tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
5,296 Commits 2 Branches 54 Tags 14 MiB
1ef6e8b6a7
Commit Graph

66 Commits

Author SHA1 Message Date
Dominik Csapak
a4e871f52c api2/access/user: remove password for @pbs users on removal 
so that their password entry is not left in the shadow.json

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-04-15 08:33:20 +02:00
Thomas Lamprecht
d1d74c4367 typo fixes all over the place 
found and semi-manually replaced by using:
 codespell -L mut -L crate -i 3 -w

Mostly in comments, but also email notification and two occurrences
of misspelled  'reserved' struct member, which where not used and
cargo build did not complain about the change, soo ...

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 2021-03-10 16:39:57 +01:00
Dietmar Maurer
cf90a369e2 cleanup: rename token_user into auth_id_filter 2021-03-05 08:36:18 +01:00
Dietmar Maurer
043018cfbe doc: fix wrong api method description 2021-02-22 12:10:34 +01:00
Fabian Grünbichler
367c0ff7c6 clippy: allow api functions with many arguments 
some of those can be reduced/cleaned up when we have updater support in
the api macro.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-26 09:54:52 +01:00
Dietmar Maurer
bf78f70885 improve code docs in api2 
Note: API methos should be declared pub, so that they show up in the generated docu.
 2021-01-22 15:57:42 +01:00
Fabian Grünbichler
3984a5fd77 clippy: is_some/none/ok/err/empty 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:23:54 +01:00
Fabian Grünbichler
22a9189ee0 clippy: remove unnecessary closures 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:22:59 +01:00
Fabian Grünbichler
4428818412 clippy: remove unnecessary clones 
and from::<T>(T)

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:22:59 +01:00
Fabian Grünbichler
47ea98e0e3 clippy: collapse/rework nested ifs 
no semantic changes (intended).

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:22:59 +01:00
Wolfgang Bumiller
ad5cee1d22 tfa: add 'created' timestamp to entries 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-18 14:06:12 +01:00
Oguz Bektas
5aa1019010 access: limit editing pam credentials to superuser 
modifying @pam users credentials should be only possible for root@pam,
otherwise it can have unintended consequences.

also enforce the same limit on user creation (except self_service check,
since it makes no sense during user creation)

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
 2021-01-15 08:49:22 +01:00
Wolfgang Bumiller
7ad33e8052 tfa: use UNAUTHORIZED http status in password check 
to trigger our 3s delay in the rest handler

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:13 +01:00
Wolfgang Bumiller
f22dfb5ece tfa: remove tfa user when a user is deleted 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:10 +01:00
Wolfgang Bumiller
4bda51688b tfa: improve user existence check 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
eab25e2f33 tfa: allow deletion of entries of non-existent users 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
759af9f00c tfa api: return types and 'pub' structs/methods 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
f58e5132aa tfa: entry access/iteration cleanup 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
d831846706 tfa: r#type parameter name 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
1fc9ac0433 tfa: _entry api method name suffix consistency 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
027ef213aa api: tfa management and login 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:22:32 +01:00
Fabian Grünbichler
08ac90f920 api: allow tokens to list users 
their owner, or all if they have the appropriate privileges.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2020-12-31 08:29:49 +01:00
Wolfgang Bumiller
9b93c62044 remove unused descriptions from api macros 
these are now a hard error in the api macro

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2020-12-09 10:55:18 +01:00
Dominik Csapak
c0026563b0 make user properties deletable 
by using our usual pattern for the update call

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2020-11-11 14:09:40 +01:00
Wolfgang Bumiller
b59c308219 Vec::new is Vec's default default 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2020-11-06 14:55:34 +01:00
Fabian Grünbichler
0224c3c273 client: properly complete new-owner 
with remote Authids, not local Userids.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2020-11-06 14:54:08 +01:00
Fabian Grünbichler
8b600f9965 api: replace auth_id with auth-id 
in parameters, and fix up the completion for the ACL update parameter.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2020-10-30 16:46:19 +01:00
Wolfgang Bumiller
906ef6c5bd api2/access/user: fix return type schema 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2020-10-29 15:20:10 +01:00
Wolfgang Bumiller
ea1853a17b api2/access/user: drop Option, treat empty Vec as None 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2020-10-29 15:17:54 +01:00
Fabian Grünbichler
b2da7fbd1c acls: allow viewing/editing user's token ACLs 
even for otherwise unprivileged users.

