_CFG_FILENAME, &config)?;
|
||||
crate::backup::replace_backup_config(SYNC_CFG_FILENAME, raw.as_bytes())
|
||||
pbs_config::replace_backup_config(SYNC_CFG_FILENAME, raw.as_bytes())
|
||||
}
|
||||
|
||||
// shell completion helper
|
||||
|
@ -19,7 +19,7 @@ use proxmox::tools::fs::file_read_optional_string;
|
||||
use pbs_api_types::Fingerprint;
|
||||
use pbs_datastore::key_derivation::KeyConfig;
|
||||
|
||||
use crate::backup::open_backup_lockfile;
|
||||
use pbs_config::{open_backup_lockfile, replace_secret_config};
|
||||
|
||||
mod hex_key {
|
||||
use serde::{self, Deserialize, Serializer, Deserializer};
|
||||
@ -135,7 +135,7 @@ pub fn save_keys(map: HashMap<Fingerprint, EncryptionKeyInfo>) -> Result<(), Err
|
||||
}
|
||||
|
||||
let raw = serde_json::to_string_pretty(&list)?;
|
||||
crate::backup::replace_secret_config(TAPE_KEYS_FILENAME, raw.as_bytes())
|
||||
replace_secret_config(TAPE_KEYS_FILENAME, raw.as_bytes())
|
||||
}
|
||||
|
||||
/// Store tape encryption key configurations (password protected keys)
|
||||
@ -148,7 +148,7 @@ pub fn save_key_configs(map: HashMap<Fingerprint, KeyConfig>) -> Result<(), Erro
|
||||
}
|
||||
|
||||
let raw = serde_json::to_string_pretty(&list)?;
|
||||
crate::backup::replace_backup_config(TAPE_KEY_CONFIG_FILENAME, raw.as_bytes())
|
||||
pbs_config::replace_backup_config(TAPE_KEY_CONFIG_FILENAME, raw.as_bytes())
|
||||
}
|
||||
|
||||
/// Insert a new key
|
||||
|
@ -160,7 +160,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
|
||||
|
||||
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
|
||||
let raw = CONFIG.write(TAPE_JOB_CFG_FILENAME, &config)?;
|
||||
crate::backup::replace_backup_config(TAPE_JOB_CFG_FILENAME, raw.as_bytes())
|
||||
pbs_config::replace_backup_config(TAPE_JOB_CFG_FILENAME, raw.as_bytes())
|
||||
}
|
||||
|
||||
// shell completion helper
|
||||
|
@ -26,9 +26,9 @@ use proxmox::tools::uuid::Uuid;
|
||||
use proxmox::tools::AsHex;
|
||||
|
||||
use pbs_buildcfg::configdir;
|
||||
use pbs_config::{open_backup_lockfile, BackupLockGuard};
|
||||
|
||||
use crate::api2::types::Userid;
|
||||
use crate::backup::{open_backup_lockfile, BackupLockGuard};
|
||||
|
||||
/// Mapping of userid to TFA entry.
