introduce Username, Realm and Userid api types

and begin splitting up types.rs as it has grown quite large already Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-08-06 15:46:01 +02:00
parent 27d864210a
commit e7cb4dc50d
42 changed files with 877 additions and 417 deletions
--- a/src/api2/access.rs
+++ b/src/api2/access.rs
@ -2,7 +2,7 @@ use anyhow::{bail, format_err, Error};

 use serde_json::{json, Value};

-use proxmox::api::{api, RpcEnvironment, Permission, UserInformation};
+use proxmox::api::{api, RpcEnvironment, Permission};
 use proxmox::api::router::{Router, SubdirMap};
 use proxmox::{sortable, identity};
 use proxmox::{http_err, list_subdirs_api_method};
@ -23,7 +23,7 @@ pub mod role;
 /// returns Ok(true) if a ticket has to be created
 /// and Ok(false) if not
 fn authenticate_user(
-    username: &str,
+    userid: &Userid,
    password: &str,
    path: Option<String>,
    privs: Option<String>,
@ -31,7 +31,7 @@ fn authenticate_user(
 ) -> Result<bool, Error> {
    let user_info = CachedUserInfo::new()?;

-    if !user_info.is_active_user(&username) {
+    if !user_info.is_active_user(&userid) {
        bail!("user account disabled or expired.");
    }

@ -39,10 +39,10 @@ fn authenticate_user(

    if password.starts_with("PBS:") {
        if let Ok((_age, Some(ticket_username))) = tools::ticket::verify_rsa_ticket(public_auth_key(), "PBS", password, None, -300, ticket_lifetime) {
-            if ticket_username == username {
+            if *userid == ticket_username {
                return Ok(true);
            } else {
-                bail!("ticket login failed - wrong username");
+                bail!("ticket login failed - wrong userid");
            }
        }
    } else if password.starts_with("PBSTERM:") {
@ -55,7 +55,7 @@ fn authenticate_user(
        let port = port.unwrap();

        if let Ok((_age, _data)) =
-            tools::ticket::verify_term_ticket(public_auth_key(), &username, &path, port, password)
+            tools::ticket::verify_term_ticket(public_auth_key(), &userid, &path, port, password)
        {
            for (name, privilege) in PRIVILEGES {
                if *name == privilege_name {
@ -66,7 +66,7 @@ fn authenticate_user(
                        }
                    }

-                    user_info.check_privs(username, &path_vec, *privilege, false)?;
+                    user_info.check_privs(userid, &path_vec, *privilege, false)?;
                    return Ok(false);
                }
            }
@ -75,7 +75,7 @@ fn authenticate_user(
        }
    }

-    let _ = crate::auth::authenticate_user(username, password)?;
+    let _ = crate::auth::authenticate_user(userid, password)?;
    Ok(true)
 }

@ -83,7 +83,7 @@ fn authenticate_user(
    input: {
        properties: {
            username: {
-                schema: PROXMOX_USER_ID_SCHEMA,
+                type: Userid,
            },
            password: {
                schema: PASSWORD_SCHEMA,
@ -130,7 +130,7 @@ fn authenticate_user(
 ///
 /// Returns: An authentication ticket with additional infos.
 fn create_ticket(
-    username: String,
+    username: Userid,
    password: String,
    path: Option<String>,
    privs: Option<String>,
@ -165,7 +165,7 @@ fn create_ticket(
    input: {
        properties: {
            userid: {
-                schema: PROXMOX_USER_ID_SCHEMA,
+                type: Userid,
            },
            password: {
                schema: PASSWORD_SCHEMA,
@ -183,13 +183,15 @@ fn create_ticket(
 /// Each user is allowed to change his own password. Superuser
 /// can change all passwords.
 fn change_password(
-    userid: String,
+    userid: Userid,
    password: String,
    rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<Value, Error> {

-    let current_user = rpcenv.get_user()
-        .ok_or_else(|| format_err!("unknown user"))?;
+    let current_user: Userid = rpcenv
+        .get_user()
+        .ok_or_else(|| format_err!("unknown user"))?
+        .parse()?;

    let mut allowed = userid == current_user;

@ -205,9 +207,8 @@ fn change_password(
        bail!("you are not authorized to change the password.");
    }

-    let (username, realm) = crate::auth::parse_userid(&userid)?;
-    let authenticator = crate::auth::lookup_authenticator(&realm)?;
-    authenticator.store_password(&username, &password)?;
+    let authenticator = crate::auth::lookup_authenticator(userid.realm())?;
+    authenticator.store_password(userid.name(), &password)?;

    Ok(Value::Null)
 }
--- a/src/api2/access/acl.rs
+++ b/src/api2/access/acl.rs
@ -142,7 +142,7 @@ pub fn read_acl(
            },
            userid: {
                optional: true,
-                schema: PROXMOX_USER_ID_SCHEMA,
+                type: Userid,
            },
            group: {
                optional: true,
@ -168,7 +168,7 @@ pub fn update_acl(
    path: String,
    role: String,
    propagate: Option<bool>,
-    userid: Option<String>,
+    userid: Option<Userid>,
    group: Option<String>,
    delete: Option<bool>,
    digest: Option<String>,
@ -193,7 +193,7 @@ pub fn update_acl(
    } else if let Some(ref userid) = userid {
        if !delete { // Note: we allow to delete non-existent users
            let user_cfg = crate::config::user::cached_config()?;
-            if user_cfg.sections.get(userid).is_none() {
+            if user_cfg.sections.get(&userid.to_string()).is_none() {
                bail!("no such user.");
            }
        }
--- a/src/api2/access/user.rs
+++ b/src/api2/access/user.rs
@ -49,7 +49,7 @@ pub fn list_users(
    input: {
        properties: {
            userid: {
-                schema: PROXMOX_USER_ID_SCHEMA,
+                type: Userid,
            },
            comment: {
                schema: SINGLE_LINE_COMMENT_SCHEMA,
@ -94,19 +94,18 @@ pub fn create_user(password: Option<String>, param: Value) -> Result<(), Error>

    let (mut config, _digest) = user::config()?;

-    if let Some(_) = config.sections.get(&user.userid) {
+    if let Some(_) = config.sections.get(user.userid.as_str()) {
        bail!("user '{}' already exists.", user.userid);
    }

-    let (username, realm) = crate::auth::parse_userid(&user.userid)?;
-    let authenticator = crate::auth::lookup_authenticator(&realm)?;
+    let authenticator = crate::auth::lookup_authenticator(&user.userid.realm())?;

-    config.set_data(&user.userid, "user", &user)?;
+    config.set_data(user.userid.as_str(), "user", &user)?;

    user::save_config(&config)?;

    if let Some(password) = password {
-        authenticator.store_password(&username, &password)?;
+        authenticator.store_password(user.userid.name(), &password)?;
    }

    Ok(())
@ -116,7 +115,7 @@ pub fn create_user(password: Option<String>, param: Value) -> Result<(), Error>
   input: {
        properties: {
            userid: {
-                schema: PROXMOX_USER_ID_SCHEMA,
+                type: Userid,
            },
         },
    },
@ -129,9 +128,9 @@ pub fn create_user(password: Option<String>, param: Value) -> Result<(), Error>
    },
 )]
 /// Read user configuration data.
-pub fn read_user(userid: String, mut rpcenv: &mut dyn RpcEnvironment) -> Result<user::User, Error> {
+pub fn read_user(userid: Userid, mut rpcenv: &mut dyn RpcEnvironment) -> Result<user::User, Error> {
    let (config, digest) = user::config()?;
-    let user = config.lookup("user", &userid)?;
+    let user = config.lookup("user", userid.as_str())?;
    rpcenv["digest"] = proxmox::tools::digest_to_hex(&digest).into();
    Ok(user)
 }
@ -141,7 +140,7 @@ pub fn read_user(userid: String, mut rpcenv: &mut dyn RpcEnvironment) -> Result<
    input: {
        properties: {
            userid: {
-                schema: PROXMOX_USER_ID_SCHEMA,
+                type: Userid,
            },
            comment: {
                optional: true,
@ -183,7 +182,7 @@ pub fn read_user(userid: String, mut rpcenv: &mut dyn RpcEnvironment) -> Result<
 )]
 /// Update user configuration.
 pub fn update_user(
-    userid: String,
+    userid: Userid,
    comment: Option<String>,
    enable: Option<bool>,
    expire: Option<i64>,
@ -203,7 +202,7 @@ pub fn update_user(
        crate::tools::detect_modified_configuration_file(&digest, &expected_digest)?;
    }

