Fabian Grünbichler
59af9ca98e
sync: allow sync for non-superusers
...
by requiring
- Datastore.Backup permission for target datastore
- Remote.Read permission for source remote/datastore
- Datastore.Prune if vanished snapshots should be removed
- Datastore.Modify if another user should own the freshly synced
snapshots
reading a sync job entry only requires knowing about both the source
remote and the target datastore.
note that this does not affect the Authid used to authenticate with the
remote, which of course also needs permissions to access the source
datastore.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-11-02 07:10:12 +01:00
Fabian Grünbichler
f1694b062d
fix #2864 : add owner option to sync
...
instead of hard-coding 'backup@pam'. this allows a bit more flexibility
(e.g., syncing to a datastore that can directly be used as restore
source) without overly complicating things.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-11-02 07:08:05 +01:00
Fabian Grünbichler
e4e280183e
privs: add some more comments explaining privileges
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-10-30 16:42:30 +01:00
Fabian Grünbichler
2fc45a97a9
privs: remove PRIV_REMOVE_PRUNE
...
it's not used anywhere, and not needed either until the day we might
implement push syncs.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-10-30 16:42:26 +01:00
Fabian Grünbichler
09f6a24078
verify: introduce & use new Datastore.Verify privilege
...
for verifying a whole datastore. Datastore.Backup now allows verifying
only backups owned by the triggering user.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-10-30 16:36:52 +01:00
Wolfgang Bumiller
221177ba41
fixup hardcoded paths
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-10-29 15:15:17 +01:00
Fabian Grünbichler
2156dec5a9
manager: add token commands
...
to generate, list and delete tokens. adding them to ACLs already works
out of the box.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-10-29 15:14:27 +01:00
Fabian Grünbichler
34aa8e13b6
client/remote: allow using ApiToken + secret
...
in place of user + password.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-10-29 15:14:27 +01:00
Fabian Grünbichler
babab85b56
api: add permissions endpoint
...
and adapt privilege calculation to return propagate flag
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-10-29 15:14:27 +01:00
Fabian Grünbichler
e6dc35acb8
replace Userid with Authid
...
in most generic places. this is accompanied by a change in
RpcEnvironment to purposefully break existing call sites.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-10-29 15:11:39 +01:00
Fabian Grünbichler
f8adf8f83f
config: add token.shadow file
...
containing pairs of token ids and hashed secret values.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-10-29 15:11:39 +01:00
Dietmar Maurer
9e733dae48
send sync job status emails
2020-10-29 12:22:50 +01:00
Thomas Lamprecht
c4a45ec744
document verify job structs
...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-10-28 15:32:28 +01:00
Thomas Lamprecht
5428f5ca29
do verification: always verify if manifest load fails
...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-10-28 14:11:44 +01:00
Dietmar Maurer
1298618a83
move jobstate to server
2020-10-28 07:37:01 +01:00
Hannes Laimer
2ef1b6290f
api proxy: remove old verification scheduling
...
Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
2020-10-21 12:51:35 +02:00
Hannes Laimer
9b2bad7af0
api2: add verification job config endpoint
...
Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
2020-10-21 12:51:35 +02:00
Hannes Laimer
78efafc2d0
rename VERIFY_SCHEDULE_SCHEMA to VERIFICATION_SCHEDULE_SCHEMA
...
Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
2020-10-21 12:51:35 +02:00
Stefan Reiter
0698f78df5
fix #2988 : allow verification after finishing a snapshot
...
To cater to the paranoid, a new datastore-wide setting "verify-new" is
introduced. When set, a verify job will be spawned right after a new
backup is added to the store (only verifying the added snapshot).
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
2020-10-20 10:51:13 +02:00
Fabian Grünbichler
16cdb9563b
completion: fix ACL path completion
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-10-19 15:06:13 +02:00
Wolfgang Bumiller
2081327428
more clippy lints
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-10-15 12:18:34 +02:00
Dylan Whyte
72be0eb189
fix #2847 : api: datastore: change backup owner
...
