Dominik Csapak
a4d1675513
api2/access: implement term ticket
...
modeled after pves/pmgs vncticket (i substituted the vnc with term)
by putting the path and username as secret data in the ticket
when sending the ticket to /access/ticket it only verifies it,
checks the privs on the path and does not generate a new ticket
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-07-23 11:55:00 +02:00
Dietmar Maurer
bb072ba49c
src/api2/access.rs: cleanup
2020-04-18 07:28:25 +02:00
Wolfgang Bumiller
f7d4e4b506
switch from failure to anyhow
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-04-17 18:43:30 +02:00
Dietmar Maurer
3fff55b293
src/api2/access/role.rs: new api to list roles
2020-04-17 14:03:24 +02:00
Dietmar Maurer
4f66423fcc
src/api2/access/user.rs: add access permissions
2020-04-17 11:04:36 +02:00
Dietmar Maurer
4b40148caa
start impl. access permissions
2020-04-16 12:47:16 +02:00
Dietmar Maurer
ed3e60ae69
start ACL api
2020-04-13 11:09:44 +02:00
Dietmar Maurer
73b40e9b46
api: correctly sort access subdirmap
2020-04-09 13:34:07 +02:00
Dietmar Maurer
708db4b3ae
api: add list_domains
2020-04-09 11:36:45 +02:00
Dietmar Maurer
685e13347e
api: move config/user to access/users, implement change_password
...
To make it similar to the pve api
2020-04-09 10:21:24 +02:00
Dietmar Maurer
7d817b0358
implement auth framework
2020-04-08 14:06:15 +02:00
Wolfgang Bumiller
9ea4bce444
bump proxmox crate to 0.1.7
...
The -sys, -tools and -api crate have now been merged into
the proxmx crate directly. Only macro crates are separate
(but still reexported by the proxmox crate in their
designated locations).
When we need to depend on "parts" of the crate later on
we'll just have to use features.
The reason is mostly that these modules had
inter-dependencies which really make them not independent
enough to be their own crates.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-01-21 13:48:37 +01:00
Wolfgang Bumiller
41874331ed
whitespace fixup
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-11-29 09:52:15 +01:00
Wolfgang Bumiller
2905f2b5e6
update api macro example usage
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-11-29 09:51:27 +01:00
Wolfgang Bumiller
7b6c41078b
update api macro invocation to new style
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-11-27 14:19:46 +01:00
Wolfgang Bumiller
6486cb853f
first api macro usage test/example
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-11-27 10:05:37 +01:00
Wolfgang Bumiller
cad540e969
api/compat: remove remaining api_schema references
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-11-21 14:53:15 +01:00
Wolfgang Bumiller
a2479cfa1a
api/compat: drop more compat imports from api_schema.rs
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-11-21 14:36:28 +01:00
Dietmar Maurer
552c225948
sort all property lookup tables
...
Required, because we use binary sreach to find items.
2019-11-21 13:32:09 +01:00
Dietmar Maurer
255f378a1b
use const api definitions
2019-11-21 13:32:09 +01:00
Dietmar Maurer
62ee2eb405
avoid some clippy warnings
2019-10-26 11:42:05 +02:00
Wolfgang Bumiller
dd5495d6dc
tree-wide: use 'dyn' for all trait objects
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-06-07 13:13:48 +02:00
Dietmar Maurer
13f1cc17ea
src/api_schema/router.rs: implement list_subdirs() helper
2019-04-16 12:07:02 +02:00
Wolfgang Bumiller
062d4916ff
api_schema: allow generic api handler functions
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-04-16 11:22:23 +02:00
Dietmar Maurer
f8f94534d4
src/api2/access.rs: authenticate_user() - add ticket login
2019-03-05 12:56:21 +01:00
Dietmar Maurer
ef2f2efbcc
improve api_schema module structure
2019-02-17 10:16:33 +01:00
Dietmar Maurer
dc9a007b11
rename src/api to src/api_schema
2019-02-17 09:59:20 +01:00
Wolfgang Bumiller
1d77b6cf6b
update to pam 0.7 (renamed from pam-auth)
...
It now supports custom conversation methods, so instead of
new() we ask for a default authenticator taking a password
via with_password(). Since the password is now handled by
the now separate conversation handler, `set_credentials()`
is now called on the handler we get via `.get_handler()`.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-02-15 10:34:40 +01:00
Wolfgang Bumiller
ace9e3531a
access: use proxmox-backup-auth for pam
...
allows customization via /etc/pam.d/proxmox-backup-auth
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-02-07 13:40:22 +01:00
Dietmar Maurer
c82bc1a1f9
depend on pam-auth, use pam for root login
...
Please use username "root@pam" for login via GUI.
2019-02-01 09:30:50 +01:00
Dietmar Maurer
a154a8e8a4
delay unauthorized request (rate limit)
2019-01-31 14:34:21 +01:00
Dietmar Maurer
b9903d6331
server/rest.rs: verify auth cookie
2019-01-31 12:22:00 +01:00
Dietmar Maurer
9f49fe1d5d
avoid compiler warnings
2019-01-30 18:25:37 +01:00
Dietmar Maurer
34f956bc25
api2/access.rs: add ticket api
2019-01-30 15:16:10 +01:00