96b7483138
clippy: remove/replace needless explicit lifetimes
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:23:54 +01:00
81281d04a4
clippy: fix/allow identity_op
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:23:54 +01:00
e062ebbc29
clippy: us *_or_else with function calls
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:23:54 +01:00
b92cad0938
clippy: convert single match to if let
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:23:54 +01:00
ea368a06cd
clippy: misc. fixes
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:23:54 +01:00
3f48cdb380
clippy: don't pass along unit value
...
make it explicit. this whole section should probably be re-written with
select!
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:23:54 +01:00
17c7b46a69
clippy: use unwrap_or_default
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:23:54 +01:00
a375df6f4c
clippy: use copied/cloned instead of map
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:23:54 +01:00
a3775bb4e8
clippy: shorten assignments
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:23:54 +01:00
1e0c6194b5
clippy: fix option_as_ref_deref
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:23:54 +01:00
a6bd669854
clippy: use matches!
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:23:54 +01:00
6334bdc1c5
clippy: collapse nested ifs
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:23:54 +01:00
3b82f3eea5
clippy: avoid useless format!
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:23:54 +01:00
38556bf60d
clippy: remove explicit returns
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:23:54 +01:00
d8d8af9826
clippy: use chars / byte string literals
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:23:54 +01:00
3984a5fd77
clippy: is_some/none/ok/err/empty
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:23:54 +01:00
397356096a
clippy: remove needless bool literals
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:23:52 +01:00
365915da9a
clippy: use strip_prefix instead of manual stripping
...
it's less error-prone (off-by-one!)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:22:59 +01:00
87152fbac6
clippy: drop redundant 'static lifetime
...
those declarations are already const/static..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:22:59 +01:00
22a9189ee0
clippy: remove unnecessary closures
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:22:59 +01:00
4428818412
clippy: remove unnecessary clones
...
and from::<T>(T)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:22:59 +01:00
47ea98e0e3
clippy: collapse/rework nested ifs
...
no semantic changes (intended).
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-20 16:22:59 +01:00
6dd0513546
tape: allocate new media set when pool encryption key changes
2021-01-20 15:43:39 +01:00
8abe51b71d
improve code docs
2021-01-20 15:43:19 +01:00
69b8bc3bfa
tape: implemenmt show key
...
Moved API types Kdf and KeyInfo to src/api2/types/mod.rs.
2021-01-20 15:43:19 +01:00
301b8aa0a5
tape: implement change-passphrase for tape encryption keys
2021-01-20 15:43:19 +01:00
e5b6c93323
tape: add --kdf parameter to create key api
2021-01-20 15:43:19 +01:00
9a045790ed
cleanup KeyConfig
2021-01-20 15:43:19 +01:00
82a103c8f9
add "password hint" to KeyConfig
2021-01-20 15:43:19 +01:00
feb1645f37
tape: generate random encryptions keys and store key_config on media
2021-01-19 11:20:07 +01:00
8ca37d6a65
cleanup: factor out decrypt_key_config
2021-01-19 11:20:07 +01:00
9b6bddb24c
tfa: remove/empty description for recovery keys
...
While the user chosen description is not allowed to be
empty, we do leave it empty for recovery keys, as a "dummy
description" makes little sense...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com >
2021-01-18 15:20:39 +01:00
ad5cee1d22
tfa: add 'created' timestamp to entries
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com >
2021-01-18 14:06:12 +01:00
ca1060862e
tfa: remember recovery indices
...
and tell the client which keys are still available rather
than just yes/no/low
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com >
2021-01-18 13:51:23 +01:00
8a0046f519
tape: implement encrypted backup - simple version
...
This is just a proof of concept, only storing the encryption key fingerprint
inside the media-set label.
2021-01-18 13:38:22 +01:00
84cbdb35c4
implement FromStr for Fingerprint
2021-01-18 13:38:22 +01:00
1e93fbb5c1
tape: add encrypt property to media pool configuration
2021-01-18 13:38:22 +01:00
619554af2b
tape: clear encryption key before writing labels
...
We always write labels unencrypted.
2021-01-18 13:38:22 +01:00
d5a48b5ce4
tape: add hardware encryption key managenent api
2021-01-18 13:38:22 +01:00
44de5bcc00
pull: add error context for initial group list call
...
otherwise the user is confronted with a generic error like "permission
check failed" with no indication that it refers to a request made to the
remote PBS instance..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-18 06:51:05 +01:00
e2956c605d
pull: rustfmt
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com >
2021-01-18 06:50:23 +01:00
b22b6c2299
tape: encryption scsi command cleanup
2021-01-16 18:24:04 +01:00
90950c9c20
tape: add scsi commands to control drive hardware encryption
2021-01-16 15:59:05 +01:00
0c5b9e7820
tape: sgutils2.rs - add do_out_command()
...
Make it possible to run commands that writes data.
2021-01-16 15:59:05 +01:00
a670b99db1
tfa: add webauthn configuration API entry points
...
Currently there's not yet a node config and the WA config is
somewhat "tightly coupled" to the user entries in that
changing it can lock them all out, so for now I opted for
fewer reorganization and just use a digest of the
canonicalized config here, and keep it all in the tfa.json
file.
Experimentally using the flatten feature on the methods with
an`Updater` struct similar to what the api macro is supposed
to be able to derive on its own in the future.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com >
2021-01-15 15:19:52 +01:00
aefd74197a
bakckup::manifest: use tools::json for canonical representation
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com >
2021-01-15 15:19:52 +01:00
9ff747ef50
add tools::json for canonical json generation
...
moving this from backup::manifest, no functional changes
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com >
2021-01-15 15:19:52 +01:00
a08a198577
tape: do not abort backup if tape drive does not support tape-alert-flags
2021-01-15 11:43:17 +01:00
6bbe49aa14
access: restrict password changes on @pam realm to superuser
...
for behavior consistency with `update_user`
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com >
2021-01-15 08:49:22 +01:00
5aa1019010
access: limit editing pam credentials to superuser
...
modifying @pam users credentials should be only possible for root@pam,
otherwise it can have unintended consequences.
also enforce the same limit on user creation (except self_service check,
since it makes no sense during user creation)
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com >
2021-01-15 08:49:22 +01:00
