Dietmar Maurer
69b8bc3bfa
tape: implemenmt show key
...
Moved API types Kdf and KeyInfo to src/api2/types/mod.rs.
2021-01-20 15:43:19 +01:00
Dietmar Maurer
301b8aa0a5
tape: implement change-passphrase for tape encryption keys
2021-01-20 15:43:19 +01:00
Dietmar Maurer
e5b6c93323
tape: add --kdf parameter to create key api
2021-01-20 15:43:19 +01:00
Dietmar Maurer
9a045790ed
cleanup KeyConfig
2021-01-20 15:43:19 +01:00
Dietmar Maurer
82a103c8f9
add "password hint" to KeyConfig
2021-01-20 15:43:19 +01:00
Dietmar Maurer
feb1645f37
tape: generate random encryptions keys and store key_config on media
2021-01-19 11:20:07 +01:00
Dietmar Maurer
8ca37d6a65
cleanup: factor out decrypt_key_config
2021-01-19 11:20:07 +01:00
Wolfgang Bumiller
9b6bddb24c
tfa: remove/empty description for recovery keys
...
While the user chosen description is not allowed to be
empty, we do leave it empty for recovery keys, as a "dummy
description" makes little sense...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-18 15:20:39 +01:00
Wolfgang Bumiller
ad5cee1d22
tfa: add 'created' timestamp to entries
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-18 14:06:12 +01:00
Wolfgang Bumiller
ca1060862e
tfa: remember recovery indices
...
and tell the client which keys are still available rather
than just yes/no/low
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-18 13:51:23 +01:00
Dietmar Maurer
8a0046f519
tape: implement encrypted backup - simple version
...
This is just a proof of concept, only storing the encryption key fingerprint
inside the media-set label.
2021-01-18 13:38:22 +01:00
Dietmar Maurer
84cbdb35c4
implement FromStr for Fingerprint
2021-01-18 13:38:22 +01:00
Dietmar Maurer
1e93fbb5c1
tape: add encrypt property to media pool configuration
2021-01-18 13:38:22 +01:00
Dietmar Maurer
619554af2b
tape: clear encryption key before writing labels
...
We always write labels unencrypted.
2021-01-18 13:38:22 +01:00
Dietmar Maurer
d5a48b5ce4
tape: add hardware encryption key managenent api
2021-01-18 13:38:22 +01:00
Fabian Grünbichler
44de5bcc00
pull: add error context for initial group list call
...
otherwise the user is confronted with a generic error like "permission
check failed" with no indication that it refers to a request made to the
remote PBS instance..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-18 06:51:05 +01:00
Fabian Grünbichler
e2956c605d
pull: rustfmt
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-18 06:50:23 +01:00
Dietmar Maurer
b22b6c2299
tape: encryption scsi command cleanup
2021-01-16 18:24:04 +01:00
Dietmar Maurer
90950c9c20
tape: add scsi commands to control drive hardware encryption
2021-01-16 15:59:05 +01:00
Dietmar Maurer
0c5b9e7820
tape: sgutils2.rs - add do_out_command()
...
Make it possible to run commands that writes data.
2021-01-16 15:59:05 +01:00
Wolfgang Bumiller
a670b99db1
tfa: add webauthn configuration API entry points
...
Currently there's not yet a node config and the WA config is
somewhat "tightly coupled" to the user entries in that
changing it can lock them all out, so for now I opted for
fewer reorganization and just use a digest of the
canonicalized config here, and keep it all in the tfa.json
file.
Experimentally using the flatten feature on the methods with
an`Updater` struct similar to what the api macro is supposed
to be able to derive on its own in the future.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-15 15:19:52 +01:00
Wolfgang Bumiller
aefd74197a
bakckup::manifest: use tools::json for canonical representation
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-15 15:19:52 +01:00
Wolfgang Bumiller
9ff747ef50
add tools::json for canonical json generation
...
moving this from backup::manifest, no functional changes
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-15 15:19:52 +01:00
Dietmar Maurer
a08a198577
tape: do not abort backup if tape drive does not support tape-alert-flags
2021-01-15 11:43:17 +01:00
Oguz Bektas
6bbe49aa14
access: restrict password changes on @pam realm to superuser
...
for behavior consistency with `update_user`
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2021-01-15 08:49:22 +01:00
Oguz Bektas
5aa1019010
access: limit editing pam credentials to superuser
...
modifying @pam users credentials should be only possible for root@pam,
otherwise it can have unintended consequences.
also enforce the same limit on user creation (except self_service check,
since it makes no sense during user creation)
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2021-01-15 08:49:22 +01:00
Fabian Grünbichler
29a59b380c
proxmox 0.10: adapt to moved ParameterSchema
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
0bfcea6a11
cleanup: remove unnecessary 'mut' and '.clone()'
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
89e9134a3f
hyper: use new hyper::upgrade
...
the old Body::on_upgrade method is no more
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
b5a202acb6
tokio 1.0: update to new Signal interface
...
