0d916ac531
tape: add media pool config code docs
2021-01-22 12:01:46 +01:00
d4ab407045
tape: add drive config code docs
2021-01-22 11:51:36 +01:00
45212a8c78
fix mtx parser bug: s/strip_suffix/strip_prefix/
2021-01-22 11:00:56 +01:00
64b83c3d70
tape: implement paperkey command for tape encryption keys
2021-01-22 09:56:14 +01:00
639a6782bd
paperkey: move code to src/tools/paperkey.rs
2021-01-22 09:42:59 +01:00
5f34d69bcc
tape: add volume-statistics api/command
2021-01-22 08:45:35 +01:00
337ff5a3cc
tape: add estimated medium wearout to status
2021-01-22 08:06:25 +01:00
8e6459a818
tape: set encryption key on restore
2021-01-22 07:26:42 +01:00
aff3e16194
tape: add code docs to src/config/tape_encryption_keys.rs
2021-01-21 18:23:07 +01:00
9372c0787d
renamed src/tape/sgutils2.rs -> src/tools/sgutils2.rs
2021-01-21 17:57:17 +01:00
83fb2da53e
tape: move MediaCatalog magic number into struct (doc cleanup)
2021-01-21 17:48:07 +01:00
645a044bf6
tape: further hierarchy improvements
2021-01-21 17:25:32 +01:00
37796ff73f
tape: change code hierarchy to improve docs
2021-01-21 17:12:01 +01:00
e1fdcb1678
tape: do not export/doc low level libsgutils2 bindings
2021-01-21 16:38:24 +01:00
edda5039d4
tape: improve code docs
2021-01-21 13:19:07 +01:00
1c86893d95
cleanup: always compute fingerprint in KeyConfig constructors
2021-01-21 11:56:54 +01:00
d543587d34
Merge branch 'master' of ssh://proxdev.maurer-it.com/rust/proxmox-backup
2021-01-21 10:56:52 +01:00
780bc4cad2
tape: try to set encryption key with read-label command
2021-01-21 10:31:49 +01:00
18bd6ba13d
tape: restore_key - always update key, even if there is already an entry
2021-01-21 10:31:49 +01:00
4dafc513cc
tape: fix file permissions for tape encryptiuon keys
2021-01-21 10:31:49 +01:00
7acd5c5659
cleanup: remove missleading wording from code docs
2021-01-21 10:31:49 +01:00
8428063d9e
cleanup: KeyConfig::decrypt - show password hint on error
2021-01-21 10:31:49 +01:00
f490dda05a
tape: use type Uuid instead of String
2021-01-21 10:31:49 +01:00
2b191385ea
tape: use specialized encryption key per media-set
2021-01-21 10:31:49 +01:00
bc228e5eaf
api: add types for UUIDs
2021-01-20 17:16:46 +01:00
8be65e34de
clippy: replace transmute with &*
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:41:02 +01:00
d967d8f1a7
clippy: remove drop(&..)
...
it does nothing.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:41:02 +01:00
50deb0d3f8
clippy: use is_null to check for null pointers
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:41:02 +01:00
1d928b25fe
clippy: remove some unnecessary reference taking
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
f2f81791d1
clippy: fix for_kv_map
...
and allow it in the one case where the entry loop is intended, but the
code is not yet implemented fully.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
382f10a0cc
clippy: fix/allow needless_range_loop
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
0d2133db98
clippy: use while let loops
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
09faa9ee95
clippy: pass &str/&[..] instead of &String/&Vec
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
ccec086e25
clippy: remove unnecessary &mut
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
05725ac9a4
clippy: remove unnecessary `let` binding
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
96b7483138
clippy: remove/replace needless explicit lifetimes
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
81281d04a4
clippy: fix/allow identity_op
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
e062ebbc29
clippy: us *_or_else with function calls
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
b92cad0938
clippy: convert single match to if let
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
ea368a06cd
clippy: misc. fixes
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
3f48cdb380
clippy: don't pass along unit value
...
make it explicit. this whole section should probably be re-written with
select!
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
17c7b46a69
clippy: use unwrap_or_default
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
a375df6f4c
clippy: use copied/cloned instead of map
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
a3775bb4e8
clippy: shorten assignments
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
1e0c6194b5
clippy: fix option_as_ref_deref
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
a6bd669854
clippy: use matches!
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
6334bdc1c5
clippy: collapse nested ifs
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
3b82f3eea5
clippy: avoid useless format!
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
38556bf60d
clippy: remove explicit returns
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
d8d8af9826
clippy: use chars / byte string literals
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
3984a5fd77
clippy: is_some/none/ok/err/empty
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:54 +01:00
397356096a
clippy: remove needless bool literals
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:23:52 +01:00
365915da9a
clippy: use strip_prefix instead of manual stripping
...
it's less error-prone (off-by-one!)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:22:59 +01:00
87152fbac6
clippy: drop redundant 'static lifetime
...
those declarations are already const/static..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:22:59 +01:00
22a9189ee0
clippy: remove unnecessary closures
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:22:59 +01:00
4428818412
clippy: remove unnecessary clones
...
and from::<T>(T)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:22:59 +01:00
47ea98e0e3
clippy: collapse/rework nested ifs
...
no semantic changes (intended).
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-20 16:22:59 +01:00
6dd0513546
tape: allocate new media set when pool encryption key changes
2021-01-20 15:43:39 +01:00
8abe51b71d
improve code docs
2021-01-20 15:43:19 +01:00
69b8bc3bfa
tape: implemenmt show key
...
Moved API types Kdf and KeyInfo to src/api2/types/mod.rs.
