tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

rust fmt for pbs src

Browse Source 
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2022-04-14 14:03:46 +02:00
parent ee0ea73500
commit 9531d2c570
30 changed files with 644 additions and 572 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pbs-api-types/src/maintenance.rs
View File

@ -1,17 +1,16 @@
use std::borrow::Cow;
use anyhow::{bail, Error}; use anyhow::{bail, Error};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use std::borrow::Cow;
use proxmox_schema::{api, ApiStringFormat, const_regex, Schema, StringSchema}; use proxmox_schema::{api, const_regex, ApiStringFormat, Schema, StringSchema};
const_regex!{ const_regex! {
pub MAINTENANCE_MESSAGE_REGEX = r"^[[:^cntrl:]]*$"; pub MAINTENANCE_MESSAGE_REGEX = r"^[[:^cntrl:]]*$";
} }
pub const MAINTENANCE_MESSAGE_FORMAT: ApiStringFormat = pub const MAINTENANCE_MESSAGE_FORMAT: ApiStringFormat =
ApiStringFormat::Pattern(&MAINTENANCE_MESSAGE_REGEX); ApiStringFormat::Pattern(&MAINTENANCE_MESSAGE_REGEX);
pub const MAINTENANCE_MESSAGE_SCHEMA: Schema = pub const MAINTENANCE_MESSAGE_SCHEMA: Schema =
StringSchema::new("Message describing the reason for the maintenance.") StringSchema::new("Message describing the reason for the maintenance.")
.format(&MAINTENANCE_MESSAGE_FORMAT) .format(&MAINTENANCE_MESSAGE_FORMAT)
@ -27,7 +26,7 @@ pub enum Operation {
#[api] #[api]
#[derive(Deserialize, Serialize, PartialEq)] #[derive(Deserialize, Serialize, PartialEq)]
#[serde(rename_all="kebab-case")] #[serde(rename_all = "kebab-case")]
/// Maintenance type. /// Maintenance type.
pub enum MaintenanceType { pub enum MaintenanceType {
/// Only read operations are allowed on the datastore. /// Only read operations are allowed on the datastore.

2
src/acme/client.rs
View File

@ -10,13 +10,13 @@ use hyper::{Body, Request};
use nix::sys::stat::Mode; use nix::sys::stat::Mode;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use proxmox_sys::fs::{replace_file, CreateOptions};
use proxmox_acme_rs::account::AccountCreator; use proxmox_acme_rs::account::AccountCreator;
use proxmox_acme_rs::account::AccountData as AcmeAccountData; use proxmox_acme_rs::account::AccountData as AcmeAccountData;
use proxmox_acme_rs::order::{Order, OrderData}; use proxmox_acme_rs::order::{Order, OrderData};
use proxmox_acme_rs::Request as AcmeRequest; use proxmox_acme_rs::Request as AcmeRequest;
use proxmox_acme_rs::{Account, Authorization, Challenge, Directory, Error, ErrorResponse}; use proxmox_acme_rs::{Account, Authorization, Challenge, Directory, Error, ErrorResponse};
use proxmox_http::client::SimpleHttp; use proxmox_http::client::SimpleHttp;
use proxmox_sys::fs::{replace_file, CreateOptions};
use crate::api2::types::AcmeAccountName; use crate::api2::types::AcmeAccountName;
use crate::config::acme::account_path; use crate::config::acme::account_path;

37
src/auth.rs
View File

@ -2,14 +2,14 @@
//! //!
//! This library contains helper to authenticate users. //! This library contains helper to authenticate users.
use std::process::{Command, Stdio};
use std::io::Write; use std::io::Write;
use std::process::{Command, Stdio};
use anyhow::{bail, format_err, Error}; use anyhow::{bail, format_err, Error};
use serde_json::json; use serde_json::json;
use pbs_api_types::{RealmRef, Userid, UsernameRef};
use pbs_buildcfg::configdir; use pbs_buildcfg::configdir;
use pbs_api_types::{Userid, UsernameRef, RealmRef};
pub trait ProxmoxAuthenticator { pub trait ProxmoxAuthenticator {
fn authenticate_user(&self, username: &UsernameRef, password: &str) -> Result<(), Error>; fn authenticate_user(&self, username: &UsernameRef, password: &str) -> Result<(), Error>;
@ -20,10 +20,10 @@ pub trait ProxmoxAuthenticator {
struct PAM(); struct PAM();
impl ProxmoxAuthenticator for PAM { impl ProxmoxAuthenticator for PAM {
fn authenticate_user(&self, username: &UsernameRef, password: &str) -> Result<(), Error> { fn authenticate_user(&self, username: &UsernameRef, password: &str) -> Result<(), Error> {
let mut auth = pam::Authenticator::with_password("proxmox-backup-auth").unwrap(); let mut auth = pam::Authenticator::with_password("proxmox-backup-auth").unwrap();
auth.get_handler().set_credentials(username.as_str(), password); auth.get_handler()
.set_credentials(username.as_str(), password);
auth.authenticate()?; auth.authenticate()?;
Ok(()) Ok(())
} }
@ -34,22 +34,24 @@ impl ProxmoxAuthenticator for PAM {
.stdin(Stdio::piped()) .stdin(Stdio::piped())
.stderr(Stdio::piped()) .stderr(Stdio::piped())
.spawn() .spawn()
.map_err(|err| format_err!( .map_err(|err| {
"unable to set password for '{}' - execute passwd failed: {}", format_err!(
username.as_str(), "unable to set password for '{}' - execute passwd failed: {}",
err, username.as_str(),
))?; err,
)
})?;
// Note: passwd reads password twice from stdin (for verify) // Note: passwd reads password twice from stdin (for verify)
writeln!(child.stdin.as_mut().unwrap(), "{}\n{}", password, password)?; writeln!(child.stdin.as_mut().unwrap(), "{}\n{}", password, password)?;
let output = child let output = child.wait_with_output().map_err(|err| {
.wait_with_output() format_err!(
.map_err(|err| format_err!(
"unable to set password for '{}' - wait failed: {}", "unable to set password for '{}' - wait failed: {}",
username.as_str(), username.as_str(),
err, err,
))?; )
})?;
if !output.status.success() { if !output.status.success() {
bail!( bail!(
@ -73,7 +75,6 @@ struct PBS();
const SHADOW_CONFIG_FILENAME: &str = configdir!("/shadow.json"); const SHADOW_CONFIG_FILENAME: &str = configdir!("/shadow.json");
impl ProxmoxAuthenticator for PBS { impl ProxmoxAuthenticator for PBS {
fn authenticate_user(&self, username: &UsernameRef, password: &str) -> Result<(), Error> { fn authenticate_user(&self, username: &UsernameRef, password: &str) -> Result<(), Error> {
let data = proxmox_sys::fs::file_get_json(SHADOW_CONFIG_FILENAME, Some(json!({})))?; let data = proxmox_sys::fs::file_get_json(SHADOW_CONFIG_FILENAME, Some(json!({})))?;
match data[username.as_str()].as_str() { match data[username.as_str()].as_str() {
@ -89,7 +90,7 @@ impl ProxmoxAuthenticator for PBS {
data[username.as_str()] = enc_password.into(); data[username.as_str()] = enc_password.into();
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600); let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
let options = proxmox_sys::fs::CreateOptions::new() let options = proxmox_sys::fs::CreateOptions::new()
.perm(mode) .perm(mode)
.owner(nix::unistd::ROOT) .owner(nix::unistd::ROOT)
.group(nix::unistd::Gid::from_raw(0)); .group(nix::unistd::Gid::from_raw(0));
@ -107,7 +108,7 @@ impl ProxmoxAuthenticator for PBS {
} }
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600); let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
let options = proxmox_sys::fs::CreateOptions::new() let options = proxmox_sys::fs::CreateOptions::new()
.perm(mode) .perm(mode)
.owner(nix::unistd::ROOT) .owner(nix::unistd::ROOT)
.group(nix::unistd::Gid::from_raw(0)); .group(nix::unistd::Gid::from_raw(0));
@ -130,7 +131,5 @@ pub fn lookup_authenticator(realm: &RealmRef) -> Result<Box<dyn ProxmoxAuthentic
/// Authenticate users /// Authenticate users
pub fn authenticate_user(userid: &Userid, password: &str) -> Result<(), Error> { pub fn authenticate_user(userid: &Userid, password: &str) -> Result<(), Error> {
lookup_authenticator(userid.realm())?.authenticate_user(userid.name(), password)
lookup_authenticator(userid.realm())?
.authenticate_user(userid.name(), password)
} }

42
src/auth_helpers.rs
View File

@ -6,18 +6,13 @@ use openssl::pkey::{PKey, Private, Public};
use openssl::rsa::Rsa; use openssl::rsa::Rsa;
use openssl::sha; use openssl::sha;
use proxmox_sys::fs::{file_get_contents, replace_file, CreateOptions};
use proxmox_lang::try_block; use proxmox_lang::try_block;
use proxmox_sys::fs::{file_get_contents, replace_file, CreateOptions};
use pbs_buildcfg::configdir;
use pbs_api_types::Userid; use pbs_api_types::Userid;
use pbs_buildcfg::configdir;
fn compute_csrf_secret_digest( fn compute_csrf_secret_digest(timestamp: i64, secret: &[u8], userid: &Userid) -> String {
timestamp: i64,
secret: &[u8],
userid: &Userid,
) -> String {
let mut hasher = sha::Sha256::new(); let mut hasher = sha::Sha256::new();
let data = format!("{:08X}:{}:", timestamp, userid); let data = format!("{:08X}:{}:", timestamp, userid);
hasher.update(data.as_bytes()); hasher.update(data.as_bytes());
@ -26,11 +21,7 @@ fn compute_csrf_secret_digest(
base64::encode_config(&hasher.finish(), base64::STANDARD_NO_PAD) base64::encode_config(&hasher.finish(), base64::STANDARD_NO_PAD)
} }
pub fn assemble_csrf_prevention_token( pub fn assemble_csrf_prevention_token(secret: &[u8], userid: &Userid) -> String {
secret: &[u8],
userid: &Userid,
) -> String {
let epoch = proxmox_time::epoch_i64(); let epoch = proxmox_time::epoch_i64();
let digest = compute_csrf_secret_digest(epoch, secret, userid); let digest = compute_csrf_secret_digest(epoch, secret, userid);
@ -45,13 +36,11 @@ pub fn verify_csrf_prevention_token(
min_age: i64, min_age: i64,
max_age: i64, max_age: i64,
) -> Result<i64, Error> { ) -> Result<i64, Error> {
use std::collections::VecDeque; use std::collections::VecDeque;
let mut parts: VecDeque<&str> = token.split(':').collect(); let mut parts: VecDeque<&str> = token.split(':').collect();
try_block!({ try_block!({
if parts.len() != 2 { if parts.len() != 2 {
bail!("format error - wrong number of parts."); bail!("format error - wrong number of parts.");
} }
@ -59,8 +48,8 @@ pub fn verify_csrf_prevention_token(
let timestamp = parts.pop_front().unwrap(); let timestamp = parts.pop_front().unwrap();
let sig = parts.pop_front().unwrap(); let sig = parts.pop_front().unwrap();
let ttime = i64::from_str_radix(timestamp, 16). let ttime = i64::from_str_radix(timestamp, 16)
map_err(|err| format_err!("timestamp format error - {}", err))?; .map_err(|err| format_err!("timestamp format error - {}", err))?;
let digest = compute_csrf_secret_digest(ttime, secret, userid); let digest = compute_csrf_secret_digest(ttime, secret, userid);
@ -80,14 +69,16 @@ pub fn verify_csrf_prevention_token(
} }
Ok(age) Ok(age)
}).map_err(|err| format_err!("invalid csrf token - {}", err)) })
.map_err(|err| format_err!("invalid csrf token - {}", err))
} }
pub fn generate_csrf_key() -> Result<(), Error> { pub fn generate_csrf_key() -> Result<(), Error> {
let path = PathBuf::from(configdir!("/csrf.key")); let path = PathBuf::from(configdir!("/csrf.key"));
if path.exists() { return Ok(()); } if path.exists() {
return Ok(());
}
let rsa = Rsa::generate(2048).unwrap(); let rsa = Rsa::generate(2048).unwrap();
@ -111,13 +102,14 @@ pub fn generate_csrf_key() -> Result<(), Error> {
} }
pub fn generate_auth_key() -> Result<(), Error> { pub fn generate_auth_key() -> Result<(), Error> {
let priv_path = PathBuf::from(configdir!("/authkey.key")); let priv_path = PathBuf::from(configdir!("/authkey.key"));
let mut public_path = priv_path.clone(); let mut public_path = priv_path.clone();
public_path.set_extension("pub"); public_path.set_extension("pub");
if priv_path.exists() && public_path.exists() { return Ok(()); } if priv_path.exists() && public_path.exists() {
return Ok(());
}
let rsa = Rsa::generate(4096).unwrap(); let rsa = Rsa::generate(4096).unwrap();
@ -150,17 +142,14 @@ pub fn generate_auth_key() -> Result<(), Error> {
} }
pub fn csrf_secret() -> &'static [u8] { pub fn csrf_secret() -> &'static [u8] {
lazy_static! { lazy_static! {
static ref SECRET: Vec<u8> = static ref SECRET: Vec<u8> = file_get_contents(configdir!("/csrf.key")).unwrap();
file_get_contents(configdir!("/csrf.key")).unwrap();
} }
&SECRET &SECRET
} }
fn load_public_auth_key() -> Result<PKey<Public>, Error> { fn load_public_auth_key() -> Result<PKey<Public>, Error> {
let pem = file_get_contents(configdir!("/authkey.pub"))?; let pem = file_get_contents(configdir!("/authkey.pub"))?;
let rsa = Rsa::public_key_from_pem(&pem)?; let rsa = Rsa::public_key_from_pem(&pem)?;
let key = PKey::from_rsa(rsa)?; let key = PKey::from_rsa(rsa)?;
@ -169,7 +158,6 @@ fn load_public_auth_key() -> Result<PKey<Public>, Error> {
} }
pub fn public_auth_key() -> &'static PKey<Public> { pub fn public_auth_key() -> &'static PKey<Public> {
lazy_static! { lazy_static! {
static ref KEY: PKey<Public> = load_public_auth_key().unwrap(); static ref KEY: PKey<Public> = load_public_auth_key().unwrap();
} }

