tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
6,130 Commits 2 Branches 54 Tags
48fcee6a50f4bb08c5ecf89a8c5e6b9ebc5ab058
Commit Graph

1301 Commits

Author SHA1 Message Date
Fabian Grünbichler
47ea98e0e3 clippy: collapse/rework nested ifs 
no semantic changes (intended).

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:22:59 +01:00
Dietmar Maurer
69b8bc3bfa tape: implemenmt show key 
Moved API types Kdf and KeyInfo to src/api2/types/mod.rs.
 2021-01-20 15:43:19 +01:00
Dietmar Maurer
301b8aa0a5 tape: implement change-passphrase for tape encryption keys 2021-01-20 15:43:19 +01:00
Dietmar Maurer
e5b6c93323 tape: add --kdf parameter to create key api 2021-01-20 15:43:19 +01:00
Dietmar Maurer
9a045790ed cleanup KeyConfig 2021-01-20 15:43:19 +01:00
Dietmar Maurer
82a103c8f9 add "password hint" to KeyConfig 2021-01-20 15:43:19 +01:00
Dietmar Maurer
feb1645f37 tape: generate random encryptions keys and store key_config on media 2021-01-19 11:20:07 +01:00
Wolfgang Bumiller
ad5cee1d22 tfa: add 'created' timestamp to entries 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-18 14:06:12 +01:00
Dietmar Maurer
8a0046f519 tape: implement encrypted backup - simple version 
This is just a proof of concept, only storing the encryption key fingerprint
inside the media-set label.
 2021-01-18 13:38:22 +01:00
Dietmar Maurer
1e93fbb5c1 tape: add encrypt property to media pool configuration 2021-01-18 13:38:22 +01:00
Dietmar Maurer
d5a48b5ce4 tape: add hardware encryption key managenent api 2021-01-18 13:38:22 +01:00
Wolfgang Bumiller
a670b99db1 tfa: add webauthn configuration API entry points 
Currently there's not yet a node config and the WA config is
somewhat "tightly coupled" to the user entries in that
changing it can lock them all out, so for now I opted for
fewer reorganization and just use a digest of the
canonicalized config here, and keep it all in the tfa.json
file.

Experimentally using the flatten feature on the methods with
an`Updater` struct similar to what the api macro is supposed
to be able to derive on its own in the future.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-15 15:19:52 +01:00
Oguz Bektas
6bbe49aa14 access: restrict password changes on @pam realm to superuser 
for behavior consistency with `update_user`

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
 2021-01-15 08:49:22 +01:00
Oguz Bektas
5aa1019010 access: limit editing pam credentials to superuser 
modifying @pam users credentials should be only possible for root@pam,
otherwise it can have unintended consequences.

also enforce the same limit on user creation (except self_service check,
since it makes no sense during user creation)

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
 2021-01-15 08:49:22 +01:00
Fabian Grünbichler
89e9134a3f hyper: use new hyper::upgrade 
the old Body::on_upgrade method is no more

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-14 16:01:33 +01:00
Fabian Grünbichler
7c66701366 tokio 1.0: use ReceiverStream from tokio-stream 
to wrap a Receiver in a Stream. this will likely move back into tokio
proper once we have a std Stream..

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-14 16:01:33 +01:00
Fabian Grünbichler
585e90c0de tokio: adapt to 1.0 process:Child changes 
Child itself is no longer a Future, but it has a new wait() async fn
that does the same thing

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-14 16:01:33 +01:00
Dietmar Maurer
781da7f6f0 tape: add --inventorize flag to read-label API/CLI 2021-01-14 11:51:23 +01:00
Dietmar Maurer
8446fbca85 tape: rename changer_id to label_text 2021-01-13 13:26:59 +01:00
Dietmar Maurer
0bce2118e7 tape: improve docu 2021-01-12 16:37:23 +01:00
Dietmar Maurer
6543214dde tape: MediaListEntry - add ctime 2021-01-12 12:01:21 +01:00
Dietmar Maurer
5654d8ceba tape: make eject/export more reliable, improve logging 2021-01-12 09:16:16 +01:00
Dietmar Maurer
31cf625af5 tape: improve backup logs 2021-01-11 13:23:12 +01:00
Wolfgang Bumiller
ad0ed40a59 api: return "invalid" as CSRF token for partial tickets 
So that old clients don't `unwrap` a `None` value.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:13 +01:00
Wolfgang Bumiller
7ad33e8052 tfa: use UNAUTHORIZED http status in password check 
to trigger our 3s delay in the rest handler

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:13 +01:00
Wolfgang Bumiller
f22dfb5ece tfa: remove tfa user when a user is deleted 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:10 +01:00
Wolfgang Bumiller
4bda51688b tfa: improve user existence check 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
eab25e2f33 tfa: allow deletion of entries of non-existent users 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
759af9f00c tfa api: return types and 'pub' structs/methods 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
f58e5132aa tfa: entry access/iteration cleanup 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
d831846706 tfa: r#type parameter name 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
1fc9ac0433 tfa: _entry api method name suffix consistency 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
027ef213aa api: tfa management and login 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:22:32 +01:00
Dietmar Maurer
6638c034d2 tape: remove unused eject_on_unload method 2021-01-10 16:20:18 +01:00
Dietmar Maurer
483da89d03 tape: improve export media to directly export from drive, add CLI 2021-01-10 13:44:44 +01:00
Dietmar Maurer
edb90f6afa tape: backup - implement export-media-set option 2021-01-10 11:59:55 +01:00
Dietmar Maurer
6fe16039b9 tape: simplify media changer implementation - new struct MtxMediaChanger 2021-01-10 10:02:01 +01:00
Dietmar Maurer
42967bf185 tape: backup - implement --eject-media option 2021-01-09 15:17:03 +01:00
Dietmar Maurer
7273ba3de2 tape: change default media set naming template to "%c" 2021-01-09 10:51:51 +01:00
Dietmar Maurer
0bf1c314da tape: show catalog status in media list 2021-01-09 10:24:48 +01:00
Dietmar Maurer
df69a4fc59 tape: implement drive clean 2021-01-08 11:32:56 +01:00
Dietmar Maurer
46a1863f88 tape: improve MediaChange trait 
We expose the whole MtxStatus, and we can load/store from/to
specified slot numbers.
 2021-01-07 14:26:43 +01:00
Dietmar Maurer
d5035c5600 tape: mtx_status - consider new export-slots property 2021-01-06 11:53:33 +01:00
Dietmar Maurer
38ae42b11a tape: changer - add export-slot config 2021-01-06 11:06:50 +01:00
Dietmar Maurer
b40ab10d38 tape: add volume_mounts and medium_passes to LinuxDriveAndMediaStatus 2021-01-05 13:43:17 +01:00
Dietmar Maurer
470f1c798a tape: status - show thape alert flags 2021-01-04 13:15:30 +01:00
Dietmar Maurer
cfae8f0656 tape: merge MediaStateDatabase into Inventory 2021-01-01 16:15:13 +01:00
Dietmar Maurer
54f4ecd46a tape: implement MediaPool flag to consider offline media 
For standalone tape drives.
 2021-01-01 10:03:59 +01:00
Dietmar Maurer
b9b4b31284 tape: add basic restore api/command 2020-12-31 10:26:48 +01:00
Fabian Grünbichler
08ac90f920 api: allow tokens to list users 
their owner, or all if they have the appropriate privileges.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2020-12-31 08:29:49 +01:00