tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
5,190 Commits 2 Branches 54 Tags 14 MiB
e953029e8f
Commit Graph

1073 Commits

Author SHA1 Message Date
Dietmar Maurer
1d14c31658 Revert "tape: also abort backup/restore on server shutdown" 
This reverts commit 9bd81bb384.

Turns out this is not really a good idea.
 2021-03-02 08:00:10 +01:00
Dietmar Maurer
9bd81bb384 tape: also abort backup/restore on server shutdown 2021-03-02 07:19:31 +01:00
Dietmar Maurer
1552d9699c tape: add 'Restore Key' button 2021-03-01 11:11:38 +01:00
Dietmar Maurer
16f9ea6708 tape: restore - do not check if pool is configured 2021-03-01 09:43:23 +01:00
Dietmar Maurer
955f4aefcd tape: show media inventory/content, even if there is no pool configuration 2021-03-01 09:21:11 +01:00
Dietmar Maurer
08ec39be0c tape: add api to set media status 2021-02-26 10:44:07 +01:00
Dietmar Maurer
5830e5620d tape: cleanup TapeJob implementation - uses AllOf Schema with SectionConfig 2021-02-25 09:44:31 +01:00
Dietmar Maurer
0dadf66dc7 tape: implement backup using latest-only flag 2021-02-24 13:51:53 +01:00
Dietmar Maurer
21e3ed3449 tape: add 'latest-only' property to backup job config 2021-02-24 11:19:12 +01:00
Dominik Csapak
52d8db7925 api2/config/tape_backup_job: fix duplicate id parameter 
since the PUT api call is using the 'Updater', the 'id' parameter is
already encoded in there, tripping up the api verify tests with
'Duplicate keys found in AllOf schema: id'

"fixing" it by removing the explicit id from the api call and
taking it from the Updater (and failing if it does not exists there;
even though that should never happen)

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-02-23 17:23:47 +01:00
Dominik Csapak
875d375d7a api2/types: ArchiveEntry: fix inverse 'leaf' value 
a 'leaf' node is every file *except* directories, so we have
to reverse the logtic here

this fixes the pxar.didx browser in the web ui

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-02-23 17:23:47 +01:00
Dominik Csapak
4961404c7c api2/config/tape_backup_job: enable update api call 
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-02-23 13:17:49 +01:00
Dietmar Maurer
043018cfbe doc: fix wrong api method description 2021-02-22 12:10:34 +01:00
Dietmar Maurer
7f07991035 docs: improve MEDIA_SET_NAMING_TEMPLATE_SCHEMA description 2021-02-22 09:50:16 +01:00
Dietmar Maurer
18ce01caff tape: use correct schema for changer path (SCSI_CHANGER_PATH_SCHEMA) 2021-02-22 09:43:13 +01:00
Dietmar Maurer
5bc8e80a99 cleanup: cleanup use clause (avoid *) 2021-02-22 09:33:29 +01:00
Dietmar Maurer
6252df4c18 docs: fix EXPORT_SLOT_LIST_SCHEMA description 2021-02-22 09:05:07 +01:00
Dietmar Maurer
86d9f4e733 tape: extend MediaChange trait to return MtxStatus 2021-02-20 10:23:16 +01:00
Dietmar Maurer
3f16f1b006 tape: update changer status inside ScsiMediaChange implementation 2021-02-20 09:56:27 +01:00
Dietmar Maurer
cbd9899389 tape: update changer status cache after load/unload 2021-02-20 09:06:17 +01:00
Dietmar Maurer
4188fd59a0 tape: cache changer state 2021-02-19 16:48:19 +01:00
Dominik Csapak
926d05ef0b api2/tape/{backup, restore}, proxmox-tape: set device state 
set the drive device state everywhere we lock it, so that we
know what it currently does

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-02-19 10:16:30 +01:00
Dominik Csapak
8be48ddfc7 api2/tape/changer: add drive state to changer status output 
if we can find the drive in the config and it has a state