87
src/backup/verify.rs
View File

@ -8,11 +8,11 @@ use anyhow::{bail, format_err, Error};
use proxmox_sys::{task_log, WorkerTaskContext}; use proxmox_sys::{task_log, WorkerTaskContext};
use pbs_api_types::{Authid, CryptMode, VerifyState, UPID, SnapshotVerifyState}; use pbs_api_types::{Authid, CryptMode, SnapshotVerifyState, VerifyState, UPID};
use pbs_datastore::{DataStore, DataBlob, StoreProgress}; use pbs_datastore::backup_info::{BackupDir, BackupGroup, BackupInfo};
use pbs_datastore::backup_info::{BackupGroup, BackupDir, BackupInfo};
use pbs_datastore::index::IndexFile; use pbs_datastore::index::IndexFile;
use pbs_datastore::manifest::{archive_type, ArchiveType, BackupManifest, FileInfo}; use pbs_datastore::manifest::{archive_type, ArchiveType, BackupManifest, FileInfo};
use pbs_datastore::{DataBlob, DataStore, StoreProgress};
use proxmox_sys::fs::lock_dir_noblock_shared; use proxmox_sys::fs::lock_dir_noblock_shared;
use crate::tools::parallel_handler::ParallelHandler; use crate::tools::parallel_handler::ParallelHandler;
@ -63,14 +63,14 @@ fn verify_blob(
// digest already verified above // digest already verified above
blob.decode(None, None)?; blob.decode(None, None)?;
Ok(()) Ok(())
}, }
CryptMode::SignOnly => bail!("Invalid CryptMode for blob"), CryptMode::SignOnly => bail!("Invalid CryptMode for blob"),
} }
} }
fn rename_corrupted_chunk( fn rename_corrupted_chunk(
datastore: Arc<DataStore>, datastore: Arc<DataStore>,
digest: &[u8;32], digest: &[u8; 32],
worker: &dyn WorkerTaskContext, worker: &dyn WorkerTaskContext,
) { ) {
let (path, digest_str) = datastore.chunk_path(digest); let (path, digest_str) = datastore.chunk_path(digest);
@ -89,11 +89,16 @@ fn rename_corrupted_chunk(
match std::fs::rename(&path, &new_path) { match std::fs::rename(&path, &new_path) {
Ok(_) => { Ok(_) => {
task_log!(worker, "corrupted chunk renamed to {:?}", &new_path); task_log!(worker, "corrupted chunk renamed to {:?}", &new_path);
}, }
Err(err) => { Err(err) => {
match err.kind() { match err.kind() {
std::io::ErrorKind::NotFound => { /* ignored */ }, std::io::ErrorKind::NotFound => { /* ignored */ }
_ => task_log!(worker, "could not rename corrupted chunk {:?} - {}", &path, err) _ => task_log!(
worker,
"could not rename corrupted chunk {:?} - {}",
&path,
err
),
} }
} }
}; };
@ -127,7 +132,7 @@ fn verify_index_chunks(
task_log!(worker2, "can't verify chunk, unknown CryptMode - {}", err); task_log!(worker2, "can't verify chunk, unknown CryptMode - {}", err);
errors2.fetch_add(1, Ordering::SeqCst); errors2.fetch_add(1, Ordering::SeqCst);
return Ok(()); return Ok(());
}, }
Ok(mode) => mode, Ok(mode) => mode,
}; };
@ -151,15 +156,29 @@ fn verify_index_chunks(
} }
Ok(()) Ok(())
} },
); );
let skip_chunk = |digest: &[u8; 32]| -> bool { let skip_chunk = |digest: &[u8; 32]| -> bool {
if verify_worker.verified_chunks.lock().unwrap().contains(digest) { if verify_worker
.verified_chunks
.lock()
.unwrap()
.contains(digest)
{
true true
} else if verify_worker.corrupt_chunks.lock().unwrap().contains(digest) { } else if verify_worker
.corrupt_chunks
.lock()
.unwrap()
.contains(digest)
{
let digest_str = hex::encode(digest); let digest_str = hex::encode(digest);
task_log!(verify_worker.worker, "chunk {} was marked as corrupt", digest_str); task_log!(
verify_worker.worker,
"chunk {} was marked as corrupt",
digest_str
);
errors.fetch_add(1, Ordering::SeqCst); errors.fetch_add(1, Ordering::SeqCst);
true true
} else { } else {
@ -193,8 +212,16 @@ fn verify_index_chunks(
match verify_worker.datastore.load_chunk(&info.digest) { match verify_worker.datastore.load_chunk(&info.digest) {
Err(err) => { Err(err) => {
verify_worker.corrupt_chunks.lock().unwrap().insert(info.digest); verify_worker
task_log!(verify_worker.worker, "can't verify chunk, load failed - {}", err); .corrupt_chunks
.lock()
.unwrap()
.insert(info.digest);
task_log!(
verify_worker.worker,
"can't verify chunk, load failed - {}",
err
);
errors.fetch_add(1, Ordering::SeqCst); errors.fetch_add(1, Ordering::SeqCst);
rename_corrupted_chunk( rename_corrupted_chunk(
verify_worker.datastore.clone(), verify_worker.datastore.clone(),
@ -356,7 +383,12 @@ pub fn verify_backup_dir_with_lock(
} }
} }
task_log!(verify_worker.worker, "verify {}:{}", verify_worker.datastore.name(), backup_dir); task_log!(
verify_worker.worker,
"verify {}:{}",
verify_worker.datastore.name(),
backup_dir
);
let mut error_count = 0; let mut error_count = 0;
@ -367,9 +399,7 @@ pub fn verify_backup_dir_with_lock(
match archive_type(&info.filename)? { match archive_type(&info.filename)? {
ArchiveType::FixedIndex => verify_fixed_index(verify_worker, backup_dir, info), ArchiveType::FixedIndex => verify_fixed_index(verify_worker, backup_dir, info),
ArchiveType::DynamicIndex => verify_dynamic_index(verify_worker, backup_dir, info), ArchiveType::DynamicIndex => verify_dynamic_index(verify_worker, backup_dir, info),
ArchiveType::Blob => { ArchiveType::Blob => verify_blob(verify_worker.datastore.clone(), backup_dir, info),
verify_blob(verify_worker.datastore.clone(), backup_dir, info)
}
} }
}); });
@ -473,7 +503,11 @@ pub fn verify_all_backups(
let mut errors = Vec::new(); let mut errors = Vec::new();
let worker = Arc::clone(&verify_worker.worker); let worker = Arc::clone(&verify_worker.worker);
task_log!(worker, "verify datastore {}", verify_worker.datastore.name()); task_log!(
worker,
"verify datastore {}",
verify_worker.datastore.name()
);
if let Some(owner) = &owner { if let Some(owner) = &owner {
task_log!(worker, "limiting to backups owned by {}", owner); task_log!(worker, "limiting to backups owned by {}", owner);
@ -486,25 +520,20 @@ pub fn verify_all_backups(
|| (group_owner.is_token() || (group_owner.is_token()
&& !owner.is_token() && !owner.is_token()
&& group_owner.user() == owner.user()) && group_owner.user() == owner.user())
}, }
(Ok(_), None) => true, (Ok(_), None) => true,
(Err(err), Some(_)) => { (Err(err), Some(_)) => {
// intentionally not in task log // intentionally not in task log
// the task user might not be allowed to see this group! // the task user might not be allowed to see this group!
println!("Failed to get owner of group '{}' - {}", group, err); println!("Failed to get owner of group '{}' - {}", group, err);
false false
}, }
(Err(err), None) => { (Err(err), None) => {
// we don't filter by owner, but we want to log the error // we don't filter by owner, but we want to log the error
task_log!( task_log!(worker, "Failed to get owner of group '{} - {}", group, err,);
worker,
"Failed to get owner of group '{} - {}",
group,
err,
);
errors.push(group.to_string()); errors.push(group.to_string());
true true
}, }
} }
}; };

56
src/bin/docgen.rs
View File

@ -11,7 +11,6 @@ use pbs_api_types::PRIVILEGES;
use proxmox_backup::api2; use proxmox_backup::api2;
fn get_args() -> (String, Vec<String>) { fn get_args() -> (String, Vec<String>) {
let mut args = std::env::args(); let mut args = std::env::args();
let prefix = args.next().unwrap(); let prefix = args.next().unwrap();
let prefix = prefix.rsplit('/').next().unwrap().to_string(); // without path let prefix = prefix.rsplit('/').next().unwrap().to_string(); // without path
@ -21,7 +20,6 @@ fn get_args() -> (String, Vec<String>) {
} }
fn main() -> Result<(), Error> { fn main() -> Result<(), Error> {
let (_prefix, args) = get_args(); let (_prefix, args) = get_args();
if args.is_empty() { if args.is_empty() {
@ -49,10 +47,9 @@ fn main() -> Result<(), Error> {
} }
fn generate_api_tree() -> String { fn generate_api_tree() -> String {
let mut tree = Vec::new(); let mut tree = Vec::new();
let mut data = dump_api_schema(& api2::ROUTER, "."); let mut data = dump_api_schema(&api2::ROUTER, ".");
data["path"] = "/".into(); data["path"] = "/".into();
// hack: add invisible space to sort as first entry // hack: add invisible space to sort as first entry
data["text"] = "&#x200b;Management API (HTTP)".into(); data["text"] = "&#x200b;Management API (HTTP)".into();
@ -70,11 +67,13 @@ fn generate_api_tree() -> String {
data["text"] = "Restore API (HTTP/2)".into(); data["text"] = "Restore API (HTTP/2)".into();
tree.push(data); tree.push(data);
format!("var apiSchema = {};", serde_json::to_string_pretty(&tree).unwrap()) format!(
"var apiSchema = {};",
serde_json::to_string_pretty(&tree).unwrap()
)
} }
pub fn dump_schema(schema: &Schema) -> Value { pub fn dump_schema(schema: &Schema) -> Value {
let mut data; let mut data;
match schema { match schema {
@ -112,23 +111,18 @@ pub fn dump_schema(schema: &Schema) -> Value {
match string_schema.format { match string_schema.format {
None | Some(ApiStringFormat::VerifyFn(_)) => { /* do nothing */ } None | Some(ApiStringFormat::VerifyFn(_)) => { /* do nothing */ }
Some(ApiStringFormat::Pattern(const_regex)) => { Some(ApiStringFormat::Pattern(const_regex)) => {
data["pattern"] = format!("/{}/", const_regex.regex_string) data["pattern"] = format!("/{}/", const_regex.regex_string).into();
.into();
} }
Some(ApiStringFormat::Enum(variants)) => { Some(ApiStringFormat::Enum(variants)) => {
let variants: Vec<String> = variants let variants: Vec<String> =
.iter() variants.iter().map(|e| e.value.to_string()).collect();
.map(|e| e.value.to_string())
.collect();
data["enum"] = serde_json::to_value(variants).unwrap(); data["enum"] = serde_json::to_value(variants).unwrap();
} }
Some(ApiStringFormat::PropertyString(subschema)) => { Some(ApiStringFormat::PropertyString(subschema)) => {
match subschema { match subschema {
Schema::Object(_) | Schema::Array(_) => { Schema::Object(_) | Schema::Array(_) => {
data["format"] = dump_schema(subschema); data["format"] = dump_schema(subschema);
data["typetext"] = get_property_string_type_text(subschema) data["typetext"] = get_property_string_type_text(subschema).into();
.into();
} }
_ => { /* do nothing - shouldnot happen */ } _ => { /* do nothing - shouldnot happen */ }
}; };
@ -137,7 +131,7 @@ pub fn dump_schema(schema: &Schema) -> Value {
// fixme: dump format // fixme: dump format
} }
Schema::Integer(integer_schema) => { Schema::Integer(integer_schema) => {
data = json!({ data = json!({
"type": "integer", "type": "integer",
"description": integer_schema.description, "description": integer_schema.description,
}); });
@ -162,7 +156,7 @@ pub fn dump_schema(schema: &Schema) -> Value {
if let Some(minimum) = number_schema.minimum { if let Some(minimum) = number_schema.minimum {
data["minimum"] = minimum.into(); data["minimum"] = minimum.into();
} }
if let Some(maximum) = number_schema.maximum { if let Some(maximum) = number_schema.maximum {
data["maximum"] = maximum.into(); data["maximum"] = maximum.into();
} }
} }
@ -182,7 +176,7 @@ pub fn dump_schema(schema: &Schema) -> Value {
if let Some(min_length) = array_schema.min_length { if let Some(min_length) = array_schema.min_length {
data["minLength"] = min_length.into(); data["minLength"] = min_length.into();
} }
if let Some(max_length) = array_schema.min_length { if let Some(max_length) = array_schema.min_length {
data["maxLength"] = max_length.into(); data["maxLength"] = max_length.into();
} }
} }
@ -216,7 +210,6 @@ pub fn dump_property_schema(param: &dyn ObjectSchemaType) -> Value {
} }
fn dump_api_permission(permission: &Permission) -> Value { fn dump_api_permission(permission: &Permission) -> Value {
match permission { match permission {
Permission::Superuser => json!({ "user": "root@pam" }), Permission::Superuser => json!({ "user": "root@pam" }),
Permission::User(user) => json!({ "user": user }), Permission::User(user) => json!({ "user": user }),
@ -233,7 +226,6 @@ fn dump_api_permission(permission: &Permission) -> Value {
}) })
} }
Permission::Privilege(name, value, partial) => { Permission::Privilege(name, value, partial) => {
let mut privs = Vec::new(); let mut privs = Vec::new();
for (name, v) in PRIVILEGES { for (name, v) in PRIVILEGES {
if (value & v) != 0 { if (value & v) != 0 {
@ -260,10 +252,7 @@ fn dump_api_permission(permission: &Permission) -> Value {
} }
} }
fn dump_api_method_schema( fn dump_api_method_schema(method: &str, api_method: &ApiMethod) -> Value {
method: &str,
api_method: &ApiMethod,
) -> Value {
let mut data = json!({ let mut data = json!({
"description": api_method.parameters.description(), "description": api_method.parameters.description(),
}); });
@ -277,10 +266,16 @@ fn dump_api_method_schema(
data["returns"] = returns; data["returns"] = returns;
match api_method.access { match api_method.access {
ApiAccess { description: None, permission: Permission::Superuser } => { ApiAccess {
description: None,
permission: Permission::Superuser,
} => {
// no need to output default // no need to output default
} }
ApiAccess { description, permission } => { ApiAccess {
description,
permission,
} => {
let mut permissions = dump_api_permission(permission); let mut permissions = dump_api_permission(permission);
if let Some(description) = description { if let Some(description) = description {
permissions["description"] = description.into(); permissions["description"] = description.into();
@ -301,11 +296,7 @@ fn dump_api_method_schema(
data data
} }
pub fn dump_api_schema( pub fn dump_api_schema(router: &Router, path: &str) -> Value {
router: &Router,
path: &str,
) -> Value {
let mut data = json!({}); let mut data = json!({});
let mut info = json!({}); let mut info = json!({});
@ -327,7 +318,7 @@ pub fn dump_api_schema(
match &router.subroute { match &router.subroute {
None => { None => {
data["leaf"] = 1.into(); data["leaf"] = 1.into();
}, }
Some(SubRoute::MatchAll { router, param_name }) => { Some(SubRoute::MatchAll { router, param_name }) => {
let sub_path = if path == "." { let sub_path = if path == "." {
format!("/{{{}}}", param_name) format!("/{{{}}}", param_name)
@ -343,7 +334,6 @@ pub fn dump_api_schema(
data["leaf"] = 0.into(); data["leaf"] = 0.into();
} }
Some(SubRoute::Map(dirmap)) => { Some(SubRoute::Map(dirmap)) => {
let mut children = Vec::new(); let mut children = Vec::new();
for (key, sub_router) in dirmap.iter() { for (key, sub_router) in dirmap.iter() {

69
src/bin/proxmox-backup-api.rs
View File

@ -4,19 +4,21 @@ use std::pin::Pin;
use anyhow::{bail, Error}; use anyhow::{bail, Error};
use futures::*; use futures::*;
use http::request::Parts; use http::request::Parts;
use http::HeaderMap;
use http::Response; use http::Response;
use hyper::{Body, Method, StatusCode}; use hyper::{Body, Method, StatusCode};
use http::HeaderMap;
use proxmox_lang::try_block; use proxmox_lang::try_block;
use proxmox_router::{RpcEnvironmentType, UserInformation}; use proxmox_router::{RpcEnvironmentType, UserInformation};
use proxmox_sys::fs::CreateOptions; use proxmox_sys::fs::CreateOptions;
use proxmox_rest_server::{daemon, AuthError, ApiConfig, RestServer, RestEnvironment, ServerAdapter}; use proxmox_rest_server::{
daemon, ApiConfig, AuthError, RestEnvironment, RestServer, ServerAdapter,
};
use proxmox_backup::server::auth::check_pbs_auth;
use proxmox_backup::auth_helpers::*; use proxmox_backup::auth_helpers::*;
use proxmox_backup::config; use proxmox_backup::config;
use proxmox_backup::server::auth::check_pbs_auth;
fn main() { fn main() {
pbs_tools::setup_libc_malloc_opts(); pbs_tools::setup_libc_malloc_opts();
@ -32,14 +34,12 @@ fn main() {
struct ProxmoxBackupApiAdapter; struct ProxmoxBackupApiAdapter;
impl ServerAdapter for ProxmoxBackupApiAdapter { impl ServerAdapter for ProxmoxBackupApiAdapter {
fn get_index( fn get_index(
&self, &self,
_env: RestEnvironment, _env: RestEnvironment,
_parts: Parts, _parts: Parts,
) -> Pin<Box<dyn Future<Output = Response<Body>> + Send>> { ) -> Pin<Box<dyn Future<Output = Response<Body>> + Send>> {
Box::pin(async move { Box::pin(async move {
let index = "<center><h1>Proxmox Backup API Server</h1></center>"; let index = "<center><h1>Proxmox Backup API Server</h1></center>";
Response::builder() Response::builder()
@ -54,10 +54,14 @@ impl ServerAdapter for ProxmoxBackupApiAdapter {
&'a self, &'a self,
headers: &'a HeaderMap, headers: &'a HeaderMap,
method: &'a Method, method: &'a Method,
) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> { ) -> Pin<
Box::pin(async move { Box<
check_pbs_auth(headers, method).await dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>>
}) + Send
+ 'a,
>,
> {
Box::pin(async move { check_pbs_auth(headers, method).await })
} }
} }
@ -65,7 +69,8 @@ async fn run() -> Result<(), Error> {
if let Err(err) = syslog::init( if let Err(err) = syslog::init(
syslog::Facility::LOG_DAEMON, syslog::Facility::LOG_DAEMON,
log::LevelFilter::Info, log::LevelFilter::Info,
Some("proxmox-backup-api")) { Some("proxmox-backup-api"),
) {
bail!("unable to inititialize syslog - {}", err); bail!("unable to inititialize syslog - {}", err);
} }
@ -100,10 +105,17 @@ async fn run() -> Result<(), Error> {
)?; )?;
let backup_user = pbs_config::backup_user()?; let backup_user = pbs_config::backup_user()?;
let mut commando_sock = proxmox_rest_server::CommandSocket::new(proxmox_rest_server::our_ctrl_sock(), backup_user.gid); let mut commando_sock = proxmox_rest_server::CommandSocket::new(
proxmox_rest_server::our_ctrl_sock(),
backup_user.gid,
);
let dir_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid); let dir_opts = CreateOptions::new()
let file_opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid); .owner(backup_user.uid)
.group(backup_user.gid);
let file_opts = CreateOptions::new()
.owner(backup_user.uid)
.group(backup_user.gid);
config.enable_access_log( config.enable_access_log(
pbs_buildcfg::API_ACCESS_LOG_FN, pbs_buildcfg::API_ACCESS_LOG_FN,
@ -119,27 +131,26 @@ async fn run() -> Result<(), Error> {
&mut commando_sock, &mut commando_sock,
)?; )?;
let rest_server = RestServer::new(config); let rest_server = RestServer::new(config);
proxmox_rest_server::init_worker_tasks(pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!().into(), file_opts.clone())?; proxmox_rest_server::init_worker_tasks(
pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!().into(),
file_opts.clone(),
)?;
// http server future: // http server future:
let server = daemon::create_daemon( let server = daemon::create_daemon(([127, 0, 0, 1], 82).into(), move |listener| {
([127,0,0,1], 82).into(), let incoming = hyper::server::conn::AddrIncoming::from_listener(listener)?;
move |listener| {
let incoming = hyper::server::conn::AddrIncoming::from_listener(listener)?;
Ok(async { Ok(async {
daemon::systemd_notify(daemon::SystemdNotify::Ready)?; daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
hyper::Server::builder(incoming) hyper::Server::builder(incoming)
.serve(rest_server) .serve(rest_server)
.with_graceful_shutdown(proxmox_rest_server::shutdown_future()) .with_graceful_shutdown(proxmox_rest_server::shutdown_future())
.map_err(Error::from) .map_err(Error::from)
.await .await
}) })
}, });
);
proxmox_rest_server::write_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?; proxmox_rest_server::write_pid(pbs_buildcfg::PROXMOX_BACKUP_API_PID_FN)?;

