Wolfgang Bumiller
ab6cd4229b
pxar: skip write_attr_fd if they are equal
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-02-09 13:09:00 +01:00
Wolfgang Bumiller
9213744ecb
fix #3026 : pxar: metadata: apply flags _after_ updating mtime
...
otherwise we'll fail to update the mtime of immutable files
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-02-09 13:08:49 +01:00
Dominik Csapak
afcf8b3ed6
api2/tape/drive: add missing locks for some drive actions
...
else a backup/restore can easily be disrupted
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-02-09 08:46:03 +01:00
Fabian Grünbichler
15d2c7786e
client: move test output files to target/testout
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-02-08 09:52:16 +01:00
Dietmar Maurer
fbf8779388
doc: improve pmt/pmtx manual pages
2021-02-06 16:50:56 +01:00
Dietmar Maurer
ced7838de4
tape: fix path for test files
2021-02-06 09:32:50 +01:00
Fabian Grünbichler
2f26b8668a
client: track key source, print when used
...
to avoid confusing messages about using encryption keys when restoring
plaintext backups, or about loading master keys when they are not
actually used for the current operation.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-02-06 09:07:31 +01:00
Fabian Grünbichler
9432838914
client: refactor crypto_parameter handling
...
pull out the crypt-mode to logically group arms and make the whole mess
a bit more "human-parsable".
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-02-06 09:06:28 +01:00
Fabian Grünbichler
1a89a7794e
client: extend tests for master key handling
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-02-06 09:05:01 +01:00
Fabian Grünbichler
c0a87c12fb
client: allow passing specific master key
...
it's needed for PVE's LXC integration, and might be interesting for
other more special usage scenarios as well.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-02-06 09:04:42 +01:00
Fabian Grünbichler
c6a7ea0a2f
client: refactor keyfile_parameters
...
no semantic changes intended
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-02-06 09:03:03 +01:00
Fabian Grünbichler
5bb057e5a2
client: add test for keyfile_parameters
...
this will get more complex soon, so add test to document current
behaviour.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-02-06 08:58:15 +01:00
Fabian Grünbichler
2924b37d6d
key: rustfmt module
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-02-06 08:56:19 +01:00
Fabian Grünbichler
42c0f784e2
key: add show-master-pubkey command
...
and print public key when generating/importing..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-02-06 08:55:21 +01:00
Fabian Grünbichler
05f17d1ec4
key: make 'default' master key explicit
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-02-06 08:52:11 +01:00
Dominik Csapak
f197c286d5
tape/inventory: fix missing parameter in error message
...
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-02-05 16:12:18 +01:00
Dietmar Maurer
4c209d6b10
install pmt binary
2021-02-05 12:42:20 +01:00
Dietmar Maurer
25aa55b5f5
tape: correctly lock the tape device
2021-02-05 10:50:21 +01:00
Dietmar Maurer
cdf39e62b3
tape: MediaPool - replace use_offline_media with changer_name
...
This way, we can improve location_is_available, because we only
consider media from that changer as available.
2021-02-04 10:15:18 +01:00
Dietmar Maurer
b81e37f6ab
tape: improve code reuse
2021-02-04 09:39:16 +01:00
Dietmar Maurer
ddebbb52fd
tape: fix tests for BlockedReader
2021-02-04 08:54:54 +01:00
Dietmar Maurer
983e929e25
tape: add multi volume reader/writer implementations
...
We currently do not use it. Added anaways, to show the possibility.
2021-02-04 08:36:35 +01:00
Dietmar Maurer
f47e035721
tape: cleanup - move tape file readers/writers into src/tape/file_formats folder
2021-02-04 07:59:37 +01:00
Dietmar Maurer
a80d72f999
tape: allow to abort restore tasks
2021-02-04 07:05:43 +01:00
Dietmar Maurer
8de9a9917f
cleanup: use task_log macro
2021-02-04 06:55:18 +01:00
Wolfgang Bumiller
fa016c1697
HttpsConnector: use hostname instead of URL again
...
fixes connecting to hosts with valid certificates without a
pinned fingerprint
this was accidentally changed in the tokio-1.0 updates
apparently
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: 0f860f712f
("tokio 1.0: update to new tokio-openssl interface")
2021-02-03 15:18:18 +01:00
Dietmar Maurer
7d2c156eb1
tape: BlockedReader - always consume EOF
2021-02-03 13:25:59 +01:00
Dietmar Maurer
b22e8c3632
tape: add media pool regression tests
2021-02-03 10:23:04 +01:00
Dietmar Maurer
7929292618
tape: add regresion test for media state
2021-02-03 09:34:31 +01:00
Dietmar Maurer
0d4e4cae7f
tape: improve pmt command line completion
2021-02-03 08:54:12 +01:00
Dominik Csapak
50a4797fb1
api2/types/tape/media: add media_set_ctime to MediaContentEntry
...
