tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
5,651 Commits 2 Branches 54 Tags
36b7085ec2a000eb8526aafbde445d8bbf170515
Commit Graph

88 Commits

Author SHA1 Message Date
Dietmar Maurer
36b7085ec2 rest server: cleanup auth-log handling 
Handle auth logs the same way as access log.
- Configure with ApiConfig
- CommandoSocket command to reload auth-logs "api-auth-log-reopen"

Inside API calls, we now access the ApiConfig using the RestEnvironment.

The openid_login api now also logs failed logins and return http_err!(UNAUTHORIZED, ..)
on failed logins.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 2021-09-21 08:46:41 +02:00
Dietmar Maurer
ba3d7e19fb move user configuration to pbs_config workspace 
Also moved memcom.rs and cached_user_info.rs
 2021-09-10 07:09:04 +02:00
Dietmar Maurer
b65dfff574 cleanup User configuration: use Updater 2021-09-09 13:14:28 +02:00
Dietmar Maurer
8cc3760e74 move acl to pbs_config workspaces, pbs_api_types cleanups 2021-09-09 10:50:08 +02:00
Dietmar Maurer
1cb08a0a05 move token_shadow to pbs_config workspace 
Also moved out crypt.rs (libcrypt bindings) to pbs_tools workspace.
 2021-09-08 14:00:14 +02:00
Dietmar Maurer
2121174827 start new pbs-config workspace 
moved src/config/domains.rs
 2021-09-02 12:58:20 +02:00
Dietmar Maurer
7526d86419 use new atomic_open_or_create_file 
Factor out open_backup_lockfile() method to acquire locks owned by
user backup with permission 0660.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 2021-07-20 18:54:23 +02:00
Wolfgang Bumiller
2b7f8dd5ea move client to pbs-client subcrate 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-07-19 12:58:43 +02:00
Wolfgang Bumiller
4805edc4ec move more tools for the client into subcrates 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-07-19 10:07:12 +02:00
Wolfgang Bumiller
9eb784076c move more helpers to pbs-tools 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-07-19 10:07:12 +02:00
Dominik Csapak
2c0abe9234 Revert "api: access: domains: add ExtraRealmInfo and RealmInfo structs" 
This reverts commit da7ec1d2af.

not necessary, since we have the api in config/access/openid

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-07-12 09:53:07 +02:00
Dominik Csapak
2649c89358 Revert "api: access: domains: add get/create/update/delete domain call" 
This reverts commit 5117cf4f17.

we already have that in api2/config/access

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-07-12 09:53:07 +02:00
Dominik Csapak
5117cf4f17 api: access: domains: add get/create/update/delete domain call 
modeled like our other section config api calls
two drawbacks of doing it this way:
* we have to copy some api properties again for the update call,
  since not all of them are updateable (username-claim)
* we only handle openid for now, which we would have to change
  when we add ldap/ad

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-07-09 15:36:54 +02:00
Dominik Csapak
da7ec1d2af api: access: domains: add ExtraRealmInfo and RealmInfo structs 
these will be used as parameters/return types for the read/create/etc.
calls for realms

for now we copy the necessary attributes (only from openid) since
our api macros/tools are not good enought to generate the necessary
api definitions for section configs

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-07-09 15:36:54 +02:00
Dominik Csapak
0c27d880b0 api: access: domains: add BasicRealmInfo struct and use it 
to have better type safety and as preparation for adding more types

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-07-09 15:36:54 +02:00
Dominik Csapak
923f94a4d7 api: access: openid: add PROXMOX_BACKUP_RUN_DIR_M 
otherwise it does not compile with 'RUSTFLAGS="--cfg openid"'

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-07-09 13:03:32 +02:00
Wolfgang Bumiller
85beb7d875 tree-wide: switch to using mod.rs 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-07-06 12:04:52 +02:00
Fabian Grünbichler
26a3450f19 openid: move helper from config to api2 
it's not really needed in the config module, and this makes it easier to
disable the proxmox-openid dependency linkage as a stop-gap measure.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-07-03 01:52:01 +02:00
Dietmar Maurer
fda19dcc6f fix CachedUserInfo by using a shared memory version counter 2021-06-30 08:54:30 +02:00
Dietmar Maurer
3b7b1dfb8e api: add openid redirect/login API 2021-06-30 08:54:30 +02:00
Dietmar Maurer
bbff6c4968 config: new domains.cfg to configure openid realm 
Or other realmy types...
 2021-06-30 08:54:30 +02:00
Dietmar Maurer
2165f0d450 api: define and use REALM_ID_SCHEMA 2021-06-10 11:10:00 +02:00
Dominik Csapak
a4e871f52c api2/access/user: remove password for @pbs users on removal 
so that their password entry is not left in the shadow.json