6
src/bin/proxmox-backup-debug.rs
View File

@ -20,5 +20,9 @@ fn main() {
let mut rpcenv = CliEnvironment::new(); let mut rpcenv = CliEnvironment::new();
rpcenv.set_auth_id(Some(format!("{}@pam", username))); rpcenv.set_auth_id(Some(format!("{}@pam", username)));
run_cli_command(cmd_def, rpcenv, Some(|future| proxmox_async::runtime::main(future))); run_cli_command(
cmd_def,
rpcenv,
Some(|future| proxmox_async::runtime::main(future)),
);
} }

22
src/bin/proxmox-backup-proxy.rs
View File

@ -47,8 +47,8 @@ use pbs_buildcfg::configdir;
use proxmox_time::CalendarEvent; use proxmox_time::CalendarEvent;
use pbs_api_types::{ use pbs_api_types::{
Authid, DataStoreConfig, PruneOptions, SyncJobConfig, TapeBackupJobConfig, Authid, DataStoreConfig, Operation, PruneOptions, SyncJobConfig, TapeBackupJobConfig,
VerificationJobConfig, Operation VerificationJobConfig,
}; };
use proxmox_rest_server::daemon; use proxmox_rest_server::daemon;
@ -101,10 +101,14 @@ impl ServerAdapter for ProxmoxBackupProxyAdapter {
&'a self, &'a self,
headers: &'a HeaderMap, headers: &'a HeaderMap,
method: &'a Method, method: &'a Method,
) -> Pin<Box<dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>> + Send + 'a>> { ) -> Pin<
Box::pin(async move { Box<
check_pbs_auth(headers, method).await dyn Future<Output = Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>>
}) + Send
+ 'a,
>,
> {
Box::pin(async move { check_pbs_auth(headers, method).await })
} }
} }
@ -194,7 +198,11 @@ async fn run() -> Result<(), Error> {
if let Err(err) = syslog::init( if let Err(err) = syslog::init(
syslog::Facility::LOG_DAEMON, syslog::Facility::LOG_DAEMON,
if debug { log::LevelFilter::Debug } else { log::LevelFilter::Info }, if debug {
log::LevelFilter::Debug
} else {
log::LevelFilter::Info
},
Some("proxmox-backup-proxy"), Some("proxmox-backup-proxy"),
) { ) {
bail!("unable to inititialize syslog - {}", err); bail!("unable to inititialize syslog - {}", err);

1
src/bin/proxmox_backup_debug/api.rs
View File

@ -166,7 +166,6 @@ fn merge_parameters(
})); }));
} }
let params = schema.parse_parameter_strings(&param_list, true)?; let params = schema.parse_parameter_strings(&param_list, true)?;
Ok(params) Ok(params)

13
src/bin/proxmox_backup_debug/inspect.rs
View File

@ -1,13 +1,13 @@
use std::collections::HashSet; use std::collections::HashSet;
use std::fs::File; use std::fs::File;
use std::io::{stdout, Read, Seek, SeekFrom, Write}; use std::io::{stdout, Read, Seek, SeekFrom, Write};
use std::path::Path;
use std::panic::{RefUnwindSafe, UnwindSafe}; use std::panic::{RefUnwindSafe, UnwindSafe};
use std::path::Path;
use anyhow::{bail, format_err, Error}; use anyhow::{bail, format_err, Error};
use hex::FromHex;
use serde_json::{json, Value}; use serde_json::{json, Value};
use walkdir::WalkDir; use walkdir::WalkDir;
use hex::FromHex;
use proxmox_router::cli::{ use proxmox_router::cli::{
format_and_print_result, get_output_format, CliCommand, CliCommandMap, CommandLineInterface, format_and_print_result, get_output_format, CliCommand, CliCommandMap, CommandLineInterface,
@ -15,7 +15,8 @@ use proxmox_router::cli::{
}; };
use proxmox_schema::api; use proxmox_schema::api;
use pbs_tools::crypt_config::CryptConfig; use pbs_client::tools::key_source::get_encryption_key_password;
use pbs_config::key_config::load_and_decrypt_key;
use pbs_datastore::dynamic_index::DynamicIndexReader; use pbs_datastore::dynamic_index::DynamicIndexReader;
use pbs_datastore::file_formats::{ use pbs_datastore::file_formats::{
COMPRESSED_BLOB_MAGIC_1_0, DYNAMIC_SIZED_CHUNK_INDEX_1_0, ENCRYPTED_BLOB_MAGIC_1_0, COMPRESSED_BLOB_MAGIC_1_0, DYNAMIC_SIZED_CHUNK_INDEX_1_0, ENCRYPTED_BLOB_MAGIC_1_0,
@ -24,8 +25,7 @@ use pbs_datastore::file_formats::{
use pbs_datastore::fixed_index::FixedIndexReader; use pbs_datastore::fixed_index::FixedIndexReader;
use pbs_datastore::index::IndexFile; use pbs_datastore::index::IndexFile;
use pbs_datastore::DataBlob; use pbs_datastore::DataBlob;
use pbs_config::key_config::load_and_decrypt_key; use pbs_tools::crypt_config::CryptConfig;
use pbs_client::tools::key_source::get_encryption_key_password;
// Returns either a new file, if a path is given, or stdout, if no path is given. // Returns either a new file, if a path is given, or stdout, if no path is given.
fn outfile_or_stdout<P: AsRef<Path>>( fn outfile_or_stdout<P: AsRef<Path>>(
@ -128,8 +128,7 @@ fn inspect_chunk(
let digest_raw: Option<[u8; 32]> = digest let digest_raw: Option<[u8; 32]> = digest
.map(|ref d| { .map(|ref d| {
<[u8; 32]>::from_hex(d) <[u8; 32]>::from_hex(d).map_err(|e| format_err!("could not parse chunk - {}", e))
.map_err(|e| format_err!("could not parse chunk - {}", e))
}) })
.map_or(Ok(None), |r| r.map(Some))?; .map_or(Ok(None), |r| r.map(Some))?;

2
src/bin/proxmox_backup_debug/mod.rs
View File

@ -1,3 +1,3 @@
pub mod api;
pub mod inspect; pub mod inspect;
pub mod recover; pub mod recover;
pub mod api;

6
src/bin/proxmox_backup_debug/recover.rs
View File

@ -8,14 +8,14 @@ use serde_json::Value;
use proxmox_router::cli::{CliCommand, CliCommandMap, CommandLineInterface}; use proxmox_router::cli::{CliCommand, CliCommandMap, CommandLineInterface};
use proxmox_schema::api; use proxmox_schema::api;
use pbs_tools::crypt_config::CryptConfig; use pbs_client::tools::key_source::get_encryption_key_password;
use pbs_config::key_config::load_and_decrypt_key;
use pbs_datastore::dynamic_index::DynamicIndexReader; use pbs_datastore::dynamic_index::DynamicIndexReader;
use pbs_datastore::file_formats::{DYNAMIC_SIZED_CHUNK_INDEX_1_0, FIXED_SIZED_CHUNK_INDEX_1_0}; use pbs_datastore::file_formats::{DYNAMIC_SIZED_CHUNK_INDEX_1_0, FIXED_SIZED_CHUNK_INDEX_1_0};
use pbs_datastore::fixed_index::FixedIndexReader; use pbs_datastore::fixed_index::FixedIndexReader;
use pbs_datastore::index::IndexFile; use pbs_datastore::index::IndexFile;
use pbs_datastore::DataBlob; use pbs_datastore::DataBlob;
use pbs_config::key_config::load_and_decrypt_key; use pbs_tools::crypt_config::CryptConfig;
use pbs_client::tools::key_source::get_encryption_key_password;
#[api( #[api(
input: { input: {

38
src/bin/sg-tape-cmd.rs
View File

@ -2,7 +2,6 @@
/// to read and set the encryption key. /// to read and set the encryption key.
/// ///
/// This command can use STDIN as tape device handle. /// This command can use STDIN as tape device handle.
use std::fs::File; use std::fs::File;
use std::os::unix::io::{AsRawFd, FromRawFd}; use std::os::unix::io::{AsRawFd, FromRawFd};
@ -14,24 +13,15 @@ use proxmox_schema::api;
use proxmox_uuid::Uuid; use proxmox_uuid::Uuid;
use pbs_api_types::{ use pbs_api_types::{
Fingerprint, LTO_DRIVE_PATH_SCHEMA, DRIVE_NAME_SCHEMA, TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA, Fingerprint, LtoTapeDrive, DRIVE_NAME_SCHEMA, LTO_DRIVE_PATH_SCHEMA, MEDIA_SET_UUID_SCHEMA,
MEDIA_SET_UUID_SCHEMA, LtoTapeDrive, TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA,
}; };
use pbs_tape::linux_list_drives::{open_lto_tape_device, check_tape_is_lto_tape_device}; use pbs_tape::linux_list_drives::{check_tape_is_lto_tape_device, open_lto_tape_device};
use proxmox_backup::{ use proxmox_backup::tape::drive::{open_lto_tape_drive, LtoTapeHandle, TapeDriver};
tape::{
drive::{
TapeDriver,
LtoTapeHandle,
open_lto_tape_drive,
},
},
};
fn get_tape_handle(param: &Value) -> Result<LtoTapeHandle, Error> { fn get_tape_handle(param: &Value) -> Result<LtoTapeHandle, Error> {
let handle = if let Some(name) = param["drive"].as_str() { let handle = if let Some(name) = param["drive"].as_str() {
let (config, _digest) = pbs_config::drive::config()?; let (config, _digest) = pbs_config::drive::config()?;
let drive: LtoTapeDrive = config.lookup("lto", name)?; let drive: LtoTapeDrive = config.lookup("lto", name)?;
@ -56,7 +46,9 @@ fn get_tape_handle(param: &Value) -> Result<LtoTapeHandle, Error> {
let mut drive_names = Vec::new(); let mut drive_names = Vec::new();
for (name, (section_type, _)) in config.sections.iter() { for (name, (section_type, _)) in config.sections.iter() {
if section_type != "lto" { continue; } if section_type != "lto" {
continue;
}
drive_names.push(name); drive_names.push(name);
} }
@ -106,7 +98,6 @@ fn set_encryption(
uuid: Option<Uuid>, uuid: Option<Uuid>,
param: Value, param: Value,
) -> Result<(), Error> { ) -> Result<(), Error> {
let result = proxmox_lang::try_block!({ let result = proxmox_lang::try_block!({
let mut handle = get_tape_handle(&param)?; let mut handle = get_tape_handle(&param)?;
@ -123,7 +114,8 @@ fn set_encryption(
} }
Ok(()) Ok(())
}).map_err(|err: Error| err.to_string()); })
.map_err(|err: Error| err.to_string());
println!("{}", serde_json::to_string_pretty(&result)?); println!("{}", serde_json::to_string_pretty(&result)?);
@ -131,7 +123,6 @@ fn set_encryption(
} }
fn main() -> Result<(), Error> { fn main() -> Result<(), Error> {
// check if we are user root or backup // check if we are user root or backup
let backup_uid = pbs_config::backup_user()?.uid; let backup_uid = pbs_config::backup_user()?.uid;
let backup_gid = pbs_config::backup_group()?.gid; let backup_gid = pbs_config::backup_group()?.gid;
@ -146,16 +137,13 @@ fn main() -> Result<(), Error> {
if !running_uid.is_root() && (running_uid != backup_uid || running_gid != backup_gid) { if !running_uid.is_root() && (running_uid != backup_uid || running_gid != backup_gid) {
bail!( bail!(
"Not running as backup user or group (got uid {} gid {})", "Not running as backup user or group (got uid {} gid {})",
running_uid, running_gid, running_uid,
running_gid,
); );
} }
let cmd_def = CliCommandMap::new() let cmd_def =
.insert( CliCommandMap::new().insert("encryption", CliCommand::new(&API_METHOD_SET_ENCRYPTION));
"encryption",
CliCommand::new(&API_METHOD_SET_ENCRYPTION)
)
;
let mut rpcenv = CliEnvironment::new(); let mut rpcenv = CliEnvironment::new();
rpcenv.set_auth_id(Some(String::from("root@pam"))); rpcenv.set_auth_id(Some(String::from("root@pam")));

14
src/config/acme/mod.rs
View File

@ -6,15 +6,11 @@ use anyhow::{bail, format_err, Error};
use serde_json::Value; use serde_json::Value;
use proxmox_sys::error::SysError; use proxmox_sys::error::SysError;
use proxmox_sys::fs::{CreateOptions, file_read_string}; use proxmox_sys::fs::{file_read_string, CreateOptions};
use pbs_api_types::PROXMOX_SAFE_ID_REGEX; use pbs_api_types::PROXMOX_SAFE_ID_REGEX;
use crate::api2::types::{ use crate::api2::types::{AcmeAccountName, AcmeChallengeSchema, KnownAcmeDirectory};
AcmeChallengeSchema,
KnownAcmeDirectory,
AcmeAccountName,
};
pub(crate) const ACME_DIR: &str = pbs_buildcfg::configdir!("/acme"); pub(crate) const ACME_DIR: &str = pbs_buildcfg::configdir!("/acme");
pub(crate) const ACME_ACCOUNT_DIR: &str = pbs_buildcfg::configdir!("/acme/accounts"); pub(crate) const ACME_ACCOUNT_DIR: &str = pbs_buildcfg::configdir!("/acme/accounts");
@ -65,7 +61,6 @@ pub fn account_path(name: &str) -> String {
format!("{}/{}", ACME_ACCOUNT_DIR, name) format!("{}/{}", ACME_ACCOUNT_DIR, name)
} }
pub fn foreach_acme_account<F>(mut func: F) -> Result<(), Error> pub fn foreach_acme_account<F>(mut func: F) -> Result<(), Error>
where where
F: FnMut(AcmeAccountName) -> ControlFlow<Result<(), Error>>, F: FnMut(AcmeAccountName) -> ControlFlow<Result<(), Error>>,
@ -163,7 +158,10 @@ pub fn complete_acme_plugin_type(_arg: &str, _param: &HashMap<String, String>) -
] ]
} }
pub fn complete_acme_api_challenge_type(_arg: &str, param: &HashMap<String, String>) -> Vec<String> { pub fn complete_acme_api_challenge_type(
_arg: &str,
param: &HashMap<String, String>,
) -> Vec<String> {
if param.get("type") == Some(&"dns".to_string()) { if param.get("type") == Some(&"dns".to_string()) {
match load_dns_challenge_schema() { match load_dns_challenge_schema() {
Ok(schema) => schema.into_iter().map(|s| s.id).collect(), Ok(schema) => schema.into_iter().map(|s| s.id).collect(),

36
src/config/mod.rs
View File

@ -4,11 +4,11 @@
//! configuration files. //! configuration files.
use anyhow::{bail, format_err, Error}; use anyhow::{bail, format_err, Error};
use std::path::PathBuf;
use nix::sys::stat::Mode; use nix::sys::stat::Mode;
use openssl::rsa::{Rsa};
use openssl::x509::{X509Builder};
use openssl::pkey::PKey; use openssl::pkey::PKey;
use openssl::rsa::Rsa;
use openssl::x509::X509Builder;
use std::path::PathBuf;
use proxmox_lang::try_block; use proxmox_lang::try_block;
@ -73,23 +73,23 @@ pub fn create_configdir() -> Result<(), Error> {
let backup_user = pbs_config::backup_user()?; let backup_user = pbs_config::backup_user()?;
nix::unistd::chown(cfgdir, Some(backup_user.uid), Some(backup_user.gid)) nix::unistd::chown(cfgdir, Some(backup_user.uid), Some(backup_user.gid)).map_err(|err| {
.map_err(|err| { format_err!(
format_err!( "unable to set configuration directory '{}' permissions - {}",
"unable to set configuration directory '{}' permissions - {}", cfgdir,
cfgdir, err
err )
) })
})
} }
/// Update self signed node certificate. /// Update self signed node certificate.
pub fn update_self_signed_cert(force: bool) -> Result<(), Error> { pub fn update_self_signed_cert(force: bool) -> Result<(), Error> {
let key_path = PathBuf::from(configdir!("/proxy.key")); let key_path = PathBuf::from(configdir!("/proxy.key"));
let cert_path = PathBuf::from(configdir!("/proxy.pem")); let cert_path = PathBuf::from(configdir!("/proxy.pem"));
if key_path.exists() && cert_path.exists() && !force { return Ok(()); } if key_path.exists() && cert_path.exists() && !force {
return Ok(());
}
let rsa = Rsa::generate(4096).unwrap(); let rsa = Rsa::generate(4096).unwrap();
@ -101,7 +101,7 @@ pub fn update_self_signed_cert(force: bool) -> Result<(), Error> {
let today = openssl::asn1::Asn1Time::days_from_now(0)?; let today = openssl::asn1::Asn1Time::days_from_now(0)?;
x509.set_not_before(&today)?; x509.set_not_before(&today)?;
let expire = openssl::asn1::Asn1Time::days_from_now(365*1000)?; let expire = openssl::asn1::Asn1Time::days_from_now(365 * 1000)?;
x509.set_not_after(&expire)?; x509.set_not_after(&expire)?;
let nodename = proxmox_sys::nodename(); let nodename = proxmox_sys::nodename();
@ -144,8 +144,12 @@ pub fn update_self_signed_cert(force: bool) -> Result<(), Error> {
alt_names.dns("localhost"); alt_names.dns("localhost");
if nodename != "localhost" { alt_names.dns(nodename); } if nodename != "localhost" {
if nodename != fqdn { alt_names.dns(&fqdn); } alt_names.dns(nodename);
}
if nodename != fqdn {
alt_names.dns(&fqdn);
}
let alt_names = alt_names.build(&context)?; let alt_names = alt_names.build(&context)?;