to be able to better sort in the ui
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-02-02 14:45:54 +01:00
Dietmar Maurer
cc2a0b12f8
test: define tape tests as submodule
2021-02-02 14:38:15 +01:00
Dietmar Maurer
988e8de122
tape: set correct ownership on lock file
2021-02-02 14:18:57 +01:00
Dietmar Maurer
2f8809c6bc
test: src/tape/inventory.rs - avoid chown when running tests
2021-02-02 13:43:16 +01:00
Dietmar Maurer
8937c65951
tape: add pmt stoptions/stsethoptions/stclearoptions
2021-02-02 08:58:02 +01:00
Dietmar Maurer
6c6ad82d90
tape: add pmt setblk
2021-02-02 07:19:54 +01:00
Dietmar Maurer
d0f11b66f7
thape: add read_tapedev_options, display driver options with status command
2021-02-02 06:40:40 +01:00
Dietmar Maurer
ca953d831f
cleanup: remove MT_ST_ prefix from SetDrvBufferOptions
2021-02-01 17:54:53 +01:00
Fabian Grünbichler
01c023d50f
paperkey: rustfmt
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-02-01 17:05:40 +01:00
Fabian Grünbichler
c2113a405e
paperkey: simplify block generation
...
the chunk-iterator already does exactly what we want here..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-02-01 17:05:32 +01:00
Fabian Grünbichler
5dae81d199
paperkey: allow RSA keys without passphrase
...
some users might want to store the plain version of their master key for
long-term storage and rely on physical security instead of a passphrase
to protect the paper key.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-02-01 17:05:22 +01:00
Wolfgang Bumiller
6248e51797
change half-ticket time range from -120..240 to -60..600
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-02-01 15:13:11 +01:00
Dietmar Maurer
19e4a36c70
tape: do not use drive.open() within pmt
...
Do not fail if no media is loaded. Inportant for load command.
2021-02-01 12:39:50 +01:00
Dietmar Maurer
90769e5694
tape: add pmt lock/unlock
2021-02-01 12:18:55 +01:00
Dietmar Maurer
b8cbe5d65b
tape: fix tape alert flag decoding
2021-02-01 12:18:55 +01:00
Dietmar Maurer
d690d14568
tape: add pmt bsr/fsr
2021-02-01 10:39:04 +01:00
Dietmar Maurer
85ef624440
tape: add pmt asf
2021-02-01 10:32:21 +01:00
Dietmar Maurer
e995996290
tape: pmt - fix count parameter schema
2021-02-01 10:21:25 +01:00
Dietmar Maurer
8e6ad4301d
tape: add pmt fsfm/bsfm, pass count as arg_param
2021-02-01 10:18:18 +01:00
Dominik Csapak
1399c592d1
garbage_collection: only ignore 'missing chunk' errors
...
with the fix for #2909 (improving handling missing chunks), we
changed from bailing to warning during a garbage collection when
updating the atime of a chunk.
but, updating the atime can not only fail when the chunk is missing,
but also on other occasions, e.g. no permissions or more importantly,
no space left on the device. in that case, the atime of a valid and used
chunk cannot be updated, and the second sweep of the gc will remove that chunk.
[0] is a real world example of that happening.
instead, only warn on really missin chunks, and bail on all other
errors.
0: https://forum.proxmox.com/threads/pbs-server-full-two-days-later-almost-empty.83274/
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-02-01 09:18:59 +01:00
Dietmar Maurer
9883b54cba
tape: remove drive from pool config
2021-02-01 09:14:28 +01:00
Dietmar Maurer
83b8949a98
tape: add pmt weof
2021-01-31 17:33:07 +01:00
Dietmar Maurer
28f60e5291
cleanup: avoid compiler warnings
2021-01-31 17:02:55 +01:00
Dietmar Maurer
1f31d06f48
tape: add pmt bsf
2021-01-31 17:00:15 +01:00
Dietmar Maurer
2f2e83c890
tape: add pmt fsf
2021-01-31 16:54:16 +01:00
Dietmar Maurer
b22c618734
tape: add pmt erase
2021-01-31 16:34:10 +01:00
Dietmar Maurer
1e041082bb
tape: add pmt command line tool
...
Experimental, not installed by now.
