load auth keys on startup
This commit is contained in:
parent
6c30068ebf
commit
d01e2420f7
|
@ -1,8 +1,11 @@
|
||||||
use crate::tools;
|
use crate::tools;
|
||||||
|
|
||||||
use failure::*;
|
use failure::*;
|
||||||
|
use lazy_static::lazy_static;
|
||||||
|
|
||||||
use openssl::rsa::{Rsa};
|
use openssl::rsa::{Rsa};
|
||||||
|
use openssl::pkey::{PKey, Public, Private};
|
||||||
|
|
||||||
use std::path::PathBuf;
|
use std::path::PathBuf;
|
||||||
|
|
||||||
pub fn generate_csrf_key() -> Result<(), Error> {
|
pub fn generate_csrf_key() -> Result<(), Error> {
|
||||||
|
@ -50,3 +53,49 @@ pub fn generate_auth_key() -> Result<(), Error> {
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn csrf_secret() -> &'static [u8] {
|
||||||
|
|
||||||
|
lazy_static! {
|
||||||
|
static ref SECRET: Vec<u8> =
|
||||||
|
tools::file_get_contents("/etc/proxmox-backup/csrf.key").unwrap();
|
||||||
|
}
|
||||||
|
|
||||||
|
&SECRET
|
||||||
|
}
|
||||||
|
|
||||||
|
fn load_private_auth_key() -> Result<PKey<Private>, Error> {
|
||||||
|
|
||||||
|
let pem = tools::file_get_contents("/etc/proxmox-backup/authkey.key")?;
|
||||||
|
let rsa = Rsa::private_key_from_pem(&pem)?;
|
||||||
|
let key = PKey::from_rsa(rsa)?;
|
||||||
|
|
||||||
|
Ok(key)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn private_auth_key() -> &'static PKey<Private> {
|
||||||
|
|
||||||
|
lazy_static! {
|
||||||
|
static ref KEY: PKey<Private> = load_private_auth_key().unwrap();
|
||||||
|
}
|
||||||
|
|
||||||
|
&KEY
|
||||||
|
}
|
||||||
|
|
||||||
|
fn load_public_auth_key() -> Result<PKey<Public>, Error> {
|
||||||
|
|
||||||
|
let pem = tools::file_get_contents("/etc/proxmox-backup/authkey.pub")?;
|
||||||
|
let rsa = Rsa::public_key_from_pem(&pem)?;
|
||||||
|
let key = PKey::from_rsa(rsa)?;
|
||||||
|
|
||||||
|
Ok(key)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn public_auth_key() -> &'static PKey<Public> {
|
||||||
|
|
||||||
|
lazy_static! {
|
||||||
|
static ref KEY: PKey<Public> = load_public_auth_key().unwrap();
|
||||||
|
}
|
||||||
|
|
||||||
|
&KEY
|
||||||
|
}
|
||||||
|
|
|
@ -2,7 +2,7 @@ extern crate proxmox_backup;
|
||||||
|
|
||||||
use std::sync::Arc;
|
use std::sync::Arc;
|
||||||
|
|
||||||
use proxmox_backup::tools;
|
//use proxmox_backup::tools;
|
||||||
use proxmox_backup::api::schema::*;
|
use proxmox_backup::api::schema::*;
|
||||||
use proxmox_backup::api::router::*;
|
use proxmox_backup::api::router::*;
|
||||||
use proxmox_backup::api::config::*;
|
use proxmox_backup::api::config::*;
|
||||||
|
@ -30,11 +30,13 @@ fn main() {
|
||||||
eprintln!("unable to generate auth key: {}", err);
|
eprintln!("unable to generate auth key: {}", err);
|
||||||
std::process::exit(-1);
|
std::process::exit(-1);
|
||||||
}
|
}
|
||||||
|
let _ = private_auth_key(); // load with lazy_static
|
||||||
|
|
||||||
if let Err(err) = generate_csrf_key() {
|
if let Err(err) = generate_csrf_key() {
|
||||||
eprintln!("unable to generate csrf key: {}", err);
|
eprintln!("unable to generate csrf key: {}", err);
|
||||||
std::process::exit(-1);
|
std::process::exit(-1);
|
||||||
}
|
}
|
||||||
|
let _ = csrf_secret(); // load with lazy_static
|
||||||
|
|
||||||
let command : Arc<Schema> = StringSchema::new("Command.")
|
let command : Arc<Schema> = StringSchema::new("Command.")
|
||||||
.format(Arc::new(ApiStringFormat::Enum(vec![
|
.format(Arc::new(ApiStringFormat::Enum(vec![
|
||||||
|
|
|
@ -7,6 +7,7 @@ use proxmox_backup::api::router::*;
|
||||||
use proxmox_backup::api::config::*;
|
use proxmox_backup::api::config::*;
|
||||||
use proxmox_backup::server::rest::*;
|
use proxmox_backup::server::rest::*;
|
||||||
use proxmox_backup::getopts;
|
use proxmox_backup::getopts;
|
||||||
|
use proxmox_backup::auth_helpers::*;
|
||||||
|
|
||||||
//use failure::*;
|
//use failure::*;
|
||||||
use lazy_static::lazy_static;
|
use lazy_static::lazy_static;
|
||||||
|
@ -25,6 +26,9 @@ fn main() {
|
||||||
std::process::exit(-1);
|
std::process::exit(-1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let _ = public_auth_key(); // load with lazy_static
|
||||||
|
let _ = csrf_secret(); // load with lazy_static
|
||||||
|
|
||||||
let command : Arc<Schema> = StringSchema::new("Command.")
|
let command : Arc<Schema> = StringSchema::new("Command.")
|
||||||
.format(Arc::new(ApiStringFormat::Enum(vec![
|
.format(Arc::new(ApiStringFormat::Enum(vec![
|
||||||
"start".into(),
|
"start".into(),
|
||||||
|
|
Loading…
Reference in New Issue