pathpatterns = "0.1.2"
pxar = { version = "0.10.1", features = [ "tokio-io" ] }
-proxmox = { version = "0.11.6", features = [ "sortable-macro", "api-macro", "cli", "router", "tfa" ] }
+proxmox = { version = "0.12.0", features = [ "sortable-macro", "api-macro", "cli", "router", "tfa" ] }
proxmox-acme-rs = "0.2.1"
-proxmox-apt = "0.5.0"
+proxmox-apt = "0.5.1"
proxmox-fuse = "0.1.1"
proxmox-http = { version = "0.2.1", features = [ "client", "http-helpers", "websocket" ] }
-proxmox-openid = "0.6.0"
+proxmox-openid = "0.6.1"
pbs-api-types = { path = "pbs-api-types" }
pbs-buildcfg = { path = "pbs-buildcfg" }
regex = "1.2"
serde = { version = "1.0", features = ["derive"] }
-proxmox = { version = "0.11.5", default-features = false, features = [ "api-macro" ] }
+proxmox = { version = "0.12.0", default-features = false, features = [ "api-macro" ] }
pbs-systemd = { path = "../pbs-systemd" }
pbs-tools = { path = "../pbs-tools" }
xdg = "2.2"
pathpatterns = "0.1.2"
-proxmox = { version = "0.11.5", default-features = false, features = [ "cli" ] }
+proxmox = { version = "0.12.0", default-features = false, features = [ "cli" ] }
proxmox-fuse = "0.1.1"
proxmox-http = { version = "0.2.1", features = [ "client", "http-helpers", "websocket" ] }
pxar = { version = "0.10.1", features = [ "tokio-io" ] }
pathpatterns = "0.1.2"
pxar = { version = "0.10.1", features = [ "tokio-io" ] }
-proxmox = { version = "0.11.5", default-features = false, features = [ "api-macro" ] }
+proxmox = { version = "0.12.0", default-features = false, features = [ "api-macro" ] }
pbs-api-types = { path = "../pbs-api-types" }
pbs-tools = { path = "../pbs-tools" }
lazy_static = "1.4"
nom = "5.1"
-proxmox = { version = "0.11.5", default-features = false }
+proxmox = { version = "0.12.0", default-features = false }
pbs-tools = { path = "../pbs-tools" }
url = "2.1"
walkdir = "2"
-proxmox = { version = "0.11.5", default-features = false, features = [ "tokio" ] }
+proxmox = { version = "0.12.0", default-features = false, features = [ "tokio" ] }
pbs-buildcfg = { path = "../pbs-buildcfg" }
pbs-runtime = { path = "../pbs-runtime" }
tokio = { version = "1.6", features = [ "rt", "rt-multi-thread" ] }
pathpatterns = "0.1.2"
-proxmox = { version = "0.11.5", default-features = false, features = [] }
+proxmox = { version = "0.12.0", default-features = false, features = [] }
pxar = { version = "0.10.1", features = [ "tokio-io" ] }
pbs-client = { path = "../pbs-client" }
let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?;
Ok(BackupLockGuard(file))
}
+
+/// Atomically write data to file owned by "root:backup" with permission "0640"
+///
+/// Only the superuser can write those files, but group 'backup' can read them.
+pub fn replace_backup_config<P: AsRef<std::path::Path>>(
+ path: P,
+ data: &[u8],
+) -> Result<(), Error> {
+ let backup_user = backup_user()?;
+ let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
+ // set the correct owner/group/permissions while saving file
+ // owner(rw) = root, group(r)= backup
+ let options = proxmox::tools::fs::CreateOptions::new()
+ .perm(mode)
+ .owner(nix::unistd::ROOT)
+ .group(backup_user.gid);
+
+ proxmox::tools::fs::replace_file(path, data, options)?;
+
+ Ok(())
+}
+
+/// Atomically write data to file owned by "root:root" with permission "0600"
+///
+/// Only the superuser can read and write those files.