-    let mut data: user::User = config.lookup("user", &userid)?;
+    let mut data: user::User = config.lookup("user", userid.as_str())?;

    if let Some(comment) = comment {
        let comment = comment.trim().to_string();
@ -223,9 +222,8 @@ pub fn update_user(
    }

    if let Some(password) = password {
-        let (username, realm) = crate::auth::parse_userid(&userid)?;
-        let authenticator = crate::auth::lookup_authenticator(&realm)?;
-        authenticator.store_password(&username, &password)?;
+        let authenticator = crate::auth::lookup_authenticator(userid.realm())?;
+        authenticator.store_password(userid.name(), &password)?;
    }

    if let Some(firstname) = firstname {
@ -239,7 +237,7 @@ pub fn update_user(
        data.email = if email.is_empty() { None } else { Some(email) };
    }

-    config.set_data(&userid, "user", &data)?;
+    config.set_data(userid.as_str(), "user", &data)?;

    user::save_config(&config)?;

@ -251,7 +249,7 @@ pub fn update_user(
    input: {
        properties: {
            userid: {
-                schema: PROXMOX_USER_ID_SCHEMA,
+                type: Userid,
            },
            digest: {
                optional: true,
@ -264,7 +262,7 @@ pub fn update_user(
    },
 )]
 /// Remove a user from the configuration file.
-pub fn delete_user(userid: String, digest: Option<String>) -> Result<(), Error> {
+pub fn delete_user(userid: Userid, digest: Option<String>) -> Result<(), Error> {

    let _lock = open_file_locked(user::USER_CFG_LOCKFILE, std::time::Duration::new(10, 0))?;

@ -275,8 +273,8 @@ pub fn delete_user(userid: String, digest: Option<String>) -> Result<(), Error>
        crate::tools::detect_modified_configuration_file(&digest, &expected_digest)?;
    }

-    match config.sections.get(&userid) {
-        Some(_) => { config.sections.remove(&userid); },
+    match config.sections.get(userid.as_str()) {
+        Some(_) => { config.sections.remove(userid.as_str()); },
        None => bail!("user '{}' does not exist.", userid),
    }

--- a/src/api2/admin/datastore.rs
+++ b/src/api2/admin/datastore.rs
@ -10,7 +10,8 @@ use serde_json::{json, Value};

 use proxmox::api::{
    api, ApiResponseFuture, ApiHandler, ApiMethod, Router,
-    RpcEnvironment, RpcEnvironmentType, Permission, UserInformation};
+    RpcEnvironment, RpcEnvironmentType, Permission
+};
 use proxmox::api::router::SubdirMap;
 use proxmox::api::schema::*;
 use proxmox::tools::fs::{replace_file, CreateOptions};
@ -36,7 +37,11 @@ use crate::config::acl::{
    PRIV_DATASTORE_BACKUP,
 };

-fn check_backup_owner(store: &DataStore, group: &BackupGroup, userid: &str) -> Result<(), Error> {
+fn check_backup_owner(
+    store: &DataStore,
+    group: &BackupGroup,
+    userid: &Userid,
+) -> Result<(), Error> {
    let owner = store.get_owner(group)?;
    if &owner != userid {
        bail!("backup owner check failed ({} != {})", userid, owner);
@ -44,7 +49,10 @@ fn check_backup_owner(store: &DataStore, group: &BackupGroup, userid: &str) -> R
    Ok(())
 }

-fn read_backup_index(store: &DataStore, backup_dir: &BackupDir) -> Result<(BackupManifest, Vec<BackupContent>), Error> {
+fn read_backup_index(
+    store: &DataStore,
+    backup_dir: &BackupDir,
+) -> Result<(BackupManifest, Vec<BackupContent>), Error> {

    let (manifest, index_size) = store.load_manifest(backup_dir)?;

@ -131,9 +139,9 @@ fn list_groups(
    rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<Vec<GroupListItem>, Error> {

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
    let user_info = CachedUserInfo::new()?;
-    let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+    let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);

    let datastore = DataStore::lookup_datastore(&store)?;

@ -154,7 +162,7 @@ fn list_groups(
        let list_all = (user_privs & PRIV_DATASTORE_AUDIT) != 0;
        let owner = datastore.get_owner(group)?;
        if !list_all {
-            if owner != username { continue; }
+            if owner != userid { continue; }
        }

        let result_item = GroupListItem {
@ -212,16 +220,16 @@ pub fn list_snapshot_files(
    rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<Vec<BackupContent>, Error> {

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
    let user_info = CachedUserInfo::new()?;
-    let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+    let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);

    let datastore = DataStore::lookup_datastore(&store)?;

    let snapshot = BackupDir::new(backup_type, backup_id, backup_time);

    let allowed = (user_privs & (PRIV_DATASTORE_AUDIT | PRIV_DATASTORE_READ)) != 0;
-    if !allowed { check_backup_owner(&datastore, snapshot.group(), &username)?; }
+    if !allowed { check_backup_owner(&datastore, snapshot.group(), &userid)?; }

    let info = BackupInfo::new(&datastore.base_path(), snapshot)?;

@ -264,16 +272,16 @@ fn delete_snapshot(
    rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<Value, Error> {

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
    let user_info = CachedUserInfo::new()?;
-    let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+    let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);

    let snapshot = BackupDir::new(backup_type, backup_id, backup_time);

    let datastore = DataStore::lookup_datastore(&store)?;

    let allowed = (user_privs & PRIV_DATASTORE_MODIFY) != 0;
-    if !allowed { check_backup_owner(&datastore, snapshot.group(), &username)?; }
+    if !allowed { check_backup_owner(&datastore, snapshot.group(), &userid)?; }

    datastore.remove_backup_dir(&snapshot, false)?;

@ -320,9 +328,9 @@ pub fn list_snapshots (
    rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<Vec<SnapshotListItem>, Error> {

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
    let user_info = CachedUserInfo::new()?;
-    let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+    let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);

    let datastore = DataStore::lookup_datastore(&store)?;

@ -345,7 +353,7 @@ pub fn list_snapshots (
        let owner = datastore.get_owner(group)?;

        if !list_all {
-            if owner != username { continue; }
+            if owner != userid { continue; }
        }

        let mut size = None;
@ -481,12 +489,15 @@ pub fn verify(
        _ => bail!("parameters do not spefify a backup group or snapshot"),
    }

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
    let to_stdout = if rpcenv.env_type() == RpcEnvironmentType::CLI { true } else { false };

    let upid_str = WorkerTask::new_thread(
-        "verify", Some(worker_id.clone()), &username, to_stdout, move |worker|
-        {
+        "verify",
+        Some(worker_id.clone()),
+        userid,
+        to_stdout,
+        move |worker| {
            let failed_dirs = if let Some(backup_dir) = backup_dir {
                let mut verified_chunks = HashSet::with_capacity(1024*16);
                let mut corrupt_chunks = HashSet::with_capacity(64);
@ -508,7 +519,8 @@ pub fn verify(
                bail!("verfication failed - please check the log for details");
            }
            Ok(())
-        })?;
+        },
+    )?;

    Ok(json!(upid_str))
 }
@ -593,9 +605,9 @@ fn prune(
    let backup_type = tools::required_string_param(&param, "backup-type")?;
    let backup_id = tools::required_string_param(&param, "backup-id")?;

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
    let user_info = CachedUserInfo::new()?;
-    let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+    let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);

    let dry_run = param["dry-run"].as_bool().unwrap_or(false);

@ -604,7 +616,7 @@ fn prune(
    let datastore = DataStore::lookup_datastore(&store)?;

    let allowed = (user_privs & PRIV_DATASTORE_MODIFY) != 0;
-    if !allowed { check_backup_owner(&datastore, &group, &username)?; }
+    if !allowed { check_backup_owner(&datastore, &group, &userid)?; }

    let prune_options = PruneOptions {
        keep_last: param["keep-last"].as_u64(),
@ -646,7 +658,7 @@ fn prune(


    // We use a WorkerTask just to have a task log, but run synchrounously
-    let worker = WorkerTask::new("prune", Some(worker_id), "root@pam", true)?;
+    let worker = WorkerTask::new("prune", Some(worker_id), Userid::root_userid().clone(), true)?;

    let result = try_block! {
        if keep_all {
@ -728,11 +740,15 @@ fn start_garbage_collection(
    let to_stdout = if rpcenv.env_type() == RpcEnvironmentType::CLI { true } else { false };

    let upid_str = WorkerTask::new_thread(
-        "garbage_collection", Some(store.clone()), "root@pam", to_stdout, move |worker|
-        {
+        "garbage_collection",
+        Some(store.clone()),
+        Userid::root_userid().clone(),
+        to_stdout,
+        move |worker| {
            worker.log(format!("starting garbage collection on store {}", store));
            datastore.garbage_collection(&worker)
-        })?;
+        },
+    )?;