2021-01-31 16:19:53 +01:00
Dietmar Maurer
b5b99a52cd
tape: API type cleanup, use serde flatten to derive types
2021-01-30 09:36:54 +01:00
Dietmar Maurer
9586ce2f46
tape: move scan_drives API code to correct file
2021-01-30 08:03:17 +01:00
Dietmar Maurer
c297835b01
tape: proxmox-tape - use API instead of direct functions calls
2021-01-29 11:49:11 +01:00
Dietmar Maurer
e68269fcaf
tape: proxmox-tape inventory: call API
2021-01-29 11:21:57 +01:00
Dietmar Maurer
5243df4712
tape: proxmox-tape - use API instead of direct functions calls
2021-01-29 10:50:11 +01:00
Dietmar Maurer
4470eba551
cleanup: factor out common client code to view task log/result
2021-01-29 10:10:04 +01:00
Dietmar Maurer
1f2c4713ef
tape: improve backup task abort behaviour
2021-01-29 09:23:39 +01:00
Dietmar Maurer
a6c16894ff
worker_task: log something when we receive an abort request
2021-01-29 09:22:37 +01:00
Dietmar Maurer
271764deb9
tape: make it possible to abort tape backup tasks (check_abort)
...
Also use task_log makro instead of worker.log.
2021-01-29 09:07:55 +01:00
Dietmar Maurer
52f7a73009
display_task_log: make it possible to abort tasks with CTRL-C
2021-01-29 09:06:15 +01:00
Dominik Csapak
bdb6e6b83f
api2/reader: asyncify the reader worker task
...
this way, the code is much more readable
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-29 06:59:25 +01:00
Dietmar Maurer
41dacd5d3d
tape: use worker task for eject-media api
2021-01-28 16:49:08 +01:00
Dietmar Maurer
eb1dfb02b5
tape: proxmox-tape - use api for erase-media and rewind
2021-01-28 16:36:10 +01:00
Dietmar Maurer
bdb62b20a3
tape: media_pool config api - set protected flags where required
2021-01-28 15:42:32 +01:00
Dietmar Maurer
f2ca03d7d0
cleanup: avoid compiler warning
2021-01-28 15:32:21 +01:00
Dominik Csapak
00ac86c31b
tape/drive/linux_tape: fix and refactor usage of sg-tape-cmd
...
when executing this code as non-root, we use sg-tape-cmd (a setuid binary)
to execute various ioctls on the tape device
we give the command the open tape device fd as stdin, but did not
dup it, so the std::process:Stdio handle closed it on drop,
which let subsequent operation on that file fail (since it was closed)
fix it by dup'ing it before giving it to the command, and also refactor
the calling code, so that we do not forget to do this
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-28 15:24:32 +01:00
Dominik Csapak
627d000098
tape: change changer-drive-id to changer-drivenum
...
because it changed in the config
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-28 15:11:22 +01:00
Dominik Csapak
4be4736603
tape/changer: refactor marking of import/export slots from config
...
we did this for 'mtx', but missed it for the sg_pt_changer code
refactor it into the MtxStatus strut, and call it from both
code paths
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-28 15:10:55 +01:00
Dominik Csapak
2da7aca8e8
tape/changer: add vendor/model to DriveStatus
...
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-28 15:10:31 +01:00
Dominik Csapak
b03ec281bf
api2/config/{drive, changer}: prevent adding same device multiple times
...
this check is not perfect since there are often multiple device
nodes per drive/changer, but from the scan api we should return always
the same, so for an api user this should be enough
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-28 15:03:56 +01:00
Dominik Csapak
cef4654ff4
api2/tape/drive: change methods of some api calls from put to get
...
makes more sense to have retrieving api calls as get instead of put
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-28 15:02:52 +01:00
Dominik Csapak
f45dceeb73
api2/tape/drive: add load_media as api call
...
code was already there, just add it as api call
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-28 15:02:13 +01:00
Dominik Csapak
18262a88c9
api2/tape/changer: add changer filter to list_drives api call
...
so that an api user can get the drives belonging to a changer
without having to parse the config listing themselves
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-28 15:01:41 +01:00
Dietmar Maurer
87f4be7998
tape: use api to run proxmox-tape backup
2021-01-28 14:56:42 +01:00
Dietmar Maurer
d737adc6be
tape: rename changer_drive_id to changer_drivenum
2021-01-28 11:29:59 +01:00
Dominik Csapak
5fdaecf6f4
api2/tape/drive: reorganize drive api
...
similar to the changers, create a listing at /tape/drive and put
the specific api calls below that
move the scan api call up one level
remove the status info from the config listing
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-28 11:15:17 +01:00
Dominik Csapak
d8792b88ef
api2/types/tape/drive: add changer_drivenum
...