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-04-15 08:33:20 +02:00
Thomas Lamprecht
d1d74c4367 typo fixes all over the place 
found and semi-manually replaced by using:
 codespell -L mut -L crate -i 3 -w

Mostly in comments, but also email notification and two occurrences
of misspelled  'reserved' struct member, which where not used and
cargo build did not complain about the change, soo ...

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
 2021-03-10 16:39:57 +01:00
Dietmar Maurer
cf90a369e2 cleanup: rename token_user into auth_id_filter 2021-03-05 08:36:18 +01:00
Dietmar Maurer
043018cfbe doc: fix wrong api method description 2021-02-22 12:10:34 +01:00
Fabian Grünbichler
367c0ff7c6 clippy: allow api functions with many arguments 
some of those can be reduced/cleaned up when we have updater support in
the api macro.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-26 09:54:52 +01:00
Dietmar Maurer
bf78f70885 improve code docs in api2 
Note: API methos should be declared pub, so that they show up in the generated docu.
 2021-01-22 15:57:42 +01:00
Fabian Grünbichler
3984a5fd77 clippy: is_some/none/ok/err/empty 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:23:54 +01:00
Fabian Grünbichler
22a9189ee0 clippy: remove unnecessary closures 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:22:59 +01:00
Fabian Grünbichler
4428818412 clippy: remove unnecessary clones 
and from::<T>(T)

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:22:59 +01:00
Fabian Grünbichler
47ea98e0e3 clippy: collapse/rework nested ifs 
no semantic changes (intended).

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:22:59 +01:00
Wolfgang Bumiller
ad5cee1d22 tfa: add 'created' timestamp to entries 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-18 14:06:12 +01:00
Oguz Bektas
5aa1019010 access: limit editing pam credentials to superuser 
modifying @pam users credentials should be only possible for root@pam,
otherwise it can have unintended consequences.

also enforce the same limit on user creation (except self_service check,
since it makes no sense during user creation)

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
 2021-01-15 08:49:22 +01:00
Wolfgang Bumiller
7ad33e8052 tfa: use UNAUTHORIZED http status in password check 
to trigger our 3s delay in the rest handler

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:13 +01:00
Wolfgang Bumiller
f22dfb5ece tfa: remove tfa user when a user is deleted 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:10 +01:00
Wolfgang Bumiller
4bda51688b tfa: improve user existence check 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
eab25e2f33 tfa: allow deletion of entries of non-existent users 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
759af9f00c tfa api: return types and 'pub' structs/methods 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
f58e5132aa tfa: entry access/iteration cleanup 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
d831846706 tfa: r#type parameter name 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
1fc9ac0433 tfa: _entry api method name suffix consistency 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
027ef213aa api: tfa management and login 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:22:32 +01:00
Fabian Grünbichler
08ac90f920 api: allow tokens to list users 
their owner, or all if they have the appropriate privileges.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2020-12-31 08:29:49 +01:00
Wolfgang Bumiller
9b93c62044 remove unused descriptions from api macros 
these are now a hard error in the api macro

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2020-12-09 10:55:18 +01:00
Dominik Csapak
c0026563b0 make user properties deletable 
by using our usual pattern for the update call

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2020-11-11 14:09:40 +01:00
Wolfgang Bumiller
b59c308219 Vec::new is Vec's default default 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2020-11-06 14:55:34 +01:00
Fabian Grünbichler
0224c3c273 client: properly complete new-owner 
with remote Authids, not local Userids.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2020-11-06 14:54:08 +01:00
Fabian Grünbichler
8b600f9965 api: replace auth_id with auth-id 
in parameters, and fix up the completion for the ACL update parameter.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2020-10-30 16:46:19 +01:00
Wolfgang Bumiller
906ef6c5bd api2/access/user: fix return type schema 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2020-10-29 15:20:10 +01:00