Signal does not yet re-implement Stream (and is not yet wrapped in
tokio-stream either).
see https://github.com/tokio-rs/tokio/pull/3383
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
0f860f712f
tokio 1.0: update to new tokio-openssl interface
...
connect/accept are now happening on pinned SslStreams
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
7c66701366
tokio 1.0: use ReceiverStream from tokio-stream
...
to wrap a Receiver in a Stream. this will likely move back into tokio
proper once we have a std Stream..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
585e90c0de
tokio: adapt to 1.0 process:Child changes
...
Child itself is no longer a Future, but it has a new wait() async fn
that does the same thing
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
5c852d5b82
tokio: adapt to 1.0 runtime changes
...
enter() now returns a guard, and the builder got revamped to make the
choice between MT and current thread explicit.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
484172b5f8
tokio 1.0: AsyncRead/Seek with ReadBuf
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
d148958b67
proxmox 0.10: use tokio::time::timeout directly
...
TimeoutFutureExt is no more
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
0a8d773ad0
tokio 1.0: delay -> sleep
...
almost the same thing, new name(s), no longer Unpin
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Fabian Grünbichler
427d90e6c1
update to tokio 1.0
...
and various related crates
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
Thomas Lamprecht
1a0b410554
manager: user/token list: fix rendering 0 (never) expire date
...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-14 13:59:08 +01:00
Dietmar Maurer
2d50a6192f
tape: sg-tape-cmd - add more ways to specify devices
2021-01-14 13:05:26 +01:00
Dietmar Maurer
781da7f6f0
tape: add --inventorize flag to read-label API/CLI
2021-01-14 11:51:23 +01:00
Dietmar Maurer
25e464c5ce
tape: MediaPool - allow to allocate free tapes
2021-01-13 14:25:51 +01:00
Dietmar Maurer
8446fbca85
tape: rename changer_id to label_text
2021-01-13 13:26:59 +01:00
Dietmar Maurer
0bce2118e7
tape: improve docu
2021-01-12 16:37:23 +01:00
Dietmar Maurer
6543214dde
tape: MediaListEntry - add ctime
2021-01-12 12:01:21 +01:00
Dietmar Maurer
a484c9cf96
tape: automatically reload tapes inside autoloader
...
We always automatically unload tapes to free library slots,
so it should not happen that an ejected tape resides inside the drive.
This is just a safe guard to handle the situation in case it happens ...
You can manually produce the situation by ejecting a tape without unloading:
mt -f /dev/nst0 eject
Note: Our "proxmox-tape eject" does automatic unload
2021-01-12 09:49:05 +01:00
Dietmar Maurer
5654d8ceba
tape: make eject/export more reliable, improve logging
2021-01-12 09:16:16 +01:00
Dietmar Maurer
31cf625af5
tape: improve backup logs
2021-01-11 13:23:12 +01:00
Dietmar Maurer
93be18ffd2
tape: fix tape alert flag values
2021-01-11 13:23:12 +01:00
Wolfgang Bumiller
ad0ed40a59
api: return "invalid" as CSRF token for partial tickets
...
So that old clients don't `unwrap` a `None` value.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:13 +01:00
Wolfgang Bumiller
7ad33e8052
tfa: use UNAUTHORIZED http status in password check
...
to trigger our 3s delay in the rest handler
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:13 +01:00
Wolfgang Bumiller
abfe0c0e70
tfa: fixup for challenge file split
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:13 +01:00
Wolfgang Bumiller
f22dfb5ece
tfa: remove tfa user when a user is deleted
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:10 +01:00
Wolfgang Bumiller
4bda51688b
tfa: improve user existence check
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
eab25e2f33
tfa: allow deletion of entries of non-existent users
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
94bd11bae2
typo fixups
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
759af9f00c
tfa api: return types and 'pub' structs/methods
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
f58e5132aa
tfa: entry access/iteration cleanup
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
d831846706
tfa: r#type parameter name
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
1fc9ac0433
tfa: _entry api method name suffix consistency
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
7f066a9b21
proxy: expose qrcodejs
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:22:32 +01:00
Wolfgang Bumiller
027ef213aa
api: tfa management and login
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:22:32 +01:00
Wolfgang Bumiller
dc1fdd6267
config: add tfa configuration
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:22:32 +01:00
Wolfgang Bumiller
96918252e5
buildcfg: add rundir helper macro
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:22:32 +01:00
Wolfgang Bumiller
014dc5f9d7
tools: add create_run_dir helper
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:22:32 +01:00
Wolfgang Bumiller
59e94227af
add tools::serde_filter submodule
...
can be used to perform filtering at parse time
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-11 10:22:32 +01:00
Dietmar Maurer
6638c034d2
tape: remove unused eject_on_unload method
2021-01-10 16:20:18 +01:00
Dietmar Maurer
04df41cec1
tape: more MediaChange cleanups
...