since effective privileges of an API token are always intersected with
those of their owning user, this does not allow an unprivileged user to
elevate their privileges in practice, but avoids the need to involve a
privileged user to deploy API tokens.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2020-10-29 15:14:27 +01:00
Fabian Grünbichler
6746bbb1a2 api: allow listing users + tokens 
since it's not possible to extend existing structs, UserWithTokens
duplicates most of user::User.. to avoid duplicating user::ApiToken as
well, this returns full API token IDs, not just the token name part.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2020-10-29 15:14:27 +01:00
Fabian Grünbichler
942078c40b api: add API token endpoints 
beneath the user endpoint.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2020-10-29 15:14:27 +01:00
Fabian Grünbichler
e6dc35acb8 replace Userid with Authid 
in most generic places. this is accompanied by a change in
RpcEnvironment to purposefully break existing call sites.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2020-10-29 15:11:39 +01:00
Dietmar Maurer
b56c111e93 depend on proxmox 0.4.2 2020-09-28 10:50:44 +02:00
Fabian Grünbichler
be3bd0f90b fix #3015: allow user self-service 
listing, updating or deleting a user is now possible for the user
itself, in addition to higher-privileged users that have appropriate
privileges on '/access/users'.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2020-09-18 15:45:11 +02:00
Fabian Grünbichler
3c053adbb5 role api: fix description 
wrongly copy-pasted at some point

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2020-09-18 14:55:00 +02:00
Wolfgang Bumiller
e7cb4dc50d introduce Username, Realm and Userid api types 
and begin splitting up types.rs as it has grown quite large
already

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2020-08-10 12:05:01 +02:00
Wolfgang Bumiller
98c259b4c1 remove timer and lock functions, fix building with proxmox 0.3.2 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2020-08-04 11:33:02 +02:00
Dominik Csapak
2882c881e9 api2/access/acl: add path and exact parameter to list_acl 
so that we can get only a subset of the acls, filtered by the backed
also return the digest here

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2020-05-20 13:44:36 +02:00
Dominik Csapak
12e3895399 api2/access/acl: make update_acl a protected api call 
since we want to set the owner of the acl config to 'root'
which is only possible when using a protected api call

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2020-05-20 13:22:41 +02:00
Dominik Csapak
11b6391c83 add 'exact' parameter to extract_acl_node_data 
so that we can return acls for a single path

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2020-05-20 13:22:10 +02:00
Dominik Csapak
b05672579e api2/roles: change return field of role to roleid 
to be compatible with the pve api
with this, we can reuse the ui parts (RoleSelector)

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2020-05-20 13:21:47 +02:00
Dominik Csapak
5160c0e986 api2/acl: add privs array to roles 
so that an admin can see which roles have which privileges

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2020-05-20 13:21:37 +02:00
Dietmar Maurer
0fafac2492 src/api2/access/user.rs: remove useless description 
The description is not used at all if we refer to a type.
 2020-05-20 11:27:58 +02:00
Dietmar Maurer
7d4e362993 depend on proxmox 0.1.32, src/api2/access/user.rs: simplify code 2020-05-19 12:58:46 +02:00
Dominik Csapak
522c0da0a0 use new 'id_property' for user::User and use it in api calls 
this allows us to return a user::User (or Vec<> of it)
instead of a generic serde value

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2020-05-19 09:33:56 +02:00
Dietmar Maurer
74c08a5782 use reasonable acl paths 2020-04-30 09:30:00 +02:00
Dietmar Maurer
bc0d03885c use proxmox 0.1.25, use new EnumEntry feature 2020-04-29 13:01:24 +02:00
Wolfgang Bumiller
f7d4e4b506 switch from failure to anyhow 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2020-04-17 18:43:30 +02:00
Dietmar Maurer
5972def5ec acl: change path "storage" to "datastore" 2020-04-17 14:15:44 +02:00