    Ok(json!(upid_str))
 }
@ -796,13 +812,13 @@ fn get_datastore_list(

    let (config, _digest) = datastore::config()?;

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
    let user_info = CachedUserInfo::new()?;

    let mut list = Vec::new();

    for (store, (_, data)) in &config.sections {
-        let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+        let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);
        let allowed = (user_privs & (PRIV_DATASTORE_AUDIT| PRIV_DATASTORE_BACKUP)) != 0;
        if allowed {
            let mut entry = json!({ "store": store });
@ -847,9 +863,9 @@ fn download_file(
        let store = tools::required_string_param(&param, "store")?;
        let datastore = DataStore::lookup_datastore(store)?;

-        let username = rpcenv.get_user().unwrap();
+        let userid: Userid = rpcenv.get_user().unwrap().parse()?;
        let user_info = CachedUserInfo::new()?;
-        let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+        let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);

        let file_name = tools::required_string_param(&param, "file-name")?.to_owned();

@ -860,7 +876,7 @@ fn download_file(
        let backup_dir = BackupDir::new(backup_type, backup_id, backup_time);

        let allowed = (user_privs & PRIV_DATASTORE_READ) != 0;
-        if !allowed { check_backup_owner(&datastore, backup_dir.group(), &username)?; }
+        if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }

        println!("Download {} from {} ({}/{})", file_name, store, backup_dir, file_name);

@ -920,9 +936,9 @@ fn download_file_decoded(
        let store = tools::required_string_param(&param, "store")?;
        let datastore = DataStore::lookup_datastore(store)?;

-        let username = rpcenv.get_user().unwrap();
+        let userid: Userid = rpcenv.get_user().unwrap().parse()?;
        let user_info = CachedUserInfo::new()?;
-        let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+        let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);

        let file_name = tools::required_string_param(&param, "file-name")?.to_owned();

@ -933,7 +949,7 @@ fn download_file_decoded(
        let backup_dir = BackupDir::new(backup_type, backup_id, backup_time);

        let allowed = (user_privs & PRIV_DATASTORE_READ) != 0;
-        if !allowed { check_backup_owner(&datastore, backup_dir.group(), &username)?; }
+        if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }

        let (_manifest, files) = read_backup_index(&datastore, &backup_dir)?;
        for file in files {
@ -1038,8 +1054,8 @@ fn upload_backup_log(

        let backup_dir = BackupDir::new(backup_type, backup_id, backup_time);

-        let username = rpcenv.get_user().unwrap();
-        check_backup_owner(&datastore, backup_dir.group(), &username)?;
+        let userid: Userid = rpcenv.get_user().unwrap().parse()?;
+        check_backup_owner(&datastore, backup_dir.group(), &userid)?;

        let mut path = datastore.base_path();
        path.push(backup_dir.relative_path());
@ -1108,14 +1124,14 @@ fn catalog(
 ) -> Result<Value, Error> {
    let datastore = DataStore::lookup_datastore(&store)?;

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
    let user_info = CachedUserInfo::new()?;
-    let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+    let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);

    let backup_dir = BackupDir::new(backup_type, backup_id, backup_time);

    let allowed = (user_privs & PRIV_DATASTORE_READ) != 0;
-    if !allowed { check_backup_owner(&datastore, backup_dir.group(), &username)?; }
+    if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }

    let mut path = datastore.base_path();
    path.push(backup_dir.relative_path());
@ -1207,9 +1223,9 @@ fn pxar_file_download(
        let store = tools::required_string_param(&param, "store")?;
        let datastore = DataStore::lookup_datastore(&store)?;

-        let username = rpcenv.get_user().unwrap();
+        let userid: Userid = rpcenv.get_user().unwrap().parse()?;
        let user_info = CachedUserInfo::new()?;
-        let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+        let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);

        let filepath = tools::required_string_param(&param, "filepath")?.to_owned();

@ -1220,7 +1236,7 @@ fn pxar_file_download(
        let backup_dir = BackupDir::new(backup_type, backup_id, backup_time);

        let allowed = (user_privs & PRIV_DATASTORE_READ) != 0;
-        if !allowed { check_backup_owner(&datastore, backup_dir.group(), &username)?; }
+        if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }

        let mut path = datastore.base_path();
        path.push(backup_dir.relative_path());
@ -1346,14 +1362,14 @@ fn get_notes(
 ) -> Result<String, Error> {
    let datastore = DataStore::lookup_datastore(&store)?;

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
    let user_info = CachedUserInfo::new()?;
-    let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+    let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);

    let backup_dir = BackupDir::new(backup_type, backup_id, backup_time);

    let allowed = (user_privs & PRIV_DATASTORE_READ) != 0;
-    if !allowed { check_backup_owner(&datastore, backup_dir.group(), &username)?; }
+    if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }

    let manifest = datastore.load_manifest_json(&backup_dir)?;

@ -1399,14 +1415,14 @@ fn set_notes(
 ) -> Result<(), Error> {
    let datastore = DataStore::lookup_datastore(&store)?;

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
    let user_info = CachedUserInfo::new()?;
-    let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+    let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);

    let backup_dir = BackupDir::new(backup_type, backup_id, backup_time);

    let allowed = (user_privs & PRIV_DATASTORE_READ) != 0;
-    if !allowed { check_backup_owner(&datastore, backup_dir.group(), &username)?; }
+    if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; }

    let mut manifest = datastore.load_manifest_json(&backup_dir)?;

--- a/src/api2/admin/sync.rs
+++ b/src/api2/admin/sync.rs
@ -1,6 +1,7 @@
+use std::collections::HashMap;
+
 use anyhow::{Error};
 use serde_json::Value;
-use std::collections::HashMap;

 use proxmox::api::{api, ApiMethod, Router, RpcEnvironment};
 use proxmox::api::router::SubdirMap;
@ -92,16 +93,23 @@ async fn run_sync_job(
    let (config, _digest) = sync::config()?;
    let sync_job: SyncJobConfig = config.lookup("sync", &id)?;

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;

    let delete = sync_job.remove_vanished.unwrap_or(true);
    let (client, src_repo, tgt_store) = get_pull_parameters(&sync_job.store, &sync_job.remote, &sync_job.remote_store).await?;

-    let upid_str = WorkerTask::spawn("syncjob", Some(id.clone()), &username.clone(), false, move |worker| async move {
+    let upid_str = WorkerTask::spawn("syncjob", Some(id.clone()), userid, false, move |worker| async move {

        worker.log(format!("sync job '{}' start", &id));

-        crate::client::pull::pull_store(&worker, &client, &src_repo, tgt_store.clone(), delete, String::from("backup@pam")).await?;
+        crate::client::pull::pull_store(
+            &worker,
+            &client,
+            &src_repo,
+            tgt_store.clone(),
+            delete,
+            Userid::backup_userid().clone(),
+        ).await?;

        worker.log(format!("sync job '{}' end", &id));

--- a/src/api2/backup.rs
+++ b/src/api2/backup.rs
@ -56,12 +56,12 @@ fn upgrade_to_backup_protocol(
 async move {
    let debug = param["debug"].as_bool().unwrap_or(false);

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;

    let store = tools::required_string_param(&param, "store")?.to_owned();

    let user_info = CachedUserInfo::new()?;
-    user_info.check_privs(&username, &["datastore", &store], PRIV_DATASTORE_BACKUP, false)?;
+    user_info.check_privs(&userid, &["datastore", &store], PRIV_DATASTORE_BACKUP, false)?;

    let datastore = DataStore::lookup_datastore(&store)?;

@ -90,11 +90,11 @@ async move {
    let backup_group = BackupGroup::new(backup_type, backup_id);

    // lock backup group to only allow one backup per group at a time
-    let (owner, _group_guard) = datastore.create_locked_backup_group(&backup_group, &username)?;
+    let (owner, _group_guard) = datastore.create_locked_backup_group(&backup_group, &userid)?;