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-02-19 10:15:15 +01:00
Dominik Csapak
41e66bfaf6 api2/tape/drive: wrap some api calls in run_drive_blocking_task 
those calls could also block, so we have to run them in a blocking
tokio task, as to not block the current thread

nice side effect is that we now also update the state for that
drive in those instances

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-02-19 10:14:08 +01:00
Dominik Csapak
47a7241410 api2/tape/drive: use run_drive_blocking_task where possible 
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-02-19 10:13:36 +01:00
Dominik Csapak
54c77b3d62 api2/tape/drive: add wrapper for tokio::task::spawn_blocking 
similar to the worker wrapper, lock, write status, run code, unset status

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-02-19 10:13:21 +01:00
Dominik Csapak
a1c5575308 api2/tape/drive: use 'run_drive_worker' where possible 
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-02-19 10:11:04 +01:00
Dominik Csapak
a44c934b5d api2/tape/drive: add run_drive_worker wrapper 
a wrapper for locking, starting the worker and writing the state

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-02-19 10:08:27 +01:00
Dietmar Maurer
1917ea3ce1 cleanup: use serde(flatten) for VerificationJobStatus, improve code reuse 2021-02-19 09:50:25 +01:00
Dietmar Maurer
70842b9ef2 cleanup: use serde(flatten) for SyncJobStatus, improve code reuse 2021-02-19 09:36:39 +01:00
Dietmar Maurer
7690a8e7bd api: list tape backup jobs with scheduling status 2021-02-19 09:02:13 +01:00
Dietmar Maurer
1689296d46 api: add new type JobScheduleStatus 2021-02-19 08:23:41 +01:00
Dietmar Maurer
9bbd83b1f2 tape: media_list API - allow to update online status for a single changer 2021-02-18 10:59:33 +01:00
Dietmar Maurer
d0647e5a02 tape: use worker tasks for media load/unload 2021-02-18 09:04:51 +01:00
Dominik Csapak
2e21948156 api2/admin/datastore: refactor create_zip into pxar/extract 
we will reuse that code in the client, so we need to move it to
where we can access it from the client

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>

[clippy fixes]
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
 2021-02-17 08:32:41 +01:00
Dominik Csapak
5279ee745f api2/admin/datastore: accept "/" as path for root 
makes more sense than sending "root'"

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
 2021-02-17 08:32:41 +01:00
Dominik Csapak
227501c063 api2/admin/datastore: refactor list_dir_content in catalog_reader 
we will reuse that later in the client, so we need it somewhere
we can use from there

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>

[add strongly typed ArchiveEntry and put api code into helpers.rs]
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
 2021-02-17 08:32:41 +01:00
Dietmar Maurer
3cdd1a3424 tape: erase_media - automatically load media (with tape libraries). 2021-02-17 06:55:53 +01:00
Dominik Csapak
be61c56c21 api2/tape/drive: add optional label-text to erase 
if given, erases the tape only iff the inserted tape contains that label
used to safeguard tape erasing from ui for standalone drives

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-02-17 06:55:53 +01:00
Dietmar Maurer
159100b944 tape: ui - avoid changer status query in backup content panel 2021-02-15 12:17:36 +01:00
Dietmar Maurer
41a8db3576 tape: implement API to run tape backup jobs 2021-02-15 11:09:30 +01:00
Dietmar Maurer
fe291ab794 cleanup: tape_backup_job.rs - do not use #[allow(non_camel_case_types)] 2021-02-15 10:41:04 +01:00
Dietmar Maurer
8513626b9f proxmox-backup-proxy: schedule tape backup jobs 2021-02-15 08:30:42 +01:00
Dietmar Maurer
42200c405a fix api sort order 2021-02-15 06:35:45 +01:00
Dietmar Maurer
be327dbccd tape: add tape backup job configuration 2021-02-14 10:35:51 +01:00
Dietmar Maurer
7b1bf4c098 tape: erase_media - automatically erase catalog and inventory 2021-02-12 11:30:34 +01:00
Dominik Csapak
7c9fb570cc api2/types/tape/media_location: fix deserialization of MediaLocation::Vault 
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-02-11 14:23:54 +01:00
Dominik Csapak
56d22c66c0 api2/tape/media: add 'move' api call 
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-02-11 14:23:27 +01:00
Dietmar Maurer
8f02db04f9 docs: use new type_text option for calendar events 2021-02-11 11:51:22 +01:00
Wolfgang Bumiller
7f9d8438ab tfa: derive WebauthnConfigUpdater via api macro 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-02-10 10:47:47 +01:00
Dominik Csapak
afcf8b3ed6 api2/tape/drive: add missing locks for some drive actions 
else a backup/restore can easily be disrupted