This adds an api method to change the owner of
a backup-group.
Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
2020-10-14 08:31:17 +02:00
Thomas Lamprecht
41bfd24919
server: add Datastore.Allocate privilege
...
Previously only Datastore.Modify was required for creating a new
datastore.
But, that endpoint allows one to pass an arbitrary path, of which all
parent directories will be created, this can allow any user with the
"Datastore Admin" role on "/datastores" to do some damage to the
system. Further, it is effectively a side channel for revealing the
systems directory structure through educated guessing and error
handling.
Add a new privilege "Datastore.Allocate" which, for now, is used
specifically for the create datastore API endpoint.
Add it only to the "Admin" role.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-10-08 09:12:08 +02:00
Thomas Lamprecht
fddc8aa410
acl: use modified constnamedbitmap macro
...
avoiding the need for reshuffling all bits when a new privilege is
added at the start or in the middle of this definition.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-10-08 09:09:39 +02:00
Thomas Lamprecht
05be0984b4
acl: document Admin and NoAccess a bit
...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-10-06 12:23:22 +02:00
Dietmar Maurer
e64b9f9204
src/tools.rs: make command_output return Vec<u8>
...
And add a new helper to return output as string.
2020-09-30 10:49:20 +02:00
Dominik Csapak
ba20987ae7
client/remote: add support to specify port number
...
this adds the ability to add port numbers in the backup repo spec
as well as remotes, so that user that are behind a
NAT/Firewall/Reverse proxy can still use it
also adds some explanation and examples to the docs to make it clearer
for h2 client i left the localhost:8007 part, since it is not
configurable where we bind to
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-09-30 10:49:20 +02:00
Dietmar Maurer
b56c111e93
depend on proxmox 0.4.2
2020-09-28 10:50:44 +02:00
Hannes Laimer
ccd7241e2f
add verify_schedule field to DataStoreConfig
...
Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
2020-09-18 12:11:55 +02:00
Dominik Csapak
8f2f3dd710
fix #2942 : implement lacp bond mode and bond_xmit_hash_policy
...
this was not yet implemented, should be compatible with pve and the gui
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-09-17 08:36:25 +02:00
Dominik Csapak
85959a99ea
api2/network: add bond-primary parameter
...
needed for 'active-backup' bond mode
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-09-17 08:36:14 +02:00
Dietmar Maurer
6a7be83efe
avoid chrono dependency, depend on proxmox 0.3.8
...
- remove chrono dependency
- depend on proxmox 0.3.8
- remove epoch_now, epoch_now_u64 and epoch_now_f64
- remove tm_editor (moved to proxmox crate)
- use new helpers from proxmox 0.3.8
* epoch_i64 and epoch_f64
* parse_rfc3339
* epoch_to_rfc3339_utc
* strftime_local
- BackupDir changes:
* store epoch and rfc3339 string instead of DateTime
* backup_time_to_string now return a Result
* remove unnecessary TryFrom<(BackupGroup, i64)> for BackupDir
- DynamicIndexHeader: change ctime to i64
- FixedIndexHeader: change ctime to i64
2020-09-15 07:12:57 +02:00
Wolfgang Bumiller
4ea831bfa1
style fixups
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-08-18 08:50:14 +02:00
Fabian Ebner
87c4cb7419
Fix #2926 : parse_iface_attributes: always break on non-{attribitue, comment} token
...