so that an api user can see which drive belongs to which drivenum of a changer
for ones with multiple drives
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-28 11:14:28 +01:00
Dietmar Maurer
651a61f559
pmtx: implement scan command
2021-01-27 12:40:51 +01:00
Dietmar Maurer
89ccb125d1
tape: use 36 byte Inquiry (recommended size)
2021-01-27 12:35:28 +01:00
Dietmar Maurer
887f1cb90c
cleanup: move scan changers API implementation
2021-01-27 09:58:16 +01:00
Dietmar Maurer
16b4d78400
tape: rename retry_command to execute_scsi_command, make retry a flag
2021-01-27 09:34:24 +01:00
Dietmar Maurer
ec8d9c6b80
tape: repeat changer scsi command until successful
2021-01-27 08:59:10 +01:00
Dietmar Maurer
49c2d1dcad
sgutils2: use sg_get_asc_ascq_str to produce error messages
2021-01-27 06:56:11 +01:00
Dietmar Maurer
d0f51651f9
sgutils2: add ASC codes from tandeberg docs
2021-01-26 18:54:08 +01:00
Dietmar Maurer
481ccf16a5
sgutils2: further improve error messages
2021-01-26 15:19:43 +01:00
Dietmar Maurer
a223458753
sgutils2: support RequestSense Descriptor format
2021-01-26 13:38:16 +01:00
Dominik Csapak
e1740f3f01
tape/changer/mtx: add mtx parser test
...
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-26 12:51:26 +01:00
Dominik Csapak
740dc9d1d4
api2/tape/changer: reorganize api
...
add a changer listing here (copied from api2/config/changer)
and put the status and transfer api calls below that
puts the changer scan into the top level tape api
and removes the (now redundant) info from the config api path
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-26 12:47:34 +01:00
Dominik Csapak
bbf01b644c
tape: fix typos
...
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-26 12:39:54 +01:00
Dietmar Maurer
c81c46c336
sgutils2: improve error messages
2021-01-26 12:24:58 +01:00
Dietmar Maurer
c3747b93c8
tape: add new command line tool "pmtx"
...
Also improve sgutil2 error reporting
2021-01-26 11:57:15 +01:00
Dominik Csapak
6864fd0149
server/worker_task: improve newline handling in upid_read_status
...
improves upid_read_status with:
* ignore multiple newlines at the end
* remove all code that could panic (array index access)
the one place where we access with '[pos+1..]' is ok since
we explicitely test the len of the vector, this is done to
let rust optimize away the range checks, so it cannot panic
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2021-01-26 10:48:15 +01:00
Wolfgang Bumiller
340c0bf9e3
pxar: don't clone patterns unnecessarily
...
The options struct has no Drop handler and is passed by-move
so we can partially move out of it.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-26 10:24:18 +01:00
Fabian Grünbichler
4d104cd4d8
clippy: more misc fixes
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-26 09:54:55 +01:00
Fabian Grünbichler
367c0ff7c6
clippy: allow api functions with many arguments
...
some of those can be reduced/cleaned up when we have updater support in
the api macro.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-26 09:54:52 +01:00
Fabian Grünbichler
9c26a3d61a
verify: factor out common parameters
...
all the verify methods pass along the following:
- task worker
- datastore
- corrupt and verified chunks
might as well pull that out into a common type, with the added bonus of
now having a single point for construction instead of copying the
default capacaties in three different modules..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-26 09:54:49 +01:00
Fabian Grünbichler
93e3581ce7
derive/impl and use Default for some structs
...
and revamp HttpClientOptions with two constructors for the common use
cases
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-26 09:54:45 +01:00
Fabian Grünbichler
f4e52bb27d
authid: make Tokenname(Ref) derive Eq
...
it's needed to derive Hash, and we always compare Authids or their
Userid components, never just the Tokenname part anyway..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-26 09:54:40 +01:00
Fabian Grünbichler
72064fd0df
pxar: extract PxarExtractOptions
...
same as PxarCreateOptions, but for extraction/restore rather than
create.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-26 09:54:36 +01:00
Fabian Grünbichler
77486a608e
pxar: factor out PxarCreateOptions
...
containing the CLI parameters that are mostly passed-through from the
client to our pxar archive creation wrapper in pxar::create
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-26 09:54:32 +01:00
Fabian Grünbichler
e97025ab02
pxar: typedef on_error as ErrorHandler
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-26 09:54:26 +01:00
Fabian Grünbichler
e43b9175c0
client: factor out UploadOptions
...
to reduce function signature complexity.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-26 09:54:18 +01:00
Fabian Grünbichler
9cc1415ef5
systemd/time: extract Time/DateSpec structs
...
could be pulled up into CalendarEvent if desired..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-26 09:54:13 +01:00
Fabian Grünbichler
bd215dc0e4
async index reader: typedef ReadFuture
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-26 09:53:58 +01:00
Fabian Grünbichler
12e874cef0
allow complex Futures in tower_service impl
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-26 09:53:55 +01:00
Fabian Grünbichler
6d233161b0
client: refactor catalog upload spawning
...
