tyler
/
proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

start new pbs-config workspace 

moved src/config/domains.rs
This commit is contained in:
Dietmar Maurer 2021-09-02 12:47:11 +02:00
parent df12c9ec4e
commit 2121174827
58 changed files with 207 additions and 181 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.toml
View File

@ -22,6 +22,7 @@ exclude = [ "build", "debian", "tests/catar_data/test_symlink/symlink1"]
members = [
"pbs-buildcfg",
"pbs-client",
"pbs-config",
"pbs-datastore",
"pbs-fuse-loop",
"pbs-runtime",
@ -102,6 +103,7 @@ proxmox-openid = "0.7.0"
pbs-api-types = { path = "pbs-api-types" }
pbs-buildcfg = { path = "pbs-buildcfg" }
pbs-client = { path = "pbs-client" }
pbs-config = { path = "pbs-config" }
pbs-datastore = { path = "pbs-datastore" }
pbs-runtime = { path = "pbs-runtime" }
pbs-systemd = { path = "pbs-systemd" }

1
Makefile
View File

@ -35,6 +35,7 @@ SUBCRATES := \
pbs-api-types \
pbs-buildcfg \
pbs-client \
pbs-config \
pbs-datastore \
pbs-fuse-loop \
pbs-runtime \

6
pbs-api-types/src/lib.rs
View File

@ -152,6 +152,12 @@ pub const DATASTORE_SCHEMA: Schema = StringSchema::new("Datastore name.")
.max_length(32)
.schema();
pub const REALM_ID_SCHEMA: Schema = StringSchema::new("Realm name.")
.format(&PROXMOX_SAFE_ID_FORMAT)
.min_length(2)
.max_length(32)
.schema();
pub const FINGERPRINT_SHA256_FORMAT: ApiStringFormat =
ApiStringFormat::Pattern(&FINGERPRINT_SHA256_REGEX);

20
pbs-config/Cargo.toml Normal file
View File

@ -0,0 +1,20 @@
[package]
name = "pbs-config"
version = "0.1.0"
authors = ["Proxmox Support Team <support@proxmox.com>"]
edition = "2018"
description = "Configuration file management for PBS"
[dependencies]
anyhow = "1.0"
lazy_static = "1.4"
serde = { version = "1.0", features = ["derive"] }
openssl = "0.10"
nix = "0.19.1"
proxmox = { version = "0.13.0", default-features = false, features = [ "cli" ] }
pbs-api-types = { path = "../pbs-api-types" }
pbs-buildcfg = { path = "../pbs-buildcfg" }
pbs-tools = { path = "../pbs-tools" }

6
src/config/domains.rs → pbs-config/src/domains.rs
View File

@ -13,8 +13,8 @@ use proxmox::api::{
}
};
use crate::api2::types::*;
use crate::backup::{open_backup_lockfile, BackupLockGuard};
use pbs_api_types::{REALM_ID_SCHEMA, SINGLE_LINE_COMMENT_SCHEMA};
use crate::{open_backup_lockfile, replace_backup_config, BackupLockGuard};
lazy_static! {
pub static ref CONFIG: SectionConfig = init();
@ -115,7 +115,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(DOMAINS_CFG_FILENAME, &config)?;
crate::backup::replace_backup_config(DOMAINS_CFG_FILENAME, raw.as_bytes())
replace_backup_config(DOMAINS_CFG_FILENAME, raw.as_bytes())
}
// shell completion helper

83
pbs-config/src/lib.rs Normal file
View File

@ -0,0 +1,83 @@
pub mod domains;
use anyhow::{format_err, Error};
pub use pbs_buildcfg::{BACKUP_USER_NAME, BACKUP_GROUP_NAME};
/// Return User info for the 'backup' user (``getpwnam_r(3)``)
pub fn backup_user() -> Result<nix::unistd::User, Error> {
pbs_tools::sys::query_user(BACKUP_USER_NAME)?
.ok_or_else(|| format_err!("Unable to lookup '{}' user.", BACKUP_USER_NAME))
}
/// Return Group info for the 'backup' group (``getgrnam(3)``)
pub fn backup_group() -> Result<nix::unistd::Group, Error> {
pbs_tools::sys::query_group(BACKUP_GROUP_NAME)?
.ok_or_else(|| format_err!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME))
}
pub struct BackupLockGuard(std::fs::File);
/// Open or create a lock file owned by user "backup" and lock it.
///
/// Owner/Group of the file is set to backup/backup.
/// File mode is 0660.
/// Default timeout is 10 seconds.
///
/// Note: This method needs to be called by user "root" or "backup".
pub fn open_backup_lockfile<P: AsRef<std::path::Path>>(
path: P,
timeout: Option<std::time::Duration>,
exclusive: bool,
) -> Result<BackupLockGuard, Error> {
let user = backup_user()?;
let options = proxmox::tools::fs::CreateOptions::new()
.perm(nix::sys::stat::Mode::from_bits_truncate(0o660))
.owner(user.uid)
.group(user.gid);
let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0));
let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?;
Ok(BackupLockGuard(file))
}
/// Atomically write data to file owned by "root:backup" with permission "0640"
///
/// Only the superuser can write those files, but group 'backup' can read them.
pub fn replace_backup_config<P: AsRef<std::path::Path>>(
path: P,
data: &[u8],
) -> Result<(), Error> {
let backup_user = backup_user()?;
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
// set the correct owner/group/permissions while saving file
// owner(rw) = root, group(r)= backup
let options = proxmox::tools::fs::CreateOptions::new()
.perm(mode)
.owner(nix::unistd::ROOT)
.group(backup_user.gid);
proxmox::tools::fs::replace_file(path, data, options)?;
Ok(())
}
/// Atomically write data to file owned by "root:root" with permission "0600"
///
/// Only the superuser can read and write those files.
pub fn replace_secret_config<P: AsRef<std::path::Path>>(
path: P,
data: &[u8],
) -> Result<(), Error> {
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
// set the correct owner/group/permissions while saving file
// owner(rw) = root, group(r)= root
let options = proxmox::tools::fs::CreateOptions::new()
.perm(mode)
.owner(nix::unistd::ROOT)
.group(nix::unistd::Gid::from_raw(0));
proxmox::tools::fs::replace_file(path, data, options)?;
Ok(())
}