    // permission check
-    if owner != username { // only the owner is allowed to create additional snapshots
-        bail!("backup owner check failed ({} != {})", username, owner);
+    if owner != userid { // only the owner is allowed to create additional snapshots
+        bail!("backup owner check failed ({} != {})", userid, owner);
    }

    let last_backup = BackupInfo::last_backup(&datastore.base_path(), &backup_group, true).unwrap_or(None);
@ -109,9 +109,9 @@ async move {
    let (path, is_new) = datastore.create_backup_dir(&backup_dir)?;
    if !is_new { bail!("backup directory already exists."); }

-    WorkerTask::spawn("backup", Some(worker_id), &username.clone(), true, move |worker| {
+    WorkerTask::spawn("backup", Some(worker_id), userid.clone(), true, move |worker| {
        let mut env = BackupEnvironment::new(
-            env_type, username.clone(), worker.clone(), datastore, backup_dir);
+            env_type, userid, worker.clone(), datastore, backup_dir);

        env.debug = debug;
        env.last_backup = last_backup;
--- a/src/api2/backup/environment.rs
+++ b/src/api2/backup/environment.rs
@ -9,8 +9,9 @@ use proxmox::tools::digest_to_hex;
 use proxmox::tools::fs::{replace_file, CreateOptions};
 use proxmox::api::{RpcEnvironment, RpcEnvironmentType};

-use crate::server::WorkerTask;
+use crate::api2::types::Userid;
 use crate::backup::*;
+use crate::server::WorkerTask;
 use crate::server::formatter::*;
 use hyper::{Body, Response};

@ -100,7 +101,7 @@ impl SharedBackupState {
 pub struct BackupEnvironment {
    env_type: RpcEnvironmentType,
    result_attributes: Value,
-    user: String,
+    user: Userid,
    pub debug: bool,
    pub formatter: &'static OutputFormatter,
    pub worker: Arc<WorkerTask>,
@ -113,7 +114,7 @@ pub struct BackupEnvironment {
 impl BackupEnvironment {
    pub fn new(
        env_type: RpcEnvironmentType,
-        user: String,
+        user: Userid,
        worker: Arc<WorkerTask>,
        datastore: Arc<DataStore>,
        backup_dir: BackupDir,
@ -558,7 +559,7 @@ impl RpcEnvironment for BackupEnvironment {
    }

    fn get_user(&self) -> Option<String> {
-        Some(self.user.clone())
+        Some(self.user.to_string())
    }
 }

--- a/src/api2/config/remote.rs
+++ b/src/api2/config/remote.rs
@ -61,7 +61,7 @@ pub fn list_remotes(
                schema: DNS_NAME_OR_IP_SCHEMA,
            },
            userid: {
-                schema: PROXMOX_USER_ID_SCHEMA,
+                type: Userid,
            },
            password: {
                schema: remote::REMOTE_PASSWORD_SCHEMA,
@ -155,7 +155,7 @@ pub enum DeletableProperty {
            },
            userid: {
                optional: true,
-               schema: PROXMOX_USER_ID_SCHEMA,
+                type: Userid,
            },
            password: {
                optional: true,
@ -188,7 +188,7 @@ pub fn update_remote(
    name: String,
    comment: Option<String>,
    host: Option<String>,
-    userid: Option<String>,
+    userid: Option<Userid>,
    password: Option<String>,
    fingerprint: Option<String>,
    delete: Option<Vec<DeletableProperty>>,
--- a/src/api2/node.rs
+++ b/src/api2/node.rs
@ -90,12 +90,12 @@ async fn termproxy(
    cmd: Option<String>,
    rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<Value, Error> {
-    let userid = rpcenv
+    let userid: Userid = rpcenv
        .get_user()
-        .ok_or_else(|| format_err!("unknown user"))?;
-    let (username, realm) = crate::auth::parse_userid(&userid)?;
+        .ok_or_else(|| format_err!("unknown user"))?
+        .parse()?;

-    if realm != "pam" {
+    if userid.realm() != "pam" {
        bail!("only pam users can use the console");
    }

@ -133,10 +133,11 @@ async fn termproxy(
        _ => bail!("invalid command"),
    };

+    let username = userid.name().to_owned();
    let upid = WorkerTask::spawn(
        "termproxy",
        None,
-        &userid,
+        userid,
        false,
        move |worker| async move {
            // move inside the worker so that it survives and does not close the port
@ -233,6 +234,7 @@ async fn termproxy(
        },
    )?;

+    // FIXME: We're returning the user NAME only?
    Ok(json!({
        "user": username,
        "ticket": ticket,
@ -270,14 +272,14 @@ fn upgrade_to_websocket(
    rpcenv: Box<dyn RpcEnvironment>,
 ) -> ApiResponseFuture {
    async move {
-        let username = rpcenv.get_user().unwrap();
+        let userid: Userid = rpcenv.get_user().unwrap().parse()?;
        let ticket = tools::required_string_param(&param, "vncticket")?.to_owned();
        let port: u16 = tools::required_integer_param(&param, "port")? as u16;

        // will be checked again by termproxy
        tools::ticket::verify_term_ticket(
            crate::auth_helpers::public_auth_key(),
-            &username,
+            &userid,
            &"/system",
            port,
            &ticket,
--- a/src/api2/node/apt.rs
+++ b/src/api2/node/apt.rs
@ -9,7 +9,7 @@ use proxmox::api::router::{Router, SubdirMap};
 use crate::server::WorkerTask;

 use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_SYS_MODIFY};
-use crate::api2::types::{APTUpdateInfo, NODE_SCHEMA, UPID_SCHEMA};
+use crate::api2::types::{APTUpdateInfo, NODE_SCHEMA, Userid, UPID_SCHEMA};

 const_regex! {
    VERSION_EPOCH_REGEX = r"^\d+:";
@ -233,11 +233,11 @@ pub fn apt_update_database(
    rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<String, Error> {

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
    let to_stdout = if rpcenv.env_type() == RpcEnvironmentType::CLI { true } else { false };
    let quiet = quiet.unwrap_or(API_METHOD_APT_UPDATE_DATABASE_PARAM_DEFAULT_QUIET);

-    let upid_str = WorkerTask::new_thread("aptupdate", None, &username.clone(), to_stdout, move |worker| {
+    let upid_str = WorkerTask::new_thread("aptupdate", None, userid, to_stdout, move |worker| {
        if !quiet { worker.log("starting apt-get update") }

        // TODO: set proxy /etc/apt/apt.conf.d/76pbsproxy like PVE
--- a/src/api2/node/disks.rs
+++ b/src/api2/node/disks.rs
@ -13,7 +13,7 @@ use crate::tools::disks::{
 };
 use crate::server::WorkerTask;

-use crate::api2::types::{UPID_SCHEMA, NODE_SCHEMA, BLOCKDEVICE_NAME_SCHEMA};
+use crate::api2::types::{Userid, UPID_SCHEMA, NODE_SCHEMA, BLOCKDEVICE_NAME_SCHEMA};

 pub mod directory;
 pub mod zfs;
@ -140,7 +140,7 @@ pub fn initialize_disk(

    let to_stdout = if rpcenv.env_type() == RpcEnvironmentType::CLI { true } else { false };

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;

    let info = get_disk_usage_info(&disk, true)?;

@ -149,7 +149,7 @@ pub fn initialize_disk(
    }

    let upid_str = WorkerTask::new_thread(
-        "diskinit", Some(disk.clone()), &username.clone(), to_stdout, move |worker|
+        "diskinit", Some(disk.clone()), userid, to_stdout, move |worker|
        {
            worker.log(format!("initialize disk {}", disk));

--- a/src/api2/node/disks/directory.rs
+++ b/src/api2/node/disks/directory.rs
@ -133,7 +133,7 @@ pub fn create_datastore_disk(

    let to_stdout = if rpcenv.env_type() == RpcEnvironmentType::CLI { true } else { false };

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;

    let info = get_disk_usage_info(&disk, true)?;

@ -142,7 +142,7 @@ pub fn create_datastore_disk(
    }

    let upid_str = WorkerTask::new_thread(
-        "dircreate", Some(name.clone()), &username.clone(), to_stdout, move |worker|
+        "dircreate", Some(name.clone()), userid, to_stdout, move |worker|
        {
            worker.log(format!("create datastore '{}' on disk {}", name, disk));

--- a/src/api2/node/disks/zfs.rs
+++ b/src/api2/node/disks/zfs.rs
@ -254,7 +254,7 @@ pub fn create_zpool(

    let to_stdout = if rpcenv.env_type() == RpcEnvironmentType::CLI { true } else { false };