There is no requirement to have at least
a blank line, attribute or comment in between two
interface definitions, e.g.
iface lo inet loopback
iface lo inet6 loopback
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
2020-08-14 06:57:07 +02:00
Dominik Csapak
93bb51fe7e
config/jobstate: replace Job:load with create_state_file
...
it really is not necessary, since the only time we are interested in
loading the state from the file is when we list it, and there
we use JobState::load directly to avoid the lock
we still need to create the file on syncjob creation though, so
that we have the correct time for the schedule
to do this we add a new create_state_file that overwrites it on creation
of a syncjob
for safety, we subtract 30 seconds from the in-memory state in case
the statefile is missing
since we call create_state_file from proxmox-backup-api,
we have to chown the lock file after creating to the backup user,
else the sync job scheduling cannot aquire the lock
also we remove the lock file on statefile removal
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-08-14 06:38:02 +02:00
Dominik Csapak
713b66b6ed
cleanup: replace id from do_sync_job with info from job
...
we already have it inside the job itself
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-08-14 06:36:43 +02:00
Dominik Csapak
77bd2a469c
cleanup: merge endtime into TaskState
...
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-08-14 06:36:19 +02:00
Dominik Csapak
e6263c2662
config: add JobState helper
...
this is intended to be a generic helper to (de)serialize job states
(e.g., sync, verify, and so on)
writes a json file into '/var/lib/proxmox-backup/jobstates/TYPE-ID.json'
the api creates the directory with the correct permissions, like
the rrd directory
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-08-13 11:36:10 +02:00
Wolfgang Bumiller
e7cb4dc50d
introduce Username, Realm and Userid api types
...
and begin splitting up types.rs as it has grown quite large
already
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-08-10 12:05:01 +02:00
Dominik Csapak
1c2f842a98
api2/nodes: add termproxy and vncwebsocket api calls
...
Even though it has nothing to do with vnc, we keep the name of the api
call for compatibility with our xtermjs client.
termproxy:
verifies that the user is allowed to open a console and starts
termproxy with the correct parameters
starts a TcpListener on "localhost:0" so that the kernel decides the
port (instead of trying to rerserving like in pve). Then it
leaves the fd open for termproxy and gives the number as port
and tells it via '--port-as-fd' that it should interpret this
as an open fd
the vncwebsocket api call checks the 'vncticket' (name for compatibility)
and connects the remote side (after an Upgrade) with a local TcpStream
connecting to the port given via WebSocket from the proxmox crate
to make sure that only the client can connect that called termproxy and
no one can connect to an arbitrary port on the host we have to include
the port in the ticket data
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-07-23 12:06:38 +02:00
Thomas Lamprecht
3cfc56f5c2
cached user info: check_privs: print privilege path in error message
...
As else this is really user unfriendly, and it not printing it has no
advantage. If one doesn't wants to leak resource existence they just
need to *always* check permissions before checking if the requested
resource exists, if that's not done one can leak information also
without getting the path returned (as the system will either print
"resource doesn't exists" or "no permissions" respectively)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-07-15 08:55:58 +02:00
Dominik Csapak
cbef49bf4f
remove absolute paths when executing binaries
...
we set the paths manually, so this is ok
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-06-23 07:09:06 +02:00
Dietmar Maurer
fa2bdc1309
src/config/acl.rs: add /system/disks to valid acl paths
2020-06-06 15:48:15 +02:00
Thomas Lamprecht
add5861e8d
typo fixes all over the place
...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-05-30 16:39:08 +02:00
Dominik Csapak
997d7e19fc
config/sync: add SyncJobStatus Struct/Schema
...
contains the config + status
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-05-29 11:29:39 +02:00
Dominik Csapak
2888b27f4c
create SYNC_SCHEDULE_SCHEMA to adapt description for sync jobs
...
