api2/access: implement term ticket

modeled after pves/pmgs vncticket (i substituted the vnc with term) by putting the path and username as secret data in the ticket when sending the ticket to /access/ticket it only verifies it, checks the privs on the path and does not generate a new ticket Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-07-21 11:10:37 +02:00
parent 2ab5acac5a
commit a4d1675513
2 changed files with 101 additions and 10 deletions
--- a/src/tools/ticket.rs
+++ b/src/tools/ticket.rs
@ -11,6 +11,38 @@ use crate::tools::epoch_now_u64;

 pub const TICKET_LIFETIME: i64 = 3600*2; // 2 hours

+const TERM_PREFIX: &str = "PBSTERM";
+
+pub fn assemble_term_ticket(
+    keypair: &PKey<Private>,
+    username: &str,
+    path: &str,
+    port: u16,
+) -> Result<String, Error> {
+    assemble_rsa_ticket(
+        keypair,
+        TERM_PREFIX,
+        None,
+        Some(&format!("{}{}{}", username, path, port)),
+    )
+}
+
+pub fn verify_term_ticket(
+    keypair: &PKey<Public>,
+    username: &str,
+    path: &str,
+    port: u16,
+    ticket: &str,
+) -> Result<(i64, Option<String>), Error> {
+    verify_rsa_ticket(
+        keypair,
+        TERM_PREFIX,
+        ticket,
+        Some(&format!("{}{}{}", username, path, port)),
+        -300,
+        TICKET_LIFETIME,
+    )
+}

 pub fn assemble_rsa_ticket(
    keypair: &PKey<Private>,