Commit Graph

34 Commits

Author SHA1 Message Date
Dominik Csapak a4d1675513 api2/access: implement term ticket
modeled after pves/pmgs vncticket (i substituted the vnc with term)
by putting the path and username as secret data in the ticket

when sending the ticket to /access/ticket it only verifies it,
checks the privs on the path and does not generate a new ticket

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-07-23 11:55:00 +02:00
Dietmar Maurer bb072ba49c src/api2/access.rs: cleanup 2020-04-18 07:28:25 +02:00
Wolfgang Bumiller f7d4e4b506 switch from failure to anyhow
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-04-17 18:43:30 +02:00
Dietmar Maurer 3fff55b293 src/api2/access/role.rs: new api to list roles 2020-04-17 14:03:24 +02:00
Dietmar Maurer 4f66423fcc src/api2/access/user.rs: add access permissions 2020-04-17 11:04:36 +02:00
Dietmar Maurer 4b40148caa start impl. access permissions 2020-04-16 12:47:16 +02:00
Dietmar Maurer ed3e60ae69 start ACL api 2020-04-13 11:09:44 +02:00
Dietmar Maurer 73b40e9b46 api: correctly sort access subdirmap 2020-04-09 13:34:07 +02:00
Dietmar Maurer 708db4b3ae api: add list_domains 2020-04-09 11:36:45 +02:00
Dietmar Maurer 685e13347e api: move config/user to access/users, implement change_password
To make it similar to the pve api
2020-04-09 10:21:24 +02:00
Dietmar Maurer 7d817b0358 implement auth framework 2020-04-08 14:06:15 +02:00
Wolfgang Bumiller 9ea4bce444 bump proxmox crate to 0.1.7
The -sys, -tools and -api crate have now been merged into
the proxmx crate directly. Only macro crates are separate
(but still reexported by the proxmox crate in their
designated locations).

When we need to depend on "parts" of the crate later on
we'll just have to use features.

The reason is mostly that these modules had
inter-dependencies which really make them not independent
enough to be their own crates.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-01-21 13:48:37 +01:00
Wolfgang Bumiller 41874331ed whitespace fixup
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-11-29 09:52:15 +01:00
Wolfgang Bumiller 2905f2b5e6 update api macro example usage
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-11-29 09:51:27 +01:00
Wolfgang Bumiller 7b6c41078b update api macro invocation to new style
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-11-27 14:19:46 +01:00
Wolfgang Bumiller 6486cb853f first api macro usage test/example
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-11-27 10:05:37 +01:00
Wolfgang Bumiller cad540e969 api/compat: remove remaining api_schema references
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-11-21 14:53:15 +01:00
Wolfgang Bumiller a2479cfa1a api/compat: drop more compat imports from api_schema.rs
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-11-21 14:36:28 +01:00
Dietmar Maurer 552c225948 sort all property lookup tables
Required, because we use binary sreach to find items.
2019-11-21 13:32:09 +01:00
Dietmar Maurer 255f378a1b use const api definitions 2019-11-21 13:32:09 +01:00
Dietmar Maurer 62ee2eb405 avoid some clippy warnings 2019-10-26 11:42:05 +02:00
Wolfgang Bumiller dd5495d6dc tree-wide: use 'dyn' for all trait objects
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-06-07 13:13:48 +02:00
Dietmar Maurer 13f1cc17ea src/api_schema/router.rs: implement list_subdirs() helper 2019-04-16 12:07:02 +02:00
Wolfgang Bumiller 062d4916ff api_schema: allow generic api handler functions
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-04-16 11:22:23 +02:00
Dietmar Maurer f8f94534d4 src/api2/access.rs: authenticate_user() - add ticket login 2019-03-05 12:56:21 +01:00
Dietmar Maurer ef2f2efbcc improve api_schema module structure 2019-02-17 10:16:33 +01:00
Dietmar Maurer dc9a007b11 rename src/api to src/api_schema 2019-02-17 09:59:20 +01:00
Wolfgang Bumiller 1d77b6cf6b update to pam 0.7 (renamed from pam-auth)
It now supports custom conversation methods, so instead of
new() we ask for a default authenticator taking a password
via with_password(). Since the password is now handled by
the now separate conversation handler, `set_credentials()`
is now called on the handler we get via `.get_handler()`.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-02-15 10:34:40 +01:00
Wolfgang Bumiller ace9e3531a access: use proxmox-backup-auth for pam
allows customization via /etc/pam.d/proxmox-backup-auth

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-02-07 13:40:22 +01:00
Dietmar Maurer c82bc1a1f9 depend on pam-auth, use pam for root login
Please use username "root@pam" for login via GUI.
2019-02-01 09:30:50 +01:00
Dietmar Maurer a154a8e8a4 delay unauthorized request (rate limit) 2019-01-31 14:34:21 +01:00
Dietmar Maurer b9903d6331 server/rest.rs: verify auth cookie 2019-01-31 12:22:00 +01:00
Dietmar Maurer 9f49fe1d5d avoid compiler warnings 2019-01-30 18:25:37 +01:00
Dietmar Maurer 34f956bc25 api2/access.rs: add ticket api 2019-01-30 15:16:10 +01:00