|
||||
pub type TfaUsers = HashMap<Userid, TfaUserData>;
|
||||
|
@ -8,7 +8,7 @@ use proxmox::tools::fs::CreateOptions;
|
||||
|
||||
use crate::api2::types::Authid;
|
||||
use crate::auth;
|
||||
use crate::backup::open_backup_lockfile;
|
||||
use pbs_config::open_backup_lockfile;
|
||||
|
||||
const LOCK_FILE: &str = pbs_buildcfg::configdir!("/token.shadow.lock");
|
||||
const CONF_FILE: &str = pbs_buildcfg::configdir!("/token.shadow");
|
||||
@ -33,7 +33,7 @@ fn read_file() -> Result<HashMap<Authid, String>, Error> {
|
||||
}
|
||||
|
||||
fn write_file(data: HashMap<Authid, String>) -> Result<(), Error> {
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let options = CreateOptions::new()
|
||||
.perm(nix::sys::stat::Mode::from_bits_truncate(0o0640))
|
||||
.owner(backup_user.uid)
|
||||
|
@ -119,7 +119,7 @@ pub fn cached_config() -> Result<Arc<SectionConfigData>, Error> {
|
||||
|
||||
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
|
||||
let raw = CONFIG.write(USER_CFG_FILENAME, &config)?;
|
||||
crate::backup::replace_backup_config(USER_CFG_FILENAME, raw.as_bytes())?;
|
||||
pbs_config::replace_backup_config(USER_CFG_FILENAME, raw.as_bytes())?;
|
||||
|
||||
// increase user cache generation
|
||||
// We use this in CachedUserInfo
|
||||
|
@ -116,7 +116,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
|
||||
|
||||
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
|
||||
let raw = CONFIG.write(VERIFICATION_CFG_FILENAME, &config)?;
|
||||
crate::backup::replace_backup_config(VERIFICATION_CFG_FILENAME, raw.as_bytes())
|
||||
pbs_config::replace_backup_config(VERIFICATION_CFG_FILENAME, raw.as_bytes())
|
||||
}
|
||||
|
||||
// shell completion helper
|
||||
|
@ -22,7 +22,7 @@ lazy_static!{
|
||||
/// Create rrdd stat dir with correct permission
|
||||
pub fn create_rrdb_dir() -> Result<(), Error> {
|
||||
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let opts = CreateOptions::new()
|
||||
.owner(backup_user.uid)
|
||||
.group(backup_user.gid);
|
||||
|
@ -303,7 +303,7 @@ impl RRD {
|
||||
std::slice::from_raw_parts(self as *const _ as *const u8, std::mem::size_of::<RRD>())
|
||||
};
|
||||
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
|
||||
// set the correct owner/group/permissions while saving file
|
||||
// owner(rw) = backup, group(r)= backup
|
||||
|
@ -19,7 +19,7 @@ where
|
||||
{
|
||||
let path: PathBuf = path.into();
|
||||
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let backup_gid = backup_user.gid.as_raw();
|
||||
|
||||
let socket = UnixListener::bind(&path)?;
|
||||
|
@ -142,7 +142,7 @@ impl ApiConfig {
|
||||
let path: PathBuf = path.into();
|
||||
if let Some(base) = path.parent() {
|
||||
if !base.exists() {
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
|
||||
create_path(base, None, Some(opts)).map_err(|err| format_err!("{}", err))?;
|
||||
}
|
||||
|
@ -47,9 +47,9 @@ use proxmox::tools::fs::{
|
||||
};
|
||||
|
||||
use pbs_systemd::time::{compute_next_event, parse_calendar_event};
|
||||
use pbs_config::{open_backup_lockfile, BackupLockGuard};
|
||||
|
||||
use crate::{
|
||||
backup::{open_backup_lockfile, BackupLockGuard},
|
||||
api2::types::JobScheduleStatus,
|
||||
server::{
|
||||
UPID,
|
||||
@ -88,7 +88,7 @@ const JOB_STATE_BASEDIR: &str = "/var/lib/proxmox-backup/jobstates";
|
||||
|
||||
/// Create jobstate stat dir with correct permission
|
||||
pub fn create_jobstate_dir() -> Result<(), Error> {
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let opts = CreateOptions::new()
|
||||
.owner(backup_user.uid)
|
||||
.group(backup_user.gid);
|
||||
@ -299,7 +299,7 @@ impl Job {
|
||||
let serialized = serde_json::to_string(&self.state)?;
|
||||
let path = get_path(&self.jobtype, &self.jobname);
|
||||
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
|
||||
// set the correct owner/group/permissions while saving file
|
||||
// owner(rw) = backup, group(r)= backup
|
||||
|
@ -116,7 +116,7 @@ pub(crate) async fn notify_datastore_removed() -> Result<(), Error> {
|
||||
/// This exists to fixate the permissions for the run *base* directory while allowing intermediate
|
||||
/// directories after it to have different permissions.