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-02-09 08:46:03 +01:00
Fabian Grünbichler
42c0f784e2 key: add show-master-pubkey command 
and print public key when generating/importing..

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-02-06 08:55:21 +01:00
Dietmar Maurer
25aa55b5f5 tape: correctly lock the tape device 2021-02-05 10:50:21 +01:00
Dietmar Maurer
cdf39e62b3 tape: MediaPool - replace use_offline_media with changer_name 
This way, we can improve location_is_available, because we only
consider media from that changer as available.
 2021-02-04 10:15:18 +01:00
Dietmar Maurer
f47e035721 tape: cleanup - move tape file readers/writers into src/tape/file_formats folder 2021-02-04 07:59:37 +01:00
Dietmar Maurer
a80d72f999 tape: allow to abort restore tasks 2021-02-04 07:05:43 +01:00
Dietmar Maurer
8de9a9917f cleanup: use task_log macro 2021-02-04 06:55:18 +01:00
Dominik Csapak
50a4797fb1 api2/types/tape/media: add media_set_ctime to MediaContentEntry 
to be able to better sort in the ui

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-02-02 14:45:54 +01:00
Dietmar Maurer
d0f11b66f7 thape: add read_tapedev_options, display driver options with status command 2021-02-02 06:40:40 +01:00
Wolfgang Bumiller
6248e51797 change half-ticket time range from -120..240 to -60..600 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-02-01 15:13:11 +01:00
Dietmar Maurer
9883b54cba tape: remove drive from pool config 2021-02-01 09:14:28 +01:00
Dietmar Maurer
b5b99a52cd tape: API type cleanup, use serde flatten to derive types 2021-01-30 09:36:54 +01:00
Dietmar Maurer
9586ce2f46 tape: move scan_drives API code to correct file 2021-01-30 08:03:17 +01:00
Dietmar Maurer
c297835b01 tape: proxmox-tape - use API instead of direct functions calls 2021-01-29 11:49:11 +01:00
Dietmar Maurer
5243df4712 tape: proxmox-tape - use API instead of direct functions calls 2021-01-29 10:50:11 +01:00
Dietmar Maurer
1f2c4713ef tape: improve backup task abort behaviour 2021-01-29 09:23:39 +01:00
Dietmar Maurer
271764deb9 tape: make it possible to abort tape backup tasks (check_abort) 
Also use task_log makro instead of worker.log.
 2021-01-29 09:07:55 +01:00
Dominik Csapak
bdb6e6b83f api2/reader: asyncify the reader worker task 
this way, the code is much more readable

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-01-29 06:59:25 +01:00
Dietmar Maurer
41dacd5d3d tape: use worker task for eject-media api 2021-01-28 16:49:08 +01:00
Dietmar Maurer
eb1dfb02b5 tape: proxmox-tape - use api for erase-media and rewind 2021-01-28 16:36:10 +01:00
Dietmar Maurer
bdb62b20a3 tape: media_pool config api - set protected flags where required 2021-01-28 15:42:32 +01:00
Dominik Csapak
627d000098 tape: change changer-drive-id to changer-drivenum 
because it changed in the config

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-01-28 15:11:22 +01:00
Dominik Csapak
b03ec281bf api2/config/{drive, changer}: prevent adding same device multiple times 
this check is not perfect since there are often multiple device
nodes per drive/changer, but from the scan api we should return always
the same, so for an api user this should be enough