14
src/config/node.rs
View File

@ -1,7 +1,7 @@
use std::collections::HashSet; use std::collections::HashSet;
use openssl::ssl::{SslAcceptor, SslMethod};
use anyhow::{bail, Error}; use anyhow::{bail, Error};
use openssl::ssl::{SslAcceptor, SslMethod};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use proxmox_schema::{api, ApiStringFormat, ApiType, Updater}; use proxmox_schema::{api, ApiStringFormat, ApiType, Updater};
@ -66,7 +66,7 @@ pub struct AcmeConfig {
// TODO: auto-generate from available translations // TODO: auto-generate from available translations
#[api] #[api]
#[derive(Serialize, Deserialize)] #[derive(Serialize, Deserialize)]
#[serde(rename_all="lowercase")] #[serde(rename_all = "lowercase")]
pub enum Translation { pub enum Translation {
/// Arabic /// Arabic
Ar, Ar,
@ -107,7 +107,7 @@ pub enum Translation {
/// Polish /// Polish
Pl, Pl,
/// Portuguese (Brazil) /// Portuguese (Brazil)
#[serde(rename="pt_BR")] #[serde(rename = "pt_BR")]
PtBr, PtBr,
/// Russian /// Russian
Ru, Ru,
@ -118,10 +118,10 @@ pub enum Translation {
/// Turkish /// Turkish
Tr, Tr,
/// Chinese (simplified) /// Chinese (simplified)
#[serde(rename="zh_CN")] #[serde(rename = "zh_CN")]
ZhCn, ZhCn,
/// Chinese (traditional) /// Chinese (traditional)
#[serde(rename="zh_TW")] #[serde(rename = "zh_TW")]
ZhTw, ZhTw,
} }
@ -208,11 +208,11 @@ pub struct NodeConfig {
pub email_from: Option<String>, pub email_from: Option<String>,
/// List of TLS ciphers for TLS 1.3 that will be used by the proxy. (Proxy has to be restarted for changes to take effect) /// List of TLS ciphers for TLS 1.3 that will be used by the proxy. (Proxy has to be restarted for changes to take effect)
#[serde(skip_serializing_if = "Option::is_none", rename="ciphers-tls-1.3")] #[serde(skip_serializing_if = "Option::is_none", rename = "ciphers-tls-1.3")]
pub ciphers_tls_1_3: Option<String>, pub ciphers_tls_1_3: Option<String>,
/// List of TLS ciphers for TLS <= 1.2 that will be used by the proxy. (Proxy has to be restarted for changes to take effect) /// List of TLS ciphers for TLS <= 1.2 that will be used by the proxy. (Proxy has to be restarted for changes to take effect)
#[serde(skip_serializing_if = "Option::is_none", rename="ciphers-tls-1.2")] #[serde(skip_serializing_if = "Option::is_none", rename = "ciphers-tls-1.2")]
pub ciphers_tls_1_2: Option<String>, pub ciphers_tls_1_2: Option<String>,
/// Default language used in the GUI /// Default language used in the GUI

45
src/rrd_cache.rs
View File

@ -9,12 +9,12 @@ use std::path::Path;
use anyhow::{format_err, Error}; use anyhow::{format_err, Error};
use once_cell::sync::OnceCell; use once_cell::sync::OnceCell;
use proxmox_sys::fs::CreateOptions; use proxmox_rrd::rrd::{CF, DST, RRD};
use proxmox_rrd::RRDCache; use proxmox_rrd::RRDCache;
use proxmox_rrd::rrd::{RRD, DST, CF}; use proxmox_sys::fs::CreateOptions;
use pbs_buildcfg::PROXMOX_BACKUP_STATE_DIR_M;
use pbs_api_types::{RRDMode, RRDTimeFrame}; use pbs_api_types::{RRDMode, RRDTimeFrame};
use pbs_buildcfg::PROXMOX_BACKUP_STATE_DIR_M;
const RRD_CACHE_BASEDIR: &str = concat!(PROXMOX_BACKUP_STATE_DIR_M!(), "/rrdb"); const RRD_CACHE_BASEDIR: &str = concat!(PROXMOX_BACKUP_STATE_DIR_M!(), "/rrdb");
@ -22,14 +22,15 @@ static RRD_CACHE: OnceCell<RRDCache> = OnceCell::new();
/// Get the RRD cache instance /// Get the RRD cache instance
pub fn get_rrd_cache() -> Result<&'static RRDCache, Error> { pub fn get_rrd_cache() -> Result<&'static RRDCache, Error> {
RRD_CACHE.get().ok_or_else(|| format_err!("RRD cache not initialized!")) RRD_CACHE
.get()
.ok_or_else(|| format_err!("RRD cache not initialized!"))
} }
/// Initialize the RRD cache instance /// Initialize the RRD cache instance
/// ///
/// Note: Only a single process must do this (proxmox-backup-proxy) /// Note: Only a single process must do this (proxmox-backup-proxy)
pub fn initialize_rrd_cache() -> Result<&'static RRDCache, Error> { pub fn initialize_rrd_cache() -> Result<&'static RRDCache, Error> {
let backup_user = pbs_config::backup_user()?; let backup_user = pbs_config::backup_user()?;
let file_options = CreateOptions::new() let file_options = CreateOptions::new()
@ -40,7 +41,7 @@ pub fn initialize_rrd_cache() -> Result<&'static RRDCache, Error> {
.owner(backup_user.uid) .owner(backup_user.uid)
.group(backup_user.gid); .group(backup_user.gid);
let apply_interval = 30.0*60.0; // 30 minutes let apply_interval = 30.0 * 60.0; // 30 minutes
let cache = RRDCache::new( let cache = RRDCache::new(
RRD_CACHE_BASEDIR, RRD_CACHE_BASEDIR,
@ -50,47 +51,45 @@ pub fn initialize_rrd_cache() -> Result<&'static RRDCache, Error> {
load_callback, load_callback,
)?; )?;
RRD_CACHE.set(cache) RRD_CACHE
.set(cache)
.map_err(|_| format_err!("RRD cache already initialized!"))?; .map_err(|_| format_err!("RRD cache already initialized!"))?;
Ok(RRD_CACHE.get().unwrap()) Ok(RRD_CACHE.get().unwrap())
} }
fn load_callback( fn load_callback(path: &Path, _rel_path: &str, dst: DST) -> RRD {
path: &Path,
_rel_path: &str,
dst: DST,
) -> RRD {
match RRD::load(path, true) { match RRD::load(path, true) {
Ok(rrd) => rrd, Ok(rrd) => rrd,
Err(err) => { Err(err) => {
if err.kind() != std::io::ErrorKind::NotFound { if err.kind() != std::io::ErrorKind::NotFound {
log::warn!("overwriting RRD file {:?}, because of load error: {}", path, err); log::warn!(
"overwriting RRD file {:?}, because of load error: {}",
path,
err
);
} }
RRDCache::create_proxmox_backup_default_rrd(dst) RRDCache::create_proxmox_backup_default_rrd(dst)
}, }
} }
} }
/// Extracts data for the specified time frame from from RRD cache /// Extracts data for the specified time frame from from RRD cache
pub fn extract_rrd_data( pub fn extract_rrd_data(
basedir: &str, basedir: &str,
name: &str, name: &str,
timeframe: RRDTimeFrame, timeframe: RRDTimeFrame,
mode: RRDMode, mode: RRDMode,
) -> Result<Option<(u64, u64, Vec<Option<f64>>)>, Error> { ) -> Result<Option<(u64, u64, Vec<Option<f64>>)>, Error> {
let end = proxmox_time::epoch_f64() as u64; let end = proxmox_time::epoch_f64() as u64;
let (start, resolution) = match timeframe { let (start, resolution) = match timeframe {
RRDTimeFrame::Hour => (end - 3600, 60), RRDTimeFrame::Hour => (end - 3600, 60),
RRDTimeFrame::Day => (end - 3600*24, 60), RRDTimeFrame::Day => (end - 3600 * 24, 60),
RRDTimeFrame::Week => (end - 3600*24*7, 30*60), RRDTimeFrame::Week => (end - 3600 * 24 * 7, 30 * 60),
RRDTimeFrame::Month => (end - 3600*24*30, 30*60), RRDTimeFrame::Month => (end - 3600 * 24 * 30, 30 * 60),
RRDTimeFrame::Year => (end - 3600*24*365, 6*60*60), RRDTimeFrame::Year => (end - 3600 * 24 * 365, 6 * 60 * 60),
RRDTimeFrame::Decade => (end - 10*3600*24*366, 7*86400), RRDTimeFrame::Decade => (end - 10 * 3600 * 24 * 366, 7 * 86400),
}; };
let cf = match mode { let cf = match mode {

124
src/tools/apt.rs
View File

@ -1,14 +1,14 @@
use std::collections::HashSet;
use std::collections::HashMap; use std::collections::HashMap;
use std::collections::HashSet;
use anyhow::{Error, bail, format_err}; use anyhow::{bail, format_err, Error};
use apt_pkg_native::Cache; use apt_pkg_native::Cache;
use proxmox_sys::fs::{file_read_optional_string, replace_file, CreateOptions};
use proxmox_schema::const_regex; use proxmox_schema::const_regex;
use proxmox_sys::fs::{file_read_optional_string, replace_file, CreateOptions};
use pbs_buildcfg::PROXMOX_BACKUP_STATE_DIR_M;
use pbs_api_types::APTUpdateInfo; use pbs_api_types::APTUpdateInfo;
use pbs_buildcfg::PROXMOX_BACKUP_STATE_DIR_M;
const APT_PKG_STATE_FN: &str = concat!(PROXMOX_BACKUP_STATE_DIR_M!(), "/pkg-state.json"); const APT_PKG_STATE_FN: &str = concat!(PROXMOX_BACKUP_STATE_DIR_M!(), "/pkg-state.json");
@ -25,8 +25,13 @@ pub struct PkgState {
pub fn write_pkg_cache(state: &PkgState) -> Result<(), Error> { pub fn write_pkg_cache(state: &PkgState) -> Result<(), Error> {
let serialized_state = serde_json::to_string(state)?; let serialized_state = serde_json::to_string(state)?;
replace_file(APT_PKG_STATE_FN, serialized_state.as_bytes(), CreateOptions::new(), false) replace_file(
.map_err(|err| format_err!("Error writing package cache - {}", err))?; APT_PKG_STATE_FN,
serialized_state.as_bytes(),
CreateOptions::new(),
false,
)
.map_err(|err| format_err!("Error writing package cache - {}", err))?;
Ok(()) Ok(())
} }
@ -42,7 +47,7 @@ pub fn read_pkg_state() -> Result<Option<PkgState>, Error> {
.map_err(|err| format_err!("could not parse cached package status - {}", err)) .map_err(|err| format_err!("could not parse cached package status - {}", err))
} }
pub fn pkg_cache_expired () -> Result<bool, Error> { pub fn pkg_cache_expired() -> Result<bool, Error> {
if let Ok(pbs_cache) = std::fs::metadata(APT_PKG_STATE_FN) { if let Ok(pbs_cache) = std::fs::metadata(APT_PKG_STATE_FN) {
let apt_pkgcache = std::fs::metadata("/var/cache/apt/pkgcache.bin")?; let apt_pkgcache = std::fs::metadata("/var/cache/apt/pkgcache.bin")?;
let dpkg_status = std::fs::metadata("/var/lib/dpkg/status")?; let dpkg_status = std::fs::metadata("/var/lib/dpkg/status")?;
@ -57,27 +62,29 @@ pub fn pkg_cache_expired () -> Result<bool, Error> {
} }
pub fn update_cache() -> Result<PkgState, Error> { pub fn update_cache() -> Result<PkgState, Error> {
// update our cache // update our cache
let all_upgradeable = list_installed_apt_packages(|data| { let all_upgradeable = list_installed_apt_packages(
data.candidate_version == data.active_version && |data| {
data.installed_version != Some(data.candidate_version) data.candidate_version == data.active_version
}, None); && data.installed_version != Some(data.candidate_version)
},
None,
);
let cache = match read_pkg_state() { let cache = match read_pkg_state() {
Ok(Some(mut cache)) => { Ok(Some(mut cache)) => {
cache.package_status = all_upgradeable; cache.package_status = all_upgradeable;
cache cache
}, }
_ => PkgState { _ => PkgState {
notified: None, notified: None,
package_status: all_upgradeable, package_status: all_upgradeable,
}, },
}; };
write_pkg_cache(&cache)?; write_pkg_cache(&cache)?;
Ok(cache) Ok(cache)
} }
const_regex! { const_regex! {
VERSION_EPOCH_REGEX = r"^\d+:"; VERSION_EPOCH_REGEX = r"^\d+:";
FILENAME_EXTRACT_REGEX = r"^.*/.*?_(.*)_Packages$"; FILENAME_EXTRACT_REGEX = r"^.*/.*?_(.*)_Packages$";
@ -108,9 +115,12 @@ fn get_changelog_url(
if output.len() < 2 { if output.len() < 2 {
bail!("invalid output (URI part too short) from 'apt-get changelog --print-uris': {}", output) bail!("invalid output (URI part too short) from 'apt-get changelog --print-uris': {}", output)
} }
output[1..output.len()-1].to_owned() output[1..output.len() - 1].to_owned()
}, }
None => bail!("invalid output from 'apt-get changelog --print-uris': {}", output) None => bail!(
"invalid output from 'apt-get changelog --print-uris': {}",
output
),
}; };
return Ok(output); return Ok(output);
} else if origin == "Proxmox" { } else if origin == "Proxmox" {
@ -123,18 +133,22 @@ fn get_changelog_url(
let base_capture = captures.get(1); let base_capture = captures.get(1);
match base_capture { match base_capture {
Some(base_underscore) => base_underscore.as_str().replace("_", "/"), Some(base_underscore) => base_underscore.as_str().replace("_", "/"),
None => bail!("incompatible filename, cannot find regex group") None => bail!("incompatible filename, cannot find regex group"),
} }
}, }
None => bail!("incompatible filename, doesn't match regex") None => bail!("incompatible filename, doesn't match regex"),
}; };
if component == "pbs-enterprise" { if component == "pbs-enterprise" {
return Ok(format!("https://enterprise.proxmox.com/{}/{}_{}.changelog", return Ok(format!(
base, package, version)); "https://enterprise.proxmox.com/{}/{}_{}.changelog",
base, package, version
));
} else { } else {
return Ok(format!("http://download.proxmox.com/{}/{}_{}.changelog", return Ok(format!(
base, package, version)); "http://download.proxmox.com/{}/{}_{}.changelog",
base, package, version
));
} }
} }
@ -162,7 +176,6 @@ pub fn list_installed_apt_packages<F: Fn(FilterData) -> bool>(
filter: F, filter: F,
only_versions_for: Option<&str>, only_versions_for: Option<&str>,
) -> Vec<APTUpdateInfo> { ) -> Vec<APTUpdateInfo> {
let mut ret = Vec::new(); let mut ret = Vec::new();
let mut depends = HashSet::new(); let mut depends = HashSet::new();
@ -172,26 +185,20 @@ pub fn list_installed_apt_packages<F: Fn(FilterData) -> bool>(
let mut cache_iter = match only_versions_for { let mut cache_iter = match only_versions_for {
Some(name) => cache.find_by_name(name), Some(name) => cache.find_by_name(name),
None => cache.iter() None => cache.iter(),
}; };
loop { loop {
match cache_iter.next() { match cache_iter.next() {
Some(view) => { Some(view) => {
let di = if only_versions_for.is_some() { let di = if only_versions_for.is_some() {
query_detailed_info( query_detailed_info(PackagePreSelect::All, &filter, view, None)
PackagePreSelect::All,
&filter,
view,
None
)
} else { } else {
query_detailed_info( query_detailed_info(
PackagePreSelect::OnlyInstalled, PackagePreSelect::OnlyInstalled,
&filter, &filter,
view, view,
Some(&mut depends) Some(&mut depends),
) )
}; };
if let Some(info) = di { if let Some(info) = di {
@ -201,7 +208,7 @@ pub fn list_installed_apt_packages<F: Fn(FilterData) -> bool>(
if only_versions_for.is_some() { if only_versions_for.is_some() {
break; break;
} }
}, }
None => { None => {
drop(cache_iter); drop(cache_iter);
// also loop through missing dependencies, as they would be installed // also loop through missing dependencies, as they would be installed
@ -209,15 +216,10 @@ pub fn list_installed_apt_packages<F: Fn(FilterData) -> bool>(
let mut iter = cache.find_by_name(pkg); let mut iter = cache.find_by_name(pkg);
let view = match iter.next() { let view = match iter.next() {
Some(view) => view, Some(view) => view,
None => continue // package not found, ignore None => continue, // package not found, ignore
}; };
let di = query_detailed_info( let di = query_detailed_info(PackagePreSelect::OnlyNew, &filter, view, None);
PackagePreSelect::OnlyNew,
&filter,
view,
None
);
if let Some(info) = di { if let Some(info) = di {
ret.push(info); ret.push(info);
} }
@ -238,7 +240,7 @@ fn query_detailed_info<'a, F, V>(
) -> Option<APTUpdateInfo> ) -> Option<APTUpdateInfo>
where where
F: Fn(FilterData) -> bool, F: Fn(FilterData) -> bool,
V: std::ops::Deref<Target = apt_pkg_native::sane::PkgView<'a>> V: std::ops::Deref<Target = apt_pkg_native::sane::PkgView<'a>>,
{ {
let current_version = view.current_version(); let current_version = view.current_version();
let candidate_version = view.candidate_version(); let candidate_version = view.candidate_version();
@ -247,8 +249,8 @@ where
PackagePreSelect::OnlyInstalled => match (current_version, candidate_version) { PackagePreSelect::OnlyInstalled => match (current_version, candidate_version) {
(Some(cur), Some(can)) => (Some(cur), can), // package installed and there is an update (Some(cur), Some(can)) => (Some(cur), can), // package installed and there is an update
(Some(cur), None) => (Some(cur.clone()), cur), // package installed and up-to-date (Some(cur), None) => (Some(cur.clone()), cur), // package installed and up-to-date
(None, Some(_)) => return None, // package could be installed (None, Some(_)) => return None, // package could be installed
(None, None) => return None, // broken (None, None) => return None, // broken
}, },
PackagePreSelect::OnlyNew => match (current_version, candidate_version) { PackagePreSelect::OnlyNew => match (current_version, candidate_version) {
(Some(_), Some(_)) => return None, (Some(_), Some(_)) => return None,
@ -267,7 +269,6 @@ where
// get additional information via nested APT 'iterators' // get additional information via nested APT 'iterators'
let mut view_iter = view.versions(); let mut view_iter = view.versions();
while let Some(ver) = view_iter.next() { while let Some(ver) = view_iter.next() {
let package = view.name(); let package = view.name();
let version = ver.version(); let version = ver.version();
let mut origin_res = "unknown".to_owned(); let mut origin_res = "unknown".to_owned();
@ -299,7 +300,6 @@ where
let mut origin_iter = ver.origin_iter(); let mut origin_iter = ver.origin_iter();
let origin = origin_iter.next(); let origin = origin_iter.next();
if let Some(origin) = origin { if let Some(origin) = origin {
if let Some(sd) = origin.short_desc() { if let Some(sd) = origin.short_desc() {
short_desc = sd; short_desc = sd;
} }
@ -324,8 +324,8 @@ where
// build changelog URL from gathered information // build changelog URL from gathered information
// ignore errors, use empty changelog instead // ignore errors, use empty changelog instead
let url = get_changelog_url(&package, &filename, let url =
&version, &origin_res, &component); get_changelog_url(&package, &filename, &version, &origin_res, &component);
if let Ok(url) = url { if let Ok(url) = url {
change_log_url = url; change_log_url = url;
} }
@ -338,7 +338,7 @@ where
let dep = match dep_iter.next() { let dep = match dep_iter.next() {
Some(dep) if dep.dep_type() != "Depends" => continue, Some(dep) if dep.dep_type() != "Depends" => continue,
Some(dep) => dep, Some(dep) => dep,
None => break None => break,
}; };
let dep_pkg = dep.target_pkg(); let dep_pkg = dep.target_pkg();
@ -358,7 +358,7 @@ where
version: candidate_version.clone(), version: candidate_version.clone(),
old_version: match current_version { old_version: match current_version {
Some(vers) => vers, Some(vers) => vers,
None => "".to_owned() None => "".to_owned(),
}, },
priority: priority_res, priority: priority_res,
section: section_res, section: section_res,