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-05-29 11:24:25 +02:00
Dietmar Maurer
3eeba68785
depend on proxmox 0.1.38, use new fs helper functions
2020-05-28 10:06:44 +02:00
Dietmar Maurer
143b654550
src/tools.rs - command_output: add parameter to check exit code
2020-05-27 07:25:39 +02:00
Dietmar Maurer
97fab7aa11
src/tools.rs: new helper to handle command_output (std::process::Output)
2020-05-27 06:53:25 +02:00
Dominik Csapak
de4db62c57
remotes: save passwords as base64
...
to avoid having arbitrary characters in the config (e.g. newlines)
note that this breaks existings configs
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-05-26 12:38:06 +02:00
Dominik Csapak
83fd4b3b1b
remote: try to use Struct for api
...
with a catch: password is in the struct but we do not want it to return
via the api, so we only 'serialize' it when the string is not empty
(this can only happen when the format is not checked by us, iow.
when its returned from the api) and setting it manually to ""
when we return remotes from the api
this way we can still use the type but do not return the password
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-05-26 08:55:07 +02:00
Dominik Csapak
db0c228719
config/remote: add 'name' to Remote struct
...
and use it as section id, like with User
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-05-26 08:48:05 +02:00
Dietmar Maurer
0ed9a2b3ae
src/config/network.rs: implement is_physical_nic() helper
2020-05-24 19:02:35 +02:00
Dietmar Maurer
6f652b1b3a
rename 'job' to 'sync'
2020-05-21 10:29:25 +02:00
Dietmar Maurer
b4900286ce
src/config/jobs.rs: use SectionConfig for jobs
2020-05-21 10:16:35 +02:00
Dominik Csapak
2882c881e9
api2/access/acl: add path and exact parameter to list_acl
...
so that we can get only a subset of the acls, filtered by the backed
also return the digest here
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-05-20 13:44:36 +02:00
Dominik Csapak
1ad9dd08f4
acls: use constnamemap macro for privileges
...
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-05-20 13:21:28 +02:00
Dietmar Maurer
872062ee9f
src/config/datastore.rs_ change prune types from i64 to u64
2020-05-20 13:00:13 +02:00
Dietmar Maurer
67f7ffd0db
src/config/datastore.rs: add prune settings
2020-05-20 11:29:59 +02:00
Dietmar Maurer
dd7a7eae8f
src/bin/proxmox-backup-manager.rs: add completion helper for gc-schedule
2020-05-20 09:42:51 +02:00
Dietmar Maurer
42fdbe5112
src/config/datastore.rs: add gc-schedule property
2020-05-20 08:38:10 +02:00
Dominik Csapak
9c5c383bff
user: create default root user as typed struct
...
we added a userid attribute to the User struct, but missed that we
created the default user without that attribuet via the json! macro
which lead to a runtime panic on the deserialization
by using the struct directly, such errors will be caught by the compiler
in the future
with this change, we can remove the serde_json import here
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-05-20 06:09:08 +02:00
Dominik Csapak
522c0da0a0
use new 'id_property' for user::User and use it in api calls
...
this allows us to return a user::User (or Vec<> of it)
instead of a generic serde value
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-05-19 09:33:56 +02:00
Dominik Csapak
16c75c580b
adapt to changes of SectionConfigPlugin
...
it requires not an Option<String> for the optional id_property
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-05-19 09:28:45 +02:00
Dietmar Maurer
f3a96b2cdb
renamed: src/tools/systemd/parser.rs -> src/tools/systemd/config.rs
2020-05-16 06:32:28 +02:00
Dietmar Maurer
00491c0230
src/tools/systemd/parser.rs: use different setups for service and timer files, code cleanup
2020-05-14 13:55:13 +02:00
Dietmar Maurer
f486e9e50e
add systemd configuration file parser/writer, start job configuration
2020-05-12 13:07:49 +02:00
Dietmar Maurer
65dab0266c
proxmox-backup-manager: add completion helper for port list
2020-05-08 17:28:04 +02:00
Dietmar Maurer
5bef0f43da
src/config/network.rs - check_bridge_ports: correctly check vlan ports
2020-05-08 15:51:47 +02:00
Dietmar Maurer
0f6bdbb01f
src/config/network.rs - write_config: add more consistency checks
2020-05-08 14:31:38 +02:00
Dietmar Maurer
a4ccb46176
src/config/network.rs: avoid duplicate port usage
2020-05-08 11:15:00 +02:00
Dietmar Maurer
80bf084876
src/config/network.rs: do not combine entries
...