by pulling out Result type into separate struct
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-26 09:53:51 +01:00
Fabian Grünbichler
905a570489
broadcast_future: refactor broadcast/future binding
...
into its own, private struct.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-26 09:53:48 +01:00
Fabian Grünbichler
432fe44187
report: type-alias function call tuple
...
to make clippy happy.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-26 09:53:43 +01:00
Wolfgang Bumiller
51b938496d
tools::sgutils2: name fixup
...
it's not a box anymore
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-25 15:05:52 +01:00
Wolfgang Bumiller
b7f9b25e4d
tools::sgutils2: use NonNull
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-25 14:56:10 +01:00
Wolfgang Bumiller
fe61280b6b
tools::sgutils2: extern 'C' and import ordering
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-25 14:54:25 +01:00
Wolfgang Bumiller
68c087d578
tools::sgutils2: don't transmute to a Box
...
Otherwise we run the drop handler for the scsi pt object AND
the box itself, which shouldn't even work as it should be
doing a double-free (unless the library does some kind of
reference counting in which case this should simply crash
later on?)
anyway, let's make a wrapper simply called `SgPt` containing
the pointer from `construct_scsi_pt_obj()`
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-25 14:48:27 +01:00
Wolfgang Bumiller
d6bf87cab7
tools::sgutils2: const correctness
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-25 14:33:45 +01:00
Dietmar Maurer
2b96a43879
tape: cleanup - use ScsiMediaChange trait instead of mtx_status()
2021-01-25 13:25:22 +01:00
Dietmar Maurer
697c41c584
tape: add/use rust scsi changer implementation using libsgutil2
2021-01-25 13:14:07 +01:00
Dietmar Maurer
a2379996e6
sgutils2: add scsi_inquiry command
2021-01-25 13:14:07 +01:00
Fabian Grünbichler
29077d95db
http-client: further clippy cleanups
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-25 11:41:54 +01:00
Fabian Grünbichler
dbd00a57b0
http-client: fix typoed ticket cache condition
...
which was even copy-pasted once without noticing.
found with clippy.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-25 11:41:51 +01:00
Fabian Grünbichler
d08cff51a4
rework GC traversal error handling
...
the error message don't make sense with an empty default
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-25 11:41:48 +01:00
Fabian Grünbichler
3e461dec1c
apt: let api handle optional bool with default
...
one less FIXME :)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-25 11:41:46 +01:00
Fabian Grünbichler
4d08e25913
clippy: rewrite ifs with identical return values
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-25 11:41:43 +01:00
Fabian Grünbichler
43313c2ee7
clippy: rewrite comparison chains
...
chunk_stream one can be collapsed, since split == split_to with at set
to buffer.len() anyway.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-25 11:41:39 +01:00
Fabian Grünbichler
81b2a87232
clippy: fix Mutex with unused value
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-25 11:41:36 +01:00
Fabian Grünbichler
3d8cd0ced7
clippy: add is_empty() when len() is implemented
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-25 11:41:32 +01:00
Dietmar Maurer
7c78d54231
sgutils: allow command which does not transfer any data
2021-01-24 15:19:43 +01:00
Dietmar Maurer
f9d71e8b17
sgutils2: allow to set custom timeouts
2021-01-24 14:54:30 +01:00
Dietmar Maurer
0107fd323c
cleanup: avoid compiler warnings
2021-01-23 17:34:26 +01:00
Dietmar Maurer
979dccc7ec
tape: avoid error when clearing encryption key
...
Simply ignore clear request when sg_spin_data_encryption_caps fails.
Assume those are tapes without hardware encryption support.
2021-01-23 10:20:43 +01:00
Dietmar Maurer
bf78f70885
improve code docs in api2
...
Note: API methos should be declared pub, so that they show up in the generated docu.