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;

    let add_datastore = add_datastore.unwrap_or(false);

@ -314,7 +314,7 @@ pub fn create_zpool(
    }

     let upid_str = WorkerTask::new_thread(
-        "zfscreate", Some(name.clone()), &username.clone(), to_stdout, move |worker|
+        "zfscreate", Some(name.clone()), userid, to_stdout, move |worker|
        {
            worker.log(format!("create {:?} zpool '{}' on devices '{}'", raidlevel, name, devices_text));

--- a/src/api2/node/network.rs
+++ b/src/api2/node/network.rs
@ -625,9 +625,9 @@ pub async fn reload_network_config(

    network::assert_ifupdown2_installed()?;

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;

-    let upid_str = WorkerTask::spawn("srvreload", Some(String::from("networking")), &username.clone(), true, |_worker| async {
+    let upid_str = WorkerTask::spawn("srvreload", Some(String::from("networking")), userid, true, |_worker| async {

        let _ = std::fs::rename(network::NETWORK_INTERFACES_NEW_FILENAME, network::NETWORK_INTERFACES_FILENAME);

--- a/src/api2/node/tasks.rs
+++ b/src/api2/node/tasks.rs
@ -4,7 +4,7 @@ use std::io::{BufRead, BufReader};
 use anyhow::{Error};
 use serde_json::{json, Value};

-use proxmox::api::{api, Router, RpcEnvironment, Permission, UserInformation};
+use proxmox::api::{api, Router, RpcEnvironment, Permission};
 use proxmox::api::router::SubdirMap;
 use proxmox::{identity, list_subdirs_api_method, sortable};

@ -84,11 +84,11 @@ async fn get_task_status(

    let upid = extract_upid(&param)?;

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;

-    if username != upid.username {
+    if userid != upid.userid {
        let user_info = CachedUserInfo::new()?;
-        user_info.check_privs(&username, &["system", "tasks"], PRIV_SYS_AUDIT, false)?;
+        user_info.check_privs(&userid, &["system", "tasks"], PRIV_SYS_AUDIT, false)?;
    }

    let mut result = json!({
@ -99,7 +99,7 @@ async fn get_task_status(
        "starttime": upid.starttime,
        "type": upid.worker_type,
        "id": upid.worker_id,
-        "user": upid.username,
+        "user": upid.userid,
    });

    if crate::server::worker_is_active(&upid).await? {
@ -161,11 +161,11 @@ async fn read_task_log(

    let upid = extract_upid(&param)?;

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;

-    if username != upid.username {
+    if userid != upid.userid {
        let user_info = CachedUserInfo::new()?;
-        user_info.check_privs(&username, &["system", "tasks"], PRIV_SYS_AUDIT, false)?;
+        user_info.check_privs(&userid, &["system", "tasks"], PRIV_SYS_AUDIT, false)?;
    }

    let test_status = param["test-status"].as_bool().unwrap_or(false);
@ -234,11 +234,11 @@ fn stop_task(

    let upid = extract_upid(&param)?;

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;

-    if username != upid.username {
+    if userid != upid.userid {
        let user_info = CachedUserInfo::new()?;
-        user_info.check_privs(&username, &["system", "tasks"], PRIV_SYS_MODIFY, false)?;
+        user_info.check_privs(&userid, &["system", "tasks"], PRIV_SYS_MODIFY, false)?;
    }

    server::abort_worker_async(upid);
@ -281,7 +281,7 @@ fn stop_task(
                default: false,
            },
            userfilter: {
-                optional:true,
+                optional: true,
                type: String,
                description: "Only list tasks from this user.",
            },
@ -307,9 +307,9 @@ pub fn list_tasks(
    mut rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<Vec<TaskListItem>, Error> {

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
    let user_info = CachedUserInfo::new()?;
-    let user_privs = user_info.lookup_privs(&username, &["system", "tasks"]);
+    let user_privs = user_info.lookup_privs(&userid, &["system", "tasks"]);

    let list_all = (user_privs & PRIV_SYS_AUDIT) != 0;

@ -324,11 +324,11 @@ pub fn list_tasks(
    let mut count = 0;

    for info in list {
-        if !list_all && info.upid.username != username { continue; }
+        if !list_all && info.upid.userid != userid { continue; }


-        if let Some(username) = userfilter {
-            if !info.upid.username.contains(username) { continue; }
+        if let Some(userid) = userfilter {
+            if !info.upid.userid.as_str().contains(userid) { continue; }
        }

        if let Some(store) = store {
--- a/src/api2/pull.rs
+++ b/src/api2/pull.rs
@ -18,7 +18,7 @@ use crate::config::{


 pub fn check_pull_privs(
-    username: &str,
+    userid: &Userid,
    store: &str,
    remote: &str,
    remote_store: &str,
@ -27,11 +27,11 @@ pub fn check_pull_privs(

    let user_info = CachedUserInfo::new()?;

-    user_info.check_privs(username, &["datastore", store], PRIV_DATASTORE_BACKUP, false)?;
-    user_info.check_privs(username, &["remote", remote, remote_store], PRIV_REMOTE_READ, false)?;
+    user_info.check_privs(userid, &["datastore", store], PRIV_DATASTORE_BACKUP, false)?;
+    user_info.check_privs(userid, &["remote", remote, remote_store], PRIV_REMOTE_READ, false)?;

    if delete {
-        user_info.check_privs(username, &["datastore", store], PRIV_DATASTORE_PRUNE, false)?;
+        user_info.check_privs(userid, &["datastore", store], PRIV_DATASTORE_PRUNE, false)?;
    }

    Ok(())
@ -99,19 +99,19 @@ async fn pull (
    rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<String, Error> {

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
    let delete = remove_vanished.unwrap_or(true);

-    check_pull_privs(&username, &store, &remote, &remote_store, delete)?;
+    check_pull_privs(&userid, &store, &remote, &remote_store, delete)?;

    let (client, src_repo, tgt_store) = get_pull_parameters(&store, &remote, &remote_store).await?;

    // fixme: set to_stdout to false?
-    let upid_str = WorkerTask::spawn("sync", Some(store.clone()), &username.clone(), true, move |worker| async move {
+    let upid_str = WorkerTask::spawn("sync", Some(store.clone()), userid.clone(), true, move |worker| async move {

        worker.log(format!("sync datastore '{}' start", store));

-        pull_store(&worker, &client, &src_repo, tgt_store.clone(), delete, username).await?;
+        pull_store(&worker, &client, &src_repo, tgt_store.clone(), delete, userid).await?;

        worker.log(format!("sync datastore '{}' end", store));

--- a/src/api2/reader.rs
+++ b/src/api2/reader.rs
@ -55,11 +55,11 @@ fn upgrade_to_backup_reader_protocol(
    async move {
        let debug = param["debug"].as_bool().unwrap_or(false);

-        let username = rpcenv.get_user().unwrap();
+        let userid: Userid = rpcenv.get_user().unwrap().parse()?;
        let store = tools::required_string_param(&param, "store")?.to_owned();

        let user_info = CachedUserInfo::new()?;
-        user_info.check_privs(&username, &["datastore", &store], PRIV_DATASTORE_READ, false)?;
+        user_info.check_privs(&userid, &["datastore", &store], PRIV_DATASTORE_READ, false)?;

        let datastore = DataStore::lookup_datastore(&store)?;

@ -90,9 +90,14 @@ fn upgrade_to_backup_reader_protocol(

        let worker_id = format!("{}_{}_{}_{:08X}", store, backup_type, backup_id, backup_dir.backup_time().timestamp());

-        WorkerTask::spawn("reader", Some(worker_id), &username.clone(), true, move |worker| {
+        WorkerTask::spawn("reader", Some(worker_id), userid.clone(), true, move |worker| {
            let mut env = ReaderEnvironment::new(
-                env_type, username.clone(), worker.clone(), datastore, backup_dir);
+                env_type,
+                userid,
+                worker.clone(),
+                datastore,
+                backup_dir,
+            );

            env.debug = debug;

--- a/src/api2/reader/environment.rs
+++ b/src/api2/reader/environment.rs
@ -5,9 +5,10 @@ use serde_json::{json, Value};

 use proxmox::api::{RpcEnvironment, RpcEnvironmentType};

-use crate::server::WorkerTask;
+use crate::api2::types::Userid;
 use crate::backup::*;
 use crate::server::formatter::*;
+use crate::server::WorkerTask;

 //use proxmox::tools;