It is unclear when and how to write combined entries ...
2020-05-08 10:20:57 +02:00
Dietmar Maurer
db5672e83e
src/config/network.rs: always write bridge_ports and bond_slaves
...
So that we can reliable detect the interface type.
2020-05-08 09:58:03 +02:00
Dietmar Maurer
bab5d18c3d
src/config/network.rs: implement bond_mode
...
and rename bond_slaves to slaves to make it compatible with pve.
2020-05-07 14:07:45 +02:00
Dietmar Maurer
7b22acd0c2
src/config/network.rs: make it compatible with pve
...
and depend on proxmox 0.1.26
2020-05-07 09:28:25 +02:00
Dietmar Maurer
74c08a5782
use reasonable acl paths
2020-04-30 09:30:00 +02:00
Dietmar Maurer
bd88dc4116
cached_config: avoid parsing non-existent files multiple times
2020-04-30 07:04:23 +02:00
Dietmar Maurer
bc0d03885c
use proxmox 0.1.25, use new EnumEntry feature
2020-04-29 13:01:24 +02:00
Dietmar Maurer
b9f2f761bb
avoid problems with missing acl.cfg and user.cfg
2020-04-29 10:40:42 +02:00
Dietmar Maurer
8247db5b39
src/config/acl.rs: introduice privileges and roles for remotes
2020-04-29 07:03:44 +02:00
Dietmar Maurer
dd335b77f5
src/config/acl.rs - fix regression tests
2020-04-28 11:16:15 +02:00
Dietmar Maurer
6f6aa95abb
add Datastore.Backup, Datastore.PowerUser and Datastore.Reader role
2020-04-28 11:07:25 +02:00
Dietmar Maurer
54552dda59
implemnt backup ownership, improve datastore access permissions
2020-04-28 10:22:25 +02:00
Dietmar Maurer
1347b1152d
src/config/cached_user_info.rs - lookup_privs: correctly handle superuser
2020-04-27 13:22:03 +02:00
Dietmar Maurer
d00e1a216f
src/config/acl.rs: introduce more/better datastore privileges
2020-04-27 07:13:50 +02:00
Dietmar Maurer
9c7fe29dfc
src/config/acl.rs: rtename PRTIV_DATASTORE_ALLOCATE to PRIV_DATASTORE_MODIFY
2020-04-27 06:50:35 +02:00
Dietmar Maurer
1ca540a63b
src/config/network.rs: auto-add lo, and implement a few regression tests
2020-04-24 12:57:11 +02:00
Dietmar Maurer
2eefd9aee1
src/config/network.rs: implement network reload, set "changes" attribute
2020-04-24 09:55:46 +02:00
Dietmar Maurer
8a6b86b8a7
src/config/network.rs: use a simple String for comments
2020-04-24 07:46:08 +02:00
Dietmar Maurer
96d9478668
src/config/network/parser.rs: corectly detect vanished interfaces
2020-04-24 07:26:54 +02:00
Dietmar Maurer
5f60a58fd5
src/config/network.rs; support interface comments, cleanups
2020-04-23 15:54:30 +02:00
Dietmar Maurer
659c3be3d5
src/config/network.rs: avoid newline after family options
2020-04-23 11:30:41 +02:00
Dietmar Maurer
5e4e88e83f
src/api2/config/network.rs: implement update/delete for bridge_ports and bond_slaves
2020-04-23 11:21:27 +02:00
Dietmar Maurer
c38b4bb8b2
src/config/network.rs: do not allow to change interface type
2020-04-23 09:43:38 +02:00
Dietmar Maurer
42fbe91a34
src/config/network.rs: parse bond-slaves
2020-04-23 09:31:10 +02:00
Dietmar Maurer
1d9a68c2fc
src/config/network.rs: parse bridge-ports
2020-04-23 09:24:17 +02:00
Dietmar Maurer
02269f3dba
src/config/network.rs: introduce NetworkInterfaceType
2020-04-23 08:45:03 +02:00
Dietmar Maurer
d5ca9bd5df
src/config/network.rs: cleanup (new helper combine_entry)
2020-04-23 07:54:12 +02:00
Dietmar Maurer
02e36d96ad
src/config/network.rs: write changes to interfaces.new
2020-04-23 07:19:29 +02:00
Dietmar Maurer
2c18efd902