+pub fn replace_secret_config<P: AsRef<std::path::Path>>(
+ path: P,
+ data: &[u8],
+) -> Result<(), Error> {
+ let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
+ // set the correct owner/group/permissions while saving file
+ // owner(rw) = root, group(r)= root
+ let options = proxmox::tools::fs::CreateOptions::new()
+ .perm(mode)
+ .owner(nix::unistd::ROOT)
+ .group(nix::unistd::Gid::from_raw(0));
+
+ proxmox::tools::fs::replace_file(path, data, options)?;
+
+ Ok(())
+}
use proxmox::api::{api, schema::*};
use proxmox::constnamedbitmap;
-use proxmox::tools::{fs::replace_file, fs::CreateOptions};
use crate::api2::types::{Authid, Userid};
acl.write_config(&mut raw)?;
- let backup_user = crate::backup::backup_user()?;
- let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
- // set the correct owner/group/permissions while saving file
- // owner(rw) = root, group(r)= backup
- let options = CreateOptions::new()
- .perm(mode)
- .owner(nix::unistd::ROOT)
- .group(backup_user.gid);
-
- replace_file(ACL_CFG_FILENAME, &raw, options)?;
-
- Ok(())
+ crate::backup::replace_backup_config(ACL_CFG_FILENAME, &raw)
}
#[cfg(test)]
section_config::{SectionConfig, SectionConfigData, SectionConfigPlugin},
};
-use proxmox::tools::{fs::replace_file, fs::CreateOptions};
-
use crate::api2::types::PROXMOX_SAFE_ID_FORMAT;
use crate::backup::{open_backup_lockfile, BackupLockGuard};
pub fn save_config(config: &PluginData) -> Result<(), Error> {
super::make_acme_dir()?;
let raw = CONFIG.write(ACME_PLUGIN_CFG_FILENAME, &config.data)?;
-
- let backup_user = crate::backup::backup_user()?;
- let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
- // set the correct owner/group/permissions while saving file
- // owner(rw) = root, group(r)= backup
- let options = CreateOptions::new()
- .perm(mode)
- .owner(nix::unistd::ROOT)
- .group(backup_user.gid);
-
- replace_file(ACME_PLUGIN_CFG_FILENAME, raw.as_bytes(), options)?;
-
- Ok(())
+ crate::backup::replace_backup_config(ACME_PLUGIN_CFG_FILENAME, raw.as_bytes())
}
pub struct PluginData {
}
};
-use proxmox::tools::fs::{
- replace_file,
- CreateOptions,
-};
-
use crate::api2::types::*;
use crate::backup::{open_backup_lockfile, BackupLockGuard};
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(DATASTORE_CFG_FILENAME, &config)?;
-
- let backup_user = crate::backup::backup_user()?;
- let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
- // set the correct owner/group/permissions while saving file
- // owner(rw) = root, group(r)= backup
- let options = CreateOptions::new()
- .perm(mode)
- .owner(nix::unistd::ROOT)
- .group(backup_user.gid);
-
- replace_file(DATASTORE_CFG_FILENAME, raw.as_bytes(), options)?;
-
- Ok(())
+ crate::backup::replace_backup_config(DATASTORE_CFG_FILENAME, raw.as_bytes())
}
// shell completion helper
}
};
-use proxmox::tools::fs::{
- replace_file,
- CreateOptions,
-};
-
use crate::api2::types::*;
use crate::backup::{open_backup_lockfile, BackupLockGuard};
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(DOMAINS_CFG_FILENAME, &config)?;
-
- let backup_user = crate::backup::backup_user()?;
- let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
- // set the correct owner/group/permissions while saving file
- // owner(rw) = root, group(r)= backup
- let options = CreateOptions::new()
- .perm(mode)
- .owner(nix::unistd::ROOT)
- .group(backup_user.gid);
-
- replace_file(DOMAINS_CFG_FILENAME, raw.as_bytes(), options)?;
-
- Ok(())
+ crate::backup::replace_backup_config(DOMAINS_CFG_FILENAME, raw.as_bytes())
}
// shell completion helper
SectionConfigPlugin,
},
},
- tools::fs::{
- replace_file,
- CreateOptions,
- },
};
use crate::{
/// Save the configuration file
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(DRIVE_CFG_FILENAME, &config)?;
-
- let backup_user = crate::backup::backup_user()?;
- let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
- // set the correct owner/group/permissions while saving file
- // owner(rw) = root, group(r)= backup
- let options = CreateOptions::new()
- .perm(mode)
- .owner(nix::unistd::ROOT)
- .group(backup_user.gid);
-
- replace_file(DRIVE_CFG_FILENAME, raw.as_bytes(), options)?;
-
- Ok(())
+ crate::backup::replace_backup_config(DRIVE_CFG_FILENAME, raw.as_bytes())
}
/// Check if the specified drive name exists in the config.