2021-01-20 15:43:19 +01:00
301b8aa0a5
tape: implement change-passphrase for tape encryption keys
2021-01-20 15:43:19 +01:00
e5b6c93323
tape: add --kdf parameter to create key api
2021-01-20 15:43:19 +01:00
9a045790ed
cleanup KeyConfig
2021-01-20 15:43:19 +01:00
82a103c8f9
add "password hint" to KeyConfig
2021-01-20 15:43:19 +01:00
feb1645f37
tape: generate random encryptions keys and store key_config on media
2021-01-19 11:20:07 +01:00
8ca37d6a65
cleanup: factor out decrypt_key_config
2021-01-19 11:20:07 +01:00
9b6bddb24c
tfa: remove/empty description for recovery keys
...
While the user chosen description is not allowed to be
empty, we do leave it empty for recovery keys, as a "dummy
description" makes little sense...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-18 15:20:39 +01:00
ad5cee1d22
tfa: add 'created' timestamp to entries
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-18 14:06:12 +01:00
ca1060862e
tfa: remember recovery indices
...
and tell the client which keys are still available rather
than just yes/no/low
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-18 13:51:23 +01:00
8a0046f519
tape: implement encrypted backup - simple version
...
This is just a proof of concept, only storing the encryption key fingerprint
inside the media-set label.
2021-01-18 13:38:22 +01:00
84cbdb35c4
implement FromStr for Fingerprint
2021-01-18 13:38:22 +01:00
1e93fbb5c1
tape: add encrypt property to media pool configuration
2021-01-18 13:38:22 +01:00
619554af2b
tape: clear encryption key before writing labels
...
We always write labels unencrypted.
2021-01-18 13:38:22 +01:00
d5a48b5ce4
tape: add hardware encryption key managenent api
2021-01-18 13:38:22 +01:00
44de5bcc00
pull: add error context for initial group list call
...
otherwise the user is confronted with a generic error like "permission
check failed" with no indication that it refers to a request made to the
remote PBS instance..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-18 06:51:05 +01:00
e2956c605d
pull: rustfmt
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-18 06:50:23 +01:00
b22b6c2299
tape: encryption scsi command cleanup
2021-01-16 18:24:04 +01:00
90950c9c20
tape: add scsi commands to control drive hardware encryption
2021-01-16 15:59:05 +01:00
0c5b9e7820
tape: sgutils2.rs - add do_out_command()
...
Make it possible to run commands that writes data.
2021-01-16 15:59:05 +01:00
a670b99db1
tfa: add webauthn configuration API entry points
...
Currently there's not yet a node config and the WA config is
somewhat "tightly coupled" to the user entries in that
changing it can lock them all out, so for now I opted for
fewer reorganization and just use a digest of the
canonicalized config here, and keep it all in the tfa.json
file.
Experimentally using the flatten feature on the methods with
an`Updater` struct similar to what the api macro is supposed
to be able to derive on its own in the future.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-15 15:19:52 +01:00
aefd74197a
bakckup::manifest: use tools::json for canonical representation
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-15 15:19:52 +01:00
9ff747ef50
add tools::json for canonical json generation
...
moving this from backup::manifest, no functional changes
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2021-01-15 15:19:52 +01:00
a08a198577
tape: do not abort backup if tape drive does not support tape-alert-flags
2021-01-15 11:43:17 +01:00
6bbe49aa14
access: restrict password changes on @pam realm to superuser
...
for behavior consistency with `update_user`
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2021-01-15 08:49:22 +01:00
5aa1019010
access: limit editing pam credentials to superuser
...
modifying @pam users credentials should be only possible for root@pam,
otherwise it can have unintended consequences.
also enforce the same limit on user creation (except self_service check,
since it makes no sense during user creation)
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2021-01-15 08:49:22 +01:00
29a59b380c
proxmox 0.10: adapt to moved ParameterSchema
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
0bfcea6a11
cleanup: remove unnecessary 'mut' and '.clone()'
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
89e9134a3f
hyper: use new hyper::upgrade
...
the old Body::on_upgrade method is no more
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
b5a202acb6
tokio 1.0: update to new Signal interface
...
Signal does not yet re-implement Stream (and is not yet wrapped in
tokio-stream either).
see https://github.com/tokio-rs/tokio/pull/3383
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
0f860f712f
tokio 1.0: update to new tokio-openssl interface
...
connect/accept are now happening on pinned SslStreams
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
7c66701366
tokio 1.0: use ReceiverStream from tokio-stream
...
to wrap a Receiver in a Stream. this will likely move back into tokio
proper once we have a std Stream..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
585e90c0de
tokio: adapt to 1.0 process:Child changes
...
Child itself is no longer a Future, but it has a new wait() async fn
that does the same thing
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
5c852d5b82
tokio: adapt to 1.0 runtime changes
...
enter() now returns a guard, and the builder got revamped to make the
choice between MT and current thread explicit.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
484172b5f8
tokio 1.0: AsyncRead/Seek with ReadBuf
...
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
d148958b67
proxmox 0.10: use tokio::time::timeout directly
...
TimeoutFutureExt is no more
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
0a8d773ad0
tokio 1.0: delay -> sleep
...
almost the same thing, new name(s), no longer Unpin
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
427d90e6c1
update to tokio 1.0
...
and various related crates
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-01-14 16:01:33 +01:00
1a0b410554
manager: user/token list: fix rendering 0 (never) expire date
...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-14 13:59:08 +01:00
2d50a6192f
tape: sg-tape-cmd - add more ways to specify devices
2021-01-14 13:05:26 +01:00
781da7f6f0
tape: add --inventorize flag to read-label API/CLI
2021-01-14 11:51:23 +01:00
Dietmar Maurer
Fabian Grünbichler
Wolfgang Bumiller
Oguz Bektas
Thomas Lamprecht