tyler
/
proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

make pbs_tools::cert not depend on pbs-buildcfg 

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2021-09-29 14:01:38 +02:00
parent b62edce929
commit 450105b0c3
5 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pbs-tools/src/cert.rs
View File

@ -1,3 +1,5 @@
//! Deals with the server's current certificates (proxy.pem).
use std::path::PathBuf; use std::path::PathBuf;
use std::mem::MaybeUninit; use std::mem::MaybeUninit;
@ -7,8 +9,6 @@ use openssl::x509::{X509, GeneralName};
use openssl::stack::Stack; use openssl::stack::Stack;
use openssl::pkey::{Public, PKey}; use openssl::pkey::{Public, PKey};
use pbs_buildcfg::configdir;
// C type: // C type:
#[allow(non_camel_case_types)] #[allow(non_camel_case_types)]
type ASN1_TIME = <openssl::asn1::Asn1TimeRef as ForeignTypeRef>::CType; type ASN1_TIME = <openssl::asn1::Asn1TimeRef as ForeignTypeRef>::CType;
@ -40,10 +40,6 @@ fn x509name_to_string(name: &openssl::x509::X509NameRef) -> Result<String, Error
} }
impl CertInfo { impl CertInfo {
pub fn new() -> Result<Self, Error> {
Self::from_path(PathBuf::from(configdir!("/proxy.pem")))
}
pub fn from_path(path: PathBuf) -> Result<Self, Error> { pub fn from_path(path: PathBuf) -> Result<Self, Error> {
Self::from_pem(&proxmox::tools::fs::file_get_contents(&path)?) Self::from_pem(&proxmox::tools::fs::file_get_contents(&path)?)
.map_err(|err| format_err!("failed to load certificate from {:?} - {}", path, err)) .map_err(|err| format_err!("failed to load certificate from {:?} - {}", path, err))

3
src/api2/node/status.rs
View File

@ -8,7 +8,6 @@ use proxmox::sys::linux::procfs;
use proxmox::api::{api, ApiMethod, Router, RpcEnvironment, Permission}; use proxmox::api::{api, ApiMethod, Router, RpcEnvironment, Permission};
use pbs_tools::cert::CertInfo;
use pbs_api_types::{NODE_SCHEMA, NodePowerCommand, PRIV_SYS_AUDIT, PRIV_SYS_POWER_MANAGEMENT}; use pbs_api_types::{NODE_SCHEMA, NodePowerCommand, PRIV_SYS_AUDIT, PRIV_SYS_POWER_MANAGEMENT};
use crate::api2::types::{ use crate::api2::types::{
@ -88,7 +87,7 @@ fn get_status(
cpu, cpu,
wait, wait,
info: NodeInformation { info: NodeInformation {
fingerprint: CertInfo::new()?.fingerprint()?, fingerprint: crate::cert_info()?.fingerprint()?,
}, },
}) })
} }

4
src/bin/proxmox_backup_manager/cert.rs
View File

@ -2,8 +2,6 @@ use anyhow::{bail, Error};
use proxmox::api::{api, cli::*}; use proxmox::api::{api, cli::*};
use pbs_tools::cert::CertInfo;
use proxmox_backup::config; use proxmox_backup::config;
use proxmox_backup::auth_helpers::*; use proxmox_backup::auth_helpers::*;
@ -11,7 +9,7 @@ use proxmox_backup::auth_helpers::*;
/// Display node certificate information. /// Display node certificate information.
fn cert_info() -> Result<(), Error> { fn cert_info() -> Result<(), Error> {
let cert = CertInfo::new()?; let cert = proxmox_backup::cert_info()?;
println!("Subject: {}", cert.subject_name()?); println!("Subject: {}", cert.subject_name()?);

3
src/client_helpers.rs
View File

@ -2,7 +2,6 @@ use anyhow::Error;
use pbs_api_types::{Authid, Userid}; use pbs_api_types::{Authid, Userid};
use pbs_client::{HttpClient, HttpClientOptions}; use pbs_client::{HttpClient, HttpClientOptions};
use pbs_tools::cert::CertInfo;
use pbs_tools::ticket::Ticket; use pbs_tools::ticket::Ticket;
use crate::auth_helpers::private_auth_key; use crate::auth_helpers::private_auth_key;
@ -14,7 +13,7 @@ pub fn connect_to_localhost() -> Result<pbs_client::HttpClient, Error> {
let options = if nix::unistd::Uid::current().is_root() { let options = if nix::unistd::Uid::current().is_root() {
let auth_key = private_auth_key(); let auth_key = private_auth_key();
let ticket = Ticket::new("PBS", Userid::root_userid())?.sign(auth_key, None)?; let ticket = Ticket::new("PBS", Userid::root_userid())?.sign(auth_key, None)?;
let fingerprint = CertInfo::new()?.fingerprint()?; let fingerprint = crate::cert_info()?.fingerprint()?;
HttpClientOptions::new_non_interactive(ticket, Some(fingerprint)) HttpClientOptions::new_non_interactive(ticket, Some(fingerprint))
} else { } else {
HttpClientOptions::new_interactive(None, None) HttpClientOptions::new_interactive(None, None)

10
src/lib.rs
View File

@ -3,6 +3,11 @@
//! The [backup](backup/index.html) module contains some detailed information //! The [backup](backup/index.html) module contains some detailed information
//! on the inner workings of the backup server regarding data storage. //! on the inner workings of the backup server regarding data storage.
use std::path::PathBuf;
use pbs_buildcfg::configdir;
use pbs_tools::cert::CertInfo;
#[macro_use] #[macro_use]
pub mod tools; pub mod tools;
@ -27,3 +32,8 @@ pub mod tape;
pub mod acme; pub mod acme;
pub mod client_helpers; pub mod client_helpers;
/// Get the server's certificate info (from `proxy.pem`).
pub fn cert_info() -> Result<CertInfo, anyhow::Error> {
CertInfo::from_path(PathBuf::from(configdir!("/proxy.pem")))
}