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-01-28 15:03:56 +01:00
Dominik Csapak
cef4654ff4 api2/tape/drive: change methods of some api calls from put to get 
makes more sense to have retrieving api calls as get instead of put

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-01-28 15:02:52 +01:00
Dominik Csapak
f45dceeb73 api2/tape/drive: add load_media as api call 
code was already there, just add it as api call

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-01-28 15:02:13 +01:00
Dominik Csapak
18262a88c9 api2/tape/changer: add changer filter to list_drives api call 
so that an api user can get the drives belonging to a changer
without having to parse the config listing themselves

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-01-28 15:01:41 +01:00
Dietmar Maurer
d737adc6be tape: rename changer_drive_id to changer_drivenum 2021-01-28 11:29:59 +01:00
Dominik Csapak
5fdaecf6f4 api2/tape/drive: reorganize drive api 
similar to the changers, create a listing at /tape/drive and put
the specific api calls below that

move the scan api call up one level

remove the status info from the config listing

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-01-28 11:15:17 +01:00
Dominik Csapak
d8792b88ef api2/types/tape/drive: add changer_drivenum 
so that an api user can see which drive belongs to which drivenum of a changer
for ones with multiple drives

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-01-28 11:14:28 +01:00
Dietmar Maurer
887f1cb90c cleanup: move scan changers API implementation 2021-01-27 09:58:16 +01:00
Dominik Csapak
740dc9d1d4 api2/tape/changer: reorganize api 
add a changer listing here (copied from api2/config/changer)
and put the status and transfer api calls below that

puts the changer scan into the top level tape api
and removes the (now redundant) info from the config api path

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-01-26 12:47:34 +01:00
Dominik Csapak
bbf01b644c tape: fix typos 
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
 2021-01-26 12:39:54 +01:00
Fabian Grünbichler
367c0ff7c6 clippy: allow api functions with many arguments 
some of those can be reduced/cleaned up when we have updater support in
the api macro.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-26 09:54:52 +01:00
Fabian Grünbichler
9c26a3d61a verify: factor out common parameters 
all the verify methods pass along the following:
- task worker
- datastore
- corrupt and verified chunks

might as well pull that out into a common type, with the added bonus of
now having a single point for construction instead of copying the
default capacaties in three different modules..

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-26 09:54:49 +01:00
Fabian Grünbichler
93e3581ce7 derive/impl and use Default for some structs 
and revamp HttpClientOptions with two constructors for the common use
cases

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-26 09:54:45 +01:00
Fabian Grünbichler
f4e52bb27d authid: make Tokenname(Ref) derive Eq 
it's needed to derive Hash, and we always compare Authids or their
Userid components, never just the Tokenname part anyway..

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-26 09:54:40 +01:00
Dietmar Maurer
697c41c584 tape: add/use rust scsi changer implementation using libsgutil2 2021-01-25 13:14:07 +01:00
Fabian Grünbichler
3e461dec1c apt: let api handle optional bool with default 
one less FIXME :)