@ -16,7 +17,7 @@ use crate::server::formatter::*;
 pub struct ReaderEnvironment {
    env_type: RpcEnvironmentType,
    result_attributes: Value,
-    user: String,
+    user: Userid,
    pub debug: bool,
    pub formatter: &'static OutputFormatter,
    pub worker: Arc<WorkerTask>,
@ -28,7 +29,7 @@ pub struct ReaderEnvironment {
 impl ReaderEnvironment {
    pub fn new(
        env_type: RpcEnvironmentType,
-        user: String,
+        user: Userid,
        worker: Arc<WorkerTask>,
        datastore: Arc<DataStore>,
        backup_dir: BackupDir,
@ -77,7 +78,7 @@ impl RpcEnvironment for ReaderEnvironment {
    }

    fn get_user(&self) -> Option<String> {
-        Some(self.user.clone())
+        Some(self.user.to_string())
    }
 }

--- a/src/api2/status.rs
+++ b/src/api2/status.rs
@ -10,14 +10,14 @@ use proxmox::api::{
    Router,
    RpcEnvironment,
    SubdirMap,
-    UserInformation,
 };

 use crate::api2::types::{
    DATASTORE_SCHEMA,
    RRDMode,
    RRDTimeFrameResolution,
-    TaskListItem
+    TaskListItem,
+    Userid,
 };

 use crate::server;
@ -84,13 +84,13 @@ fn datastore_status(

    let (config, _digest) = datastore::config()?;

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
    let user_info = CachedUserInfo::new()?;

    let mut list = Vec::new();

    for (store, (_, _)) in &config.sections {
-        let user_privs = user_info.lookup_privs(&username, &["datastore", &store]);
+        let user_privs = user_info.lookup_privs(&userid, &["datastore", &store]);
        let allowed = (user_privs & (PRIV_DATASTORE_AUDIT| PRIV_DATASTORE_BACKUP)) != 0;
        if !allowed {
            continue;
@ -202,9 +202,9 @@ pub fn list_tasks(
    rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<Vec<TaskListItem>, Error> {

-    let username = rpcenv.get_user().unwrap();
+    let userid: Userid = rpcenv.get_user().unwrap().parse()?;
    let user_info = CachedUserInfo::new()?;
-    let user_privs = user_info.lookup_privs(&username, &["system", "tasks"]);
+    let user_privs = user_info.lookup_privs(&userid, &["system", "tasks"]);

    let list_all = (user_privs & PRIV_SYS_AUDIT) != 0;

@ -212,7 +212,7 @@ pub fn list_tasks(
    let list: Vec<TaskListItem> = server::read_task_list()?
        .into_iter()
        .map(TaskListItem::from)
-        .filter(|entry| list_all || entry.user == username)
+        .filter(|entry| list_all || entry.user == userid)
        .collect();

    Ok(list.into())
--- a/src/api2/types/macros.rs
+++ b/src/api2/types/macros.rs
@ -0,0 +1,4 @@
+//! Macros exported from api2::types.
+
+#[macro_export]
+macro_rules! PROXMOX_SAFE_ID_REGEX_STR {  () => (r"(?:[A-Za-z0-9_][A-Za-z0-9._\-]*)") }
--- a/src/api2/types/mod.rs
+++ b/src/api2/types/mod.rs
@ -1,5 +1,5 @@
-use anyhow::{bail};
-use ::serde::{Deserialize, Serialize};
+use anyhow::bail;
+use serde::{Deserialize, Serialize};

 use proxmox::api::{api, schema::*};
 use proxmox::const_regex;
@ -7,6 +7,16 @@ use proxmox::{IPRE, IPV4RE, IPV6RE, IPV4OCTET, IPV6H16, IPV6LS32};

 use crate::backup::CryptMode;

+#[macro_use]
+mod macros;
+
+#[macro_use]
+mod userid;
+pub use userid::{Realm, RealmRef};
+pub use userid::{Username, UsernameRef};
+pub use userid::Userid;
+pub use userid::PROXMOX_GROUP_ID_SCHEMA;
+
 // File names: may not contain slashes, may not start with "."
 pub const FILENAME_FORMAT: ApiStringFormat = ApiStringFormat::VerifyFn(|name| {
    if name.starts_with('.') {
@ -21,19 +31,6 @@ pub const FILENAME_FORMAT: ApiStringFormat = ApiStringFormat::VerifyFn(|name| {
 macro_rules! DNS_LABEL { () => (r"(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?)") }
 macro_rules! DNS_NAME { () => (concat!(r"(?:", DNS_LABEL!() , r"\.)*", DNS_LABEL!())) }

-// we only allow a limited set of characters
-// colon is not allowed, because we store usernames in
-// colon separated lists)!
-// slash is not allowed because it is used as pve API delimiter
-// also see "man useradd"
-macro_rules! USER_NAME_REGEX_STR { () => (r"(?:[^\s:/[:cntrl:]]+)") }
-macro_rules! GROUP_NAME_REGEX_STR { () => (USER_NAME_REGEX_STR!()) }
-
-macro_rules! USER_ID_REGEX_STR { () => (concat!(USER_NAME_REGEX_STR!(), r"@", PROXMOX_SAFE_ID_REGEX_STR!())) }
-
-#[macro_export]
-macro_rules! PROXMOX_SAFE_ID_REGEX_STR {  () => (r"(?:[A-Za-z0-9_][A-Za-z0-9._\-]*)") }
-
 macro_rules! CIDR_V4_REGEX_STR { () => (concat!(r"(?:", IPV4RE!(), r"/\d{1,2})$")) }
 macro_rules! CIDR_V6_REGEX_STR { () => (concat!(r"(?:", IPV6RE!(), r"/\d{1,3})$")) }

@ -67,12 +64,8 @@ const_regex!{

    pub DNS_NAME_OR_IP_REGEX = concat!(r"^", DNS_NAME!(), "|",  IPRE!(), r"$");

-    pub PROXMOX_USER_ID_REGEX = concat!(r"^",  USER_ID_REGEX_STR!(), r"$");
-
    pub BACKUP_REPO_URL_REGEX = concat!(r"^^(?:(?:(", USER_ID_REGEX_STR!(), ")@)?(", DNS_NAME!(), "|",  IPRE!() ,"):)?(", PROXMOX_SAFE_ID_REGEX_STR!(), r")$");

-    pub PROXMOX_GROUP_ID_REGEX = concat!(r"^",  GROUP_NAME_REGEX_STR!(), r"$");
-
    pub CERT_FINGERPRINT_SHA256_REGEX = r"^(?:[0-9a-fA-F][0-9a-fA-F])(?::[0-9a-fA-F][0-9a-fA-F]){31}$";

    pub ACL_PATH_REGEX = concat!(r"^(?:/|", r"(?:/", PROXMOX_SAFE_ID_REGEX_STR!(), ")+", r")$");
@ -115,12 +108,6 @@ pub const DNS_NAME_FORMAT: ApiStringFormat =
 pub const DNS_NAME_OR_IP_FORMAT: ApiStringFormat =
    ApiStringFormat::Pattern(&DNS_NAME_OR_IP_REGEX);

-pub const PROXMOX_USER_ID_FORMAT: ApiStringFormat =
-    ApiStringFormat::Pattern(&PROXMOX_USER_ID_REGEX);
-
-pub const PROXMOX_GROUP_ID_FORMAT: ApiStringFormat =
-    ApiStringFormat::Pattern(&PROXMOX_GROUP_ID_REGEX);
-
 pub const PASSWORD_FORMAT: ApiStringFormat =
    ApiStringFormat::Pattern(&PASSWORD_REGEX);

@ -343,24 +330,6 @@ pub const DNS_NAME_OR_IP_SCHEMA: Schema = StringSchema::new("DNS name or IP addr
    .format(&DNS_NAME_OR_IP_FORMAT)
    .schema();