2021-01-22 15:57:42 +01:00
Dietmar Maurer
0d916ac531
tape: add media pool config code docs
2021-01-22 12:01:46 +01:00
Dietmar Maurer
d4ab407045
tape: add drive config code docs
2021-01-22 11:51:36 +01:00
Dietmar Maurer
45212a8c78
fix mtx parser bug: s/strip_suffix/strip_prefix/
2021-01-22 11:00:56 +01:00
Dietmar Maurer
64b83c3d70
tape: implement paperkey command for tape encryption keys
2021-01-22 09:56:14 +01:00
Dietmar Maurer
639a6782bd
paperkey: move code to src/tools/paperkey.rs
2021-01-22 09:42:59 +01:00
Dietmar Maurer
5f34d69bcc
tape: add volume-statistics api/command
2021-01-22 08:45:35 +01:00
Dietmar Maurer
337ff5a3cc
tape: add estimated medium wearout to status
2021-01-22 08:06:25 +01:00
Dietmar Maurer
8e6459a818
tape: set encryption key on restore
2021-01-22 07:26:42 +01:00
Dietmar Maurer
aff3e16194
tape: add code docs to src/config/tape_encryption_keys.rs
2021-01-21 18:23:07 +01:00
Dietmar Maurer
9372c0787d
renamed src/tape/sgutils2.rs -> src/tools/sgutils2.rs
2021-01-21 17:57:17 +01:00
Dietmar Maurer
83fb2da53e
tape: move MediaCatalog magic number into struct (doc cleanup)
2021-01-21 17:48:07 +01:00
Dietmar Maurer
645a044bf6
tape: further hierarchy improvements
2021-01-21 17:25:32 +01:00
Dietmar Maurer
37796ff73f
tape: change code hierarchy to improve docs
2021-01-21 17:12:01 +01:00
Dietmar Maurer
e1fdcb1678
tape: do not export/doc low level libsgutils2 bindings
2021-01-21 16:38:24 +01:00
Dietmar Maurer
edda5039d4
tape: improve code docs
2021-01-21 13:19:07 +01:00
Dietmar Maurer
1c86893d95
cleanup: always compute fingerprint in KeyConfig constructors
2021-01-21 11:56:54 +01:00
Dietmar Maurer
d543587d34
Merge branch 'master' of ssh://proxdev.maurer-it.com/rust/proxmox-backup
2021-01-21 10:56:52 +01:00
Dietmar Maurer
780bc4cad2
tape: try to set encryption key with read-label command
2021-01-21 10:31:49 +01:00
Dietmar Maurer
18bd6ba13d
tape: restore_key - always update key, even if there is already an entry
2021-01-21 10:31:49 +01:00
Dietmar Maurer
4dafc513cc
tape: fix file permissions for tape encryptiuon keys
2021-01-21 10:31:49 +01:00
Dietmar Maurer
7acd5c5659
cleanup: remove missleading wording from code docs
2021-01-21 10:31:49 +01:00
Dietmar Maurer
8428063d9e
cleanup: KeyConfig::decrypt - show password hint on error
2021-01-21 10:31:49 +01:00
Dietmar Maurer
f490dda05a
tape: use type Uuid instead of String
2021-01-21 10:31:49 +01:00
Dietmar Maurer
2b191385ea
tape: use specialized encryption key per media-set
2021-01-21 10:31:49 +01:00
Dietmar Maurer
bc228e5eaf
api: add types for UUIDs
2021-01-20 17:16:46 +01:00
Fabian Grünbichler
8be65e34de
clippy: replace transmute with &*
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:41:02 +01:00
Fabian Grünbichler
d967d8f1a7
clippy: remove drop(&..)
...
it does nothing.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:41:02 +01:00
Fabian Grünbichler
50deb0d3f8
clippy: use is_null to check for null pointers
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:41:02 +01:00
Fabian Grünbichler
1d928b25fe
clippy: remove some unnecessary reference taking
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
f2f81791d1
clippy: fix for_kv_map
...
and allow it in the one case where the entry loop is intended, but the
code is not yet implemented fully.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
382f10a0cc
clippy: fix/allow needless_range_loop
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
0d2133db98
clippy: use while let loops
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
09faa9ee95
clippy: pass &str/&[..] instead of &String/&Vec
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
ccec086e25
clippy: remove unnecessary &mut
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
05725ac9a4
clippy: remove unnecessary `let` binding
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
96b7483138
clippy: remove/replace needless explicit lifetimes
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
81281d04a4
clippy: fix/allow identity_op
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
e062ebbc29
clippy: us *_or_else with function calls
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
b92cad0938
clippy: convert single match to if let
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
ea368a06cd
clippy: misc. fixes
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
3f48cdb380
clippy: don't pass along unit value
...
make it explicit. this whole section should probably be re-written with
select!
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
17c7b46a69
clippy: use unwrap_or_default
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
a375df6f4c
clippy: use copied/cloned instead of map
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
a3775bb4e8
clippy: shorten assignments
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
1e0c6194b5
clippy: fix option_as_ref_deref
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
a6bd669854
clippy: use matches!
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
6334bdc1c5
clippy: collapse nested ifs
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
3b82f3eea5
clippy: avoid useless format!
