From: Wolfgang Bumiller Date: Thu, 20 Apr 2023 07:39:29 +0000 (+0200) Subject: bump proxmox-tfa to 4.0.0-1, auth-api to 0.1.1-1 X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=76ac1a3903a1f29e718fefd69a845be2f48df64b;p=proxmox.git bump proxmox-tfa to 4.0.0-1, auth-api to 0.1.1-1 Signed-off-by: Wolfgang Bumiller --- diff --git a/Cargo.toml b/Cargo.toml index a32e1c60..9d96bc8e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -92,6 +92,6 @@ proxmox-schema = { version = "1.3.7", path = "proxmox-schema" } proxmox-serde = { version = "0.1.1", path = "proxmox-serde", features = [ "serde_json" ] } proxmox-sortable-macro = { version = "0.1.2", path = "proxmox-sortable-macro" } proxmox-sys = { version = "0.4.2", path = "proxmox-sys" } -proxmox-tfa = { version = "3.0.0", path = "proxmox-tfa" } +proxmox-tfa = { version = "4.0.0", path = "proxmox-tfa" } proxmox-time = { version = "1.1.4", path = "proxmox-time" } proxmox-uuid = { version = "1.0.1", path = "proxmox-uuid" } diff --git a/proxmox-auth-api/Cargo.toml b/proxmox-auth-api/Cargo.toml index da5f862f..c046aa7f 100644 --- a/proxmox-auth-api/Cargo.toml +++ b/proxmox-auth-api/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-auth-api" -version = "0.1.0" +version = "0.1.1" authors.workspace = true edition.workspace = true license.workspace = true diff --git a/proxmox-auth-api/debian/changelog b/proxmox-auth-api/debian/changelog index 9112827f..33b4c7a0 100644 --- a/proxmox-auth-api/debian/changelog +++ b/proxmox-auth-api/debian/changelog @@ -1,3 +1,9 @@ +rust-proxmox-auth-api (0.1.1-1) stable; urgency=medium + + * rebuild with new tfa crate + + -- Proxmox Support Team Wed, 10 May 2023 10:30:18 +0200 + rust-proxmox-auth-api (0.1.0-1) stable; urgency=medium * initial packaging diff --git a/proxmox-auth-api/debian/control b/proxmox-auth-api/debian/control index 6c660504..faf82778 100644 --- a/proxmox-auth-api/debian/control +++ b/proxmox-auth-api/debian/control @@ -31,8 +31,8 @@ Provides: librust-proxmox-auth-api-0+default-dev (= ${binary:Version}), librust-proxmox-auth-api-0.1-dev (= ${binary:Version}), librust-proxmox-auth-api-0.1+default-dev (= ${binary:Version}), - librust-proxmox-auth-api-0.1.0-dev (= ${binary:Version}), - librust-proxmox-auth-api-0.1.0+default-dev (= ${binary:Version}) + librust-proxmox-auth-api-0.1.1-dev (= ${binary:Version}), + librust-proxmox-auth-api-0.1.1+default-dev (= ${binary:Version}) Description: Tickets, API and Realm handling - Rust source code This package contains the source for the Rust proxmox-auth-api crate, packaged by debcargo for use with cargo and dh-cargo. @@ -48,13 +48,13 @@ Depends: librust-http-0.2+default-dev, librust-proxmox-rest-server-0.3+default-dev, librust-proxmox-router-1+default-dev (>= 1.3.1-~~), - librust-proxmox-tfa-3+api-dev, - librust-proxmox-tfa-3+default-dev, + librust-proxmox-tfa-4+api-dev, + librust-proxmox-tfa-4+default-dev, librust-serde-json-1+default-dev Provides: librust-proxmox-auth-api-0+api-dev (= ${binary:Version}), librust-proxmox-auth-api-0.1+api-dev (= ${binary:Version}), - librust-proxmox-auth-api-0.1.0+api-dev (= ${binary:Version}) + librust-proxmox-auth-api-0.1.1+api-dev (= ${binary:Version}) Description: Tickets, API and Realm handling - feature "api" This metapackage enables feature "api" for the Rust proxmox-auth-api crate, by pulling in any additional dependencies needed by that feature. @@ -76,7 +76,7 @@ Depends: Provides: librust-proxmox-auth-api-0+api-types-dev (= ${binary:Version}), librust-proxmox-auth-api-0.1+api-types-dev (= ${binary:Version}), - librust-proxmox-auth-api-0.1.0+api-types-dev (= ${binary:Version}) + librust-proxmox-auth-api-0.1.1+api-types-dev (= ${binary:Version}) Description: Tickets, API and Realm handling - feature "api-types" This metapackage enables feature "api-types" for the Rust proxmox-auth-api crate, by pulling in any additional dependencies needed by that feature. @@ -95,7 +95,7 @@ Depends: Provides: librust-proxmox-auth-api-0+pam-authenticator-dev (= ${binary:Version}), librust-proxmox-auth-api-0.1+pam-authenticator-dev (= ${binary:Version}), - librust-proxmox-auth-api-0.1.0+pam-authenticator-dev (= ${binary:Version}) + librust-proxmox-auth-api-0.1.1+pam-authenticator-dev (= ${binary:Version}) Description: Tickets, API and Realm handling - feature "pam-authenticator" This metapackage enables feature "pam-authenticator" for the Rust proxmox-auth- api crate, by pulling in any additional dependencies needed by that feature. @@ -112,7 +112,7 @@ Depends: Provides: librust-proxmox-auth-api-0+ticket-dev (= ${binary:Version}), librust-proxmox-auth-api-0.1+ticket-dev (= ${binary:Version}), - librust-proxmox-auth-api-0.1.0+ticket-dev (= ${binary:Version}) + librust-proxmox-auth-api-0.1.1+ticket-dev (= ${binary:Version}) Description: Tickets, API and Realm handling - feature "ticket" This metapackage enables feature "ticket" for the Rust proxmox-auth-api crate, by pulling in any additional dependencies needed by that feature. diff --git a/proxmox-tfa/Cargo.toml b/proxmox-tfa/Cargo.toml index 04042c3f..b9e07b1d 100644 --- a/proxmox-tfa/Cargo.toml +++ b/proxmox-tfa/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-tfa" -version = "3.0.0" +version = "4.0.0" authors.workspace = true edition.workspace = true license.workspace = true diff --git a/proxmox-tfa/debian/changelog b/proxmox-tfa/debian/changelog index efb92f5a..6922bae1 100644 --- a/proxmox-tfa/debian/changelog +++ b/proxmox-tfa/debian/changelog @@ -1,3 +1,37 @@ +rust-proxmox-tfa (4.0.0-1) stable; urgency=medium + + * Don't automatically drop an empty set of recovery keys, instead. + This means that now if they are the only 2nd factor, once they're used up, + login becomes impossible. + + * With no recovery keys present, the TfaChallenge now explicitly includes an + empty set of recovery keys, so the client can see they are empty, rather + than not configured. + + * If all 2nd factors are disabled, rather than an empty challenge which + cannot be solved, act as if no 2nd factor existed, allowing the user to + login normally. + + * Make failing to generate a webauthn or U2F challenge non-fatal: that is, if + other 2nd factors are available it should still be possible to login with + those. + + * Log errors to syslog which previously cancelled the login process. + + * TOTP: Add option to enable remembering and reject the last used TOTP codes + of a user. + + * TOTP: add a failure limit after which TOTP will be completely blocked for a + user until a recovery key is used. + + * There can now be alimit on TFA tries in general after which a user gets + locked and and admin intervention is required. + + * add a 'types' feature exposing the TfaInfo, TfaType etc API types without + exposing the entire API, so API clients can use those. + + -- Proxmox Support Team Thu, 20 Apr 2023 09:19:06 +0200 + rust-proxmox-tfa (3.0.0-1) stable; urgency=medium * Make `UserChallengeAccess` object-safe: diff --git a/proxmox-tfa/debian/control b/proxmox-tfa/debian/control index a01d7c56..b534f3df 100644 --- a/proxmox-tfa/debian/control +++ b/proxmox-tfa/debian/control @@ -6,10 +6,10 @@ Build-Depends: debhelper (>= 12), cargo:native , rustc:native , libstd-rust-dev , - librust-anyhow-1+default-dev , librust-base32-0.4+default-dev , librust-base64-0.13+default-dev , librust-hex-0.4+default-dev , + librust-log-0.4+default-dev (>= 0.4.17-~~) , librust-openssl-0.10+default-dev , librust-percent-encoding-2+default-dev (>= 2.1-~~) , librust-serde-1+default-dev , @@ -27,10 +27,10 @@ Architecture: any Multi-Arch: same Depends: ${misc:Depends}, - librust-anyhow-1+default-dev, librust-base32-0.4+default-dev, librust-base64-0.13+default-dev, librust-hex-0.4+default-dev, + librust-log-0.4+default-dev (>= 0.4.17-~~), librust-openssl-0.10+default-dev, librust-percent-encoding-2+default-dev (>= 2.1-~~), librust-serde-1+default-dev, @@ -39,15 +39,16 @@ Depends: Suggests: librust-proxmox-tfa+api-dev (= ${binary:Version}), librust-proxmox-tfa+api-types-dev (= ${binary:Version}), + librust-proxmox-tfa+types-dev (= ${binary:Version}), librust-proxmox-tfa+u2f-dev (= ${binary:Version}) Provides: librust-proxmox-tfa+default-dev (= ${binary:Version}), - librust-proxmox-tfa-3-dev (= ${binary:Version}), - librust-proxmox-tfa-3+default-dev (= ${binary:Version}), - librust-proxmox-tfa-3.0-dev (= ${binary:Version}), - librust-proxmox-tfa-3.0+default-dev (= ${binary:Version}), - librust-proxmox-tfa-3.0.0-dev (= ${binary:Version}), - librust-proxmox-tfa-3.0.0+default-dev (= ${binary:Version}) + librust-proxmox-tfa-4-dev (= ${binary:Version}), + librust-proxmox-tfa-4+default-dev (= ${binary:Version}), + librust-proxmox-tfa-4.0-dev (= ${binary:Version}), + librust-proxmox-tfa-4.0+default-dev (= ${binary:Version}), + librust-proxmox-tfa-4.0.0-dev (= ${binary:Version}), + librust-proxmox-tfa-4.0.0+default-dev (= ${binary:Version}) Description: Tfa implementation for totp and u2f - Rust source code This package contains the source for the Rust proxmox-tfa crate, packaged by debcargo for use with cargo and dh-cargo. @@ -58,14 +59,16 @@ Multi-Arch: same Depends: ${misc:Depends}, librust-proxmox-tfa-dev (= ${binary:Version}), + librust-proxmox-tfa+types-dev (= ${binary:Version}), librust-proxmox-tfa+u2f-dev (= ${binary:Version}), + librust-anyhow-1+default-dev, librust-proxmox-time-1+default-dev (>= 1.1.4-~~), librust-proxmox-uuid-1+default-dev (>= 1.0.1-~~), librust-webauthn-rs-0.3+default-dev Provides: - librust-proxmox-tfa-3+api-dev (= ${binary:Version}), - librust-proxmox-tfa-3.0+api-dev (= ${binary:Version}), - librust-proxmox-tfa-3.0.0+api-dev (= ${binary:Version}) + librust-proxmox-tfa-4+api-dev (= ${binary:Version}), + librust-proxmox-tfa-4.0+api-dev (= ${binary:Version}), + librust-proxmox-tfa-4.0.0+api-dev (= ${binary:Version}) Description: Tfa implementation for totp and u2f - feature "api" This metapackage enables feature "api" for the Rust proxmox-tfa crate, by pulling in any additional dependencies needed by that feature. @@ -76,16 +79,32 @@ Multi-Arch: same Depends: ${misc:Depends}, librust-proxmox-tfa-dev (= ${binary:Version}), + librust-proxmox-tfa+types-dev (= ${binary:Version}), librust-proxmox-schema-1+api-macro-dev (>= 1.3.7-~~), librust-proxmox-schema-1+default-dev (>= 1.3.7-~~) Provides: - librust-proxmox-tfa-3+api-types-dev (= ${binary:Version}), - librust-proxmox-tfa-3.0+api-types-dev (= ${binary:Version}), - librust-proxmox-tfa-3.0.0+api-types-dev (= ${binary:Version}) + librust-proxmox-tfa-4+api-types-dev (= ${binary:Version}), + librust-proxmox-tfa-4.0+api-types-dev (= ${binary:Version}), + librust-proxmox-tfa-4.0.0+api-types-dev (= ${binary:Version}) Description: Tfa implementation for totp and u2f - feature "api-types" This metapackage enables feature "api-types" for the Rust proxmox-tfa crate, by pulling in any additional dependencies needed by that feature. +Package: librust-proxmox-tfa+types-dev +Architecture: any +Multi-Arch: same +Depends: + ${misc:Depends}, + librust-proxmox-tfa-dev (= ${binary:Version}), + librust-serde-1+derive-dev +Provides: + librust-proxmox-tfa-4+types-dev (= ${binary:Version}), + librust-proxmox-tfa-4.0+types-dev (= ${binary:Version}), + librust-proxmox-tfa-4.0.0+types-dev (= ${binary:Version}) +Description: Tfa implementation for totp and u2f - feature "types" + This metapackage enables feature "types" for the Rust proxmox-tfa crate, by + pulling in any additional dependencies needed by that feature. + Package: librust-proxmox-tfa+u2f-dev Architecture: any Multi-Arch: same @@ -96,9 +115,9 @@ Depends: librust-serde-1+derive-dev, librust-serde-json-1+default-dev Provides: - librust-proxmox-tfa-3+u2f-dev (= ${binary:Version}), - librust-proxmox-tfa-3.0+u2f-dev (= ${binary:Version}), - librust-proxmox-tfa-3.0.0+u2f-dev (= ${binary:Version}) + librust-proxmox-tfa-4+u2f-dev (= ${binary:Version}), + librust-proxmox-tfa-4.0+u2f-dev (= ${binary:Version}), + librust-proxmox-tfa-4.0.0+u2f-dev (= ${binary:Version}) Description: Tfa implementation for totp and u2f - feature "u2f" This metapackage enables feature "u2f" for the Rust proxmox-tfa crate, by pulling in any additional dependencies needed by that feature.