2
src/api2/access/acl.rs
View File

@ -8,7 +8,7 @@ use crate::api2::types::*;
use crate::config::acl;
use crate::config::acl::{Role, PRIV_SYS_AUDIT, PRIV_PERMISSIONS_MODIFY};
use crate::config::cached_user_info::CachedUserInfo;
use crate::backup::open_backup_lockfile;
use pbs_config::open_backup_lockfile;
fn extract_acl_node_data(
node: &acl::AclTreeNode,

5
src/api2/access/domain.rs
View File

@ -7,8 +7,7 @@ use serde_json::{json, Value};
use proxmox::api::{api, Permission, Router, RpcEnvironment};
use crate::config;
use crate::api2::types::*;
use pbs_api_types::{REALM_ID_SCHEMA, SINGLE_LINE_COMMENT_SCHEMA};
#[api]
#[derive(Deserialize, Serialize, PartialEq, Eq)]
@ -81,7 +80,7 @@ fn list_domains(mut rpcenv: &mut dyn RpcEnvironment) -> Result<Vec<BasicRealmInf
"comment": "Proxmox Backup authentication server",
}))?);
let (config, digest) = config::domains::config()?;
let (config, digest) = pbs_config::domains::config()?;
for (_, (section_type, v)) in config.sections.iter() {
let mut entry = v.clone();

8
src/api2/access/openid.rs
View File

@ -15,13 +15,13 @@ use proxmox_openid::{OpenIdAuthenticator, OpenIdConfig};
use pbs_buildcfg::PROXMOX_BACKUP_RUN_DIR_M;
use pbs_tools::auth::private_auth_key;
use pbs_tools::ticket::Ticket;
use pbs_config::domains::{OpenIdUserAttribute, OpenIdRealmConfig};
use crate::server::ticket::ApiTicket;
use crate::config::domains::{OpenIdUserAttribute, OpenIdRealmConfig};
use crate::config::cached_user_info::CachedUserInfo;
use crate::backup::open_backup_lockfile;
use pbs_config::open_backup_lockfile;
use crate::api2::types::*;
use crate::auth_helpers::*;
@ -88,7 +88,7 @@ pub fn openid_login(
let (realm, private_auth_state) =
OpenIdAuthenticator::verify_public_auth_state(PROXMOX_BACKUP_RUN_DIR_M!(), &state)?;
let (domains, _digest) = crate::config::domains::config()?;
let (domains, _digest) = pbs_config::domains::config()?;
let config: OpenIdRealmConfig = domains.lookup("openid", &realm)?;
let open_id = openid_authenticator(&config, &redirect_url)?;
@ -182,7 +182,7 @@ fn openid_auth_url(
_rpcenv: &mut dyn RpcEnvironment,
) -> Result<String, Error> {
let (domains, _digest) = crate::config::domains::config()?;
let (domains, _digest) = pbs_config::domains::config()?;
let config: OpenIdRealmConfig = domains.lookup("openid", &realm)?;
let open_id = openid_authenticator(&config, &redirect_url)?;

2
src/api2/access/user.rs
View File

@ -18,7 +18,7 @@ use crate::config::user;
use crate::config::token_shadow;
use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_PERMISSIONS_MODIFY};
use crate::config::cached_user_info::CachedUserInfo;
use crate::backup::open_backup_lockfile;
use pbs_config::open_backup_lockfile;
pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.")
.format(&PASSWORD_FORMAT)

2
src/api2/config/access/openid.rs
View File

@ -6,7 +6,7 @@ use ::serde::{Deserialize, Serialize};
use proxmox::api::{api, Permission, Router, RpcEnvironment};
use crate::config::domains::{self, OpenIdRealmConfig, OpenIdRealmConfigUpdater};
use pbs_config::domains::{self, OpenIdRealmConfig, OpenIdRealmConfigUpdater};
use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_REALM_ALLOCATE};
use crate::api2::types::*;

