d8d8af9826 
					 
					
						
						
							
							clippy: use chars / byte string literals  
						
						... 
						
						
						
						Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-20 16:23:54 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						3984a5fd77 
					 
					
						
						
							
							clippy: is_some/none/ok/err/empty  
						
						... 
						
						
						
						Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-20 16:23:54 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						397356096a 
					 
					
						
						
							
							clippy: remove needless bool literals  
						
						... 
						
						
						
						Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-20 16:23:52 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						365915da9a 
					 
					
						
						
							
							clippy: use strip_prefix instead of manual stripping  
						
						... 
						
						
						
						it's less error-prone (off-by-one!)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-20 16:22:59 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						87152fbac6 
					 
					
						
						
							
							clippy: drop redundant 'static lifetime  
						
						... 
						
						
						
						those declarations are already const/static..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-20 16:22:59 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						22a9189ee0 
					 
					
						
						
							
							clippy: remove unnecessary closures  
						
						... 
						
						
						
						Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-20 16:22:59 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						4428818412 
					 
					
						
						
							
							clippy: remove unnecessary clones  
						
						... 
						
						
						
						and from::<T>(T)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-20 16:22:59 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						47ea98e0e3 
					 
					
						
						
							
							clippy: collapse/rework nested ifs  
						
						... 
						
						
						
						no semantic changes (intended).
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-20 16:22:59 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6dd0513546 
					 
					
						
						
							
							tape: allocate new media set when pool encryption key changes  
						
						
						
						
					 
					
						2021-01-20 15:43:39 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8abe51b71d 
					 
					
						
						
							
							improve code docs  
						
						
						
						
					 
					
						2021-01-20 15:43:19 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						69b8bc3bfa 
					 
					
						
						
							
							tape: implemenmt show key  
						
						... 
						
						
						
						Moved API types Kdf and KeyInfo to src/api2/types/mod.rs. 
						
						
					 
					
						2021-01-20 15:43:19 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						301b8aa0a5 
					 
					
						
						
							
							tape: implement change-passphrase for tape encryption keys  
						
						
						
						
					 
					
						2021-01-20 15:43:19 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e5b6c93323 
					 
					
						
						
							
							tape: add --kdf parameter to create key api  
						
						
						
						
					 
					
						2021-01-20 15:43:19 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9a045790ed 
					 
					
						
						
							
							cleanup KeyConfig  
						
						
						
						
					 
					
						2021-01-20 15:43:19 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						82a103c8f9 
					 
					
						
						
							
							add "password hint" to KeyConfig  
						
						
						
						
					 
					
						2021-01-20 15:43:19 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						feb1645f37 
					 
					
						
						
							
							tape: generate random encryptions keys and store key_config on media  
						
						
						
						
					 
					
						2021-01-19 11:20:07 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8ca37d6a65 
					 
					
						
						
							
							cleanup: factor out decrypt_key_config  
						
						
						
						
					 
					
						2021-01-19 11:20:07 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9b6bddb24c 
					 
					
						
						
							
							tfa: remove/empty description for recovery keys  
						
						... 
						
						
						
						While the user chosen description is not allowed to be
empty, we do leave it empty for recovery keys, as a "dummy
description" makes little sense...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com > 
						
						
					 
					
						2021-01-18 15:20:39 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ad5cee1d22 
					 
					
						
						
							
							tfa: add 'created' timestamp to entries  
						
						... 
						
						
						
						Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com > 
						
						
					 
					
						2021-01-18 14:06:12 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						ca1060862e 
					 
					
						
						
							
							tfa: remember recovery indices  
						
						... 
						
						
						
						and tell the client which keys are still available rather
than just yes/no/low
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com > 
						
						
					 
					
						2021-01-18 13:51:23 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						8a0046f519 
					 
					
						
						
							
							tape: implement encrypted backup - simple version  
						
						... 
						
						
						
						This is just a proof of concept, only storing the encryption key fingerprint
inside the media-set label. 
						
						
					 
					
						2021-01-18 13:38:22 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						84cbdb35c4 
					 
					
						
						
							
							implement FromStr for Fingerprint  
						
						
						
						
					 
					
						2021-01-18 13:38:22 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1e93fbb5c1 
					 
					
						
						
							
							tape: add encrypt property to media pool configuration  
						
						
						
						
					 
					
						2021-01-18 13:38:22 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						619554af2b 
					 
					
						
						
							
							tape: clear encryption key before writing labels  
						
						... 
						
						
						
						We always write labels unencrypted. 
						
						
					 
					
						2021-01-18 13:38:22 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d5a48b5ce4 
					 
					
						
						
							
							tape: add hardware encryption key managenent api  
						
						
						
						
					 
					
						2021-01-18 13:38:22 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						44de5bcc00 
					 
					
						
						
							
							pull: add error context for initial group list call  
						
						... 
						
						
						
						otherwise the user is confronted with a generic error like "permission
check failed" with no indication that it refers to a request made to the
remote PBS instance..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-18 06:51:05 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						e2956c605d 
					 
					
						
						
							
							pull: rustfmt  
						
						... 
						
