rest server: return UserInformation from ApiAuth::check_auth
This need impl UserInformation for Arc<CachedUserInfo> which is implemented with proxmox 0.13.2 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
parent
7fa9a37c7c
commit
98b7d58b94
@ -3,6 +3,7 @@ use std::os::unix::io::RawFd;
|
||||
use anyhow::{bail, format_err, Error};
|
||||
|
||||
use proxmox::tools::fd::Fd;
|
||||
use proxmox::api::UserInformation;
|
||||
|
||||
mod compression;
|
||||
pub use compression::*;
|
||||
@ -41,7 +42,7 @@ pub trait ApiAuth {
|
||||
&self,
|
||||
headers: &http::HeaderMap,
|
||||
method: &hyper::Method,
|
||||
) -> Result<String, AuthError>;
|
||||
) -> Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>;
|
||||
}
|
||||
|
||||
static mut SHUTDOWN_REQUESTED: bool = false;
|
||||
|
@ -4,10 +4,22 @@ use std::io::prelude::*;
|
||||
|
||||
use anyhow::{bail, format_err, Error};
|
||||
|
||||
use proxmox::api::UserInformation;
|
||||
|
||||
use proxmox_rest_server::{ApiAuth, AuthError};
|
||||
|
||||
const TICKET_FILE: &str = "/ticket";
|
||||
|
||||
struct SimpleUserInformation {}
|
||||
|
||||
impl UserInformation for SimpleUserInformation {
|
||||
fn is_superuser(&self, userid: &str) -> bool {
|
||||
userid == "root@pam"
|
||||
}
|
||||
fn is_group_member(&self, _userid: &str, _group: &str) -> bool { false }
|
||||
fn lookup_privs(&self, _userid: &str, _path: &[&str]) -> u64 { 0 }
|
||||
}
|
||||
|
||||
pub struct StaticAuth {
|
||||
ticket: String,
|
||||
}
|
||||
@ -17,10 +29,10 @@ impl ApiAuth for StaticAuth {
|
||||
&self,
|
||||
headers: &http::HeaderMap,
|
||||
_method: &hyper::Method,
|
||||
) -> Result<String, AuthError> {
|
||||
) -> Result<(String, Box<dyn UserInformation + Send + Sync>), AuthError> {
|
||||
match headers.get(hyper::header::AUTHORIZATION) {
|
||||
Some(header) if header.to_str().unwrap_or("") == &self.ticket => {
|
||||
Ok(String::from("root@pam"))
|
||||
Ok((String::from("root@pam"), Box::new(SimpleUserInformation {})))
|
||||
}
|
||||
_ => {
|
||||
return Err(AuthError::Generic(format_err!(
|
||||
|
@ -3,6 +3,8 @@ use anyhow::format_err;
|
||||
|
||||
use std::sync::Arc;
|
||||
|
||||
use proxmox::api::UserInformation;
|
||||
|
||||
use pbs_tools::ticket::{self, Ticket};
|
||||
use pbs_config::{token_shadow, CachedUserInfo};
|
||||
use pbs_api_types::{Authid, Userid};
|
||||
@ -56,11 +58,12 @@ impl UserApiAuth {
|
||||
}
|
||||
|
||||
impl ApiAuth for UserApiAuth {
|
||||
|
||||
fn check_auth(
|
||||
&self,
|
||||
headers: &http::HeaderMap,
|
||||
method: &hyper::Method,
|
||||
) -> Result<String, AuthError> {
|
||||
) -> Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError> {
|
||||
|
||||
let user_info = CachedUserInfo::new()?;
|
||||
|
||||
@ -93,7 +96,7 @@ impl ApiAuth for UserApiAuth {
|
||||
}
|
||||
}
|
||||
|
||||
Ok(auth_id.to_string())
|
||||
Ok((auth_id.to_string(), Box::new(user_info)))
|
||||
}
|
||||
Some(AuthData::ApiToken(api_token)) => {
|
||||
let mut parts = api_token.splitn(2, ':');
|
||||
@ -115,7 +118,7 @@ impl ApiAuth for UserApiAuth {
|
||||
|
||||
token_shadow::verify_secret(&tokenid, &tokensecret)?;
|
||||
|
||||
Ok(tokenid.to_string())
|
||||
Ok((tokenid.to_string(), Box::new(user_info)))
|
||||
}
|
||||
None => Err(AuthError::NoData),
|
||||
}
|
||||
|
@ -26,7 +26,7 @@ use proxmox::api::schema::{
|
||||
};
|
||||
use proxmox::api::{
|
||||
check_api_permission, ApiHandler, ApiMethod, HttpError, Permission, RpcEnvironment,
|
||||
RpcEnvironmentType,
|
||||
RpcEnvironmentType, UserInformation,
|
||||
};
|
||||
use proxmox::http_err;
|
||||
use proxmox::tools::fs::CreateOptions;
|
||||
@ -40,12 +40,18 @@ use proxmox_rest_server::{
|
||||
};
|
||||
use proxmox_rest_server::formatter::*;
|
||||
|
||||
use pbs_config::CachedUserInfo;
|
||||
|
||||
extern "C" {
|
||||
fn tzset();
|
||||
}
|
||||
|
||||
struct EmptyUserInformation {}
|
||||
|
||||
impl UserInformation for EmptyUserInformation {
|
||||
fn is_superuser(&self, _userid: &str) -> bool { false }
|
||||
fn is_group_member(&self, _userid: &str, _group: &str) -> bool { false }
|
||||
fn lookup_privs(&self, _userid: &str, _path: &[&str]) -> u64 { 0 }
|
||||
}
|
||||
|
||||
pub struct RestServer {
|
||||
pub api_config: Arc<ApiConfig>,
|
||||
}
|
||||
@ -652,9 +658,14 @@ async fn handle_request(
|
||||
}
|
||||
}
|
||||
|
||||
let mut user_info: Box<dyn UserInformation + Send + Sync> = Box::new(EmptyUserInformation {});
|
||||
|
||||
if auth_required {
|
||||
match auth.check_auth(&parts.headers, &method) {
|
||||
Ok(authid) => rpcenv.set_auth_id(Some(authid)),
|
||||
Ok((authid, info)) => {
|
||||
rpcenv.set_auth_id(Some(authid));
|
||||
user_info = info;
|
||||
}
|
||||
Err(auth_err) => {
|
||||
let err = match auth_err {
|
||||
AuthError::Generic(err) => err,
|
||||
@ -683,7 +694,7 @@ async fn handle_request(
|
||||
}
|
||||
Some(api_method) => {
|
||||
let auth_id = rpcenv.get_auth_id();
|
||||
let user_info = CachedUserInfo::new()?;
|
||||
let user_info = user_info;
|
||||
|
||||
if !check_api_permission(
|
||||
api_method.access.permission,
|
||||
@ -727,7 +738,7 @@ async fn handle_request(
|
||||
if comp_len == 0 {
|
||||
let language = extract_lang_header(&parts.headers);
|
||||
match auth.check_auth(&parts.headers, &method) {
|
||||
Ok(auth_id) => {
|
||||
Ok((auth_id, _user_info)) => {
|
||||
return Ok(api.get_index(Some(auth_id), language, parts));
|
||||
}
|
||||
Err(AuthError::Generic(_)) => {
|
||||
|
Loading…
Reference in New Issue
Block a user