|
||||
pub fn create_run_dir() -> Result<(), Error> {
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let opts = CreateOptions::new()
|
||||
.owner(backup_user.uid)
|
||||
.group(backup_user.gid);
|
||||
|
@ -24,7 +24,7 @@ use super::{UPID, UPIDExt};
|
||||
use crate::server;
|
||||
use crate::tools::{FileLogger, FileLogOptions};
|
||||
use crate::api2::types::{Authid, TaskStateType};
|
||||
use crate::backup::{open_backup_lockfile, BackupLockGuard};
|
||||
use pbs_config::{open_backup_lockfile, BackupLockGuard};
|
||||
|
||||
macro_rules! taskdir {
|
||||
($subdir:expr) => (concat!(pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!(), "/tasks", $subdir))
|
||||
@ -159,7 +159,7 @@ fn parse_worker_status_line(line: &str) -> Result<(String, UPID, Option<TaskStat
|
||||
pub fn create_task_log_dirs() -> Result<(), Error> {
|
||||
|
||||
try_block!({
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let opts = CreateOptions::new()
|
||||
.owner(backup_user.uid)
|
||||
.group(backup_user.gid);
|
||||
@ -354,7 +354,7 @@ pub fn rotate_task_log_archive(size_threshold: u64, compress: bool, max_files: O
|
||||
// new_upid is added to the list when specified.
|
||||
fn update_active_workers(new_upid: Option<&UPID>) -> Result<(), Error> {
|
||||
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
|
||||
let lock = lock_task_list_files(true)?;
|
||||
|
||||
@ -611,7 +611,7 @@ impl WorkerTask {
|
||||
|
||||
path.push(format!("{:02X}", upid.pstart & 255));
|
||||
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
|
||||
create_path(&path, None, Some(CreateOptions::new().owner(backup_user.uid).group(backup_user.gid)))?;
|
||||
|
||||
|
@ -483,7 +483,7 @@ fn save_changer_state_cache(
|
||||
|
||||
let state = serde_json::to_string_pretty(state)?;
|
||||
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
|
||||
let options = CreateOptions::new()
|
||||
.perm(mode)
|
||||
|
@ -553,7 +553,7 @@ pub fn set_tape_device_state(
|
||||
let mut path = PathBuf::from(crate::tape::DRIVE_STATE_DIR);
|
||||
path.push(drive);
|
||||
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
|
||||
let options = CreateOptions::new()
|
||||
.perm(mode)
|
||||
@ -612,7 +612,7 @@ fn open_device_lock(device_path: &str) -> Result<std::fs::File, Error> {
|
||||
let mut path = std::path::PathBuf::from(crate::tape::DRIVE_LOCK_DIR);
|
||||
path.push(lock_name);
|
||||
|
||||
let user = crate::backup::backup_user()?;
|
||||
let user = pbs_config::backup_user()?;
|
||||
let options = CreateOptions::new()
|
||||
.perm(Mode::from_bits_truncate(0o660))
|
||||
.owner(user.uid)
|
||||
|
@ -40,6 +40,7 @@ use proxmox::tools::{
|
||||
};
|
||||
|
||||
use pbs_systemd::time::compute_next_event;
|
||||
use pbs_config::{open_backup_lockfile, BackupLockGuard};
|
||||
|
||||
use crate::{
|
||||
api2::types::{
|
||||
@ -48,7 +49,6 @@ use crate::{
|
||||
MediaStatus,
|
||||
MediaLocation,
|
||||
},
|
||||
backup::{open_backup_lockfile, BackupLockGuard},
|
||||
tape::{
|
||||
TAPE_STATUS_DIR,
|
||||
MediaSet,
|
||||
@ -174,7 +174,7 @@ impl Inventory {
|
||||
// We cannot use chown inside test environment (no permissions)
|
||||
CreateOptions::new().perm(mode)
|
||||
} else {
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
CreateOptions::new()
|
||||
.perm(mode)
|
||||
.owner(backup_user.uid)
|
||||
|
@ -183,7 +183,7 @@ impl MediaCatalog {
|
||||
}
|
||||
|
||||
fn create_basedir(base_path: &Path) -> Result<(), Error> {
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
|
||||