src/config/network.rs: use a single mtu setting (instead of mtu_v4 and mtu_v6)
2020-04-23 07:07:14 +02:00
Dietmar Maurer
f1026a5aa9
src/api2/config/network.rs: allow to update 'auto' flag
2020-04-22 16:46:46 +02:00
Dietmar Maurer
3fce3bc36e
src/config/network/parser.rs: parse MTU settings
2020-04-22 13:44:51 +02:00
Dietmar Maurer
f8e7ac686a
src/config/network.rs: only save attriubutes used by configuration method
2020-04-22 12:42:09 +02:00
Dietmar Maurer
df6bb03d0e
src/api2/config/network.rs: improve network api
2020-04-22 10:54:07 +02:00
Dietmar Maurer
e2d940b949
src/config/network/parser.rs: remove debug println
2020-04-22 10:53:26 +02:00
Dietmar Maurer
0c226bc173
src/config/network/helper.rs: fix CIDR regex
2020-04-22 10:52:31 +02:00
Dietmar Maurer
8b57cd4441
src/config/network.rs: remove netmask support
...
rely on cidr instead.
2020-04-22 08:45:13 +02:00
Dietmar Maurer
c357260d09
src/config/network.rs: move type definitions to src/api2/types.rs
2020-04-21 17:25:05 +02:00
Dietmar Maurer
7e02d08cd0
rename ConfigMethod to NetworkConfigMethod
2020-04-21 17:17:57 +02:00
Dietmar Maurer
ca0e534796
src/api2/config/network.rs: start network configuration api
2020-04-21 14:28:26 +02:00
Dietmar Maurer
904e988667
src/config/network.rs: impleement load/save
2020-04-21 12:55:33 +02:00
Dietmar Maurer
3f129233be
src/config/network.rs: add Interface flags 'exists' and 'active'
2020-04-21 11:46:56 +02:00
Dietmar Maurer
a9bb491e35
src/config/network.rs: cleanup autostart flag handling
2020-04-21 11:06:22 +02:00
Dietmar Maurer
1ec7f8a0dd
src/config/network/helper.rs: new helper get_network_interfaces()
2020-04-21 10:32:54 +02:00
Dietmar Maurer
92310d585c
src/config/network.rs: simplify code
2020-04-20 18:10:15 +02:00
Dietmar Maurer
f34d4401f7
src/config/network.rs: read/write /etc/network/interfaces
...
Start implementing a recursive descent parser.
2020-04-20 14:15:57 +02:00
Dietmar Maurer
6e695960ca
src/config/cached_user_info.rs: cache it up to 5 seconds
2020-04-18 08:49:20 +02:00
Dietmar Maurer
a737179eb4
src/config/cached_user_info.rs: new check_privs helper
2020-04-18 08:09:34 +02:00
Wolfgang Bumiller
f7d4e4b506
switch from failure to anyhow
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-04-17 18:43:30 +02:00
Dietmar Maurer
3fff55b293
src/api2/access/role.rs: new api to list roles
2020-04-17 14:03:24 +02:00
Dietmar Maurer
4f66423fcc
src/api2/access/user.rs: add access permissions
2020-04-17 11:04:36 +02:00
Dietmar Maurer
423e656163
src/config/cached_user_info.rs: new helper class
2020-04-16 10:05:16 +02:00
Dietmar Maurer
109d7817cd
src/config/user.rs - cached_config: do not store/return digest
2020-04-15 11:35:57 +02:00
Dietmar Maurer
5354511fd0
src/config/acl.rs: implement cached_config
2020-04-15 11:30:47 +02:00
Dietmar Maurer
8d048af2bf
acl: improve NoAccess handling
2020-04-15 08:11:43 +02:00
Dietmar Maurer
9f4e47dd93
acl update: check path
2020-04-14 17:23:48 +02:00
Dietmar Maurer
68ccdf09a4
src/config/user.rs: implement user config cache
2020-04-14 13:45:45 +02:00
Dietmar Maurer
9765092ede
acl api: implement update
2020-04-14 10:16:49 +02:00
Dietmar Maurer
ed3e60ae69
start ACL api
2020-04-13 11:09:44 +02:00
Dietmar Maurer
a83eab3c4d
acl: use BTreeMap and BTreeSet to avoid sort()
2020-04-12 17:13:53 +02:00
Dietmar Maurer
0815ec7e65
acl: implement roles(), add regression tests.