SectionConfigPlugin,
}
},
- tools::fs::{
- replace_file,
- CreateOptions,
- },
};
use crate::{
/// Lock file name (used to prevent concurrent access)
pub const MEDIA_POOL_CFG_LOCKFILE: &str = "/etc/proxmox-backup/.media-pool.lck";
-
/// Get exclusive lock
pub fn lock() -> Result<BackupLockGuard, Error> {
open_backup_lockfile(MEDIA_POOL_CFG_LOCKFILE, None, true)
/// Save the configuration file
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(MEDIA_POOL_CFG_FILENAME, &config)?;
-
- let backup_user = crate::backup::backup_user()?;
- let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
- // set the correct owner/group/permissions while saving file
- // owner(rw) = root, group(r)= backup
- let options = CreateOptions::new()
- .perm(mode)
- .owner(nix::unistd::ROOT)
- .group(backup_user.gid);
-
- replace_file(MEDIA_POOL_CFG_FILENAME, raw.as_bytes(), options)?;
-
- Ok(())
+ crate::backup::replace_backup_config(MEDIA_POOL_CFG_FILENAME, raw.as_bytes())
}
// shell completion helper
use openssl::x509::{X509Builder};
use openssl::pkey::PKey;
-use proxmox::tools::fs::{CreateOptions, replace_file};
use proxmox::try_block;
use pbs_buildcfg::{self, configdir};
}
pub(crate) fn set_proxy_certificate(cert_pem: &[u8], key_pem: &[u8]) -> Result<(), Error> {
- let backup_user = crate::backup::backup_user()?;
- let options = CreateOptions::new()
- .perm(Mode::from_bits_truncate(0o0640))
- .owner(nix::unistd::ROOT)
- .group(backup_user.gid);
let key_path = PathBuf::from(configdir!("/proxy.key"));
let cert_path = PathBuf::from(configdir!("/proxy.pem"));
create_configdir()?;
- replace_file(&key_path, &key_pem, options.clone())
+ crate::backup::replace_backup_config(&key_path, key_pem)
.map_err(|err| format_err!("error writing certificate private key - {}", err))?;
- replace_file(&cert_path, &cert_pem, options)
+ crate::backup::replace_backup_config(&cert_path, &cert_pem)
.map_err(|err| format_err!("error writing certificate file - {}", err))?;
Ok(())
use std::collections::HashSet;
use anyhow::{bail, Error};
-use nix::sys::stat::Mode;
use serde::{Deserialize, Serialize};
use proxmox::api::api;
use proxmox::api::schema::{ApiStringFormat, Updater};
-use proxmox::tools::fs::{replace_file, CreateOptions};
use proxmox_http::ProxyConfig;
config.validate()?;
let raw = crate::tools::config::to_bytes(config, &NodeConfig::API_SCHEMA)?;
-
- let backup_user = crate::backup::backup_user()?;
- let options = CreateOptions::new()
- .perm(Mode::from_bits_truncate(0o0640))
- .owner(nix::unistd::ROOT)
- .group(backup_user.gid);
-
- replace_file(CONF_FILE, &raw, options)
+ crate::backup::replace_backup_config(CONF_FILE, &raw)
}
#[api(
}
};
-use proxmox::tools::{fs::replace_file, fs::CreateOptions};
-
use crate::api2::types::*;
lazy_static! {
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(REMOTE_CFG_FILENAME, &config)?;
-
- let backup_user = crate::backup::backup_user()?;
- let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
- // set the correct owner/group/permissions while saving file
- // owner(rw) = root, group(r)= backup
- let options = CreateOptions::new()
- .perm(mode)
- .owner(nix::unistd::ROOT)
- .group(backup_user.gid);
-
- replace_file(REMOTE_CFG_FILENAME, raw.as_bytes(), options)?;
-
- Ok(())
+ crate::backup::replace_backup_config(REMOTE_CFG_FILENAME, raw.as_bytes())
}
// shell completion helper
}
};
-use proxmox::tools::{fs::replace_file, fs::CreateOptions};
-
use crate::api2::types::*;
lazy_static! {
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(SYNC_CFG_FILENAME, &config)?;
-
- let backup_user = crate::backup::backup_user()?;
- let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
- // set the correct owner/group/permissions while saving file
- // owner(rw) = root, group(r)= backup
- let options = CreateOptions::new()
- .perm(mode)