4
src/api2/config/datastore.rs
View File

@ -10,6 +10,7 @@ use proxmox::api::schema::{ApiType, parse_property_string};
use pbs_datastore::chunk_store::ChunkStore;
use pbs_datastore::task::TaskState;
use pbs_config::BackupLockGuard;
use crate::api2::config::sync::delete_sync_job;
use crate::api2::config::verify::delete_verification_job;
@ -19,7 +20,6 @@ use crate::api2::admin::{
verify::list_verification_jobs,
};
use crate::api2::types::*;
use crate::backup::BackupLockGuard;
use crate::config::cached_user_info::CachedUserInfo;
use crate::config::datastore::{self, DataStoreConfig, DataStoreConfigUpdater};
use crate::config::acl::{PRIV_DATASTORE_ALLOCATE, PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_MODIFY};
@ -68,7 +68,7 @@ pub(crate) fn do_create_datastore(
) -> Result<(), Error> {
let path: PathBuf = datastore.path.clone().into();
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let _store = ChunkStore::create(&datastore.name, path, backup_user.uid, backup_user.gid, worker)?;
config.set_data(&datastore.name, "datastore", &datastore)?;

2
src/api2/config/remote.rs
View File

@ -11,7 +11,7 @@ use crate::api2::types::*;
use crate::config::cached_user_info::CachedUserInfo;
use crate::config::remote;
use crate::config::acl::{PRIV_REMOTE_AUDIT, PRIV_REMOTE_MODIFY};
use crate::backup::open_backup_lockfile;
use pbs_config::open_backup_lockfile;
#[api(
input: {

2
src/api2/config/sync.rs
View File

@ -17,7 +17,7 @@ use crate::config::acl::{
use crate::config::cached_user_info::CachedUserInfo;
use crate::config::sync::{self, SyncJobConfig};
use crate::backup::open_backup_lockfile;
use pbs_config::open_backup_lockfile;
pub fn check_sync_job_read_access(
user_info: &CachedUserInfo,

2
src/api2/config/tape_backup_job.rs
View File

@ -3,6 +3,7 @@ use serde_json::Value;
use ::serde::{Deserialize, Serialize};
use proxmox::api::{api, Router, RpcEnvironment, Permission};
use pbs_config::open_backup_lockfile;
use crate::{
api2::types::{
@ -16,7 +17,6 @@ use crate::{
MEDIA_POOL_NAME_SCHEMA,
SYNC_SCHEDULE_SCHEMA,
},
backup::open_backup_lockfile,
config::{
self,
cached_user_info::CachedUserInfo,

2
src/api2/config/tape_encryption_keys.rs
View File

@ -14,6 +14,7 @@ use proxmox::{
use pbs_api_types::Fingerprint;
use pbs_datastore::{KeyInfo, Kdf};
use pbs_datastore::key_derivation::KeyConfig;
use pbs_config::open_backup_lockfile;
use crate::{
config::{
@ -35,7 +36,6 @@ use crate::{
PROXMOX_CONFIG_DIGEST_SCHEMA,
PASSWORD_HINT_SCHEMA,
},
backup::open_backup_lockfile,
};
#[api(

2
src/api2/config/verify.rs
View File

@ -13,7 +13,7 @@ use crate::config::acl::{
use crate::config::cached_user_info::CachedUserInfo;
use crate::config::verify::{self, VerificationJobConfig};
use crate::backup::open_backup_lockfile;
use pbs_config::open_backup_lockfile;
#[api(
input: {

2
src/api2/node/disks/directory.rs
View File

@ -17,7 +17,7 @@ use crate::server::WorkerTask;
use crate::api2::types::*;
use crate::config::datastore::{self, DataStoreConfig};
use crate::backup::open_backup_lockfile;
use pbs_config::open_backup_lockfile;
#[api(
properties: {

2
src/api2/node/network.rs
View File

@ -9,7 +9,7 @@ use crate::config::network::{self, NetworkConfig};
use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_SYS_MODIFY};
use crate::api2::types::*;
use crate::server::{WorkerTask};
use crate::backup::open_backup_lockfile;
use pbs_config::open_backup_lockfile;
fn split_interface_list(list: &str) -> Result<Vec<String>, Error> {
let value = parse_property_string(&list, &NETWORK_INTERFACE_ARRAY_SCHEMA)?;

6
src/api2/types/mod.rs
View File

@ -331,12 +331,6 @@ pub const BLOCKDEVICE_NAME_SCHEMA: Schema = StringSchema::new("Block device name
.max_length(64)
.schema();
pub const REALM_ID_SCHEMA: Schema = StringSchema::new("Realm name.")
.format(&PROXMOX_SAFE_ID_FORMAT)
.min_length(2)
.max_length(32)
.schema();
// Complex type definitions
#[api(

4
src/auth_helpers.rs
View File

@ -95,7 +95,7 @@ pub fn generate_csrf_key() -> Result<(), Error> {
use nix::sys::stat::Mode;
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
replace_file(
&path,
@ -129,7 +129,7 @@ pub fn generate_auth_key() -> Result<(), Error> {
let public_pem = rsa.public_key_to_pem()?;
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
replace_file(
&public_path,

4
src/backup/datastore.rs
View File

@ -31,7 +31,7 @@ use pbs_tools::fs::{lock_dir_noblock, DirLockGuard};
use crate::config::datastore::{self, DataStoreConfig};
use crate::tools;
use crate::backup::{open_backup_lockfile, BackupLockGuard};
use pbs_config::{open_backup_lockfile, BackupLockGuard};
lazy_static! {
@ -700,7 +700,7 @@ impl DataStore {
let mut path = self.base_path();
path.push(".gc-status");
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
// set the correct owner/group/permissions while saving file
// owner(rw) = backup, group(r)= backup