2020-04-12 13:06:50 +02:00
Dietmar Maurer
5c6cdf9815
add acl config
2020-04-11 12:24:26 +02:00
Dietmar Maurer
579728c641
add user configiguration
2020-04-08 14:06:15 +02:00
Dietmar Maurer
90c5239d46
use SectionConfig from proxmox 0.1.18-1
2020-03-02 12:52:11 +01:00
Dietmar Maurer
b8a192e3b0
src/config/remote.rs: do not serialize empty option
2020-01-31 09:09:24 +01:00
Dietmar Maurer
6afbe1d846
src/config/remote.rs: add fingerprint
2020-01-25 09:49:45 +01:00
Dietmar Maurer
f357390c15
renamed: src/config/remotes.rs -> src/config/remote.rs
...
And use 'remote' instead of 'remotes' everywhere.
2020-01-16 14:32:06 +01:00
Dietmar Maurer
347834df25
src/api2/config: correctly lock files
2020-01-15 11:57:12 +01:00
Dietmar Maurer
d0187a51a9
src/section_config.rs - convert_to_array: optionally add digest
...
datastore::config() -> also return digest
remotes::config() -> also return digest
2020-01-14 12:57:03 +01:00
Dietmar Maurer
7e7b781a18
src/api2/types.rs: also define PASSWORD_FORMAT and use it correctly
2020-01-14 11:32:02 +01:00
Dietmar Maurer
da4a15a351
src/api2/types.rs: define and use PASSWORD_REGEX
2020-01-14 11:22:42 +01:00
Dietmar Maurer
163dc16c0b
src/api2/types.rs: define PROXMOX_AUTH_REALM_SCHEMA and PROXMOX_USER_ID_SCHEMA
...
And try to use nbew schemas with config api...
2020-01-13 14:18:19 +01:00
Dietmar Maurer
8aea35fcff
src/config/*: add #[serde(skip_serializing_if="Option::is_none")] to optinal comment
2020-01-13 12:14:14 +01:00
Dietmar Maurer
454c13edce
src/api2/types.rs: define SINGLE_LINE_COMMENT_SCHEMA
2020-01-13 12:02:13 +01:00
Dietmar Maurer
167971ed49
src/api2/types.rs: define REMOTE_ID_SCHEMA here
2020-01-13 11:47:07 +01:00
Dietmar Maurer
688fbe07a1
cleanup config api, add remotes config cli interface
2020-01-11 10:42:09 +01:00
Dietmar Maurer
9e9bc6525e
src/config/datastore.rs: define DataStoreConfig using api macro
2020-01-11 09:18:42 +01:00
Dietmar Maurer
141304d64e
src/api2/config/remotes.rs: new API to configure remotes
2020-01-10 13:28:15 +01:00
Dietmar Maurer
a81af92f9d
src/section_config.rs: implement generic lookup
2020-01-09 17:35:44 +01:00
Dietmar Maurer
a575320657
src/config/remotes.rs: implement SectionConfig for remote hosts
2020-01-09 14:51:02 +01:00
Thomas Lamprecht
bca9093520
api/ui: datastore: allow to set simple comment
...
for now forbid all control characters[0] in the comment value, the
section config writer cannot cope with newlines in the value, it
writes them out literally, allowing "injection" or breaking the whole
config.