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-25 11:41:46 +01:00
Fabian Grünbichler
4d08e25913 clippy: rewrite ifs with identical return values 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-25 11:41:43 +01:00
Fabian Grünbichler
43313c2ee7 clippy: rewrite comparison chains 
chunk_stream one can be collapsed, since split == split_to with at set
to buffer.len() anyway.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-25 11:41:39 +01:00
Fabian Grünbichler
81b2a87232 clippy: fix Mutex with unused value 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-25 11:41:36 +01:00
Dietmar Maurer
bf78f70885 improve code docs in api2 
Note: API methos should be declared pub, so that they show up in the generated docu.
 2021-01-22 15:57:42 +01:00
Dietmar Maurer
5f34d69bcc tape: add volume-statistics api/command 2021-01-22 08:45:35 +01:00
Dietmar Maurer
337ff5a3cc tape: add estimated medium wearout to status 2021-01-22 08:06:25 +01:00
Dietmar Maurer
8e6459a818 tape: set encryption key on restore 2021-01-22 07:26:42 +01:00
Dietmar Maurer
645a044bf6 tape: further hierarchy improvements 2021-01-21 17:25:32 +01:00
Dietmar Maurer
37796ff73f tape: change code hierarchy to improve docs 2021-01-21 17:12:01 +01:00
Dietmar Maurer
1c86893d95 cleanup: always compute fingerprint in KeyConfig constructors 2021-01-21 11:56:54 +01:00
Dietmar Maurer
d543587d34 Merge branch 'master' of ssh://proxdev.maurer-it.com/rust/proxmox-backup 2021-01-21 10:56:52 +01:00
Dietmar Maurer
780bc4cad2 tape: try to set encryption key with read-label command 2021-01-21 10:31:49 +01:00
Dietmar Maurer
18bd6ba13d tape: restore_key - always update key, even if there is already an entry 2021-01-21 10:31:49 +01:00
Dietmar Maurer
4dafc513cc tape: fix file permissions for tape encryptiuon keys 2021-01-21 10:31:49 +01:00
Dietmar Maurer
8428063d9e cleanup: KeyConfig::decrypt - show password hint on error 2021-01-21 10:31:49 +01:00
Dietmar Maurer
f490dda05a tape: use type Uuid instead of String 2021-01-21 10:31:49 +01:00
Dietmar Maurer
2b191385ea tape: use specialized encryption key per media-set 2021-01-21 10:31:49 +01:00
Dietmar Maurer
bc228e5eaf api: add types for UUIDs 2021-01-20 17:16:46 +01:00
Fabian Grünbichler
d967d8f1a7 clippy: remove drop(&..) 
it does nothing.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:41:02 +01:00
Fabian Grünbichler
1d928b25fe clippy: remove some unnecessary reference taking 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:23:54 +01:00
Fabian Grünbichler
0d2133db98 clippy: use while let loops 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:23:54 +01:00
Fabian Grünbichler
e062ebbc29 clippy: us *_or_else with function calls 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:23:54 +01:00
Fabian Grünbichler
b92cad0938 clippy: convert single match to if let 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:23:54 +01:00
Fabian Grünbichler
ea368a06cd clippy: misc. fixes 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:23:54 +01:00
Fabian Grünbichler
3f48cdb380 clippy: don't pass along unit value 
make it explicit. this whole section should probably be re-written with
select!

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:23:54 +01:00
Fabian Grünbichler
1e0c6194b5 clippy: fix option_as_ref_deref 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:23:54 +01:00
Fabian Grünbichler
6334bdc1c5 clippy: collapse nested ifs 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:23:54 +01:00
Fabian Grünbichler
3b82f3eea5 clippy: avoid useless format! 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:23:54 +01:00
Fabian Grünbichler
38556bf60d clippy: remove explicit returns 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:23:54 +01:00
Fabian Grünbichler
d8d8af9826 clippy: use chars / byte string literals 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:23:54 +01:00
Fabian Grünbichler
3984a5fd77 clippy: is_some/none/ok/err/empty 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:23:54 +01:00
Fabian Grünbichler
397356096a clippy: remove needless bool literals 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:23:52 +01:00
Fabian Grünbichler
22a9189ee0 clippy: remove unnecessary closures 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:22:59 +01:00
Fabian Grünbichler
4428818412 clippy: remove unnecessary clones 
and from::<T>(T)

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:22:59 +01:00
Fabian Grünbichler
47ea98e0e3 clippy: collapse/rework nested ifs 
no semantic changes (intended).

