1401f4be5f 
					 
					
						
						
							
							privs: allow reading notes with Datastore.Audit  
						
						... 
						
						
						
						they are returned when reading the manifest, which just requires
Datastore.Audit as well. Datastore.Read is for reading backup contents,
not metadata.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-30 16:36:52 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						fdb4416bae 
					 
					
						
						
							
							ui: permission path selector: cbind typeAhead to editable  
						
						... 
						
						
						
						ExtJS throws an exception if 'typeAhead' is true but 'editable' is
false.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
							
						
					 
					
						2020-10-30 16:31:53 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						abe1edfc95 
					 
					
						
						
							
							update d/control  
						
						... 
						
						
						
						Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com > 
						
						
							
						
					 
					
						2020-10-30 16:11:50 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e4a864bd21 
					 
					
						
						
							
							impl From<Authid> for Userid  
						
						... 
						
						
						
						Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com > 
						
						
							
						
					 
					
						2020-10-30 15:19:07 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7a7368ee08 
					 
					
						
						
							
							bump proxmox dependency to 0.7.0 for totp udpates  
						
						... 
						
						
						
						Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com > 
						
						
							
						
					 
					
						2020-10-30 15:19:07 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e707fd2b3b 
					 
					
						
						
							
							ui: Utils: add product specific task descriptions  
						
						... 
						
						
						
						and sort them alphabetically
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com > 
						
						
							
						
					 
					
						2020-10-30 14:05:17 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						625a56b75e 
					 
					
						
						
							
							server/rest: accept also = as token separator  
						
						... 
						
						
						
						Like we do in Proxmox VE
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
							
						
					 
					
						2020-10-30 13:34:26 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6d8a1ac9e4 
					 
					
						
						
							
							server/rest: user constants for HTTP headers  
						
						... 
						
						
						
						Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
							
						
					 
					
						2020-10-30 13:33:36 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						362739054e 
					 
					
						
						
							
							api tokens: add authorization method  
						
						... 
						
						
						
						and properly decode secret (which is a no-op with the current scheme).
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-30 13:15:14 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2762481cc8 
					 
					
						
						
							
							proxmox-backup-manager: add subscription commands  
						
						... 
						
						
						
						Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
							
						
					 
					
						2020-10-30 13:03:58 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						652506e6b8 
					 
					
						
						
							
							api: define subscription module and methods as public  
						
						... 
						
						
						
						Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
							
						
					 
					
						2020-10-30 13:03:58 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						926d253126 
					 
					
						
						
							
							api: define subscription key schema and use it  
						
						... 
						
						
						
						nicer to have the correct regex checked in parameter verification
already
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
							
						
					 
					
						2020-10-30 12:57:14 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1cd951c93e 
					 
					
						
						
							
							proxy: fix warnings  
						
						... 
						
						
						
						Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-30 12:49:43 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3b707fbb8f 
					 
					
						
						
							
							proxy: split out code to run garbage collection job  
						
						
						
						
							
						
					 
					
						2020-10-30 11:01:45 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b15751bf55 
					 
					
						
						
							
							check_schedule cleanup: use &str instead of String  
						
						... 
						
						
						
						This way we can avoid many clone() calls. 
						
						
							
						
					 
					
						2020-10-30 09:49:50 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						82c05b41fa 
					 
					
						
						
							
							proxy: extract commonly used logic for scheduling into new function  
						
						... 
						
						
						
						Signed-off-by: Hannes Laimer <h.laimer@proxmox.com > 
						
						
							
						
					 
					
						2020-10-30 09:49:50 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b8d9079835 
					 
					
						
						
							
							proxy: move prune logic into new file  
						
						... 
						
						
						
						Signed-off-by: Hannes Laimer <h.laimer@proxmox.com > 
						
						
							
						
					 
					
						2020-10-30 09:49:50 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f8a682a873 
					 
					
						
						
							
							ui: user menu: allow changing language while logged in  
						
						... 
						
						
						
						Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
							
						
					 
					
						2020-10-30 09:46:04 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b03a19b6e8 
					 
					
						
						
							
							bump version to 0.9.4-2  
						
						... 
						
						
						
						Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 20:25:37 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						603a6bd183 
					 
					
						
						
							
							d/postinst: followup: grep and sed use different regex escaping ..  
						
						... 
						
						
						
						Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 20:25:37 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						83b039af35 
					 
					
						
						
							
							d/postinst: make more resilient  
						
						... 
						
						
						
						Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 19:58:41 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c9299e76fc 
					 
					
						
						
							
							bump version to 0.9.3-2  
						
						... 
						
						
						
						Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
							
 
						
					 
					
						2020-10-29 17:20:04 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2f1a46f748 
					 
					
						
						
							
							ui: move user, token and permissions into an access control tab panel  
						
						... 
						
						
						
						Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 16:47:18 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2b38dfb456 
					 
					
						
						
							
							d/control: update  
						
						... 
						
						
						
						Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 16:18:40 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f487a622ce 
					 
					
						
						
							
							ui: datastore summary: handle missing snapshot of a types  
						
						... 
						
						
						
						Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:52:53 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						906ef6c5bd 
					 
					
						
						
							
							api2/access/user: fix return type schema  
						
						... 
						
