use proxmox::{http_err, list_subdirs_api_method};
use proxmox::{identity, sortable};
+use pbs_api_types::{
+ Userid, Authid, PASSWORD_SCHEMA, ACL_PATH_SCHEMA,
+ PRIVILEGES, PRIV_PERMISSIONS_MODIFY, PRIV_SYS_AUDIT,
+};
use pbs_tools::auth::private_auth_key;
use pbs_tools::ticket::{self, Empty, Ticket};
+use pbs_config::acl::AclTreeNode;
-use crate::api2::types::*;
use crate::auth_helpers::*;
use crate::server::ticket::ApiTicket;
-use crate::config::acl as acl_config;
-use crate::config::acl::{PRIVILEGES, PRIV_PERMISSIONS_MODIFY, PRIV_SYS_AUDIT};
-use crate::config::cached_user_info::CachedUserInfo;
+use pbs_config::CachedUserInfo;
use crate::config::tfa::TfaChallenge;
pub mod acl;
tfa_challenge: Option<String>,
rpcenv: &mut dyn RpcEnvironment,
) -> Result<Value, Error> {
+
+ use proxmox_rest_server::RestEnvironment;
+
+ let env: &RestEnvironment = rpcenv.as_any().downcast_ref::<RestEnvironment>()
+ .ok_or_else(|| format_err!("detected worng RpcEnvironment type"))?;
+
match authenticate_user(&username, &password, path, privs, port, tfa_challenge) {
Ok(AuthResult::Success) => Ok(json!({ "username": username })),
Ok(AuthResult::CreateTicket) => {
let ticket = Ticket::new("PBS", &api_ticket)?.sign(private_auth_key(), None)?;
let token = assemble_csrf_prevention_token(csrf_secret(), &username);
- crate::server::rest::auth_logger()?
- .log(format!("successful auth for user '{}'", username));
+ env.log_auth(username.as_str());
Ok(json!({
"username": username,
}))
}
Err(err) => {
- let client_ip = match rpcenv.get_client_ip().map(|addr| addr.ip()) {
- Some(ip) => format!("{}", ip),
- None => "unknown".into(),
- };
-
- let msg = format!(
- "authentication failure; rhost={} user={} msg={}",
- client_ip,
- username,
- err.to_string()
- );
- crate::server::rest::auth_logger()?.log(&msg);
- log::error!("{}", msg);
-
+ env.log_failed_auth(Some(username.to_string()), &err.to_string());
Err(http_err!(UNAUTHORIZED, "permission check failed."))
}
}
fn populate_acl_paths(
mut paths: HashSet<String>,
- node: acl_config::AclTreeNode,
+ node: AclTreeNode,
path: &str,
) -> HashSet<String> {
for (sub_path, child_node) in node.children {
None => {
let mut paths = HashSet::new();
- let (acl_tree, _) = acl_config::config()?;
+ let (acl_tree, _) = pbs_config::acl::config()?;
paths = populate_acl_paths(paths, acl_tree.root, "");
// default paths, returned even if no ACL exists
let map = paths.into_iter().fold(
HashMap::new(),
|mut map: HashMap<String, HashMap<String, bool>>, path: String| {
- let split_path = acl_config::split_acl_path(path.as_str());
+ let split_path = pbs_config::acl::split_acl_path(path.as_str());
let (privs, propagated_privs) = user_info.lookup_privs_details(&auth_id, &split_path);
match privs {