13
src/tools/config.rs
View File

@ -119,7 +119,9 @@ pub fn from_property_string<T>(input: &str, schema: &'static Schema) -> Result<T
where where
T: for<'de> Deserialize<'de>, T: for<'de> Deserialize<'de>,
{ {
Ok(serde_json::from_value(schema.parse_property_string(input)?)?) Ok(serde_json::from_value(
schema.parse_property_string(input)?,
)?)
} }
/// Serialize a data structure using a 'key: value' config file format. /// Serialize a data structure using a 'key: value' config file format.
@ -154,7 +156,7 @@ fn object_to_writer(output: &mut dyn Write, object: &Object) -> Result<(), Error
for (key, value) in object.iter() { for (key, value) in object.iter() {
match value { match value {
_ if key == "description" => continue, // skip description as we handle it above _ if key == "description" => continue, // skip description as we handle it above
Value::Null => continue, // delete this entry Value::Null => continue, // delete this entry
Value::Bool(v) => writeln!(output, "{}: {}", key, v)?, Value::Bool(v) => writeln!(output, "{}: {}", key, v)?,
Value::String(v) => { Value::String(v) => {
if v.as_bytes().contains(&b'\n') { if v.as_bytes().contains(&b'\n') {
@ -183,11 +185,10 @@ fn test() {
acmedomain1: test2.invalid.local\n\ acmedomain1: test2.invalid.local\n\
"; ";
let data: NodeConfig = from_str(NODE_CONFIG, &NodeConfig::API_SCHEMA) let data: NodeConfig =
.expect("failed to parse simple node config"); from_str(NODE_CONFIG, &NodeConfig::API_SCHEMA).expect("failed to parse simple node config");
let config = to_bytes(&data, &NodeConfig::API_SCHEMA) let config = to_bytes(&data, &NodeConfig::API_SCHEMA).expect("failed to serialize node config");
.expect("failed to serialize node config");
assert_eq!(config, NODE_CONFIG.as_bytes()); assert_eq!(config, NODE_CONFIG.as_bytes());
} }

4
src/tools/disks/mod.rs
View File

@ -14,10 +14,10 @@ use once_cell::sync::OnceCell;
use ::serde::{Deserialize, Serialize}; use ::serde::{Deserialize, Serialize};
use proxmox_schema::api;
use proxmox_lang::error::io_err_other; use proxmox_lang::error::io_err_other;
use proxmox_sys::linux::procfs::{mountinfo::Device, MountInfo};
use proxmox_lang::{io_bail, io_format_err}; use proxmox_lang::{io_bail, io_format_err};
use proxmox_schema::api;
use proxmox_sys::linux::procfs::{mountinfo::Device, MountInfo};
use pbs_api_types::{StorageStatus, BLOCKDEVICE_NAME_REGEX}; use pbs_api_types::{StorageStatus, BLOCKDEVICE_NAME_REGEX};

15
src/tools/mod.rs
View File

@ -6,11 +6,7 @@ use std::any::Any;
use anyhow::{bail, format_err, Error}; use anyhow::{bail, format_err, Error};
use openssl::hash::{hash, DigestBytes, MessageDigest}; use openssl::hash::{hash, DigestBytes, MessageDigest};
use proxmox_http::{ use proxmox_http::{client::SimpleHttp, client::SimpleHttpOptions, ProxyConfig};
client::SimpleHttp,
client::SimpleHttpOptions,
ProxyConfig,
};
pub mod apt; pub mod apt;
pub mod config; pub mod config;
@ -36,8 +32,7 @@ pub fn get_hardware_address() -> Result<String, Error> {
let contents = proxmox_sys::fs::file_get_contents(FILENAME) let contents = proxmox_sys::fs::file_get_contents(FILENAME)
.map_err(|e| format_err!("Error getting host key - {}", e))?; .map_err(|e| format_err!("Error getting host key - {}", e))?;
let digest = md5sum(&contents) let digest = md5sum(&contents).map_err(|e| format_err!("Error digesting host key - {}", e))?;
.map_err(|e| format_err!("Error digesting host key - {}", e))?;
Ok(hex::encode(&digest).to_uppercase()) Ok(hex::encode(&digest).to_uppercase())
} }
@ -49,11 +44,13 @@ pub fn assert_if_modified(digest1: &str, digest2: &str) -> Result<(), Error> {
Ok(()) Ok(())
} }
/// Detect modified configuration files /// Detect modified configuration files
/// ///
/// This function fails with a reasonable error message if checksums do not match. /// This function fails with a reasonable error message if checksums do not match.
pub fn detect_modified_configuration_file(digest1: &[u8;32], digest2: &[u8;32]) -> Result<(), Error> { pub fn detect_modified_configuration_file(
digest1: &[u8; 32],
digest2: &[u8; 32],
) -> Result<(), Error> {
if digest1 != digest2 { if digest1 != digest2 {
bail!("detected modified configuration - file changed by other user? Try again."); bail!("detected modified configuration - file changed by other user? Try again.");
} }

17
src/tools/parallel_handler.rs
View File

@ -59,7 +59,8 @@ impl<I: Send + 'static> ParallelHandler<I> {
/// Create a new thread pool, each thread processing incoming data /// Create a new thread pool, each thread processing incoming data
/// with 'handler_fn'. /// with 'handler_fn'.
pub fn new<F>(name: &str, threads: usize, handler_fn: F) -> Self pub fn new<F>(name: &str, threads: usize, handler_fn: F) -> Self
where F: Fn(I) -> Result<(), Error> + Send + Clone + 'static, where
F: Fn(I) -> Result<(), Error> + Send + Clone + 'static,
{ {
let mut handles = Vec::new(); let mut handles = Vec::new();
let (input_tx, input_rx) = bounded::<I>(threads); let (input_tx, input_rx) = bounded::<I>(threads);
@ -89,7 +90,7 @@ impl<I: Send + 'static> ParallelHandler<I> {
} }
} }
}) })
.unwrap() .unwrap(),
); );
} }
Self { Self {
@ -132,19 +133,17 @@ impl<I: Send + 'static> ParallelHandler<I> {
} }
fn join_threads(&mut self) -> Vec<String> { fn join_threads(&mut self) -> Vec<String> {
let mut msg_list = Vec::new(); let mut msg_list = Vec::new();
let mut i = 0; let mut i = 0;
while let Some(handle) = self.handles.pop() { while let Some(handle) = self.handles.pop() {
if let Err(panic) = handle.join() { if let Err(panic) = handle.join() {
match panic.downcast::<&str>() { match panic.downcast::<&str>() {
Ok(panic_msg) => msg_list.push( Ok(panic_msg) => msg_list.push(format!(
format!("thread {} ({}) panicked: {}", self.name, i, panic_msg) "thread {} ({}) panicked: {}",
), self.name, i, panic_msg
Err(_) => msg_list.push( )),
format!("thread {} ({}) panicked", self.name, i) Err(_) => msg_list.push(format!("thread {} ({}) panicked", self.name, i)),
),
} }
} }
i += 1; i += 1;

35
src/tools/shared_rate_limiter.rs
View File

@ -1,6 +1,6 @@
use std::path::PathBuf;
use std::mem::MaybeUninit; use std::mem::MaybeUninit;
use std::time::{Instant, Duration}; use std::path::PathBuf;
use std::time::{Duration, Instant};
use anyhow::{bail, Error}; use anyhow::{bail, Error};
use nix::sys::stat::Mode; use nix::sys::stat::Mode;
@ -8,11 +8,12 @@ use nix::sys::stat::Mode;
use proxmox_sys::fs::{create_path, CreateOptions}; use proxmox_sys::fs::{create_path, CreateOptions};
use proxmox_http::client::{RateLimit, RateLimiter, ShareableRateLimit}; use proxmox_http::client::{RateLimit, RateLimiter, ShareableRateLimit};
use proxmox_shared_memory::{Init, SharedMemory, SharedMutex};
use proxmox_shared_memory::{check_subtype, initialize_subtype}; use proxmox_shared_memory::{check_subtype, initialize_subtype};
use proxmox_shared_memory::{Init, SharedMemory, SharedMutex};
// openssl::sha::sha256(b"Proxmox Backup SharedRateLimiter v1.0")[0..8]; // openssl::sha::sha256(b"Proxmox Backup SharedRateLimiter v1.0")[0..8];
pub const PROXMOX_BACKUP_SHARED_RATE_LIMITER_MAGIC_1_0: [u8; 8] = [6, 58, 213, 96, 161, 122, 130, 117]; pub const PROXMOX_BACKUP_SHARED_RATE_LIMITER_MAGIC_1_0: [u8; 8] =
[6, 58, 213, 96, 161, 122, 130, 117];
const BASE_PATH: &str = pbs_buildcfg::rundir!("/shmem/tbf"); const BASE_PATH: &str = pbs_buildcfg::rundir!("/shmem/tbf");
@ -61,11 +62,10 @@ impl Init for SharedRateLimiterData {
/// implements [Init]. This way we can share the limiter between /// implements [Init]. This way we can share the limiter between
/// different processes. /// different processes.
pub struct SharedRateLimiter { pub struct SharedRateLimiter {
shmem: SharedMemory<SharedRateLimiterData> shmem: SharedMemory<SharedRateLimiterData>,
} }
impl SharedRateLimiter { impl SharedRateLimiter {
/// Creates a new mmap'ed instance. /// Creates a new mmap'ed instance.
/// ///
/// Data is mapped in `/var/run/proxmox-backup/shmem/tbf/<name>` using /// Data is mapped in `/var/run/proxmox-backup/shmem/tbf/<name>` using
@ -80,10 +80,7 @@ impl SharedRateLimiter {
.owner(user.uid) .owner(user.uid)
.group(user.gid); .group(user.gid);
create_path( create_path(&path, Some(dir_opts.clone()), Some(dir_opts))?;
&path,
Some(dir_opts.clone()),
Some(dir_opts))?;
path.push(name); path.push(name);
@ -92,8 +89,7 @@ impl SharedRateLimiter {
.owner(user.uid) .owner(user.uid)
.group(user.gid); .group(user.gid);
let shmem: SharedMemory<SharedRateLimiterData> = let shmem: SharedMemory<SharedRateLimiterData> = SharedMemory::open(&path, file_opts)?;
SharedMemory::open(&path, file_opts)?;
shmem.data().tbf.lock().0.update_rate(rate, burst); shmem.data().tbf.lock().0.update_rate(rate, burst);
@ -103,17 +99,24 @@ impl SharedRateLimiter {
impl ShareableRateLimit for SharedRateLimiter { impl ShareableRateLimit for SharedRateLimiter {
fn update_rate(&self, rate: u64, bucket_size: u64) { fn update_rate(&self, rate: u64, bucket_size: u64) {
self.shmem.data().tbf.lock().0 self.shmem
.data()
.tbf
.lock()
.0
.update_rate(rate, bucket_size); .update_rate(rate, bucket_size);
} }
fn traffic(&self) -> u64 { fn traffic(&self) -> u64 {
self.shmem.data().tbf.lock().0 self.shmem.data().tbf.lock().0.traffic()
.traffic()
} }
fn register_traffic(&self, current_time: Instant, data_len: u64) -> Duration { fn register_traffic(&self, current_time: Instant, data_len: u64) -> Duration {
self.shmem.data().tbf.lock().0 self.shmem
.data()
.tbf
.lock()
.0
.register_traffic(current_time, data_len) .register_traffic(current_time, data_len)
} }
} }