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
38556bf60d
clippy: remove explicit returns
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
d8d8af9826
clippy: use chars / byte string literals
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
3984a5fd77
clippy: is_some/none/ok/err/empty
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
Fabian Grünbichler
397356096a
clippy: remove needless bool literals
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:52 +01:00
Fabian Grünbichler
365915da9a
clippy: use strip_prefix instead of manual stripping
...
it's less error-prone (off-by-one!)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:22:59 +01:00
Fabian Grünbichler
87152fbac6
clippy: drop redundant 'static lifetime
...
those declarations are already const/static..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:22:59 +01:00
Fabian Grünbichler
22a9189ee0
clippy: remove unnecessary closures
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:22:59 +01:00
Fabian Grünbichler
4428818412
clippy: remove unnecessary clones
...
and from::<T>(T)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:22:59 +01:00
Fabian Grünbichler
47ea98e0e3
clippy: collapse/rework nested ifs
...
no semantic changes (intended).
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:22:59 +01:00
Dietmar Maurer
6dd0513546
tape: allocate new media set when pool encryption key changes
2021-01-20 15:43:39 +01:00
Dietmar Maurer
8abe51b71d
improve code docs
2021-01-20 15:43:19 +01:00
Dietmar Maurer
69b8bc3bfa
tape: implemenmt show key
...
Moved API types Kdf and KeyInfo to src/api2/types/mod.rs.
2021-01-20 15:43:19 +01:00
Dietmar Maurer
301b8aa0a5
tape: implement change-passphrase for tape encryption keys
2021-01-20 15:43:19 +01:00
Dietmar Maurer
e5b6c93323
tape: add --kdf parameter to create key api
2021-01-20 15:43:19 +01:00
Dietmar Maurer
9a045790ed
cleanup KeyConfig
2021-01-20 15:43:19 +01:00
Dietmar Maurer
82a103c8f9
add "password hint" to KeyConfig
2021-01-20 15:43:19 +01:00
Dietmar Maurer
feb1645f37
tape: generate random encryptions keys and store key_config on media
2021-01-19 11:20:07 +01:00
Dietmar Maurer
8ca37d6a65
cleanup: factor out decrypt_key_config
2021-01-19 11:20:07 +01:00
Wolfgang Bumiller
9b6bddb24c
tfa: remove/empty description for recovery keys
...
While the user chosen description is not allowed to be
empty, we do leave it empty for recovery keys, as a "dummy
description" makes little sense...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-18 15:20:39 +01:00
Wolfgang Bumiller
ad5cee1d22
tfa: add 'created' timestamp to entries
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-18 14:06:12 +01:00
Wolfgang Bumiller
ca1060862e
tfa: remember recovery indices
...
and tell the client which keys are still available rather
than just yes/no/low
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-18 13:51:23 +01:00
Dietmar Maurer
8a0046f519
tape: implement encrypted backup - simple version
...
This is just a proof of concept, only storing the encryption key fingerprint
inside the media-set label.
2021-01-18 13:38:22 +01:00
Dietmar Maurer
84cbdb35c4
implement FromStr for Fingerprint
2021-01-18 13:38:22 +01:00
Dietmar Maurer
1e93fbb5c1
tape: add encrypt property to media pool configuration
2021-01-18 13:38:22 +01:00
Dietmar Maurer
619554af2b
tape: clear encryption key before writing labels
...
We always write labels unencrypted.
2021-01-18 13:38:22 +01:00
Dietmar Maurer
d5a48b5ce4
tape: add hardware encryption key managenent api
2021-01-18 13:38:22 +01:00
Fabian Grünbichler
44de5bcc00
pull: add error context for initial group list call
...
otherwise the user is confronted with a generic error like "permission
check failed" with no indication that it refers to a request made to the
remote PBS instance..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-18 06:51:05 +01:00
Fabian Grünbichler
e2956c605d
pull: rustfmt
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-18 06:50:23 +01:00
Dietmar Maurer
b22b6c2299
tape: encryption scsi command cleanup
2021-01-16 18:24:04 +01:00
Dietmar Maurer
90950c9c20
tape: add scsi commands to control drive hardware encryption
2021-01-16 15:59:05 +01:00
Dietmar Maurer
0c5b9e7820
tape: sgutils2.rs - add do_out_command()
...
Make it possible to run commands that writes data.
2021-01-16 15:59:05 +01:00
Wolfgang Bumiller
a670b99db1
tfa: add webauthn configuration API entry points
...
Currently there's not yet a node config and the WA config is
somewhat "tightly coupled" to the user entries in that
changing it can lock them all out, so for now I opted for
fewer reorganization and just use a digest of the
canonicalized config here, and keep it all in the tfa.json
file.
