Dietmar Maurer
18bd6ba13d
tape: restore_key - always update key, even if there is already an entry
2021-01-21 10:31:49 +01:00
Dietmar Maurer
4dafc513cc
tape: fix file permissions for tape encryptiuon keys
2021-01-21 10:31:49 +01:00
Dietmar Maurer
7acd5c5659
cleanup: remove missleading wording from code docs
2021-01-21 10:31:49 +01:00
Dietmar Maurer
8428063d9e
cleanup: KeyConfig::decrypt - show password hint on error
2021-01-21 10:31:49 +01:00
Dietmar Maurer
f490dda05a
tape: use type Uuid instead of String
2021-01-21 10:31:49 +01:00
Dietmar Maurer
2b191385ea
tape: use specialized encryption key per media-set
2021-01-21 10:31:49 +01:00
Dietmar Maurer
bc228e5eaf
api: add types for UUIDs
2021-01-20 17:16:46 +01:00
Dietmar Maurer
6dd0513546
tape: allocate new media set when pool encryption key changes
2021-01-20 15:43:39 +01:00
Dietmar Maurer
8abe51b71d
improve code docs
2021-01-20 15:43:19 +01:00
Dietmar Maurer
69b8bc3bfa
tape: implemenmt show key
...
Moved API types Kdf and KeyInfo to src/api2/types/mod.rs.
2021-01-20 15:43:19 +01:00
Dietmar Maurer
301b8aa0a5
tape: implement change-passphrase for tape encryption keys
2021-01-20 15:43:19 +01:00
Dietmar Maurer
e5b6c93323
tape: add --kdf parameter to create key api
2021-01-20 15:43:19 +01:00
Dietmar Maurer
9a045790ed
cleanup KeyConfig
2021-01-20 15:43:19 +01:00
Dietmar Maurer
82a103c8f9
add "password hint" to KeyConfig
2021-01-20 15:43:19 +01:00
Thomas Lamprecht
0123039271
ui: tfa: rework removal confirmation dialog
...
present all relevant information about the TFA token to be removed,
so that a user can make a better decision.
Rework layout to match our commonly used style.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-19 19:46:10 +01:00
Thomas Lamprecht
9a0e115a37
ui: tfa view: add userid to TFA data model
...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-19 19:46:10 +01:00
Thomas Lamprecht
867bfc4378
ui: login view: fix missing trailing comma
...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-19 19:46:10 +01:00
Dietmar Maurer
feb1645f37
tape: generate random encryptions keys and store key_config on media
2021-01-19 11:20:07 +01:00
Dietmar Maurer
8ca37d6a65
cleanup: factor out decrypt_key_config
2021-01-19 11:20:07 +01:00
Thomas Lamprecht
ac163a7c18
ui: tfa/totp: fix setting issuer in secret URL
...
it's recommended to set the issuer for both, the get parameter and
the initial issuer label prefix[0].
[0]: https://github.com/google/google-authenticator/wiki/Key-Uri-Format#label
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-18 16:27:02 +01:00
Wolfgang Bumiller
9b6bddb24c
tfa: remove/empty description for recovery keys
...
While the user chosen description is not allowed to be
empty, we do leave it empty for recovery keys, as a "dummy
description" makes little sense...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-18 15:20:39 +01:00
Thomas Lamprecht
f57ae48286
ui: tfa: fix ctime column width
...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-18 14:31:15 +01:00
Wolfgang Bumiller
4cbd7eb7f9
gui: tfa: make description fill the remaining space
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-18 14:06:12 +01:00
Wolfgang Bumiller
310686726a
gui: tfa: show when entries were created
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-18 14:06:12 +01:00
Wolfgang Bumiller
ad5cee1d22
tfa: add 'created' timestamp to entries
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-18 14:06:12 +01:00
Oguz Bektas
bad6e32075
docs: fix typo in client manpage
...