83
src/backup/mod.rs
View File

@ -1,24 +1,8 @@
//! Server/client-specific parts for what's otherwise in pbs-datastore.
use anyhow::{format_err, Error};
// Note: .pcat1 => Proxmox Catalog Format version 1
pub const CATALOG_NAME: &str = "catalog.pcat1.didx";
pub use pbs_buildcfg::{BACKUP_USER_NAME, BACKUP_GROUP_NAME};
/// Return User info for the 'backup' user (``getpwnam_r(3)``)
pub fn backup_user() -> Result<nix::unistd::User, Error> {
pbs_tools::sys::query_user(BACKUP_USER_NAME)?
.ok_or_else(|| format_err!("Unable to lookup '{}' user.", BACKUP_USER_NAME))
}
/// Return Group info for the 'backup' group (``getgrnam(3)``)
pub fn backup_group() -> Result<nix::unistd::Group, Error> {
pbs_tools::sys::query_group(BACKUP_GROUP_NAME)?
.ok_or_else(|| format_err!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME))
}
// Split
mod read_chunk;
pub use read_chunk::*;
@ -28,70 +12,3 @@ pub use datastore::*;
mod verify;
pub use verify::*;
pub struct BackupLockGuard(std::fs::File);
/// Open or create a lock file owned by user "backup" and lock it.
///
/// Owner/Group of the file is set to backup/backup.
/// File mode is 0660.
/// Default timeout is 10 seconds.
///
/// Note: This method needs to be called by user "root" or "backup".
pub fn open_backup_lockfile<P: AsRef<std::path::Path>>(
path: P,
timeout: Option<std::time::Duration>,
exclusive: bool,
) -> Result<BackupLockGuard, Error> {
let user = backup_user()?;
let options = proxmox::tools::fs::CreateOptions::new()
.perm(nix::sys::stat::Mode::from_bits_truncate(0o660))
.owner(user.uid)
.group(user.gid);
let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0));
let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?;
Ok(BackupLockGuard(file))
}
/// Atomically write data to file owned by "root:backup" with permission "0640"
///
/// Only the superuser can write those files, but group 'backup' can read them.
pub fn replace_backup_config<P: AsRef<std::path::Path>>(
path: P,
data: &[u8],
) -> Result<(), Error> {
let backup_user = backup_user()?;
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
// set the correct owner/group/permissions while saving file
// owner(rw) = root, group(r)= backup
let options = proxmox::tools::fs::CreateOptions::new()
.perm(mode)
.owner(nix::unistd::ROOT)
.group(backup_user.gid);
proxmox::tools::fs::replace_file(path, data, options)?;
Ok(())
}
/// Atomically write data to file owned by "root:root" with permission "0600"
///
/// Only the superuser can read and write those files.
pub fn replace_secret_config<P: AsRef<std::path::Path>>(
path: P,
data: &[u8],
) -> Result<(), Error> {
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
// set the correct owner/group/permissions while saving file
// owner(rw) = root, group(r)= root
let options = proxmox::tools::fs::CreateOptions::new()
.perm(mode)
.owner(nix::unistd::ROOT)
.group(nix::unistd::Gid::from_raw(0));
proxmox::tools::fs::replace_file(path, data, options)?;
Ok(())
}

4
src/bin/proxmox-backup-proxy.rs
View File

@ -53,8 +53,8 @@ use proxmox_backup::server::do_prune_job;
fn main() -> Result<(), Error> {
proxmox_backup::tools::setup_safe_path_env();
let backup_uid = proxmox_backup::backup::backup_user()?.uid;
let backup_gid = proxmox_backup::backup::backup_group()?.gid;
let backup_uid = pbs_config::backup_user()?.uid;
let backup_gid = pbs_config::backup_group()?.gid;
let running_uid = nix::unistd::Uid::effective();
let running_gid = nix::unistd::Gid::effective();

12
src/bin/proxmox_backup_manager/openid.rs
View File

@ -3,7 +3,9 @@ use serde_json::Value;
use proxmox::api::{api, cli::*, RpcEnvironment, ApiHandler};
use proxmox_backup::{config, api2, api2::types::REALM_ID_SCHEMA};
use pbs_api_types::REALM_ID_SCHEMA;
use proxmox_backup::api2;
#[api(
@ -73,25 +75,25 @@ pub fn openid_commands() -> CommandLineInterface {
.insert("list", CliCommand::new(&&API_METHOD_LIST_OPENID_REALMS))
.insert("show", CliCommand::new(&&API_METHOD_SHOW_OPENID_REALM)
.arg_param(&["realm"])
.completion_cb("realm", config::domains::complete_openid_realm_name)
.completion_cb("realm", pbs_config::domains::complete_openid_realm_name)
)
.insert("create",
CliCommand::new(&api2::config::access::openid::API_METHOD_CREATE_OPENID_REALM)
.arg_param(&["realm"])
.arg_param(&["realm"])
.completion_cb("realm", config::domains::complete_openid_realm_name)
.completion_cb("realm", pbs_config::domains::complete_openid_realm_name)
)
.insert("update",
CliCommand::new(&api2::config::access::openid::API_METHOD_UPDATE_OPENID_REALM)
.arg_param(&["realm"])
.arg_param(&["realm"])
.completion_cb("realm", config::domains::complete_openid_realm_name)
.completion_cb("realm", pbs_config::domains::complete_openid_realm_name)
)
.insert("delete",
CliCommand::new(&api2::config::access::openid::API_METHOD_DELETE_OPENID_REALM)
.arg_param(&["realm"])
.arg_param(&["realm"])
.completion_cb("realm", config::domains::complete_openid_realm_name)
.completion_cb("realm", pbs_config::domains::complete_openid_realm_name)
)
;

