]>
git.proxmox.com Git - proxmox-backup.git/log
Thomas Lamprecht [Mon, 18 Jan 2021 08:33:29 +0000 (09:33 +0100)]
ui: access: stream line add/edit/.. button order and separators
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Fabian Grünbichler [Fri, 15 Jan 2021 10:48:54 +0000 (11:48 +0100)]
pull: add error context for initial group list call
otherwise the user is confronted with a generic error like "permission
check failed" with no indication that it refers to a request made to the
remote PBS instance..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Fri, 15 Jan 2021 10:48:53 +0000 (11:48 +0100)]
pull: rustfmt
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Dietmar Maurer [Sat, 16 Jan 2021 17:24:04 +0000 (18:24 +0100)]
tape: encryption scsi command cleanup
Dietmar Maurer [Sat, 16 Jan 2021 14:57:43 +0000 (15:57 +0100)]
tape: add scsi commands to control drive hardware encryption
Dietmar Maurer [Sat, 16 Jan 2021 14:15:54 +0000 (15:15 +0100)]
tape: sgutils2.rs - add do_out_command()
Make it possible to run commands that writes data.
Thomas Lamprecht [Fri, 15 Jan 2021 15:25:47 +0000 (16:25 +0100)]
ui: webauthn config: set default values for unconfigured case
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Fri, 15 Jan 2021 15:25:26 +0000 (16:25 +0100)]
ui: webauthn config: use ID instead of Id/id
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Wolfgang Bumiller [Fri, 15 Jan 2021 10:06:18 +0000 (11:06 +0100)]
gui: tfa configuration
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 15 Jan 2021 10:06:17 +0000 (11:06 +0100)]
tfa: add webauthn configuration API entry points
Currently there's not yet a node config and the WA config is
somewhat "tightly coupled" to the user entries in that
changing it can lock them all out, so for now I opted for
fewer reorganization and just use a digest of the
canonicalized config here, and keep it all in the tfa.json
file.
Experimentally using the flatten feature on the methods with
an`Updater` struct similar to what the api macro is supposed
to be able to derive on its own in the future.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 15 Jan 2021 10:06:16 +0000 (11:06 +0100)]
bakckup::manifest: use tools::json for canonical representation
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 15 Jan 2021 10:06:15 +0000 (11:06 +0100)]
add tools::json for canonical json generation
moving this from backup::manifest, no functional changes
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Dietmar Maurer [Fri, 15 Jan 2021 10:43:17 +0000 (11:43 +0100)]
tape: do not abort backup if tape drive does not support tape-alert-flags
Dietmar Maurer [Fri, 15 Jan 2021 08:44:20 +0000 (09:44 +0100)]
tape: update restore docu
Thomas Lamprecht [Thu, 14 Jan 2021 16:30:09 +0000 (17:30 +0100)]
d/rules: patch out wrongly linked libraries from ELFs
this is a HACK!
It seems that due to lots of binaries getting compiled from a single
crate the compiler is confused when linking in dependencies to each
binaries ELF.
It picks up the combined set (union) of all dependencies and sets
those to every ELF. This results in the client, for example, linking
to libapt-pkg or libsystemd even if none of that symbols are used..
This could be possibly fixed by restructuring the source tree into
sub crates/workspaces or what not, not really tested and *lots* of
work.
So as stop gap measure use `ldd -u` to find out unused linkage and
remove them using `patchelf`.
While this works well, and seems to not interfere with any debug
symbol usage or other usage in general it still is a hack and should
be dropped once the restructuring of the source tree has shown to
bring similar effects.