-pub const PROXMOX_AUTH_REALM_SCHEMA: Schema = StringSchema::new("Authentication domain ID")
-    .format(&PROXMOX_SAFE_ID_FORMAT)
-    .min_length(3)
-    .max_length(32)
-    .schema();
-
-pub const PROXMOX_USER_ID_SCHEMA: Schema = StringSchema::new("User ID")
-    .format(&PROXMOX_USER_ID_FORMAT)
-    .min_length(3)
-    .max_length(64)
-    .schema();
-
-pub const PROXMOX_GROUP_ID_SCHEMA: Schema = StringSchema::new("Group ID")
-    .format(&PROXMOX_GROUP_ID_FORMAT)
-    .min_length(3)
-    .max_length(64)
-    .schema();
-
 pub const BLOCKDEVICE_NAME_SCHEMA: Schema = StringSchema::new("Block device name (/sys/block/<name>).")
    .format(&BLOCKDEVICE_NAME_FORMAT)
    .min_length(3)
@ -388,6 +357,10 @@ pub const BLOCKDEVICE_NAME_SCHEMA: Schema = StringSchema::new("Block device name
                schema: BACKUP_ARCHIVE_NAME_SCHEMA
            },
        },
+        owner: {
+            type: Userid,
+            optional: true,
+        },
    },
 )]
 #[derive(Serialize, Deserialize)]
@ -403,7 +376,7 @@ pub struct GroupListItem {
    pub files: Vec<String>,
    /// The owner of group
    #[serde(skip_serializing_if="Option::is_none")]
-    pub owner: Option<String>,
+    pub owner: Option<Userid>,
 }

 #[api(
@ -422,6 +395,10 @@ pub struct GroupListItem {
                schema: BACKUP_ARCHIVE_NAME_SCHEMA
            },
        },
+        owner: {
+            type: Userid,
+            optional: true,
+        },
    },
 )]
 #[derive(Serialize, Deserialize)]
@ -441,7 +418,7 @@ pub struct SnapshotListItem {
    pub size: Option<u64>,
    /// The owner of the snapshots group
    #[serde(skip_serializing_if="Option::is_none")]
-    pub owner: Option<String>,
+    pub owner: Option<Userid>,
 }

 #[api(
@ -584,7 +561,8 @@ pub struct StorageStatus {

 #[api(
    properties: {
-        "upid": { schema: UPID_SCHEMA },
+        upid: { schema: UPID_SCHEMA },
+        user: { type: Userid },
    },
 )]
 #[derive(Serialize, Deserialize)]
@ -604,7 +582,7 @@ pub struct TaskListItem {
    /// Worker ID (arbitrary ASCII string)
    pub worker_id: Option<String>,
    /// The user who started the task
-    pub user: String,
+    pub user: Userid,
    /// The task end time (Epoch)
    #[serde(skip_serializing_if="Option::is_none")]
    pub endtime: Option<i64>,
@ -627,7 +605,7 @@ impl From<crate::server::TaskListInfo> for TaskListItem {
            starttime: info.upid.starttime,
            worker_type: info.upid.worker_type,
            worker_id: info.upid.worker_id,
-            user: info.upid.username,
+            user: info.upid.userid,
            endtime,
            status,
        }
@ -893,9 +871,6 @@ fn test_cert_fingerprint_schema() -> Result<(), anyhow::Error> {

 #[test]
 fn test_proxmox_user_id_schema() -> Result<(), anyhow::Error> {
-
-    let schema = PROXMOX_USER_ID_SCHEMA;
-
    let invalid_user_ids = [
        "x", // too short
        "xx", // too short
@ -909,7 +884,7 @@ fn test_proxmox_user_id_schema() -> Result<(), anyhow::Error> {
    ];

    for name in invalid_user_ids.iter() {
-        if let Ok(_) = parse_simple_value(name, &schema) {
+        if let Ok(_) = parse_simple_value(name, &Userid::API_SCHEMA) {
            bail!("test userid '{}' failed -  got Ok() while exception an error.", name);
        }
    }
@ -923,7 +898,7 @@ fn test_proxmox_user_id_schema() -> Result<(), anyhow::Error> {
    ];