						
						
						Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-18 06:50:23 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b22b6c2299 
					 
					
						
						
							
							tape: encryption scsi command cleanup  
						
						
						
						
					 
					
						2021-01-16 18:24:04 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						90950c9c20 
					 
					
						
						
							
							tape: add scsi commands to control drive hardware encryption  
						
						
						
						
					 
					
						2021-01-16 15:59:05 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0c5b9e7820 
					 
					
						
						
							
							tape: sgutils2.rs - add do_out_command()  
						
						... 
						
						
						
						Make it possible to run commands that writes data. 
						
						
					 
					
						2021-01-16 15:59:05 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a670b99db1 
					 
					
						
						
							
							tfa: add webauthn configuration API entry points  
						
						... 
						
						
						
						Currently there's not yet a node config and the WA config is
somewhat "tightly coupled" to the user entries in that
changing it can lock them all out, so for now I opted for
fewer reorganization and just use a digest of the
canonicalized config here, and keep it all in the tfa.json
file.
Experimentally using the flatten feature on the methods with
an`Updater` struct similar to what the api macro is supposed
to be able to derive on its own in the future.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com > 
						
						
					 
					
						2021-01-15 15:19:52 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						aefd74197a 
					 
					
						
						
							
							bakckup::manifest: use tools::json for canonical representation  
						
						... 
						
						
						
						Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com > 
						
						
					 
					
						2021-01-15 15:19:52 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						9ff747ef50 
					 
					
						
						
							
							add tools::json for canonical json generation  
						
						... 
						
						
						
						moving this from backup::manifest, no functional changes
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com > 
						
						
					 
					
						2021-01-15 15:19:52 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						a08a198577 
					 
					
						
						
							
							tape: do not abort backup if tape drive does not support tape-alert-flags  
						
						
						
						
					 
					
						2021-01-15 11:43:17 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						6bbe49aa14 
					 
					
						
						
							
							access: restrict password changes on @pam realm to superuser  
						
						... 
						
						
						
						for behavior consistency with `update_user`
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com > 
						
						
					 
					
						2021-01-15 08:49:22 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5aa1019010 
					 
					
						
						
							
							access: limit editing pam credentials to superuser  
						
						... 
						
						
						
						modifying @pam users credentials should be only possible for root@pam,
otherwise it can have unintended consequences.
also enforce the same limit on user creation (except self_service check,
since it makes no sense during user creation)
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com > 
						
						
					 
					
						2021-01-15 08:49:22 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						29a59b380c 
					 
					
						
						
							
							proxmox 0.10: adapt to moved ParameterSchema  
						
						... 
						
						
						
						Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-14 16:01:33 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0bfcea6a11 
					 
					
						
						
							
							cleanup: remove unnecessary 'mut' and '.clone()'  
						
						... 
						
						
						
						Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-14 16:01:33 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						89e9134a3f 
					 
					
						
						
							
							hyper: use new hyper::upgrade  
						
						... 
						
						
						
						the old Body::on_upgrade method is no more
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-14 16:01:33 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						b5a202acb6 
					 
					
						
						
							
							tokio 1.0: update to new Signal interface  
						
						... 
						
						
						
						Signal does not yet re-implement Stream (and is not yet wrapped in
tokio-stream either).
see https://github.com/tokio-rs/tokio/pull/3383 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-14 16:01:33 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0f860f712f 
					 
					
						
						
							
							tokio 1.0: update to new tokio-openssl interface  
						
						... 
						
						
						
						connect/accept are now happening on pinned SslStreams
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-14 16:01:33 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						7c66701366 
					 
					
						
						
							
							tokio 1.0: use ReceiverStream from tokio-stream  
						
						... 
						
						
						
						to wrap a Receiver in a Stream. this will likely move back into tokio
proper once we have a std Stream..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-14 16:01:33 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						585e90c0de 
					 
					
						
						
							
							tokio: adapt to 1.0 process:Child changes  
						
						... 
						
						
						
						Child itself is no longer a Future, but it has a new wait() async fn
that does the same thing
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-14 16:01:33 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						5c852d5b82 
					 
					
						
						
							
							tokio: adapt to 1.0 runtime changes  
						
						... 
						
						
						
						enter() now returns a guard, and the builder got revamped to make the
choice between MT and current thread explicit.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-14 16:01:33 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						484172b5f8 
					 
					
						
						
							
							tokio 1.0: AsyncRead/Seek with ReadBuf  
						
						... 
						
						
						
						Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-14 16:01:33 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						d148958b67 
					 
					
						
						
							
							proxmox 0.10: use tokio::time::timeout directly  
						
						... 
						
						
						
						TimeoutFutureExt is no more
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-14 16:01:33 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						0a8d773ad0 
					 
					
						
						
							
							tokio 1.0: delay -> sleep  
						
						... 
						
						
						
						almost the same thing, new name(s), no longer Unpin
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-14 16:01:33 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						427d90e6c1 
					 
					
						
						
							
							update to tokio 1.0  
						
						... 
						
						
						
						and various related crates
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com > 
						
						
					 
					
						2021-01-14 16:01:33 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						1a0b410554 
					 
					
						
						
							
							manager: user/token list: fix rendering 0 (never) expire date  
						
						... 
						
						
						
						Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com > 
						
						
					 
					
						2021-01-14 13:59:08 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
							
						
						2d50a6192f 
					 
					
						
						
							
							tape: sg-tape-cmd - add more ways to specify devices  
						
						
						
						
					 
					
						2021-01-14 13:05:26 +01:00