4
src/bin/sg-tape-cmd.rs
View File

@ -142,8 +142,8 @@ fn set_encryption(
fn main() -> Result<(), Error> {
// check if we are user root or backup
let backup_uid = proxmox_backup::backup::backup_user()?.uid;
let backup_gid = proxmox_backup::backup::backup_group()?.gid;
let backup_uid = pbs_config::backup_user()?.uid;
let backup_gid = pbs_config::backup_group()?.gid;
let running_uid = nix::unistd::Uid::current();
let running_gid = nix::unistd::Gid::current();

2
src/config/acl.rs
View File

@ -911,7 +911,7 @@ pub fn save_config(acl: &AclTree) -> Result<(), Error> {
acl.write_config(&mut raw)?;
crate::backup::replace_backup_config(ACL_CFG_FILENAME, &raw)
pbs_config::replace_backup_config(ACL_CFG_FILENAME, &raw)
}
#[cfg(test)]

6
src/config/acme/plugin.rs
View File

@ -9,8 +9,8 @@ use proxmox::api::{
section_config::{SectionConfig, SectionConfigData, SectionConfigPlugin},
};
use crate::api2::types::PROXMOX_SAFE_ID_FORMAT;
use crate::backup::{open_backup_lockfile, BackupLockGuard};
use pbs_config::{open_backup_lockfile, BackupLockGuard};
use pbs_api_types::PROXMOX_SAFE_ID_FORMAT;
pub const PLUGIN_ID_SCHEMA: Schema = StringSchema::new("ACME Challenge Plugin ID.")
.format(&PROXMOX_SAFE_ID_FORMAT)
@ -162,7 +162,7 @@ pub fn config() -> Result<(PluginData, [u8; 32]), Error> {
pub fn save_config(config: &PluginData) -> Result<(), Error> {
super::make_acme_dir()?;
let raw = CONFIG.write(ACME_PLUGIN_CFG_FILENAME, &config.data)?;
crate::backup::replace_backup_config(ACME_PLUGIN_CFG_FILENAME, raw.as_bytes())
pbs_config::replace_backup_config(ACME_PLUGIN_CFG_FILENAME, raw.as_bytes())
}
pub struct PluginData {

5
src/config/datastore.rs
View File

@ -13,8 +13,9 @@ use proxmox::api::{
}
};
use pbs_config::{open_backup_lockfile, BackupLockGuard};
use crate::api2::types::*;
use crate::backup::{open_backup_lockfile, BackupLockGuard};
lazy_static! {
pub static ref CONFIG: SectionConfig = init();
@ -152,7 +153,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(DATASTORE_CFG_FILENAME, &config)?;
crate::backup::replace_backup_config(DATASTORE_CFG_FILENAME, raw.as_bytes())
pbs_config::replace_backup_config(DATASTORE_CFG_FILENAME, raw.as_bytes())
}
// shell completion helper

5
src/config/drive.rs
View File

@ -27,8 +27,9 @@ use proxmox::{
},
};
use pbs_config::{open_backup_lockfile, BackupLockGuard};
use crate::{
backup::{open_backup_lockfile, BackupLockGuard},
api2::types::{
DRIVE_NAME_SCHEMA,
VirtualTapeDrive,
@ -93,7 +94,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
/// Save the configuration file
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(DRIVE_CFG_FILENAME, &config)?;
crate::backup::replace_backup_config(DRIVE_CFG_FILENAME, raw.as_bytes())
pbs_config::replace_backup_config(DRIVE_CFG_FILENAME, raw.as_bytes())
}
/// Check if the specified drive name exists in the config.

5
src/config/media_pool.rs
View File

@ -22,8 +22,9 @@ use proxmox::{
},
};
use pbs_config::{open_backup_lockfile, BackupLockGuard};
use crate::{
backup::{open_backup_lockfile, BackupLockGuard},
api2::types::{
MEDIA_POOL_NAME_SCHEMA,
MediaPoolConfig,
@ -72,7 +73,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
/// Save the configuration file
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(MEDIA_POOL_CFG_FILENAME, &config)?;
crate::backup::replace_backup_config(MEDIA_POOL_CFG_FILENAME, raw.as_bytes())
pbs_config::replace_backup_config(MEDIA_POOL_CFG_FILENAME, raw.as_bytes())
}
// shell completion helper