This allows for much easier re-use of the generated client .deb
package on other Debian derivaties (e.g., Ubuntu) which got blocked
until now due to wrong libt-apt verison or the like.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 14 Jan 2021 15:23:50 +0000 (16:23 +0100)]
debian/control: set VCS urls
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 14 Jan 2021 14:11:06 +0000 (15:11 +0100)]
d/control: sort and fix whitespace errors
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Oguz Bektas [Wed, 13 Jan 2021 16:26:15 +0000 (17:26 +0100)]
access: restrict password changes on @pam realm to superuser
for behavior consistency with `update_user`
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
Oguz Bektas [Wed, 13 Jan 2021 16:26:14 +0000 (17:26 +0100)]
access: limit editing pam credentials to superuser
modifying @pam users credentials should be only possible for root@pam,
otherwise it can have unintended consequences.
also enforce the same limit on user creation (except self_service check,
since it makes no sense during user creation)
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
Fabian Grünbichler [Wed, 13 Jan 2021 13:48:33 +0000 (14:48 +0100)]
proxmox 0.10: adapt to moved ParameterSchema
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Fri, 4 Dec 2020 10:53:34 +0000 (11:53 +0100)]
cleanup: remove unnecessary 'mut' and '.clone()'
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Fri, 4 Dec 2020 11:59:34 +0000 (12:59 +0100)]
examples: unify h2 examples
update them to the new tokio-openssl API and remove socket buffer size
setting - it was removed from the TcpStream API, and is now only
available via TcpSocket (which can in turn be converted to a
TcpListener), but this is not needed for this example.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Fri, 4 Dec 2020 08:11:29 +0000 (09:11 +0100)]
hyper: use new hyper::upgrade
the old Body::on_upgrade method is no more
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Mon, 11 Jan 2021 08:52:52 +0000 (09:52 +0100)]
tokio 1.0: update to new Signal interface
Signal does not yet re-implement Stream (and is not yet wrapped in
tokio-stream either).
see https://github.com/tokio-rs/tokio/pull/3383
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Mon, 11 Jan 2021 08:51:21 +0000 (09:51 +0100)]
tokio 1.0: update to new tokio-openssl interface
connect/accept are now happening on pinned SslStreams
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Mon, 11 Jan 2021 08:50:04 +0000 (09:50 +0100)]
tokio 1.0: use ReceiverStream from tokio-stream
to wrap a Receiver in a Stream. this will likely move back into tokio
proper once we have a std Stream..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Fri, 4 Dec 2020 08:49:44 +0000 (09:49 +0100)]
tokio: adapt to 1.0 process:Child changes
Child itself is no longer a Future, but it has a new wait() async fn
that does the same thing
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Fri, 4 Dec 2020 08:42:23 +0000 (09:42 +0100)]
tokio: adapt to 1.0 runtime changes
enter() now returns a guard, and the builder got revamped to make the
choice between MT and current thread explicit.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Fri, 4 Dec 2020 08:34:08 +0000 (09:34 +0100)]
tokio 1.0: AsyncRead/Seek with ReadBuf
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Mon, 11 Jan 2021 10:24:52 +0000 (11:24 +0100)]
proxmox 0.10: use tokio::time::timeout directly
TimeoutFutureExt is no more
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Thu, 3 Dec 2020 15:04:23 +0000 (16:04 +0100)]
tokio 1.0: delay -> sleep
almost the same thing, new name(s), no longer Unpin
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Thu, 3 Dec 2020 15:00:54 +0000 (16:00 +0100)]
update to tokio 1.0
and various related crates
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Thomas Lamprecht [Thu, 14 Jan 2021 14:11:06 +0000 (15:11 +0100)]
d/control: sort and fix whitespace errors
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 14 Jan 2021 12:59:08 +0000 (13:59 +0100)]
manager: user/token list: fix rendering 0 (never) expire date
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dietmar Maurer [Thu, 14 Jan 2021 12:05:26 +0000 (13:05 +0100)]
tape: sg-tape-cmd - add more ways to specify devices
Dietmar Maurer [Thu, 14 Jan 2021 10:51:23 +0000 (11:51 +0100)]
tape: add --inventorize flag to read-label API/CLI
