load auth keys on startup

This commit is contained in:
Dietmar Maurer 2019-01-29 17:21:58 +01:00
parent 6c30068ebf
commit d01e2420f7
3 changed files with 56 additions and 1 deletions

View File

@ -1,8 +1,11 @@
use crate::tools; use crate::tools;
use failure::*; use failure::*;
use lazy_static::lazy_static;
use openssl::rsa::{Rsa}; use openssl::rsa::{Rsa};
use openssl::pkey::{PKey, Public, Private};
use std::path::PathBuf; use std::path::PathBuf;
pub fn generate_csrf_key() -> Result<(), Error> { pub fn generate_csrf_key() -> Result<(), Error> {
@ -50,3 +53,49 @@ pub fn generate_auth_key() -> Result<(), Error> {
Ok(()) Ok(())
} }
pub fn csrf_secret() -> &'static [u8] {
lazy_static! {
static ref SECRET: Vec<u8> =
tools::file_get_contents("/etc/proxmox-backup/csrf.key").unwrap();
}
&SECRET
}
fn load_private_auth_key() -> Result<PKey<Private>, Error> {
let pem = tools::file_get_contents("/etc/proxmox-backup/authkey.key")?;
let rsa = Rsa::private_key_from_pem(&pem)?;
let key = PKey::from_rsa(rsa)?;
Ok(key)
}
pub fn private_auth_key() -> &'static PKey<Private> {
lazy_static! {
static ref KEY: PKey<Private> = load_private_auth_key().unwrap();
}
&KEY
}
fn load_public_auth_key() -> Result<PKey<Public>, Error> {
let pem = tools::file_get_contents("/etc/proxmox-backup/authkey.pub")?;
let rsa = Rsa::public_key_from_pem(&pem)?;
let key = PKey::from_rsa(rsa)?;
Ok(key)
}
pub fn public_auth_key() -> &'static PKey<Public> {
lazy_static! {
static ref KEY: PKey<Public> = load_public_auth_key().unwrap();
}
&KEY
}

View File

@ -2,7 +2,7 @@ extern crate proxmox_backup;
use std::sync::Arc; use std::sync::Arc;
use proxmox_backup::tools; //use proxmox_backup::tools;
use proxmox_backup::api::schema::*; use proxmox_backup::api::schema::*;
use proxmox_backup::api::router::*; use proxmox_backup::api::router::*;
use proxmox_backup::api::config::*; use proxmox_backup::api::config::*;
@ -30,11 +30,13 @@ fn main() {
eprintln!("unable to generate auth key: {}", err); eprintln!("unable to generate auth key: {}", err);
std::process::exit(-1); std::process::exit(-1);
} }
let _ = private_auth_key(); // load with lazy_static
if let Err(err) = generate_csrf_key() { if let Err(err) = generate_csrf_key() {
eprintln!("unable to generate csrf key: {}", err); eprintln!("unable to generate csrf key: {}", err);
std::process::exit(-1); std::process::exit(-1);
} }
let _ = csrf_secret(); // load with lazy_static
let command : Arc<Schema> = StringSchema::new("Command.") let command : Arc<Schema> = StringSchema::new("Command.")
.format(Arc::new(ApiStringFormat::Enum(vec![ .format(Arc::new(ApiStringFormat::Enum(vec![

View File

@ -7,6 +7,7 @@ use proxmox_backup::api::router::*;
use proxmox_backup::api::config::*; use proxmox_backup::api::config::*;
use proxmox_backup::server::rest::*; use proxmox_backup::server::rest::*;
use proxmox_backup::getopts; use proxmox_backup::getopts;
use proxmox_backup::auth_helpers::*;
//use failure::*; //use failure::*;
use lazy_static::lazy_static; use lazy_static::lazy_static;
@ -25,6 +26,9 @@ fn main() {
std::process::exit(-1); std::process::exit(-1);
} }
let _ = public_auth_key(); // load with lazy_static
let _ = csrf_secret(); // load with lazy_static
let command : Arc<Schema> = StringSchema::new("Command.") let command : Arc<Schema> = StringSchema::new("Command.")
.format(Arc::new(ApiStringFormat::Enum(vec![ .format(Arc::new(ApiStringFormat::Enum(vec![
"start".into(), "start".into(),