    for name in valid_user_ids.iter() {
-        let v = match parse_simple_value(name, &schema) {
+        let v = match parse_simple_value(name, &Userid::API_SCHEMA) {
            Ok(v) => v,
            Err(err) => {
                bail!("unable to parse userid '{}' - {}", name, err);
--- a/src/api2/types/userid.rs
+++ b/src/api2/types/userid.rs
@ -0,0 +1,376 @@
+//! Types for user handling.
+//!
+//! We have [`Username`]s and [`Realm`]s. To uniquely identify a user, they must be combined into a [`Userid`].
+//!
+//! Since they're all string types, they're organized as follows:
+//!
+//! * [`Username`]: an owned user name. Internally a `String`.
+//! * [`UsernameRef`]: a borrowed user name. Pairs with a `Username` the same way a `str` pairs
+//!   with `String`, meaning you can only make references to it.
+//! * [`Realm`]: an owned realm (`String` equivalent).
+//! * [`RealmRef`]: a borrowed realm (`str` equivalent).
+//! * [`Userid`]: an owned user id (`"user@realm"`). Note that this does not have a separte
+//!   borrowed type.
+//!
+//! Note that `Username`s are not unique, therefore they do not implement `Eq` and cannot be
+//! compared directly. If a direct comparison is really required, they can be compared as strings
+//! via the `as_str()` method. [`Realm`]s and [`Userid`]s on the other hand can be compared with
+//! each other, as in those two cases the comparison has meaning.
+
+use std::borrow::Borrow;
+use std::convert::TryFrom;
+use std::fmt;
+
+use anyhow::{bail, format_err, Error};
+use lazy_static::lazy_static;
+use serde::{Deserialize, Serialize};
+
+use proxmox::api::api;
+use proxmox::api::schema::{ApiStringFormat, Schema, StringSchema};
+use proxmox::const_regex;
+
+// we only allow a limited set of characters
+// colon is not allowed, because we store usernames in
+// colon separated lists)!
+// slash is not allowed because it is used as pve API delimiter
+// also see "man useradd"
+macro_rules! USER_NAME_REGEX_STR { () => (r"(?:[^\s:/[:cntrl:]]+)") }
+macro_rules! GROUP_NAME_REGEX_STR { () => (USER_NAME_REGEX_STR!()) }
+macro_rules! USER_ID_REGEX_STR { () => (concat!(USER_NAME_REGEX_STR!(), r"@", PROXMOX_SAFE_ID_REGEX_STR!())) }
+
+const_regex! {
+    pub PROXMOX_USER_NAME_REGEX = concat!(r"^",  USER_NAME_REGEX_STR!(), r"$");
+    pub PROXMOX_USER_ID_REGEX = concat!(r"^",  USER_ID_REGEX_STR!(), r"$");
+    pub PROXMOX_GROUP_ID_REGEX = concat!(r"^",  GROUP_NAME_REGEX_STR!(), r"$");
+}
+
+pub const PROXMOX_USER_NAME_FORMAT: ApiStringFormat =
+    ApiStringFormat::Pattern(&PROXMOX_USER_NAME_REGEX);
+
+pub const PROXMOX_USER_ID_FORMAT: ApiStringFormat =
+    ApiStringFormat::Pattern(&PROXMOX_USER_ID_REGEX);
+
+pub const PROXMOX_GROUP_ID_FORMAT: ApiStringFormat =
+    ApiStringFormat::Pattern(&PROXMOX_GROUP_ID_REGEX);
+
+pub const PROXMOX_GROUP_ID_SCHEMA: Schema = StringSchema::new("Group ID")
+    .format(&PROXMOX_GROUP_ID_FORMAT)
+    .min_length(3)
+    .max_length(64)
+    .schema();
+
+pub const PROXMOX_AUTH_REALM_STRING_SCHEMA: StringSchema =
+    StringSchema::new("Authentication domain ID")
+        .format(&super::PROXMOX_SAFE_ID_FORMAT)
+        .min_length(3)
+        .max_length(32);
+pub const PROXMOX_AUTH_REALM_SCHEMA: Schema = PROXMOX_AUTH_REALM_STRING_SCHEMA.schema();
+
+
+#[api(
+    type: String,
+    format: &PROXMOX_USER_NAME_FORMAT,
+)]
+/// The user name part of a user id.
+///
+/// This alone does NOT uniquely identify the user and therefore does not implement `Eq`. In order
+/// to compare user names directly, they need to be explicitly compared as strings by calling
+/// `.as_str()`.
+#[derive(Clone, Debug, Hash, Deserialize, Serialize)]
+pub struct Username(String);
+
+/// A reference to a user name part of a user id. This alone does NOT uniquely identify the user.
+///
+/// This is like a `str` to the `String` of a [`Username`].
+#[derive(Debug, Hash)]
+pub struct UsernameRef(str);
+
+impl UsernameRef {
+    fn new(s: &str) -> &Self {
+        unsafe { &*(s as *const str as *const UsernameRef) }
+    }
+
+    pub fn as_str(&self) -> &str {
+        &self.0
+    }
+}
+
+impl std::ops::Deref for Username {
+    type Target = UsernameRef;
+
+    fn deref(&self) -> &UsernameRef {
+        self.borrow()
+    }
+}
+
+impl Borrow<UsernameRef> for Username {
+    fn borrow(&self) -> &UsernameRef {
+        UsernameRef::new(self.as_str())
+    }
+}
+
+impl AsRef<UsernameRef> for Username {
+    fn as_ref(&self) -> &UsernameRef {
+        UsernameRef::new(self.as_str())
+    }
+}
+
+impl ToOwned for UsernameRef {
+    type Owned = Username;
+
+    fn to_owned(&self) -> Self::Owned {
+        Username(self.0.to_owned())
+    }
+}
+
+impl TryFrom<String> for Username {
+    type Error = Error;
+
+    fn try_from(s: String) -> Result<Self, Error> {
+        if !PROXMOX_USER_NAME_REGEX.is_match(&s) {
+            bail!("invalid user name");
+        }
+
+        Ok(Self(s))
+    }
+}
+
+impl<'a> TryFrom<&'a str> for &'a UsernameRef {
+    type Error = Error;
+
+    fn try_from(s: &'a str) -> Result<&'a UsernameRef, Error> {
+        if !PROXMOX_USER_NAME_REGEX.is_match(s) {
+            bail!("invalid name in user id");
+        }
+
+        Ok(UsernameRef::new(s))
+    }
+}
+
+#[api(schema: PROXMOX_AUTH_REALM_SCHEMA)]
+/// An authentication realm.
+#[derive(Clone, Debug, Eq, PartialEq, Hash, Deserialize, Serialize)]
+pub struct Realm(String);
+
+/// A reference to an authentication realm.
+///
+/// This is like a `str` to the `String` of a `Realm`.
+#[derive(Debug, Hash, Eq, PartialEq)]
+pub struct RealmRef(str);
+
+impl RealmRef {
+    fn new(s: &str) -> &Self {
+        unsafe { &*(s as *const str as *const RealmRef) }
+    }
+
+    pub fn as_str(&self) -> &str {
+        &self.0
+    }
+}
+
+impl std::ops::Deref for Realm {
+    type Target = RealmRef;
+
+    fn deref(&self) -> &RealmRef {
+        self.borrow()
+    }
+}
+
+impl Borrow<RealmRef> for Realm {
+    fn borrow(&self) -> &RealmRef {
+        RealmRef::new(self.as_str())
+    }
+}
+
+impl AsRef<RealmRef> for Realm {
+    fn as_ref(&self) -> &RealmRef {
+        RealmRef::new(self.as_str())
+    }
+}
+
+impl ToOwned for RealmRef {
+    type Owned = Realm;
+
+    fn to_owned(&self) -> Self::Owned {
+        Realm(self.0.to_owned())
+    }
+}
+
+impl TryFrom<String> for Realm {
+    type Error = Error;
+
+    fn try_from(s: String) -> Result<Self, Error> {
+        PROXMOX_AUTH_REALM_STRING_SCHEMA.check_constraints(&s)
+            .map_err(|_| format_err!("invalid realm"))?;
+
+        Ok(Self(s))
+    }
+}
+
+impl<'a> TryFrom<&'a str> for &'a RealmRef {
+    type Error = Error;
+
+    fn try_from(s: &'a str) -> Result<&'a RealmRef, Error> {
+        PROXMOX_AUTH_REALM_STRING_SCHEMA.check_constraints(s)
+            .map_err(|_| format_err!("invalid realm"))?;
+
+        Ok(RealmRef::new(s))
+    }
+}
+
+impl PartialEq<str> for Realm {
+    fn eq(&self, rhs: &str) -> bool {
+        self.0 == rhs
+    }
+}
+
+impl PartialEq<&str> for Realm {
+    fn eq(&self, rhs: &&str) -> bool {
+        self.0 == *rhs
+    }
+}
+
+impl PartialEq<str> for RealmRef {
+    fn eq(&self, rhs: &str) -> bool {
+        self.0 == *rhs
+    }
+}
+
+impl PartialEq<&str> for RealmRef {
+    fn eq(&self, rhs: &&str) -> bool {
+        self.0 == **rhs
+    }
+}
+
+/// A complete user id consting of a user name and a realm.
+#[derive(Clone, Debug, Hash)]
+pub struct Userid {
+    data: String,
+    name_len: usize,
+    //name: Username,
+    //realm: Realm,
+}
+
+impl Userid {
+    pub const API_SCHEMA: Schema = StringSchema::new("User ID")
+        .format(&PROXMOX_USER_ID_FORMAT)
+        .min_length(3)
+        .max_length(64)
+        .schema();
+
+    const fn new(data: String, name_len: usize) -> Self {
+        Self { data, name_len }
+    }
+
+    pub fn name(&self) -> &UsernameRef {
+        UsernameRef::new(&self.data[..self.name_len])
+    }
+
+    pub fn realm(&self) -> &RealmRef {
+        RealmRef::new(&self.data[(self.name_len + 1)..])
+    }
+
+    pub fn as_str(&self) -> &str {
+        &self.data
+    }
+
+    /// Get the "backup@pam" user id.
+    pub fn backup_userid() -> &'static Self {
+        &*BACKUP_USERID
+    }
+
+    /// Get the "root@pam" user id.
+    pub fn root_userid() -> &'static Self {
+        &*ROOT_USERID
+    }
+}
+
+lazy_static! {
+    pub static ref BACKUP_USERID: Userid = Userid::new("backup@pam".to_string(), 6);
+    pub static ref ROOT_USERID: Userid = Userid::new("root@pam".to_string(), 4);
+}
+
+impl Eq for Userid {}
+
+impl PartialEq for Userid {
+    fn eq(&self, rhs: &Self) -> bool {
+        self.data == rhs.data && self.name_len == rhs.name_len
+    }
+}
+
+impl From<(Username, Realm)> for Userid {
+    fn from(parts: (Username, Realm)) -> Self {
+        Self::from((parts.0.as_ref(), parts.1.as_ref()))
+    }
+}
+
+impl From<(&UsernameRef, &RealmRef)> for Userid {
+    fn from(parts: (&UsernameRef, &RealmRef)) -> Self {
+        let data = format!("{}@{}", parts.0.as_str(), parts.1.as_str());
+        let name_len = parts.0.as_str().len();
+        Self { data, name_len }
+    }
+}
+
+impl fmt::Display for Userid {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        self.data.fmt(f)
+    }
+}
+
+impl std::str::FromStr for Userid {
+    type Err = Error;
+
+    fn from_str(id: &str) -> Result<Self, Error> {
+        let (name, realm) = match id.as_bytes().iter().rposition(|&b| b == b'@') {
+            Some(pos) => (&id[..pos], &id[(pos + 1)..]),
+            None => bail!("not a valid user id"),
+        };
+
+        PROXMOX_AUTH_REALM_STRING_SCHEMA.check_constraints(realm)
+            .map_err(|_| format_err!("invalid realm in user id"))?;
+
+        Ok(Self::from((UsernameRef::new(name), RealmRef::new(realm))))
+    }
+}
+
+impl TryFrom<String> for Userid {
+    type Error = Error;
+
+    fn try_from(data: String) -> Result<Self, Error> {
+        let name_len = data
+            .as_bytes()
+            .iter()
+            .rposition(|&b| b == b'@')
+            .ok_or_else(|| format_err!("not a valid user id"))?;
+
+        PROXMOX_AUTH_REALM_STRING_SCHEMA.check_constraints(&data[(name_len + 1)..])
+            .map_err(|_| format_err!("invalid realm in user id"))?;
+
+        Ok(Self { data, name_len })
+    }
+}
+
+impl PartialEq<str> for Userid {
+    fn eq(&self, rhs: &str) -> bool {
+        rhs.len() > self.name_len + 2 // make sure range access below is allowed
+        && rhs.starts_with(self.name().as_str())
+        && rhs.as_bytes()[self.name_len] == b'@'
+        && &rhs[(self.name_len + 1)..] == self.realm().as_str()
+    }
+}
+
+impl PartialEq<&str> for Userid {
+    fn eq(&self, rhs: &&str) -> bool {
+        *self == **rhs
+    }
+}
+
+impl PartialEq<String> for Userid {
+    fn eq(&self, rhs: &String) -> bool {
+        self == rhs.as_str()
+    }
+}
+
+proxmox::forward_deserialize_to_from_str!(Userid);
+proxmox::forward_serialize_to_display!(Userid);