Try to provide generic implementation for complex operations:
- unload_to_free_slot
- load_media
- export media
- clean drive
- online_media_changer_ids
2021-01-10 15:32:52 +01:00
Dietmar Maurer
483da89d03
tape: improve export media to directly export from drive, add CLI
2021-01-10 13:44:44 +01:00
Dietmar Maurer
c92e3832bf
tape: cleanup: s/transfer/transfer_media/, avoid compiler warnings
2021-01-10 12:18:30 +01:00
Dietmar Maurer
edb90f6afa
tape: backup - implement export-media-set option
2021-01-10 11:59:55 +01:00
Dietmar Maurer
0057f0e580
tape: MediaChange - add transfer, implement export
2021-01-10 11:51:09 +01:00
Dietmar Maurer
e6217b8b36
tape: renamed src/tape/changer/linux_tape.rs -> src/tape/changer/mtx.rs
2021-01-10 10:07:40 +01:00
Dietmar Maurer
6fe16039b9
tape: simplify media changer implementation - new struct MtxMediaChanger
2021-01-10 10:02:01 +01:00
Dietmar Maurer
42967bf185
tape: backup - implement --eject-media option
2021-01-09 15:17:03 +01:00
Dietmar Maurer
5843268c47
tape: abort backup when we detect critical tape alert flags
2021-01-09 12:34:00 +01:00
Dietmar Maurer
7273ba3de2
tape: change default media set naming template to "%c"
2021-01-09 10:51:51 +01:00
Dietmar Maurer
0bf1c314da
tape: show catalog status in media list
2021-01-09 10:24:48 +01:00
Dietmar Maurer
c7926d8e8c
tape: split MediaSet into extra file
2021-01-09 08:54:58 +01:00
Dietmar Maurer
df69a4fc59
tape: implement drive clean
2021-01-08 11:32:56 +01:00
Dietmar Maurer
25d3965769
tape: correctly skip cleaning tapes (not regular tapes)
2021-01-08 09:16:42 +01:00
Dietmar Maurer
879569d73f
tape: changer transfer - make name parameter optional
2021-01-07 17:09:47 +01:00
Dietmar Maurer
b63f833d36
tape: fix paramater name - s/slot/source-slot/
2021-01-07 15:39:25 +01:00
Dietmar Maurer
482c6e33dd
tape: changer status command: make changer name optional
2021-01-07 15:12:19 +01:00
Dietmar Maurer
46a1863f88
tape: improve MediaChange trait
...
We expose the whole MtxStatus, and we can load/store from/to
specified slot numbers.
2021-01-07 14:26:43 +01:00
Dietmar Maurer
d5035c5600
tape: mtx_status - consider new export-slots property
2021-01-06 11:53:33 +01:00
Dietmar Maurer
38ae42b11a
tape: changer - add export-slot config
2021-01-06 11:06:50 +01:00
Dietmar Maurer
c4b2b9ab41
tape: only query volume stats if we can read MAM
2021-01-06 09:20:36 +01:00
Dietmar Maurer
ef942e04c2
tape: add function to classify tape-alert-flags
2021-01-05 17:23:30 +01:00
Dietmar Maurer
b40ab10d38
tape: add volume_mounts and medium_passes to LinuxDriveAndMediaStatus
2021-01-05 13:43:17 +01:00
Dietmar Maurer
f8ccbfdedd
tape: implement read_volume_statistics
2021-01-05 12:58:18 +01:00
Dietmar Maurer
470f1c798a
tape: status - show thape alert flags
2021-01-04 13:15:30 +01:00
Dietmar Maurer
5c012b392a
tape: use LP 12h TapeAlert Response to query tape alert flags
2021-01-04 13:14:02 +01:00
Dietmar Maurer
165b641c1d
tape: changer status - show full slots (for cartridge without barcode)
2021-01-04 12:06:05 +01:00
Dietmar Maurer
66e42bec05
tape: further PoolWriter cleanups
2021-01-03 12:08:40 +01:00
Dietmar Maurer
c503ea7045
tape: cleanup - rename 'info' to 'media_id'
...
Second try.
2021-01-03 11:38:00 +01:00
Dietmar Maurer
745ec187ce
Revert "tape: cleanup - rename 'info' to 'media_id'"
...
This reverts commit f046313c0e
.
media_id is already use as parameter, so this commit is totally buggy.
2021-01-03 11:14:58 +01:00
Dietmar Maurer
f046313c0e
tape: cleanup - rename 'info' to 'media_id'
2021-01-03 10:37:42 +01:00
Dietmar Maurer
74595b8821
tape: sg-tape-cmd tape-alert-flags
2021-01-03 10:09:43 +01:00
Dietmar Maurer
c9fdd142a4
tape: commit missing file
2021-01-02 13:39:34 +01:00