Experimentally using the flatten feature on the methods with
an`Updater` struct similar to what the api macro is supposed
to be able to derive on its own in the future.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-15 15:19:52 +01:00
Wolfgang Bumiller
aefd74197a
bakckup::manifest: use tools::json for canonical representation
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-15 15:19:52 +01:00
Wolfgang Bumiller
9ff747ef50
add tools::json for canonical json generation
...
moving this from backup::manifest, no functional changes
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-15 15:19:52 +01:00
Dietmar Maurer
a08a198577
tape: do not abort backup if tape drive does not support tape-alert-flags
2021-01-15 11:43:17 +01:00
Oguz Bektas
6bbe49aa14
access: restrict password changes on @pam realm to superuser
...
for behavior consistency with `update_user`
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2021-01-15 08:49:22 +01:00
Oguz Bektas
5aa1019010
access: limit editing pam credentials to superuser
...
modifying @pam users credentials should be only possible for root@pam,
otherwise it can have unintended consequences.
also enforce the same limit on user creation (except self_service check,
since it makes no sense during user creation)
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2021-01-15 08:49:22 +01:00
Fabian Grünbichler
29a59b380c
proxmox 0.10: adapt to moved ParameterSchema
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
0bfcea6a11
cleanup: remove unnecessary 'mut' and '.clone()'
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
89e9134a3f
hyper: use new hyper::upgrade
...
the old Body::on_upgrade method is no more
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
b5a202acb6
tokio 1.0: update to new Signal interface
...
Signal does not yet re-implement Stream (and is not yet wrapped in
tokio-stream either).
see https://github.com/tokio-rs/tokio/pull/3383
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
0f860f712f
tokio 1.0: update to new tokio-openssl interface
...
connect/accept are now happening on pinned SslStreams
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
7c66701366
tokio 1.0: use ReceiverStream from tokio-stream
...
to wrap a Receiver in a Stream. this will likely move back into tokio
proper once we have a std Stream..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
585e90c0de
tokio: adapt to 1.0 process:Child changes
...
Child itself is no longer a Future, but it has a new wait() async fn
that does the same thing
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
5c852d5b82
tokio: adapt to 1.0 runtime changes
...
enter() now returns a guard, and the builder got revamped to make the
choice between MT and current thread explicit.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
484172b5f8
tokio 1.0: AsyncRead/Seek with ReadBuf
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
d148958b67
proxmox 0.10: use tokio::time::timeout directly
...
TimeoutFutureExt is no more
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
0a8d773ad0
tokio 1.0: delay -> sleep
...
almost the same thing, new name(s), no longer Unpin
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
427d90e6c1
update to tokio 1.0
...
and various related crates
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Thomas Lamprecht
1a0b410554
manager: user/token list: fix rendering 0 (never) expire date
...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-14 13:59:08 +01:00
Dietmar Maurer
2d50a6192f
tape: sg-tape-cmd - add more ways to specify devices
2021-01-14 13:05:26 +01:00
Dietmar Maurer
781da7f6f0
tape: add --inventorize flag to read-label API/CLI
2021-01-14 11:51:23 +01:00
Dietmar Maurer
25e464c5ce
tape: MediaPool - allow to allocate free tapes
2021-01-13 14:25:51 +01:00
Dietmar Maurer
8446fbca85
tape: rename changer_id to label_text
2021-01-13 13:26:59 +01:00
Dietmar Maurer
0bce2118e7
tape: improve docu
2021-01-12 16:37:23 +01:00
Dietmar Maurer
6543214dde
tape: MediaListEntry - add ctime
2021-01-12 12:01:21 +01:00
Dietmar Maurer
a484c9cf96
tape: automatically reload tapes inside autoloader
...
We always automatically unload tapes to free library slots,
so it should not happen that an ejected tape resides inside the drive.
This is just a safe guard to handle the situation in case it happens ...
You can manually produce the situation by ejecting a tape without unloading:
mt -f /dev/nst0 eject
Note: Our "proxmox-tape eject" does automatic unload
2021-01-12 09:49:05 +01:00
Dietmar Maurer
5654d8ceba
tape: make eject/export more reliable, improve logging
2021-01-12 09:16:16 +01:00
Dietmar Maurer
31cf625af5
tape: improve backup logs
2021-01-11 13:23:12 +01:00
Dietmar Maurer
93be18ffd2
tape: fix tape alert flag values
2021-01-11 13:23:12 +01:00
Wolfgang Bumiller
ad0ed40a59
api: return "invalid" as CSRF token for partial tickets
...
So that old clients don't `unwrap` a `None` value.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:13 +01:00
Wolfgang Bumiller
7ad33e8052
tfa: use UNAUTHORIZED http status in password check
...
to trigger our 3s delay in the rest handler
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:13 +01:00
Wolfgang Bumiller
abfe0c0e70
tfa: fixup for challenge file split
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:13 +01:00
Wolfgang Bumiller
f22dfb5ece
tfa: remove tfa user when a user is deleted
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:10 +01:00
Wolfgang Bumiller
4bda51688b
tfa: improve user existence check
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
eab25e2f33
tfa: allow deletion of entries of non-existent users
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:03 +01:00