						
						
						Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:20:10 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ea1853a17b 
					 
					
						
						
							
							api2/access/user: drop Option, treat empty Vec as None  
						
						... 
						
						
						
						Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:17:54 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						221177ba41 
					 
					
						
						
							
							fixup hardcoded paths  
						
						... 
						
						
						
						Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:15:17 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						184a37635b 
					 
					
						
						
							
							gui: add API token ACLs  
						
						... 
						
						
						
						and the needed API token selector.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:14:27 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b2da7fbd1c 
					 
					
						
						
							
							acls: allow viewing/editing user's token ACLs  
						
						... 
						
						
						
						even for otherwise unprivileged users.
since effective privileges of an API token are always intersected with
those of their owning user, this does not allow an unprivileged user to
elevate their privileges in practice, but avoids the need to involve a
privileged user to deploy API tokens.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:14:27 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7fe76d3491 
					 
					
						
						
							
							gui: add API token UI  
						
						... 
						
						
						
						Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:14:27 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e6b5bf69a3 
					 
					
						
						
							
							gui: add permissions button to user view  
						
						... 
						
						
						
						Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:14:27 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4615325f9e 
					 
					
						
						
							
							manager: add user permissions command  
						
						... 
						
						
						
						useful for debugging complex ACL setups.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:14:27 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2156dec5a9 
					 
					
						
						
							
							manager: add token commands  
						
						... 
						
						
						
						to generate, list and delete tokens. adding them to ACLs already works
out of the box.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:14:27 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						16245d540c 
					 
					
						
						
							
							tasks: allow unpriv users to read their tokens' tasks  
						
						... 
						
						
						
						and tighten down the return schema while we're at it.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:14:27 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						bff8557298 
					 
					
						
						
							
							owner checks: handle backups owned by API tokens  
						
						... 
						
						
						
						a user should be allowed to read/list/overwrite backups owned by their
own tokens, but a token should not be able to read/list/overwrite
backups owned by their owning user.
when changing ownership of a backup group, a user should be able to
transfer ownership to/from their own tokens if the backup is owned by
them (or one of their tokens).
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:14:27 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						34aa8e13b6 
					 
					
						
						
							
							client/remote: allow using ApiToken + secret  
						
						... 
						
						
						
						in place of user + password.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:14:27 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						babab85b56 
					 
					
						
						
							
							api: add permissions endpoint  
						
						... 
						
						
						
						and adapt privilege calculation to return propagate flag
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:14:27 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6746bbb1a2 
					 
					
						
						
							
							api: allow listing users + tokens  
						
						... 
						
						
						
						since it's not possible to extend existing structs, UserWithTokens
duplicates most of user::User.. to avoid duplicating user::ApiToken as
well, this returns full API token IDs, not just the token name part.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:14:27 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						942078c40b 
					 
					
						
						
							
							api: add API token endpoints  
						
						... 
						
						
						
						beneath the user endpoint.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:14:27 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						c30816c1f8 
					 
					
						
						
							
							REST: extract and handle API tokens  
						
						... 
						
						
						
						and refactor handling of headers in the REST server while we're at it.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:14:27 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e6dc35acb8 
					 
					
						
						
							
							replace Userid with Authid  
						
						... 
						
						
						
						in most generic places. this is accompanied by a change in
RpcEnvironment to purposefully break existing call sites.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:11:39 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e10c5c74f6 
					 
					
						
						
							
							bump proxmox dependency to 0.6.0 for api tokens and tfa  
						
						... 
						
						
						
						Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:11:39 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						f8adf8f83f 
					 
					
						
						
							
							config: add token.shadow file  
						
						... 
						
						
						
						containing pairs of token ids and hashed secret values.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:11:39 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e0538349e2 
					 
					
						
						
							
							api: add Authid as wrapper around Userid  
						
						... 
						
						
						
						with an optional Tokenname, appended with '!' as delimiter in the string
representation like for PVE.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 15:11:39 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0903403ce7 
					 
					
						
						
							
							bump version to 0.9.3-1  
						
						... 
						
						
						
						Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
							
 
						
					 
					
						2020-10-29 14:58:21 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b6563f48ad 
					 
					
						
						
							
							GC: improve task logs  
						
						... 
						
						
						
						Make it more clear that removed files are chunks (not indexes or
something like that, user cannot know that we do not touch them here)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 14:47:39 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						932390bd46 
					 
					
						
						
							
							GC: fix logging leftover bad chunks  
						
						... 
						
						
						
						fixes commit b4fb262335t.lamprecht@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 14:40:29 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6b7688aa98 
					 
					
						
						
							
							ui: datastore: fix sync/verify job removal prompt  
						
						... 
						
						
						
						Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 14:34:31 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ab0cf7e6a1 
					 
					
						
						
							
							ui: drop id field from verify/sync add window  
						
						... 
						
						
						
						the config is shared between multiple datastores with the ID as, well
the unique ID, but we only show those of a single datastore.
So if a user adds a new one with a fixed ID "12345" but a job with
that ID exists already on another store, they get a error about
duplicate IDs, but cannot relate as that duplicate job is not visible
(filtered away)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
							
						
					 
					
						2020-10-29 14:22:43 +01:00