44
src/tools/statistics.rs
View File

@ -1,6 +1,6 @@
//! Helpers for common statistics tasks //! Helpers for common statistics tasks
use num_traits::NumAssignRef;
use num_traits::cast::ToPrimitive; use num_traits::cast::ToPrimitive;
use num_traits::NumAssignRef;
/// Calculates the sum of a list of numbers /// Calculates the sum of a list of numbers
/// ``` /// ```
@ -14,7 +14,7 @@ use num_traits::cast::ToPrimitive;
/// ``` /// ```
pub fn sum<T>(list: &[T]) -> T pub fn sum<T>(list: &[T]) -> T
where where
T: NumAssignRef + ToPrimitive T: NumAssignRef + ToPrimitive,
{ {
let mut sum = T::zero(); let mut sum = T::zero();
for num in list { for num in list {
@ -32,13 +32,13 @@ where
/// ``` /// ```
pub fn mean<T>(list: &[T]) -> Option<f64> pub fn mean<T>(list: &[T]) -> Option<f64>
where where
T: NumAssignRef + ToPrimitive T: NumAssignRef + ToPrimitive,
{ {
let len = list.len(); let len = list.len();
if len == 0 { if len == 0 {
return None return None;
} }
Some(sum(list).to_f64()?/(list.len() as f64)) Some(sum(list).to_f64()? / (list.len() as f64))
} }
/// Calculates the variance of a variable x /// Calculates the variance of a variable x
@ -50,13 +50,13 @@ where
/// ``` /// ```
pub fn variance<T>(list: &[T]) -> Option<f64> pub fn variance<T>(list: &[T]) -> Option<f64>
where where
T: NumAssignRef + ToPrimitive T: NumAssignRef + ToPrimitive,
{ {
covariance(list, list) covariance(list, list)
} }
/// Calculates the (non-corrected) covariance of two variables x,y /// Calculates the (non-corrected) covariance of two variables x,y
pub fn covariance<X, Y> (x: &[X], y: &[Y]) -> Option<f64> pub fn covariance<X, Y>(x: &[X], y: &[Y]) -> Option<f64>
where where
X: NumAssignRef + ToPrimitive, X: NumAssignRef + ToPrimitive,
Y: NumAssignRef + ToPrimitive, Y: NumAssignRef + ToPrimitive,
@ -64,19 +64,21 @@ where
let len_x = x.len(); let len_x = x.len();
let len_y = y.len(); let len_y = y.len();
if len_x == 0 || len_y == 0 || len_x != len_y { if len_x == 0 || len_y == 0 || len_x != len_y {
return None return None;
} }
let mean_x = mean(x)?; let mean_x = mean(x)?;
let mean_y = mean(y)?; let mean_y = mean(y)?;
let covariance: f64 = (0..len_x).map(|i| { let covariance: f64 = (0..len_x)
let x = x[i].to_f64().unwrap_or(0.0); .map(|i| {
let y = y[i].to_f64().unwrap_or(0.0); let x = x[i].to_f64().unwrap_or(0.0);
(x - mean_x)*(y - mean_y) let y = y[i].to_f64().unwrap_or(0.0);
}).sum(); (x - mean_x) * (y - mean_y)
})
.sum();
Some(covariance/(len_x as f64)) Some(covariance / (len_x as f64))
} }
/// Returns the factors `(a,b)` of a linear regression `y = a + bx` /// Returns the factors `(a,b)` of a linear regression `y = a + bx`
@ -90,15 +92,15 @@ where
/// assert!((a - -4.0).abs() < 0.001); /// assert!((a - -4.0).abs() < 0.001);
/// assert!((b - 2.0).abs() < 0.001); /// assert!((b - 2.0).abs() < 0.001);
/// ``` /// ```
pub fn linear_regression<X, Y> (x: &[X], y: &[Y]) -> Option<(f64, f64)> pub fn linear_regression<X, Y>(x: &[X], y: &[Y]) -> Option<(f64, f64)>
where where
X: NumAssignRef + ToPrimitive, X: NumAssignRef + ToPrimitive,
Y: NumAssignRef + ToPrimitive Y: NumAssignRef + ToPrimitive,
{ {
let len_x = x.len(); let len_x = x.len();
let len_y = y.len(); let len_y = y.len();
if len_x == 0 || len_y == 0 || len_x != len_y { if len_x == 0 || len_y == 0 || len_x != len_y {
return None return None;
} }
let mean_x = mean(x)?; let mean_x = mean(x)?;
@ -113,11 +115,11 @@ where
let x_mean_x = x - mean_x; let x_mean_x = x - mean_x;
covariance += x_mean_x*(y - mean_y); covariance += x_mean_x * (y - mean_y);
variance += x_mean_x * x_mean_x; variance += x_mean_x * x_mean_x;
} }
let beta = covariance/variance; let beta = covariance / variance;
let alpha = mean_y - beta*mean_x; let alpha = mean_y - beta * mean_x;
Some((alpha,beta)) Some((alpha, beta))
} }

143
src/tools/subscription.rs
View File

@ -1,4 +1,4 @@
use anyhow::{Error, format_err, bail}; use anyhow::{bail, format_err, Error};
use lazy_static::lazy_static; use lazy_static::lazy_static;
use regex::Regex; use regex::Regex;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
@ -6,16 +6,13 @@ use serde_json::json;
use proxmox_schema::api; use proxmox_schema::api;
use proxmox_sys::fs::{replace_file, CreateOptions};
use proxmox_http::client::SimpleHttp; use proxmox_http::client::SimpleHttp;
use proxmox_sys::fs::{replace_file, CreateOptions};
use pbs_tools::json::json_object_to_query; use pbs_tools::json::json_object_to_query;
use crate::config::node; use crate::config::node;
use crate::tools::{ use crate::tools::{self, pbs_simple_http};
self,
pbs_simple_http,
};
/// How long the local key is valid for in between remote checks /// How long the local key is valid for in between remote checks
pub const MAX_LOCAL_KEY_AGE: i64 = 15 * 24 * 3600; pub const MAX_LOCAL_KEY_AGE: i64 = 15 * 24 * 3600;
@ -41,7 +38,9 @@ pub enum SubscriptionStatus {
INVALID, INVALID,
} }
impl Default for SubscriptionStatus { impl Default for SubscriptionStatus {
fn default() -> Self { SubscriptionStatus::NOTFOUND } fn default() -> Self {
SubscriptionStatus::NOTFOUND
}
} }
impl std::fmt::Display for SubscriptionStatus { impl std::fmt::Display for SubscriptionStatus {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
@ -62,41 +61,41 @@ impl std::fmt::Display for SubscriptionStatus {
}, },
)] )]
#[derive(Debug, Default, PartialEq, Serialize, Deserialize)] #[derive(Debug, Default, PartialEq, Serialize, Deserialize)]
#[serde(rename_all="kebab-case")] #[serde(rename_all = "kebab-case")]
/// Proxmox subscription information /// Proxmox subscription information
pub struct SubscriptionInfo { pub struct SubscriptionInfo {
/// Subscription status from the last check /// Subscription status from the last check
pub status: SubscriptionStatus, pub status: SubscriptionStatus,
/// the server ID, if permitted to access /// the server ID, if permitted to access
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub serverid: Option<String>, pub serverid: Option<String>,
/// timestamp of the last check done /// timestamp of the last check done
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub checktime: Option<i64>, pub checktime: Option<i64>,
/// the subscription key, if set and permitted to access /// the subscription key, if set and permitted to access
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub key: Option<String>, pub key: Option<String>,
/// a more human readable status message /// a more human readable status message
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub message: Option<String>, pub message: Option<String>,
/// human readable productname of the set subscription /// human readable productname of the set subscription
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub productname: Option<String>, pub productname: Option<String>,
/// register date of the set subscription /// register date of the set subscription
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub regdate: Option<String>, pub regdate: Option<String>,
/// next due date of the set subscription /// next due date of the set subscription
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub nextduedate: Option<String>, pub nextduedate: Option<String>,
/// URL to the web shop /// URL to the web shop
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub url: Option<String>, pub url: Option<String>,
} }
async fn register_subscription( async fn register_subscription(
key: &str, key: &str,
server_id: &str, server_id: &str,
checktime: i64 checktime: i64,
) -> Result<(String, String), Error> { ) -> Result<(String, String), Error> {
// WHCMS sample code feeds the key into this, but it's just a challenge, so keep it simple // WHCMS sample code feeds the key into this, but it's just a challenge, so keep it simple
let rand = hex::encode(&proxmox_sys::linux::random_data(16)?); let rand = hex::encode(&proxmox_sys::linux::random_data(16)?);
@ -120,7 +119,9 @@ async fn register_subscription(
let uri = "https://shop.proxmox.com/modules/servers/licensing/verify.php"; let uri = "https://shop.proxmox.com/modules/servers/licensing/verify.php";
let query = json_object_to_query(params)?; let query = json_object_to_query(params)?;
let response = client.post(uri, Some(query), Some("application/x-www-form-urlencoded")).await?; let response = client
.post(uri, Some(query), Some("application/x-www-form-urlencoded"))
.await?;
let body = SimpleHttp::response_body_string(response).await?; let body = SimpleHttp::response_body_string(response).await?;
Ok((body, challenge)) Ok((body, challenge))
@ -132,7 +133,7 @@ fn parse_status(value: &str) -> SubscriptionStatus {
"new" => SubscriptionStatus::NEW, "new" => SubscriptionStatus::NEW,
"notfound" => SubscriptionStatus::NOTFOUND, "notfound" => SubscriptionStatus::NOTFOUND,
"invalid" => SubscriptionStatus::INVALID, "invalid" => SubscriptionStatus::INVALID,
_ => SubscriptionStatus::INVALID, _ => SubscriptionStatus::INVALID,
} }
} }
@ -164,15 +165,16 @@ fn parse_register_response(
"productname" => info.productname = Some(value.into()), "productname" => info.productname = Some(value.into()),
"regdate" => info.regdate = Some(value.into()), "regdate" => info.regdate = Some(value.into()),
"nextduedate" => info.nextduedate = Some(value.into()), "nextduedate" => info.nextduedate = Some(value.into()),
"message" if value == "Directory Invalid" => "message" if value == "Directory Invalid" => {
info.message = Some("Invalid Server ID".into()), info.message = Some("Invalid Server ID".into())
}
"message" => info.message = Some(value.into()), "message" => info.message = Some(value.into()),
"validdirectory" => { "validdirectory" => {
if value.split(',').find(is_server_id) == None { if value.split(',').find(is_server_id) == None {
bail!("Server ID does not match"); bail!("Server ID does not match");
} }
info.serverid = Some(server_id.to_owned()); info.serverid = Some(server_id.to_owned());
}, }
"md5hash" => md5hash = value.to_owned(), "md5hash" => md5hash = value.to_owned(),
_ => (), _ => (),
} }
@ -182,7 +184,11 @@ fn parse_register_response(
let response_raw = format!("{}{}", SHARED_KEY_DATA, challenge); let response_raw = format!("{}{}", SHARED_KEY_DATA, challenge);
let expected = hex::encode(&tools::md5sum(response_raw.as_bytes())?); let expected = hex::encode(&tools::md5sum(response_raw.as_bytes())?);
if expected != md5hash { if expected != md5hash {
bail!("Subscription API challenge failed, expected {} != got {}", expected, md5hash); bail!(
"Subscription API challenge failed, expected {} != got {}",
expected,
md5hash
);
} }
} }
Ok(info) Ok(info)
@ -210,29 +216,38 @@ fn test_parse_register_response() -> Result<(), Error> {
let checktime = 1600000000; let checktime = 1600000000;
let salt = "cf44486bddb6ad0145732642c45b2957"; let salt = "cf44486bddb6ad0145732642c45b2957";
let info = parse_register_response(response, key.to_owned(), server_id.to_owned(), checktime, salt)?; let info = parse_register_response(
response,
key.to_owned(),
server_id.to_owned(),
checktime,
salt,
)?;
assert_eq!(info, SubscriptionInfo { assert_eq!(
key: Some(key), info,
serverid: Some(server_id), SubscriptionInfo {
status: SubscriptionStatus::ACTIVE, key: Some(key),
checktime: Some(checktime), serverid: Some(server_id),
url: Some("https://www.proxmox.com/en/proxmox-backup-server/pricing".into()), status: SubscriptionStatus::ACTIVE,
message: None, checktime: Some(checktime),
nextduedate: Some("2021-09-19".into()), url: Some("https://www.proxmox.com/en/proxmox-backup-server/pricing".into()),
regdate: Some("2020-09-19 00:00:00".into()), message: None,
productname: Some("Proxmox Backup Server Test Subscription -1 year".into()), nextduedate: Some("2021-09-19".into()),
}); regdate: Some("2020-09-19 00:00:00".into()),
productname: Some("Proxmox Backup Server Test Subscription -1 year".into()),
}
);
Ok(()) Ok(())
} }
/// queries the up to date subscription status and parses the response /// queries the up to date subscription status and parses the response
pub fn check_subscription(key: String, server_id: String) -> Result<SubscriptionInfo, Error> { pub fn check_subscription(key: String, server_id: String) -> Result<SubscriptionInfo, Error> {
let now = proxmox_time::epoch_i64(); let now = proxmox_time::epoch_i64();
let (response, challenge) = proxmox_async::runtime::block_on(register_subscription(&key, &server_id, now)) let (response, challenge) =
.map_err(|err| format_err!("Error checking subscription: {}", err))?; proxmox_async::runtime::block_on(register_subscription(&key, &server_id, now))
.map_err(|err| format_err!("Error checking subscription: {}", err))?;
parse_register_response(&response, key, server_id, now, &challenge) parse_register_response(&response, key, server_id, now, &challenge)
.map_err(|err| format_err!("Error parsing subscription check response: {}", err)) .map_err(|err| format_err!("Error parsing subscription check response: {}", err))
@ -240,16 +255,27 @@ pub fn check_subscription(key: String, server_id: String) -> Result<Subscription
/// reads in subscription information and does a basic integrity verification /// reads in subscription information and does a basic integrity verification
pub fn read_subscription() -> Result<Option<SubscriptionInfo>, Error> { pub fn read_subscription() -> Result<Option<SubscriptionInfo>, Error> {
let cfg = proxmox_sys::fs::file_read_optional_string(&SUBSCRIPTION_FN)?; let cfg = proxmox_sys::fs::file_read_optional_string(&SUBSCRIPTION_FN)?;
let cfg = if let Some(cfg) = cfg { cfg } else { return Ok(None); }; let cfg = if let Some(cfg) = cfg {
cfg
} else {
return Ok(None);
};
let mut cfg = cfg.lines(); let mut cfg = cfg.lines();
// first line is key in plain // first line is key in plain
let _key = if let Some(key) = cfg.next() { key } else { return Ok(None) }; let _key = if let Some(key) = cfg.next() {
key
} else {
return Ok(None);
};
// second line is checksum of encoded data // second line is checksum of encoded data
let checksum = if let Some(csum) = cfg.next() { csum } else { return Ok(None) }; let checksum = if let Some(csum) = cfg.next() {
csum
} else {
return Ok(None);
};
let encoded: String = cfg.collect::<String>(); let encoded: String = cfg.collect::<String>();
let decoded = base64::decode(encoded.to_owned())?; let decoded = base64::decode(encoded.to_owned())?;
@ -257,11 +283,16 @@ pub fn read_subscription() -> Result<Option<SubscriptionInfo>, Error> {
let info: SubscriptionInfo = serde_json::from_str(decoded)?; let info: SubscriptionInfo = serde_json::from_str(decoded)?;
let new_checksum = format!("{}{}{}", info.checktime.unwrap_or(0), encoded, SHARED_KEY_DATA); let new_checksum = format!(
"{}{}{}",
info.checktime.unwrap_or(0),
encoded,
SHARED_KEY_DATA
);
let new_checksum = base64::encode(tools::md5sum(new_checksum.as_bytes())?); let new_checksum = base64::encode(tools::md5sum(new_checksum.as_bytes())?);
if checksum != new_checksum { if checksum != new_checksum {
return Ok(Some( SubscriptionInfo { return Ok(Some(SubscriptionInfo {
status: SubscriptionStatus::INVALID, status: SubscriptionStatus::INVALID,
message: Some("checksum mismatch".to_string()), message: Some("checksum mismatch".to_string()),
..info ..info
@ -269,15 +300,16 @@ pub fn read_subscription() -> Result<Option<SubscriptionInfo>, Error> {
} }
let age = proxmox_time::epoch_i64() - info.checktime.unwrap_or(0); let age = proxmox_time::epoch_i64() - info.checktime.unwrap_or(0);
if age < -5400 { // allow some delta for DST changes or time syncs, 1.5h if age < -5400 {
return Ok(Some( SubscriptionInfo { // allow some delta for DST changes or time syncs, 1.5h
return Ok(Some(SubscriptionInfo {
status: SubscriptionStatus::INVALID, status: SubscriptionStatus::INVALID,
message: Some("last check date too far in the future".to_string()), message: Some("last check date too far in the future".to_string()),
..info ..info
})); }));
} else if age > MAX_LOCAL_KEY_AGE + MAX_KEY_CHECK_FAILURE_AGE { } else if age > MAX_LOCAL_KEY_AGE + MAX_KEY_CHECK_FAILURE_AGE {
if let SubscriptionStatus::ACTIVE = info.status { if let SubscriptionStatus::ACTIVE = info.status {
return Ok(Some( SubscriptionInfo { return Ok(Some(SubscriptionInfo {
status: SubscriptionStatus::INVALID, status: SubscriptionStatus::INVALID,
message: Some("subscription information too old".to_string()), message: Some("subscription information too old".to_string()),
..info ..info
@ -299,7 +331,12 @@ pub fn write_subscription(info: SubscriptionInfo) -> Result<(), Error> {
format!("{}\n", info.key.unwrap()) format!("{}\n", info.key.unwrap())
} else { } else {
let encoded = base64::encode(serde_json::to_string(&info)?); let encoded = base64::encode(serde_json::to_string(&info)?);
let csum = format!("{}{}{}", info.checktime.unwrap_or(0), encoded, SHARED_KEY_DATA); let csum = format!(
"{}{}{}",
info.checktime.unwrap_or(0),
encoded,
SHARED_KEY_DATA
);
let csum = base64::encode(tools::md5sum(csum.as_bytes())?); let csum = base64::encode(tools::md5sum(csum.as_bytes())?);
format!("{}\n{}\n{}\n", info.key.unwrap(), csum, encoded) format!("{}\n{}\n{}\n", info.key.unwrap(), csum, encoded)
}; };
@ -334,13 +371,10 @@ pub fn update_apt_auth(key: Option<String>, password: Option<String>) -> Result<
(Some(key), Some(password)) => { (Some(key), Some(password)) => {
let conf = format!( let conf = format!(
"machine enterprise.proxmox.com/debian/pbs\n login {}\n password {}\n", "machine enterprise.proxmox.com/debian/pbs\n login {}\n password {}\n",
key, key, password,
password,
); );
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640); let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
let file_opts = CreateOptions::new() let file_opts = CreateOptions::new().perm(mode).owner(nix::unistd::ROOT);
.perm(mode)
.owner(nix::unistd::ROOT);
// we use a namespaced .conf file, so just overwrite.. // we use a namespaced .conf file, so just overwrite..
replace_file(auth_conf, conf.as_bytes(), file_opts, true) replace_file(auth_conf, conf.as_bytes(), file_opts, true)
@ -350,7 +384,8 @@ pub fn update_apt_auth(key: Option<String>, password: Option<String>) -> Result<
Ok(()) => Ok(()), Ok(()) => Ok(()),
Err(nix::Error::Sys(nix::errno::Errno::ENOENT)) => Ok(()), // ignore not existing Err(nix::Error::Sys(nix::errno::Errno::ENOENT)) => Ok(()), // ignore not existing
Err(err) => Err(err), Err(err) => Err(err),
}.map_err(|e| format_err!("Error clearing apt auth config - {}", e))?, }
.map_err(|e| format_err!("Error clearing apt auth config - {}", e))?,
} }
Ok(()) Ok(())
} }