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2021-01-18 13:52:11 +01:00
Wolfgang Bumiller
8ae6d28cd4
gui: enumerate recovery keys and list in 2nd factor window
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-18 13:51:23 +01:00
Wolfgang Bumiller
ca1060862e
tfa: remember recovery indices
...
and tell the client which keys are still available rather
than just yes/no/low
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-18 13:51:23 +01:00
Dietmar Maurer
8a0046f519
tape: implement encrypted backup - simple version
...
This is just a proof of concept, only storing the encryption key fingerprint
inside the media-set label.
2021-01-18 13:38:22 +01:00
Dietmar Maurer
84cbdb35c4
implement FromStr for Fingerprint
2021-01-18 13:38:22 +01:00
Dietmar Maurer
1e93fbb5c1
tape: add encrypt property to media pool configuration
2021-01-18 13:38:22 +01:00
Dietmar Maurer
619554af2b
tape: clear encryption key before writing labels
...
We always write labels unencrypted.
2021-01-18 13:38:22 +01:00
Dietmar Maurer
d5a48b5ce4
tape: add hardware encryption key managenent api
2021-01-18 13:38:22 +01:00
Thomas Lamprecht
4e9cc3e97c
ui: tfa: fix title for removal confirmation
...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-18 13:28:02 +01:00
Thomas Lamprecht
492bc2ba63
ui: tfa/recovery: add print button to key info window
...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-18 10:45:47 +01:00
Thomas Lamprecht
995492100a
ui: tfa/recovery: fix copy button text, add icon
...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-18 10:45:28 +01:00
Thomas Lamprecht
854319d88c
ui: tfa/recovery: disallow to close key info window with ESC
...
to avoid accidental closing it
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-18 10:44:40 +01:00
Thomas Lamprecht
3189d05134
ui: tfa: specify which confirmation password is required
...
Clarify that the password of the user one wants to add TFA too is
required, which is not necessarily the one of the current logged in
user. Use an empty text for that.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-18 10:12:23 +01:00
Thomas Lamprecht
b2a43b987c
ui: tfa totp: whitespace and padding fix
...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-18 10:10:16 +01:00
Thomas Lamprecht
6676409f7f
ui: access: stream line add/edit/.. button order and separators
...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-18 09:33:29 +01:00
Fabian Grünbichler
44de5bcc00
pull: add error context for initial group list call
...
otherwise the user is confronted with a generic error like "permission
check failed" with no indication that it refers to a request made to the
remote PBS instance..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-18 06:51:05 +01:00
Fabian Grünbichler
e2956c605d
pull: rustfmt
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-18 06:50:23 +01:00
Dietmar Maurer
b22b6c2299
tape: encryption scsi command cleanup
2021-01-16 18:24:04 +01:00
Dietmar Maurer
90950c9c20
tape: add scsi commands to control drive hardware encryption
2021-01-16 15:59:05 +01:00
Dietmar Maurer
0c5b9e7820
tape: sgutils2.rs - add do_out_command()
...
Make it possible to run commands that writes data.
2021-01-16 15:59:05 +01:00
Thomas Lamprecht
a9ffa010c8
ui: webauthn config: set default values for unconfigured case
...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-15 16:25:47 +01:00
Thomas Lamprecht
a6a903293b
ui: webauthn config: use ID instead of Id/id
...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-15 16:25:26 +01:00
Wolfgang Bumiller
3fffcb5d77
gui: tfa configuration
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-15 15:19:52 +01:00
Wolfgang Bumiller
a670b99db1
tfa: add webauthn configuration API entry points
...
Currently there's not yet a node config and the WA config is
somewhat "tightly coupled" to the user entries in that
changing it can lock them all out, so for now I opted for
fewer reorganization and just use a digest of the
canonicalized config here, and keep it all in the tfa.json
file.
Experimentally using the flatten feature on the methods with
an`Updater` struct similar to what the api macro is supposed
to be able to derive on its own in the future.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-15 15:19:52 +01:00
Wolfgang Bumiller
aefd74197a
bakckup::manifest: use tools::json for canonical representation
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-15 15:19:52 +01:00