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-20 16:22:59 +01:00
Dietmar Maurer
69b8bc3bfa tape: implemenmt show key 
Moved API types Kdf and KeyInfo to src/api2/types/mod.rs.
 2021-01-20 15:43:19 +01:00
Dietmar Maurer
301b8aa0a5 tape: implement change-passphrase for tape encryption keys 2021-01-20 15:43:19 +01:00
Dietmar Maurer
e5b6c93323 tape: add --kdf parameter to create key api 2021-01-20 15:43:19 +01:00
Dietmar Maurer
9a045790ed cleanup KeyConfig 2021-01-20 15:43:19 +01:00
Dietmar Maurer
82a103c8f9 add "password hint" to KeyConfig 2021-01-20 15:43:19 +01:00
Dietmar Maurer
feb1645f37 tape: generate random encryptions keys and store key_config on media 2021-01-19 11:20:07 +01:00
Wolfgang Bumiller
ad5cee1d22 tfa: add 'created' timestamp to entries 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-18 14:06:12 +01:00
Dietmar Maurer
8a0046f519 tape: implement encrypted backup - simple version 
This is just a proof of concept, only storing the encryption key fingerprint
inside the media-set label.
 2021-01-18 13:38:22 +01:00
Dietmar Maurer
1e93fbb5c1 tape: add encrypt property to media pool configuration 2021-01-18 13:38:22 +01:00
Dietmar Maurer
d5a48b5ce4 tape: add hardware encryption key managenent api 2021-01-18 13:38:22 +01:00
Wolfgang Bumiller
a670b99db1 tfa: add webauthn configuration API entry points 
Currently there's not yet a node config and the WA config is
somewhat "tightly coupled" to the user entries in that
changing it can lock them all out, so for now I opted for
fewer reorganization and just use a digest of the
canonicalized config here, and keep it all in the tfa.json
file.

Experimentally using the flatten feature on the methods with
an`Updater` struct similar to what the api macro is supposed
to be able to derive on its own in the future.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-15 15:19:52 +01:00
Oguz Bektas
6bbe49aa14 access: restrict password changes on @pam realm to superuser 
for behavior consistency with `update_user`

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
 2021-01-15 08:49:22 +01:00
Oguz Bektas
5aa1019010 access: limit editing pam credentials to superuser 
modifying @pam users credentials should be only possible for root@pam,
otherwise it can have unintended consequences.

also enforce the same limit on user creation (except self_service check,
since it makes no sense during user creation)

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
 2021-01-15 08:49:22 +01:00
Fabian Grünbichler
89e9134a3f hyper: use new hyper::upgrade 
the old Body::on_upgrade method is no more

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-14 16:01:33 +01:00
Fabian Grünbichler
7c66701366 tokio 1.0: use ReceiverStream from tokio-stream 
to wrap a Receiver in a Stream. this will likely move back into tokio
proper once we have a std Stream..

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-14 16:01:33 +01:00
Fabian Grünbichler
585e90c0de tokio: adapt to 1.0 process:Child changes 
Child itself is no longer a Future, but it has a new wait() async fn
that does the same thing

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2021-01-14 16:01:33 +01:00
Dietmar Maurer
781da7f6f0 tape: add --inventorize flag to read-label API/CLI 2021-01-14 11:51:23 +01:00
Dietmar Maurer
8446fbca85 tape: rename changer_id to label_text 2021-01-13 13:26:59 +01:00
Dietmar Maurer
0bce2118e7 tape: improve docu 2021-01-12 16:37:23 +01:00
Dietmar Maurer
6543214dde tape: MediaListEntry - add ctime 2021-01-12 12:01:21 +01:00
Dietmar Maurer
5654d8ceba tape: make eject/export more reliable, improve logging 2021-01-12 09:16:16 +01:00
Dietmar Maurer
31cf625af5 tape: improve backup logs 2021-01-11 13:23:12 +01:00
Wolfgang Bumiller
ad0ed40a59 api: return "invalid" as CSRF token for partial tickets 
So that old clients don't `unwrap` a `None` value.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:13 +01:00
Wolfgang Bumiller
7ad33e8052 tfa: use UNAUTHORIZED http status in password check 
to trigger our 3s delay in the rest handler

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:13 +01:00
Wolfgang Bumiller
f22dfb5ece tfa: remove tfa user when a user is deleted 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:10 +01:00
Wolfgang Bumiller
4bda51688b tfa: improve user existence check 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00
Wolfgang Bumiller
eab25e2f33 tfa: allow deletion of entries of non-existent users 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2021-01-11 10:23:03 +01:00