9
src/config/mod.rs
View File

@ -30,7 +30,6 @@ pub mod drive;
pub mod media_pool;
pub mod tape_encryption_keys;
pub mod tape_job;
pub mod domains;
/// Check configuration directory permissions
///
@ -40,7 +39,7 @@ pub mod domains;
pub fn check_configdir_permissions() -> Result<(), Error> {
let cfgdir = pbs_buildcfg::CONFIGDIR;
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let backup_uid = backup_user.uid.as_raw();
let backup_gid = backup_user.gid.as_raw();
@ -85,7 +84,7 @@ pub fn create_configdir() -> Result<(), Error> {
),
}
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
nix::unistd::chown(cfgdir, Some(backup_user.uid), Some(backup_user.gid))
.map_err(|err| {
@ -197,9 +196,9 @@ pub(crate) fn set_proxy_certificate(cert_pem: &[u8], key_pem: &[u8]) -> Result<(
let cert_path = PathBuf::from(configdir!("/proxy.pem"));
create_configdir()?;
crate::backup::replace_backup_config(&key_path, key_pem)
pbs_config::replace_backup_config(&key_path, key_pem)
.map_err(|err| format_err!("error writing certificate private key - {}", err))?;
crate::backup::replace_backup_config(&cert_path, &cert_pem)
pbs_config::replace_backup_config(&cert_path, &cert_pem)
.map_err(|err| format_err!("error writing certificate file - {}", err))?;
Ok(())

4
src/config/node.rs
View File

@ -9,8 +9,8 @@ use proxmox::api::schema::{ApiStringFormat, ApiType, Updater};
use proxmox_http::ProxyConfig;
use pbs_buildcfg::configdir;
use pbs_config::{open_backup_lockfile, BackupLockGuard};
use crate::backup::{open_backup_lockfile, BackupLockGuard};
use crate::acme::AcmeClient;
use crate::api2::types::{
AcmeAccountName, AcmeDomain, ACME_DOMAIN_PROPERTY_SCHEMA, HTTP_PROXY_SCHEMA,
@ -39,7 +39,7 @@ pub fn save_config(config: &NodeConfig) -> Result<(), Error> {
config.validate()?;
let raw = crate::tools::config::to_bytes(config, &NodeConfig::API_SCHEMA)?;
crate::backup::replace_backup_config(CONF_FILE, &raw)
pbs_config::replace_backup_config(CONF_FILE, &raw)
}
#[api(

2
src/config/remote.rs
View File

@ -122,7 +122,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(REMOTE_CFG_FILENAME, &config)?;
crate::backup::replace_backup_config(REMOTE_CFG_FILENAME, raw.as_bytes())
pbs_config::replace_backup_config(REMOTE_CFG_FILENAME, raw.as_bytes())
}
// shell completion helper

2
src/config/sync.rs
View File

@ -118,7 +118,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(SYNC_CFG_FILENAME, &config)?;
crate::backup::replace_backup_config(SYNC_CFG_FILENAME, raw.as_bytes())
pbs_config::replace_backup_config(SYNC_CFG_FILENAME, raw.as_bytes())
}
// shell completion helper

6
src/config/tape_encryption_keys.rs
View File

@ -19,7 +19,7 @@ use proxmox::tools::fs::file_read_optional_string;
use pbs_api_types::Fingerprint;
use pbs_datastore::key_derivation::KeyConfig;
use crate::backup::open_backup_lockfile;
use pbs_config::{open_backup_lockfile, replace_secret_config};
mod hex_key {
use serde::{self, Deserialize, Serializer, Deserializer};
@ -135,7 +135,7 @@ pub fn save_keys(map: HashMap<Fingerprint, EncryptionKeyInfo>) -> Result<(), Err
}
let raw = serde_json::to_string_pretty(&list)?;
crate::backup::replace_secret_config(TAPE_KEYS_FILENAME, raw.as_bytes())
replace_secret_config(TAPE_KEYS_FILENAME, raw.as_bytes())
}
/// Store tape encryption key configurations (password protected keys)
@ -148,7 +148,7 @@ pub fn save_key_configs(map: HashMap<Fingerprint, KeyConfig>) -> Result<(), Erro
}
let raw = serde_json::to_string_pretty(&list)?;
crate::backup::replace_backup_config(TAPE_KEY_CONFIG_FILENAME, raw.as_bytes())
pbs_config::replace_backup_config(TAPE_KEY_CONFIG_FILENAME, raw.as_bytes())
}
/// Insert a new key

2
src/config/tape_job.rs
View File

@ -160,7 +160,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(TAPE_JOB_CFG_FILENAME, &config)?;
crate::backup::replace_backup_config(TAPE_JOB_CFG_FILENAME, raw.as_bytes())
pbs_config::replace_backup_config(TAPE_JOB_CFG_FILENAME, raw.as_bytes())
}
// shell completion helper

2
src/config/tfa.rs
View File

@ -26,9 +26,9 @@ use proxmox::tools::uuid::Uuid;
use proxmox::tools::AsHex;
use pbs_buildcfg::configdir;
use pbs_config::{open_backup_lockfile, BackupLockGuard};
use crate::api2::types::Userid;
use crate::backup::{open_backup_lockfile, BackupLockGuard};
/// Mapping of userid to TFA entry.
pub type TfaUsers = HashMap<Userid, TfaUserData>;

