e7cb4dc50d
introduce Username, Realm and Userid api types
...
and begin splitting up types.rs as it has grown quite large
already
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-08-10 12:05:01 +02:00
1c2f842a98
api2/nodes: add termproxy and vncwebsocket api calls
...
Even though it has nothing to do with vnc, we keep the name of the api
call for compatibility with our xtermjs client.
termproxy:
verifies that the user is allowed to open a console and starts
termproxy with the correct parameters
starts a TcpListener on "localhost:0" so that the kernel decides the
port (instead of trying to rerserving like in pve). Then it
leaves the fd open for termproxy and gives the number as port
and tells it via '--port-as-fd' that it should interpret this
as an open fd
the vncwebsocket api call checks the 'vncticket' (name for compatibility)
and connects the remote side (after an Upgrade) with a local TcpStream
connecting to the port given via WebSocket from the proxmox crate
to make sure that only the client can connect that called termproxy and
no one can connect to an arbitrary port on the host we have to include
the port in the ticket data
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-07-23 12:06:38 +02:00
fa2bdc1309
src/config/acl.rs: add /system/disks to valid acl paths
2020-06-06 15:48:15 +02:00
2882c881e9
api2/access/acl: add path and exact parameter to list_acl
...
so that we can get only a subset of the acls, filtered by the backed
also return the digest here
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-05-20 13:44:36 +02:00
1ad9dd08f4
acls: use constnamemap macro for privileges
...
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2020-05-20 13:21:28 +02:00
74c08a5782
use reasonable acl paths
2020-04-30 09:30:00 +02:00
bd88dc4116
cached_config: avoid parsing non-existent files multiple times
2020-04-30 07:04:23 +02:00
bc0d03885c
use proxmox 0.1.25, use new EnumEntry feature
2020-04-29 13:01:24 +02:00
b9f2f761bb
avoid problems with missing acl.cfg and user.cfg
2020-04-29 10:40:42 +02:00
8247db5b39
src/config/acl.rs: introduice privileges and roles for remotes
2020-04-29 07:03:44 +02:00
dd335b77f5
src/config/acl.rs - fix regression tests
2020-04-28 11:16:15 +02:00
6f6aa95abb
add Datastore.Backup, Datastore.PowerUser and Datastore.Reader role
2020-04-28 11:07:25 +02:00
54552dda59
implemnt backup ownership, improve datastore access permissions
2020-04-28 10:22:25 +02:00
d00e1a216f
src/config/acl.rs: introduce more/better datastore privileges
2020-04-27 07:13:50 +02:00
9c7fe29dfc
src/config/acl.rs: rtename PRTIV_DATASTORE_ALLOCATE to PRIV_DATASTORE_MODIFY
2020-04-27 06:50:35 +02:00
f7d4e4b506
switch from failure to anyhow
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2020-04-17 18:43:30 +02:00
3fff55b293
src/api2/access/role.rs: new api to list roles
2020-04-17 14:03:24 +02:00
4f66423fcc
src/api2/access/user.rs: add access permissions
2020-04-17 11:04:36 +02:00
423e656163
src/config/cached_user_info.rs: new helper class
2020-04-16 10:05:16 +02:00
5354511fd0
src/config/acl.rs: implement cached_config
2020-04-15 11:30:47 +02:00
8d048af2bf
acl: improve NoAccess handling
2020-04-15 08:11:43 +02:00
9f4e47dd93
acl update: check path
2020-04-14 17:23:48 +02:00
9765092ede
acl api: implement update
2020-04-14 10:16:49 +02:00
ed3e60ae69
start ACL api
2020-04-13 11:09:44 +02:00
a83eab3c4d
acl: use BTreeMap and BTreeSet to avoid sort()
2020-04-12 17:13:53 +02:00
0815ec7e65
acl: implement roles(), add regression tests.
2020-04-12 13:06:50 +02:00
5c6cdf9815
add acl config
2020-04-11 12:24:26 +02:00
Wolfgang Bumiller
Dominik Csapak
Dietmar Maurer