- .owner(nix::unistd::ROOT)
- .group(backup_user.gid);
-
- replace_file(SYNC_CFG_FILENAME, raw.as_bytes(), options)?;
-
- Ok(())
+ crate::backup::replace_backup_config(SYNC_CFG_FILENAME, raw.as_bytes())
}
// shell completion helper
use anyhow::{bail, Error};
use serde::{Deserialize, Serialize};
-use proxmox::tools::fs::{
- file_read_optional_string,
- replace_file,
- CreateOptions,
-};
+use proxmox::tools::fs::file_read_optional_string;
use crate::{
backup::{
}
let raw = serde_json::to_string_pretty(&list)?;
-
- let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
- // set the correct owner/group/permissions while saving file
- // owner(rw) = root, group(r)= root
- let options = CreateOptions::new()
- .perm(mode)
- .owner(nix::unistd::ROOT)
- .group(nix::unistd::Gid::from_raw(0));
-
- replace_file(TAPE_KEYS_FILENAME, raw.as_bytes(), options)?;
-
- Ok(())
+ crate::backup::replace_secret_config(TAPE_KEYS_FILENAME, raw.as_bytes())
}
/// Store tape encryption key configurations (password protected keys)
}
let raw = serde_json::to_string_pretty(&list)?;
-
- let backup_user = crate::backup::backup_user()?;
- let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
- // set the correct owner/group/permissions while saving file
- // owner(rw) = root, group(r)= backup
- let options = CreateOptions::new()
- .perm(mode)
- .owner(nix::unistd::ROOT)
- .group(backup_user.gid);
-
- replace_file(TAPE_KEY_CONFIG_FILENAME, raw.as_bytes(), options)?;
-
- Ok(())
+ crate::backup::replace_backup_config(TAPE_KEY_CONFIG_FILENAME, raw.as_bytes())
}
/// Insert a new key
}
};
-use proxmox::tools::{fs::replace_file, fs::CreateOptions};
-
use crate::api2::types::{
Userid,
JOB_ID_SCHEMA,
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(TAPE_JOB_CFG_FILENAME, &config)?;
-
- let backup_user = crate::backup::backup_user()?;
- let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
- // set the correct owner/group/permissions while saving file
- // owner(rw) = root, group(r)= backup
- let options = CreateOptions::new()
- .perm(mode)
- .owner(nix::unistd::ROOT)
- .group(backup_user.gid);
-
- replace_file(TAPE_JOB_CFG_FILENAME, raw.as_bytes(), options)?;
-
- Ok(())
+ crate::backup::replace_backup_config(TAPE_JOB_CFG_FILENAME, raw.as_bytes())
}
// shell completion helper
}
};
-use proxmox::tools::{fs::replace_file, fs::CreateOptions};
-
use pbs_api_types::{Authid, Userid};
pub use pbs_api_types::{ApiToken, User};
pub use pbs_api_types::{
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(USER_CFG_FILENAME, &config)?;
-
- let backup_user = crate::backup::backup_user()?;
- let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
- // set the correct owner/group/permissions while saving file
- // owner(rw) = root, group(r)= backup
- let options = CreateOptions::new()
- .perm(mode)
- .owner(nix::unistd::ROOT)
- .group(backup_user.gid);
-
- replace_file(USER_CFG_FILENAME, raw.as_bytes(), options)?;
+ crate::backup::replace_backup_config(USER_CFG_FILENAME, raw.as_bytes())?;
// increase user cache generation
// We use this in CachedUserInfo
}
};
-use proxmox::tools::{fs::replace_file, fs::CreateOptions};
-
use crate::api2::types::*;
lazy_static! {
pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
let raw = CONFIG.write(VERIFICATION_CFG_FILENAME, &config)?;
-
- let backup_user = crate::backup::backup_user()?;
- let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
- // set the correct owner/group/permissions while saving file
- // owner(rw) = root, group(r)= backup
-
- let options = CreateOptions::new()
- .perm(mode)
- .owner(nix::unistd::ROOT)
- .group(backup_user.gid);
-
- replace_file(VERIFICATION_CFG_FILENAME, raw.as_bytes(), options)?;
-
- Ok(())
+ crate::backup::replace_backup_config(VERIFICATION_CFG_FILENAME, raw.as_bytes())
}
// shell completion helper