4
src/config/token_shadow.rs
View File

@ -8,7 +8,7 @@ use proxmox::tools::fs::CreateOptions;
use crate::api2::types::Authid;
use crate::auth;
use crate::backup::open_backup_lockfile;
use pbs_config::open_backup_lockfile;
const LOCK_FILE: &str = pbs_buildcfg::configdir!("/token.shadow.lock");
const CONF_FILE: &str = pbs_buildcfg::configdir!("/token.shadow");
@ -33,7 +33,7 @@ fn read_file() -> Result<HashMap<Authid, String>, Error> {
}
fn write_file(data: HashMap<Authid, String>) -> Result<(), Error> {
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let options = CreateOptions::new()
.perm(nix::sys::stat::Mode::from_bits_truncate(0o0640))
.owner(backup_user.uid)

2
src/config/user.rs
View File

@ -119,7 +119,7 @@ pub fn cached_config() -> Result<Arc<SectionConfigData>, Error> {
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(USER_CFG_FILENAME, &config)?;
crate::backup::replace_backup_config(USER_CFG_FILENAME, raw.as_bytes())?;
pbs_config::replace_backup_config(USER_CFG_FILENAME, raw.as_bytes())?;
// increase user cache generation
// We use this in CachedUserInfo

2
src/config/verify.rs
View File

@ -116,7 +116,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(VERIFICATION_CFG_FILENAME, &config)?;
crate::backup::replace_backup_config(VERIFICATION_CFG_FILENAME, raw.as_bytes())
pbs_config::replace_backup_config(VERIFICATION_CFG_FILENAME, raw.as_bytes())
}
// shell completion helper

2
src/rrd/cache.rs
View File

@ -22,7 +22,7 @@ lazy_static!{
/// Create rrdd stat dir with correct permission
pub fn create_rrdb_dir() -> Result<(), Error> {
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let opts = CreateOptions::new()
.owner(backup_user.uid)
.group(backup_user.gid);

2
src/rrd/rrd.rs
View File

@ -303,7 +303,7 @@ impl RRD {
std::slice::from_raw_parts(self as *const _ as *const u8, std::mem::size_of::<RRD>())
};
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
// set the correct owner/group/permissions while saving file
// owner(rw) = backup, group(r)= backup

2
src/server/command_socket.rs
View File

@ -19,7 +19,7 @@ where
{
let path: PathBuf = path.into();
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let backup_gid = backup_user.gid.as_raw();
let socket = UnixListener::bind(&path)?;

2
src/server/config.rs
View File

@ -142,7 +142,7 @@ impl ApiConfig {
let path: PathBuf = path.into();
if let Some(base) = path.parent() {
if !base.exists() {
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
create_path(base, None, Some(opts)).map_err(|err| format_err!("{}", err))?;
}

6
src/server/jobstate.rs
View File

@ -47,9 +47,9 @@ use proxmox::tools::fs::{
};
use pbs_systemd::time::{compute_next_event, parse_calendar_event};
use pbs_config::{open_backup_lockfile, BackupLockGuard};
use crate::{
backup::{open_backup_lockfile, BackupLockGuard},
api2::types::JobScheduleStatus,
server::{
UPID,
@ -88,7 +88,7 @@ const JOB_STATE_BASEDIR: &str = "/var/lib/proxmox-backup/jobstates";
/// Create jobstate stat dir with correct permission
pub fn create_jobstate_dir() -> Result<(), Error> {
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let opts = CreateOptions::new()
.owner(backup_user.uid)
.group(backup_user.gid);
@ -299,7 +299,7 @@ impl Job {
let serialized = serde_json::to_string(&self.state)?;
let path = get_path(&self.jobtype, &self.jobname);
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
// set the correct owner/group/permissions while saving file
// owner(rw) = backup, group(r)= backup

2
src/server/mod.rs
View File

@ -116,7 +116,7 @@ pub(crate) async fn notify_datastore_removed() -> Result<(), Error> {
/// This exists to fixate the permissions for the run *base* directory while allowing intermediate
/// directories after it to have different permissions.
pub fn create_run_dir() -> Result<(), Error> {
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let opts = CreateOptions::new()
.owner(backup_user.uid)
.group(backup_user.gid);

8
src/server/worker_task.rs
View File

@ -24,7 +24,7 @@ use super::{UPID, UPIDExt};
use crate::server;
use crate::tools::{FileLogger, FileLogOptions};
use crate::api2::types::{Authid, TaskStateType};
use crate::backup::{open_backup_lockfile, BackupLockGuard};
use pbs_config::{open_backup_lockfile, BackupLockGuard};
macro_rules! taskdir {
($subdir:expr) => (concat!(pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!(), "/tasks", $subdir))
@ -159,7 +159,7 @@ fn parse_worker_status_line(line: &str) -> Result<(String, UPID, Option<TaskStat
pub fn create_task_log_dirs() -> Result<(), Error> {
try_block!({
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let opts = CreateOptions::new()
.owner(backup_user.uid)
.group(backup_user.gid);
@ -354,7 +354,7 @@ pub fn rotate_task_log_archive(size_threshold: u64, compress: bool, max_files: O
// new_upid is added to the list when specified.
fn update_active_workers(new_upid: Option<&UPID>) -> Result<(), Error> {
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let lock = lock_task_list_files(true)?;
@ -611,7 +611,7 @@ impl WorkerTask {
path.push(format!("{:02X}", upid.pstart & 255));
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
create_path(&path, None, Some(CreateOptions::new().owner(backup_user.uid).group(backup_user.gid)))?;