let opts = CreateOptions::new()
|
||||
.perm(mode)
|
||||
@ -217,7 +217,7 @@ impl MediaCatalog {
|
||||
.create(create)
|
||||
.open(&path)?;
|
||||
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
fchown(file.as_raw_fd(), Some(backup_user.uid), Some(backup_user.gid))
|
||||
.map_err(|err| format_err!("fchown failed - {}", err))?;
|
||||
|
||||
@ -275,7 +275,7 @@ impl MediaCatalog {
|
||||
return Ok(file);
|
||||
}
|
||||
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
fchown(file.as_raw_fd(), Some(backup_user.uid), Some(backup_user.gid))
|
||||
.map_err(|err| format_err!("fchown failed - {}", err))?;
|
||||
|
||||
|
@ -91,7 +91,7 @@ fn write_snapshot_cache(
|
||||
}
|
||||
}
|
||||
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
|
||||
let options = CreateOptions::new()
|
||||
.perm(mode)
|
||||
|
@ -16,9 +16,9 @@ use proxmox::tools::Uuid;
|
||||
|
||||
use pbs_api_types::Fingerprint;
|
||||
use pbs_systemd::time::compute_next_event;
|
||||
use pbs_config::BackupLockGuard;
|
||||
|
||||
use crate::{
|
||||
backup::BackupLockGuard,
|
||||
api2::types::{
|
||||
MediaStatus,
|
||||
MediaLocation,
|
||||
|
@ -71,7 +71,7 @@ pub const COMMIT_BLOCK_SIZE: usize = 128*1024*1024*1024; // 128 GiB
|
||||
|
||||
/// Create tape status dir with correct permission
|
||||
pub fn create_tape_status_dir() -> Result<(), Error> {
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750);
|
||||
let options = CreateOptions::new()
|
||||
.perm(mode)
|
||||
@ -86,7 +86,7 @@ pub fn create_tape_status_dir() -> Result<(), Error> {
|
||||
|
||||
/// Create drive lock dir with correct permission
|
||||
pub fn create_drive_lock_dir() -> Result<(), Error> {
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750);
|
||||
let options = CreateOptions::new()
|
||||
.perm(mode)
|
||||
@ -101,7 +101,7 @@ pub fn create_drive_lock_dir() -> Result<(), Error> {
|
||||
|
||||
/// Create drive state dir with correct permission
|
||||
pub fn create_drive_state_dir() -> Result<(), Error> {
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750);
|
||||
let options = CreateOptions::new()
|
||||
.perm(mode)
|
||||
@ -116,7 +116,7 @@ pub fn create_drive_state_dir() -> Result<(), Error> {
|
||||
|
||||
/// Create changer state cache dir with correct permission
|
||||
pub fn create_changer_state_dir() -> Result<(), Error> {
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750);
|
||||
let options = CreateOptions::new()
|
||||
.perm(mode)
|
||||
|
@ -91,7 +91,7 @@ impl FileLogger {
|
||||
.open(&file_name)?;
|
||||
|
||||
if options.owned_by_backup {
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
nix::unistd::chown(file_name.as_ref(), Some(backup_user.uid), Some(backup_user.gid))?;
|
||||
}
|
||||
|
||||
|
@ -38,7 +38,7 @@ impl Memcom {
|
||||
|
||||
// Actual work of `new`:
|
||||
fn open() -> Result<Arc<Self>, Error> {
|
||||
let user = crate::backup::backup_user()?;
|
||||
let user = pbs_config::backup_user()?;
|
||||
let options = CreateOptions::new()
|
||||
.perm(Mode::from_bits_truncate(0o660))
|
||||
.owner(user.uid)
|
||||
|
@ -304,7 +304,7 @@ pub fn write_subscription(info: SubscriptionInfo) -> Result<(), Error> {
|
||||
format!("{}\n{}\n{}\n", info.key.unwrap(), csum, encoded)
|
||||
};
|
||||
|
||||
let backup_user = crate::backup::backup_user()?;
|
||||
let backup_user = pbs_config::backup_user()?;
|
||||
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
|
||||
let file_opts = CreateOptions::new()
|
||||
.perm(mode)
|
||||
|
Loading…
Reference in New Issue
Block a user