38
src/tools/systemd/config.rs
View File

@ -8,7 +8,6 @@ use proxmox_section_config::{SectionConfig, SectionConfigData, SectionConfigPlug
use proxmox_sys::{fs::replace_file, fs::CreateOptions}; use proxmox_sys::{fs::replace_file, fs::CreateOptions};
lazy_static! { lazy_static! {
pub static ref SERVICE_CONFIG: SectionConfig = init_service(); pub static ref SERVICE_CONFIG: SectionConfig = init_service();
pub static ref TIMER_CONFIG: SectionConfig = init_timer(); pub static ref TIMER_CONFIG: SectionConfig = init_timer();
@ -16,25 +15,24 @@ lazy_static! {
} }
fn init_service() -> SectionConfig { fn init_service() -> SectionConfig {
let mut config = SectionConfig::with_systemd_syntax(&SYSTEMD_SECTION_NAME_SCHEMA); let mut config = SectionConfig::with_systemd_syntax(&SYSTEMD_SECTION_NAME_SCHEMA);
match SystemdUnitSection::API_SCHEMA { match SystemdUnitSection::API_SCHEMA {
Schema::Object(ref obj_schema) => { Schema::Object(ref obj_schema) => {
let plugin = SectionConfigPlugin::new("Unit".to_string(), None, obj_schema); let plugin = SectionConfigPlugin::new("Unit".to_string(), None, obj_schema);
config.register_plugin(plugin); config.register_plugin(plugin);
} }
_ => unreachable!(), _ => unreachable!(),
}; };
match SystemdInstallSection::API_SCHEMA { match SystemdInstallSection::API_SCHEMA {
Schema::Object(ref obj_schema) => { Schema::Object(ref obj_schema) => {
let plugin = SectionConfigPlugin::new("Install".to_string(), None, obj_schema); let plugin = SectionConfigPlugin::new("Install".to_string(), None, obj_schema);
config.register_plugin(plugin); config.register_plugin(plugin);
} }
_ => unreachable!(), _ => unreachable!(),
}; };
match SystemdServiceSection::API_SCHEMA { match SystemdServiceSection::API_SCHEMA {
Schema::Object(ref obj_schema) => { Schema::Object(ref obj_schema) => {
let plugin = SectionConfigPlugin::new("Service".to_string(), None, obj_schema); let plugin = SectionConfigPlugin::new("Service".to_string(), None, obj_schema);
config.register_plugin(plugin); config.register_plugin(plugin);
} }
@ -45,25 +43,24 @@ fn init_service() -> SectionConfig {
} }
fn init_timer() -> SectionConfig { fn init_timer() -> SectionConfig {
let mut config = SectionConfig::with_systemd_syntax(&SYSTEMD_SECTION_NAME_SCHEMA); let mut config = SectionConfig::with_systemd_syntax(&SYSTEMD_SECTION_NAME_SCHEMA);
match SystemdUnitSection::API_SCHEMA { match SystemdUnitSection::API_SCHEMA {
Schema::Object(ref obj_schema) => { Schema::Object(ref obj_schema) => {
let plugin = SectionConfigPlugin::new("Unit".to_string(), None, obj_schema); let plugin = SectionConfigPlugin::new("Unit".to_string(), None, obj_schema);
config.register_plugin(plugin); config.register_plugin(plugin);
} }
_ => unreachable!(), _ => unreachable!(),
}; };
match SystemdInstallSection::API_SCHEMA { match SystemdInstallSection::API_SCHEMA {
Schema::Object(ref obj_schema) => { Schema::Object(ref obj_schema) => {
let plugin = SectionConfigPlugin::new("Install".to_string(), None, obj_schema); let plugin = SectionConfigPlugin::new("Install".to_string(), None, obj_schema);
config.register_plugin(plugin); config.register_plugin(plugin);
} }
_ => unreachable!(), _ => unreachable!(),
}; };
match SystemdTimerSection::API_SCHEMA { match SystemdTimerSection::API_SCHEMA {
Schema::Object(ref obj_schema) => { Schema::Object(ref obj_schema) => {
let plugin = SectionConfigPlugin::new("Timer".to_string(), None, obj_schema); let plugin = SectionConfigPlugin::new("Timer".to_string(), None, obj_schema);
config.register_plugin(plugin); config.register_plugin(plugin);
} }
@ -74,25 +71,24 @@ fn init_timer() -> SectionConfig {
} }
fn init_mount() -> SectionConfig { fn init_mount() -> SectionConfig {
let mut config = SectionConfig::with_systemd_syntax(&SYSTEMD_SECTION_NAME_SCHEMA); let mut config = SectionConfig::with_systemd_syntax(&SYSTEMD_SECTION_NAME_SCHEMA);
match SystemdUnitSection::API_SCHEMA { match SystemdUnitSection::API_SCHEMA {
Schema::Object(ref obj_schema) => { Schema::Object(ref obj_schema) => {
let plugin = SectionConfigPlugin::new("Unit".to_string(), None, obj_schema); let plugin = SectionConfigPlugin::new("Unit".to_string(), None, obj_schema);
config.register_plugin(plugin); config.register_plugin(plugin);
} }
_ => unreachable!(), _ => unreachable!(),
}; };
match SystemdInstallSection::API_SCHEMA { match SystemdInstallSection::API_SCHEMA {
Schema::Object(ref obj_schema) => { Schema::Object(ref obj_schema) => {
let plugin = SectionConfigPlugin::new("Install".to_string(), None, obj_schema); let plugin = SectionConfigPlugin::new("Install".to_string(), None, obj_schema);
config.register_plugin(plugin); config.register_plugin(plugin);
} }
_ => unreachable!(), _ => unreachable!(),
}; };
match SystemdMountSection::API_SCHEMA { match SystemdMountSection::API_SCHEMA {
Schema::Object(ref obj_schema) => { Schema::Object(ref obj_schema) => {
let plugin = SectionConfigPlugin::new("Mount".to_string(), None, obj_schema); let plugin = SectionConfigPlugin::new("Mount".to_string(), None, obj_schema);
config.register_plugin(plugin); config.register_plugin(plugin);
} }
@ -102,8 +98,10 @@ fn init_mount() -> SectionConfig {
config config
} }
fn parse_systemd_config(config: &SectionConfig, filename: &str) -> Result<SectionConfigData, Error> { fn parse_systemd_config(
config: &SectionConfig,
filename: &str,
) -> Result<SectionConfigData, Error> {
let raw = proxmox_sys::fs::file_get_contents(filename)?; let raw = proxmox_sys::fs::file_get_contents(filename)?;
let input = String::from_utf8(raw)?; let input = String::from_utf8(raw)?;
@ -124,14 +122,16 @@ pub fn parse_systemd_mount(filename: &str) -> Result<SectionConfigData, Error> {
parse_systemd_config(&MOUNT_CONFIG, filename) parse_systemd_config(&MOUNT_CONFIG, filename)
} }
fn save_systemd_config(config: &SectionConfig, filename: &str, data: &SectionConfigData) -> Result<(), Error> { fn save_systemd_config(
config: &SectionConfig,
filename: &str,
data: &SectionConfigData,
) -> Result<(), Error> {
let raw = config.write(filename, data)?; let raw = config.write(filename, data)?;
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644); let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
// set the correct owner/group/permissions while saving file, owner(rw) = root // set the correct owner/group/permissions while saving file, owner(rw) = root
let options = CreateOptions::new() let options = CreateOptions::new().perm(mode).owner(nix::unistd::ROOT);
.perm(mode)
.owner(nix::unistd::ROOT);
replace_file(filename, raw.as_bytes(), options, true)?; replace_file(filename, raw.as_bytes(), options, true)?;

96
src/tools/systemd/types.rs
View File

@ -1,34 +1,30 @@
use serde::{Serialize, Deserialize}; use serde::{Deserialize, Serialize};
use proxmox_schema::*;
use pbs_api_types::SINGLE_LINE_COMMENT_FORMAT; use pbs_api_types::SINGLE_LINE_COMMENT_FORMAT;
use proxmox_schema::*;
pub const SYSTEMD_SECTION_NAME_SCHEMA: Schema = StringSchema::new( pub const SYSTEMD_SECTION_NAME_SCHEMA: Schema = StringSchema::new("Section name")
"Section name")
.format(&ApiStringFormat::Enum(&[ .format(&ApiStringFormat::Enum(&[
EnumEntry::new("Unit", "Unit"), EnumEntry::new("Unit", "Unit"),
EnumEntry::new("Timer", "Timer"), EnumEntry::new("Timer", "Timer"),
EnumEntry::new("Install", "Install"), EnumEntry::new("Install", "Install"),
EnumEntry::new("Mount", "Mount"), EnumEntry::new("Mount", "Mount"),
EnumEntry::new("Service", "Service")])) EnumEntry::new("Service", "Service"),
]))
.schema(); .schema();
pub const SYSTEMD_STRING_SCHEMA: Schema = pub const SYSTEMD_STRING_SCHEMA: Schema = StringSchema::new("Systemd configuration value.")
StringSchema::new("Systemd configuration value.")
.format(&SINGLE_LINE_COMMENT_FORMAT) .format(&SINGLE_LINE_COMMENT_FORMAT)
.schema(); .schema();
pub const SYSTEMD_STRING_ARRAY_SCHEMA: Schema = ArraySchema::new( pub const SYSTEMD_STRING_ARRAY_SCHEMA: Schema =
"Array of Strings", &SYSTEMD_STRING_SCHEMA) ArraySchema::new("Array of Strings", &SYSTEMD_STRING_SCHEMA).schema();
.schema();
pub const SYSTEMD_TIMESPAN_ARRAY_SCHEMA: Schema = ArraySchema::new( pub const SYSTEMD_TIMESPAN_ARRAY_SCHEMA: Schema =
"Array of time spans", &SYSTEMD_TIMESPAN_SCHEMA) ArraySchema::new("Array of time spans", &SYSTEMD_TIMESPAN_SCHEMA).schema();
.schema();
pub const SYSTEMD_CALENDAR_EVENT_ARRAY_SCHEMA: Schema = ArraySchema::new( pub const SYSTEMD_CALENDAR_EVENT_ARRAY_SCHEMA: Schema =
"Array of calendar events", &SYSTEMD_CALENDAR_EVENT_SCHEMA) ArraySchema::new("Array of calendar events", &SYSTEMD_CALENDAR_EVENT_SCHEMA).schema();
.schema();
#[api( #[api(
properties: { properties: {
@ -70,44 +66,44 @@ pub const SYSTEMD_CALENDAR_EVENT_ARRAY_SCHEMA: Schema = ArraySchema::new(
#[allow(non_snake_case)] #[allow(non_snake_case)]
/// Systemd Timer Section /// Systemd Timer Section
pub struct SystemdTimerSection { pub struct SystemdTimerSection {
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub OnCalendar: Option<Vec<String>>, pub OnCalendar: Option<Vec<String>>,
/// If true, the time when the service unit was last triggered is stored on disk. /// If true, the time when the service unit was last triggered is stored on disk.
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub Persistent: Option<bool>, pub Persistent: Option<bool>,
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub OnActiveSec: Option<Vec<String>>, pub OnActiveSec: Option<Vec<String>>,
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub OnBootSec: Option<Vec<String>>, pub OnBootSec: Option<Vec<String>>,
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub OnStartupSec: Option<Vec<String>>, pub OnStartupSec: Option<Vec<String>>,
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub OnUnitActiveSec: Option<Vec<String>>, pub OnUnitActiveSec: Option<Vec<String>>,
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub OnUnitInactiveSec: Option<Vec<String>>, pub OnUnitInactiveSec: Option<Vec<String>>,
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub RandomizedDelaySec: Option<String>, pub RandomizedDelaySec: Option<String>,
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub AccuracySec: Option<String>, pub AccuracySec: Option<String>,
/// Trigger when system clock jumps. /// Trigger when system clock jumps.
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub OnClockChange: Option<bool>, pub OnClockChange: Option<bool>,
/// Trigger when time zone changes. /// Trigger when time zone changes.
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub OnTimezomeChange: Option<bool>, pub OnTimezomeChange: Option<bool>,
/// The unit to activate when this timer elapses. /// The unit to activate when this timer elapses.
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub Unit: Option<String>, pub Unit: Option<String>,
/// If true, an elapsing timer will cause the system to resume from suspend. /// If true, an elapsing timer will cause the system to resume from suspend.
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub WakeSystem: Option<bool>, pub WakeSystem: Option<bool>,
/// If true, an elapsed timer will stay loaded, and its state remains queryable. /// If true, an elapsed timer will stay loaded, and its state remains queryable.
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub RemainAfterElapse: Option<bool>, pub RemainAfterElapse: Option<bool>,
} }
@ -128,9 +124,9 @@ pub struct SystemdTimerSection {
/// Systemd Service Section /// Systemd Service Section
pub struct SystemdServiceSection { pub struct SystemdServiceSection {
/// The process start-up type for this service unit. /// The process start-up type for this service unit.
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub Type: Option<ServiceStartup>, pub Type: Option<ServiceStartup>,
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub ExecStart: Option<Vec<String>>, pub ExecStart: Option<Vec<String>>,
} }
@ -142,7 +138,7 @@ pub struct SystemdUnitSection {
/// A human readable name for the unit. /// A human readable name for the unit.
pub Description: String, pub Description: String,
/// Check whether the system has AC power. /// Check whether the system has AC power.
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub ConditionACPower: Option<bool>, pub ConditionACPower: Option<bool>,
} }
@ -173,16 +169,16 @@ pub struct SystemdUnitSection {
#[allow(non_snake_case)] #[allow(non_snake_case)]
/// Systemd Install Section /// Systemd Install Section
pub struct SystemdInstallSection { pub struct SystemdInstallSection {
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub Alias: Option<Vec<String>>, pub Alias: Option<Vec<String>>,
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub Also: Option<Vec<String>>, pub Also: Option<Vec<String>>,
/// DefaultInstance for template unit. /// DefaultInstance for template unit.
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub DefaultInstance: Option<String>, pub DefaultInstance: Option<String>,
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub WantedBy: Option<Vec<String>>, pub WantedBy: Option<Vec<String>>,
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub RequiredBy: Option<Vec<String>>, pub RequiredBy: Option<Vec<String>>,
} }
@ -203,27 +199,27 @@ pub struct SystemdMountSection {
/// absolute path of a file or directory for the mount point /// absolute path of a file or directory for the mount point
pub Where: String, pub Where: String,
/// Takes a string for the file system type. See mount(8) for details. /// Takes a string for the file system type. See mount(8) for details.
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub Type: Option<String>, pub Type: Option<String>,
/// Mount options to use when mounting. This takes a comma-separated list of options. /// Mount options to use when mounting. This takes a comma-separated list of options.
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub Options: Option<String>, pub Options: Option<String>,
/// If true, parsing of the options specified in Options= is relaxed, and unknown mount options are tolerated. /// If true, parsing of the options specified in Options= is relaxed, and unknown mount options are tolerated.
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub SloppyOptions: Option<bool>, pub SloppyOptions: Option<bool>,
/// Use lazy unmount /// Use lazy unmount
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub LazyUnmount: Option<bool>, pub LazyUnmount: Option<bool>,
/// Use forces unmount /// Use forces unmount
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub ForceUnmount: Option<bool>, pub ForceUnmount: Option<bool>,
/// Directories of mount points (and any parent directories) are /// Directories of mount points (and any parent directories) are
/// automatically created if needed. Takes an access mode in octal /// automatically created if needed. Takes an access mode in octal
/// notation. Defaults to 0755. /// notation. Defaults to 0755.
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub DirectoryMode: Option<String>, pub DirectoryMode: Option<String>,
/// Configures the time to wait for the mount command to finish. /// Configures the time to wait for the mount command to finish.
#[serde(skip_serializing_if="Option::is_none")] #[serde(skip_serializing_if = "Option::is_none")]
pub TimeoutSec: Option<String>, pub TimeoutSec: Option<String>,
} }
@ -246,12 +242,12 @@ pub enum ServiceStartup {
Notify, Notify,
} }
pub const SYSTEMD_TIMESPAN_SCHEMA: Schema = StringSchema::new( pub const SYSTEMD_TIMESPAN_SCHEMA: Schema = StringSchema::new("systemd time span")
"systemd time span")
.format(&ApiStringFormat::VerifyFn(proxmox_time::verify_time_span)) .format(&ApiStringFormat::VerifyFn(proxmox_time::verify_time_span))
.schema(); .schema();
pub const SYSTEMD_CALENDAR_EVENT_SCHEMA: Schema = StringSchema::new( pub const SYSTEMD_CALENDAR_EVENT_SCHEMA: Schema = StringSchema::new("systemd calendar event")
"systemd calendar event") .format(&ApiStringFormat::VerifyFn(
.format(&ApiStringFormat::VerifyFn(proxmox_time::verify_calendar_event)) proxmox_time::verify_calendar_event,
))
.schema(); .schema();