In the webinterface use also a textfield, not a textarea.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-12-19 17:58:01 +01:00
Dietmar Maurer
f74a03da1f
remove tools::getpwnam_ugid, impl. crate::backup::backup_user()
...
And use new nix::unistd::User struct.
2019-12-19 10:20:13 +01:00
Dietmar Maurer
f8ec1473be
src/config/datastore.rs: use backup gid instead of uid
2019-12-18 12:21:44 +01:00
Dietmar Maurer
424766bc3b
src/config/datastore.rs: change file owner/permissions
...
owner(root) => read and write
group(backup) => read only
2019-12-18 10:41:58 +01:00
Oguz Bektas
c07b458cac
datastore: set correct owner on datastore.cfg
...
since manager runs as root, we have to specify backup:root owner while
saving config.
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2019-12-17 16:59:10 +01:00
Wolfgang Bumiller
cad540e969
api/compat: remove remaining api_schema references
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-11-21 14:53:15 +01:00
Dietmar Maurer
255f378a1b
use const api definitions
2019-11-21 13:32:09 +01:00
Wolfgang Bumiller
91640ab567
src/config: style fixup
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-08-21 14:11:07 +02:00
Wolfgang Bumiller
928650c4eb
src/config: use statement cleanup
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-08-21 14:10:50 +02:00
Dietmar Maurer
e18a6c9ee5
update to nix 0.14, use code from proxmox:tools
2019-08-03 13:05:38 +02:00
Dietmar Maurer
496a67846f
src/cli/command.rs: pass parsed parameters to completion function
2019-03-12 14:39:51 +01:00
Dietmar Maurer
ef2f2efbcc
improve api_schema module structure
2019-02-17 10:16:33 +01:00
Dietmar Maurer
dc9a007b11
rename src/api to src/api_schema
2019-02-17 09:59:20 +01:00
Dietmar Maurer
aada2a9719
config/datastore.rs: remove unused code
2019-02-16 10:10:45 +01:00
Dietmar Maurer
d11594db4c
config/datastore.rs: return empty config if file does not exist
2019-02-16 10:06:08 +01:00
Dietmar Maurer
9b50c16103
section_config.rs: simplify parser by using new try_block macro
2019-02-15 12:13:15 +01:00
Dietmar Maurer
728797d0c1
reduce compiler warnings
2019-01-18 16:50:15 +01:00
Dietmar Maurer
244d9b17a8
bin/proxmox-backup-client.rs: implement file name completions - first try ...
2019-01-17 14:24:20 +01:00
Dietmar Maurer
a27a3ee4ba
avoid compiler warnings
2018-12-16 13:57:59 +01:00
Dietmar Maurer
e3d40bb8cd
complete_datastore_name: write more compact code
2018-12-12 12:41:59 +01:00
Dietmar Maurer
30d2e99c77
implement completion functions
2018-12-12 12:19:26 +01:00
Dietmar Maurer
f12f8ff1a6
implement tools::file_set_contents
2018-12-09 16:37:48 +01:00
Dietmar Maurer
652c11900d
api3/config/datastore.rs: impl create
2018-12-09 12:51:31 +01:00
Dietmar Maurer
6349ed60b4
config/datastore.rs - open file for reading
2018-12-09 10:22:39 +01:00
Dietmar Maurer
567713b4c3
rename data_store to datastore
2018-12-08 14:51:08 +01:00
Dietmar Maurer
6ce50400c5
cleanup api3 structure
2018-12-08 14:44:55 +01:00
Dietmar Maurer
678d72df6b
add data_store configuration
2018-12-08 13:58:45 +01:00