2
src/tape/changer/mod.rs
View File

@ -483,7 +483,7 @@ fn save_changer_state_cache(
let state = serde_json::to_string_pretty(state)?;
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
let options = CreateOptions::new()
.perm(mode)

4
src/tape/drive/mod.rs
View File

@ -553,7 +553,7 @@ pub fn set_tape_device_state(
let mut path = PathBuf::from(crate::tape::DRIVE_STATE_DIR);
path.push(drive);
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
let options = CreateOptions::new()
.perm(mode)
@ -612,7 +612,7 @@ fn open_device_lock(device_path: &str) -> Result<std::fs::File, Error> {
let mut path = std::path::PathBuf::from(crate::tape::DRIVE_LOCK_DIR);
path.push(lock_name);
let user = crate::backup::backup_user()?;
let user = pbs_config::backup_user()?;
let options = CreateOptions::new()
.perm(Mode::from_bits_truncate(0o660))
.owner(user.uid)

4
src/tape/inventory.rs
View File

@ -40,6 +40,7 @@ use proxmox::tools::{
};
use pbs_systemd::time::compute_next_event;
use pbs_config::{open_backup_lockfile, BackupLockGuard};
use crate::{
api2::types::{
@ -48,7 +49,6 @@ use crate::{
MediaStatus,
MediaLocation,
},
backup::{open_backup_lockfile, BackupLockGuard},
tape::{
TAPE_STATUS_DIR,
MediaSet,
@ -174,7 +174,7 @@ impl Inventory {
// We cannot use chown inside test environment (no permissions)
CreateOptions::new().perm(mode)
} else {
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
CreateOptions::new()
.perm(mode)
.owner(backup_user.uid)

6
src/tape/media_catalog.rs
View File

@ -183,7 +183,7 @@ impl MediaCatalog {
}
fn create_basedir(base_path: &Path) -> Result<(), Error> {
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
let opts = CreateOptions::new()
.perm(mode)
@ -217,7 +217,7 @@ impl MediaCatalog {
.create(create)
.open(&path)?;
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
fchown(file.as_raw_fd(), Some(backup_user.uid), Some(backup_user.gid))
.map_err(|err| format_err!("fchown failed - {}", err))?;
@ -275,7 +275,7 @@ impl MediaCatalog {
return Ok(file);
}
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
fchown(file.as_raw_fd(), Some(backup_user.uid), Some(backup_user.gid))
.map_err(|err| format_err!("fchown failed - {}", err))?;

2
src/tape/media_catalog_cache.rs
View File

@ -91,7 +91,7 @@ fn write_snapshot_cache(
}
}
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
let options = CreateOptions::new()
.perm(mode)

2
src/tape/media_pool.rs
View File

@ -16,9 +16,9 @@ use proxmox::tools::Uuid;
use pbs_api_types::Fingerprint;
use pbs_systemd::time::compute_next_event;
use pbs_config::BackupLockGuard;
use crate::{
backup::BackupLockGuard,
api2::types::{
MediaStatus,
MediaLocation,

8
src/tape/mod.rs
View File

@ -71,7 +71,7 @@ pub const COMMIT_BLOCK_SIZE: usize = 128*1024*1024*1024; // 128 GiB
/// Create tape status dir with correct permission
pub fn create_tape_status_dir() -> Result<(), Error> {
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750);
let options = CreateOptions::new()
.perm(mode)
@ -86,7 +86,7 @@ pub fn create_tape_status_dir() -> Result<(), Error> {
/// Create drive lock dir with correct permission
pub fn create_drive_lock_dir() -> Result<(), Error> {
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750);
let options = CreateOptions::new()
.perm(mode)
@ -101,7 +101,7 @@ pub fn create_drive_lock_dir() -> Result<(), Error> {
/// Create drive state dir with correct permission
pub fn create_drive_state_dir() -> Result<(), Error> {
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750);
let options = CreateOptions::new()
.perm(mode)
@ -116,7 +116,7 @@ pub fn create_drive_state_dir() -> Result<(), Error> {
/// Create changer state cache dir with correct permission
pub fn create_changer_state_dir() -> Result<(), Error> {
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750);
let options = CreateOptions::new()
.perm(mode)

2
src/tools/file_logger.rs
View File

@ -91,7 +91,7 @@ impl FileLogger {
.open(&file_name)?;
if options.owned_by_backup {
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
nix::unistd::chown(file_name.as_ref(), Some(backup_user.uid), Some(backup_user.gid))?;
}

2
src/tools/memcom.rs
View File

@ -38,7 +38,7 @@ impl Memcom {
// Actual work of `new`:
fn open() -> Result<Arc<Self>, Error> {
let user = crate::backup::backup_user()?;
let user = pbs_config::backup_user()?;
let options = CreateOptions::new()
.perm(Mode::from_bits_truncate(0o660))
.owner(user.uid)

2
src/tools/subscription.rs
View File

@ -304,7 +304,7 @@ pub fn write_subscription(info: SubscriptionInfo) -> Result<(), Error> {
format!("{}\n{}\n{}\n", info.key.unwrap(), csum, encoded)
};
let backup_user = crate::backup::backup_user()?;
let backup_user = pbs_config::backup_user()?;
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
let file_opts = CreateOptions::new()
.perm(mode)