8
src/tools/systemd/unit.rs
View File

@ -20,7 +20,9 @@ fn run_command(mut command: Command) -> Result<(), Error> {
m m
} }
}) })
.unwrap_or_else(|_| String::from("non utf8 error message (suppressed)")); .unwrap_or_else(|_| {
String::from("non utf8 error message (suppressed)")
});
bail!("status code: {} - {}", code, msg); bail!("status code: {} - {}", code, msg);
} }
@ -29,7 +31,8 @@ fn run_command(mut command: Command) -> Result<(), Error> {
} }
} }
Ok(()) Ok(())
}).map_err(|err| format_err!("command {:?} failed - {}", command, err))?; })
.map_err(|err| format_err!("command {:?} failed - {}", command, err))?;
Ok(()) Ok(())
} }
@ -96,7 +99,6 @@ pub fn reload_unit(unit: &str) -> Result<(), Error> {
#[test] #[test]
fn test_escape_unit() -> Result<(), Error> { fn test_escape_unit() -> Result<(), Error> {
fn test_escape(i: &str, expected: &str, is_path: bool) { fn test_escape(i: &str, expected: &str, is_path: bool) {
use proxmox_sys::systemd::{escape_unit, unescape_unit}; use proxmox_sys::systemd::{escape_unit, unescape_unit};
let escaped = escape_unit(i, is_path); let escaped = escape_unit(i, is_path);

180
src/traffic_control_cache.rs
View File

@ -1,15 +1,15 @@
//! Traffic control implementation //! Traffic control implementation
use std::sync::{Arc, Mutex};
use std::collections::HashMap; use std::collections::HashMap;
use std::net::{IpAddr, Ipv4Addr, SocketAddr};
use std::time::Instant;
use std::convert::TryInto; use std::convert::TryInto;
use std::net::{IpAddr, Ipv4Addr, SocketAddr};
use std::sync::{Arc, Mutex};
use std::time::Instant;
use anyhow::Error; use anyhow::Error;
use cidr::IpInet; use cidr::IpInet;
use proxmox_http::client::{ShareableRateLimit, RateLimiter}; use proxmox_http::client::{RateLimiter, ShareableRateLimit};
use proxmox_section_config::SectionConfigData; use proxmox_section_config::SectionConfigData;
use proxmox_time::{parse_daily_duration, DailyDuration, TmEditor}; use proxmox_time::{parse_daily_duration, DailyDuration, TmEditor};
@ -20,15 +20,15 @@ use pbs_config::ConfigVersionCache;
use crate::tools::SharedRateLimiter; use crate::tools::SharedRateLimiter;
lazy_static::lazy_static!{ lazy_static::lazy_static! {
/// Shared traffic control cache singleton. /// Shared traffic control cache singleton.
pub static ref TRAFFIC_CONTROL_CACHE: Arc<Mutex<TrafficControlCache>> = pub static ref TRAFFIC_CONTROL_CACHE: Arc<Mutex<TrafficControlCache>> =
Arc::new(Mutex::new(TrafficControlCache::new())); Arc::new(Mutex::new(TrafficControlCache::new()));
} }
struct ParsedTcRule { struct ParsedTcRule {
config: TrafficControlRule, // original rule config config: TrafficControlRule, // original rule config
networks: Vec<IpInet>, // parsed networks networks: Vec<IpInet>, // parsed networks
timeframe: Vec<DailyDuration>, // parsed timeframe timeframe: Vec<DailyDuration>, // parsed timeframe
} }
@ -54,16 +54,20 @@ pub struct TrafficControlCache {
last_update: i64, last_update: i64,
last_traffic_control_generation: usize, last_traffic_control_generation: usize,
rules: Vec<ParsedTcRule>, rules: Vec<ParsedTcRule>,
limiter_map: HashMap<String, (Option<Arc<dyn ShareableRateLimit>>, Option<Arc<dyn ShareableRateLimit>>)>, limiter_map: HashMap<
String,
(
Option<Arc<dyn ShareableRateLimit>>,
Option<Arc<dyn ShareableRateLimit>>,
),
>,
use_utc: bool, // currently only used for testing use_utc: bool, // currently only used for testing
} }
fn timeframe_match( fn timeframe_match(duration_list: &[DailyDuration], now: &TmEditor) -> bool {
duration_list: &[DailyDuration], if duration_list.is_empty() {
now: &TmEditor, return true;
) -> bool { }
if duration_list.is_empty() { return true; }
for duration in duration_list.iter() { for duration in duration_list.iter() {
if duration.time_match_with_tm_editor(now) { if duration.time_match_with_tm_editor(now) {
@ -74,11 +78,7 @@ fn timeframe_match(
false false
} }
fn network_match_len( fn network_match_len(networks: &[IpInet], ip: &IpAddr) -> Option<u8> {
networks: &[IpInet],
ip: &IpAddr,
) -> Option<u8> {
let mut match_len = None; let mut match_len = None;
for cidr in networks.iter() { for cidr in networks.iter() {
@ -101,14 +101,12 @@ fn cannonical_ip(ip: IpAddr) -> IpAddr {
// TODO: use std::net::IpAddr::to_cananical once stable // TODO: use std::net::IpAddr::to_cananical once stable
match ip { match ip {
IpAddr::V4(addr) => IpAddr::V4(addr), IpAddr::V4(addr) => IpAddr::V4(addr),
IpAddr::V6(addr) => { IpAddr::V6(addr) => match addr.octets() {
match addr.octets() { [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff, a, b, c, d] => {
[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff, a, b, c, d] => { IpAddr::V4(Ipv4Addr::new(a, b, c, d))
IpAddr::V4(Ipv4Addr::new(a, b, c, d))
}
_ => IpAddr::V6(addr),
} }
} _ => IpAddr::V6(addr),
},
} }
} }
@ -127,7 +125,6 @@ fn create_limiter(
} }
impl TrafficControlCache { impl TrafficControlCache {
fn new() -> Self { fn new() -> Self {
Self { Self {
use_shared_memory: true, use_shared_memory: true,
@ -150,16 +147,22 @@ impl TrafficControlCache {
let version_cache = match ConfigVersionCache::new() { let version_cache = match ConfigVersionCache::new() {
Ok(cache) => cache, Ok(cache) => cache,
Err(err) => { Err(err) => {
log::error!("TrafficControlCache::reload failed in ConfigVersionCache::new: {}", err); log::error!(
"TrafficControlCache::reload failed in ConfigVersionCache::new: {}",
err
);
return; return;
} }
}; };
let traffic_control_generation = version_cache.traffic_control_generation(); let traffic_control_generation = version_cache.traffic_control_generation();
if (self.last_update != 0) && if (self.last_update != 0)
(traffic_control_generation == self.last_traffic_control_generation) && && (traffic_control_generation == self.last_traffic_control_generation)
((now - self.last_update) < 60) { return; } && ((now - self.last_update) < 60)
{
return;
}
log::debug!("reload traffic control rules"); log::debug!("reload traffic control rules");
@ -184,9 +187,10 @@ impl TrafficControlCache {
/// ///
/// This should be called every second (from `proxmox-backup-proxy`). /// This should be called every second (from `proxmox-backup-proxy`).
pub fn compute_current_rates(&mut self) { pub fn compute_current_rates(&mut self) {
let elapsed = self.last_rate_compute.elapsed().as_micros(); let elapsed = self.last_rate_compute.elapsed().as_micros();
if elapsed < 200_000 { return } // not enough data if elapsed < 200_000 {
return;
} // not enough data
let mut new_rate_map = HashMap::new(); let mut new_rate_map = HashMap::new();
@ -228,30 +232,30 @@ impl TrafficControlCache {
} }
fn update_config(&mut self, config: &SectionConfigData) -> Result<(), Error> { fn update_config(&mut self, config: &SectionConfigData) -> Result<(), Error> {
self.limiter_map.retain(|key, _value| config.sections.contains_key(key)); self.limiter_map
.retain(|key, _value| config.sections.contains_key(key));
let rules: Vec<TrafficControlRule> = let rules: Vec<TrafficControlRule> = config.convert_to_typed_array("rule")?;
config.convert_to_typed_array("rule")?;
let mut active_rules = Vec::new(); let mut active_rules = Vec::new();
for rule in rules { for rule in rules {
let entry = self
let entry = self.limiter_map.entry(rule.name.clone()).or_insert((None, None)); .limiter_map
.entry(rule.name.clone())
.or_insert((None, None));
let limit = &rule.limit; let limit = &rule.limit;
match entry.0 { match entry.0 {
Some(ref read_limiter) => { Some(ref read_limiter) => match limit.rate_in {
match limit.rate_in { Some(rate_in) => {
Some(rate_in) => { read_limiter.update_rate(
read_limiter.update_rate( rate_in.as_u64(),
rate_in.as_u64(), limit.burst_in.unwrap_or(rate_in).as_u64(),
limit.burst_in.unwrap_or(rate_in).as_u64(), );
);
}
None => entry.0 = None,
} }
} None => entry.0 = None,
},
None => { None => {
if let Some(rate_in) = limit.rate_in { if let Some(rate_in) = limit.rate_in {
let name = format!("{}.in", rule.name); let name = format!("{}.in", rule.name);
@ -267,17 +271,15 @@ impl TrafficControlCache {
} }
match entry.1 { match entry.1 {
Some(ref write_limiter) => { Some(ref write_limiter) => match limit.rate_out {
match limit.rate_out { Some(rate_out) => {
Some(rate_out) => { write_limiter.update_rate(
write_limiter.update_rate( rate_out.as_u64(),
rate_out.as_u64(), limit.burst_out.unwrap_or(rate_out).as_u64(),
limit.burst_out.unwrap_or(rate_out).as_u64(), );
);
}
None => entry.1 = None,
} }
} None => entry.1 = None,
},
None => { None => {
if let Some(rate_out) = limit.rate_out { if let Some(rate_out) = limit.rate_out {
let name = format!("{}.out", rule.name); let name = format!("{}.out", rule.name);
@ -314,7 +316,11 @@ impl TrafficControlCache {
networks.push(cidr); networks.push(cidr);
} }
active_rules.push(ParsedTcRule { config: rule, networks, timeframe }); active_rules.push(ParsedTcRule {
config: rule,
networks,
timeframe,
});
} }
self.rules = active_rules; self.rules = active_rules;
@ -333,8 +339,11 @@ impl TrafficControlCache {
&self, &self,
peer: SocketAddr, peer: SocketAddr,
now: i64, now: i64,
) -> (&str, Option<Arc<dyn ShareableRateLimit>>, Option<Arc<dyn ShareableRateLimit>>) { ) -> (
&str,
Option<Arc<dyn ShareableRateLimit>>,
Option<Arc<dyn ShareableRateLimit>>,
) {
let peer_ip = cannonical_ip(peer.ip()); let peer_ip = cannonical_ip(peer.ip());
log::debug!("lookup_rate_limiter: {:?}", peer_ip); log::debug!("lookup_rate_limiter: {:?}", peer_ip);
@ -350,7 +359,9 @@ impl TrafficControlCache {
let mut last_rule_match = None; let mut last_rule_match = None;
for rule in self.rules.iter() { for rule in self.rules.iter() {
if !timeframe_match(&rule.timeframe, &now) { continue; } if !timeframe_match(&rule.timeframe, &now) {
continue;
}
if let Some(match_len) = network_match_len(&rule.networks, &peer_ip) { if let Some(match_len) = network_match_len(&rule.networks, &peer_ip) {
match last_rule_match { match last_rule_match {
@ -367,9 +378,11 @@ impl TrafficControlCache {
match last_rule_match { match last_rule_match {
Some((rule, _)) => { Some((rule, _)) => {
match self.limiter_map.get(&rule.config.name) { match self.limiter_map.get(&rule.config.name) {
Some((read_limiter, write_limiter)) => { Some((read_limiter, write_limiter)) => (
(&rule.config.name, read_limiter.clone(), write_limiter.clone()) &rule.config.name,
} read_limiter.clone(),
write_limiter.clone(),
),
None => ("", None, None), // should never happen None => ("", None, None), // should never happen
} }
} }
@ -378,23 +391,27 @@ impl TrafficControlCache {
} }
} }
#[cfg(test)] #[cfg(test)]
mod test { mod test {
use super::*; use super::*;
const fn make_test_time(mday: i32, hour: i32, min: i32) -> i64 { const fn make_test_time(mday: i32, hour: i32, min: i32) -> i64 {
(mday*3600*24 + hour*3600 + min*60) as i64 (mday * 3600 * 24 + hour * 3600 + min * 60) as i64
} }
#[test] #[test]
fn testnetwork_match() -> Result<(), Error> { fn testnetwork_match() -> Result<(), Error> {
let networks = ["192.168.2.1/24", "127.0.0.0/8"]; let networks = ["192.168.2.1/24", "127.0.0.0/8"];
let networks: Vec<IpInet> = networks.iter().map(|n| n.parse().unwrap()).collect(); let networks: Vec<IpInet> = networks.iter().map(|n| n.parse().unwrap()).collect();
assert_eq!(network_match_len(&networks, &"192.168.2.1".parse()?), Some(24)); assert_eq!(
assert_eq!(network_match_len(&networks, &"192.168.2.254".parse()?), Some(24)); network_match_len(&networks, &"192.168.2.1".parse()?),
Some(24)
);
assert_eq!(
network_match_len(&networks, &"192.168.2.254".parse()?),
Some(24)
);
assert_eq!(network_match_len(&networks, &"192.168.3.1".parse()?), None); assert_eq!(network_match_len(&networks, &"192.168.3.1".parse()?), None);
assert_eq!(network_match_len(&networks, &"127.1.1.0".parse()?), Some(8)); assert_eq!(network_match_len(&networks, &"127.1.1.0".parse()?), Some(8));
assert_eq!(network_match_len(&networks, &"128.1.1.0".parse()?), None); assert_eq!(network_match_len(&networks, &"128.1.1.0".parse()?), None);
@ -402,14 +419,16 @@ mod test {
let networks = ["0.0.0.0/0"]; let networks = ["0.0.0.0/0"];
let networks: Vec<IpInet> = networks.iter().map(|n| n.parse().unwrap()).collect(); let networks: Vec<IpInet> = networks.iter().map(|n| n.parse().unwrap()).collect();
assert_eq!(network_match_len(&networks, &"127.1.1.0".parse()?), Some(0)); assert_eq!(network_match_len(&networks, &"127.1.1.0".parse()?), Some(0));
assert_eq!(network_match_len(&networks, &"192.168.2.1".parse()?), Some(0)); assert_eq!(
network_match_len(&networks, &"192.168.2.1".parse()?),
Some(0)
);
Ok(()) Ok(())
} }
#[test] #[test]
fn test_rule_match() -> Result<(), Error> { fn test_rule_match() -> Result<(), Error> {
let config_data = " let config_data = "
rule: rule1 rule: rule1
comment my test rule comment my test rule
@ -448,32 +467,35 @@ rule: somewhere
let private = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(192, 168, 2, 35)), 1234); let private = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(192, 168, 2, 35)), 1234);
let somewhere = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(1, 2, 3, 4)), 1234); let somewhere = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(1, 2, 3, 4)), 1234);
let (rule, read_limiter, write_limiter) = cache.lookup_rate_limiter(somewhere, THURSDAY_80_00); let (rule, read_limiter, write_limiter) =
cache.lookup_rate_limiter(somewhere, THURSDAY_80_00);
assert_eq!(rule, "somewhere"); assert_eq!(rule, "somewhere");
assert!(read_limiter.is_some()); assert!(read_limiter.is_some());
assert!(write_limiter.is_some()); assert!(write_limiter.is_some());
let (rule, read_limiter, write_limiter) = cache.lookup_rate_limiter(local, THURSDAY_19_00); let (rule, read_limiter, write_limiter) = cache.lookup_rate_limiter(local, THURSDAY_19_00);
assert_eq!(rule, "rule2"); assert_eq!(rule, "rule2");
assert!(read_limiter.is_some()); assert!(read_limiter.is_some());
assert!(write_limiter.is_some()); assert!(write_limiter.is_some());
let (rule, read_limiter, write_limiter) = cache.lookup_rate_limiter(gateway, THURSDAY_15_00); let (rule, read_limiter, write_limiter) =
cache.lookup_rate_limiter(gateway, THURSDAY_15_00);
assert_eq!(rule, "rule1"); assert_eq!(rule, "rule1");
assert!(read_limiter.is_some()); assert!(read_limiter.is_some());
assert!(write_limiter.is_some()); assert!(write_limiter.is_some());
let (rule, read_limiter, write_limiter) = cache.lookup_rate_limiter(gateway, THURSDAY_19_00); let (rule, read_limiter, write_limiter) =
cache.lookup_rate_limiter(gateway, THURSDAY_19_00);
assert_eq!(rule, "somewhere"); assert_eq!(rule, "somewhere");
assert!(read_limiter.is_some()); assert!(read_limiter.is_some());
assert!(write_limiter.is_some()); assert!(write_limiter.is_some());
let (rule, read_limiter, write_limiter) = cache.lookup_rate_limiter(private, THURSDAY_19_00); let (rule, read_limiter, write_limiter) =
cache.lookup_rate_limiter(private, THURSDAY_19_00);
assert_eq!(rule, "rule2"); assert_eq!(rule, "rule2");
assert!(read_limiter.is_some()); assert!(read_limiter.is_some());
assert!(write_limiter.is_some()); assert!(write_limiter.is_some());
Ok(()) Ok(())
} }
} }