Dominik Csapak [Wed, 13 Jan 2021 11:06:54 +0000 (12:06 +0100)]
ui: window/{AddWebauthn, TfaEdit}: fix spacing/border of the windows
the password field should not be indented differently than the rest of
the fields, and we never have a border on the panels
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Dominik Csapak [Wed, 13 Jan 2021 11:06:53 +0000 (12:06 +0100)]
ui: window/AddTotp: fix spacing styling of form fields
by moving the lower fields into the form itself and dropping the padding
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Dominik Csapak [Wed, 13 Jan 2021 11:06:52 +0000 (12:06 +0100)]
ui: window/AddTfaRecovery: fix style of TfaRecoveryShow window
to have a more similar layout/spacing to our other windows
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Dominik Csapak [Wed, 13 Jan 2021 11:06:51 +0000 (12:06 +0100)]
ui: window/AddTfaRecovery: rewrite to a Proxmox.window.Edit
we can reuse the edit window from widget toolkit for the most part
this solves some spacing and layout issues and is less code
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Dominik Csapak [Wed, 13 Jan 2021 11:06:50 +0000 (12:06 +0100)]
ui: config/TfaView: disable Remove button by default
gets enabled when an item is clicked
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Dominik Csapak [Wed, 13 Jan 2021 11:06:49 +0000 (12:06 +0100)]
ui: LoginView: remove not used viewModel
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Dietmar Maurer [Wed, 13 Jan 2021 13:25:51 +0000 (14:25 +0100)]
tape: MediaPool - allow to allocate free tapes
Dietmar Maurer [Wed, 13 Jan 2021 12:26:59 +0000 (13:26 +0100)]
tape: rename changer_id to label_text
Dietmar Maurer [Tue, 12 Jan 2021 16:26:15 +0000 (17:26 +0100)]
tape: docu - explain manual backups and tape cleaning
Dietmar Maurer [Tue, 12 Jan 2021 15:37:23 +0000 (16:37 +0100)]
tape: improve docu
Dietmar Maurer [Tue, 12 Jan 2021 11:00:39 +0000 (12:00 +0100)]
tape: MediaListEntry - add ctime
Thomas Lamprecht [Tue, 12 Jan 2021 10:44:05 +0000 (11:44 +0100)]
ui: tfa: drop bogus gettext of empty string
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominic Jäger [Thu, 7 Jan 2021 08:32:15 +0000 (09:32 +0100)]
ui: notify options: Remove gettext for root@pam
Translating root@pam is not useful, especially as the empty text symbolises the
default value.
Signed-off-by: Dominic Jäger <d.jaeger@proxmox.com>
Dominik Csapak [Tue, 12 Jan 2021 09:21:17 +0000 (10:21 +0100)]
fix #3245: only use default schedule for new jobs
an empty schedule means 'none', so do not fill it with the default
in case we edit an existing job (like we do already for sync jobs)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Dietmar Maurer [Tue, 12 Jan 2021 08:49:05 +0000 (09:49 +0100)]
tape: automatically reload tapes inside autoloader
We always automatically unload tapes to free library slots,
so it should not happen that an ejected tape resides inside the drive.
This is just a safe guard to handle the situation in case it happens ...
You can manually produce the situation by ejecting a tape without unloading:
mt -f /dev/nst0 eject
Note: Our "proxmox-tape eject" does automatic unload
Dietmar Maurer [Tue, 12 Jan 2021 08:16:16 +0000 (09:16 +0100)]
tape: make eject/export more reliable, improve logging
Dietmar Maurer [Mon, 11 Jan 2021 12:22:31 +0000 (13:22 +0100)]
tape: improve backup logs
Dietmar Maurer [Mon, 11 Jan 2021 06:41:50 +0000 (07:41 +0100)]
tape: fix tape alert flag values
Wolfgang Bumiller [Mon, 11 Jan 2021 11:09:19 +0000 (12:09 +0100)]
d/control bump
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 8 Jan 2021 11:57:14 +0000 (12:57 +0100)]
api: return "invalid" as CSRF token for partial tickets
So that old clients don't `unwrap` a `None` value.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 8 Jan 2021 11:00:00 +0000 (12:00 +0100)]
gui: masks for: adding recovery and removals
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 8 Jan 2021 10:54:12 +0000 (11:54 +0100)]
gui: add load mask during webauthn api calls
so that if we run into the 3s delay due to the wrong
password the window is properly masked
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 8 Jan 2021 09:30:11 +0000 (10:30 +0100)]
tfa: use UNAUTHORIZED http status in password check
to trigger our 3s delay in the rest handler
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Mon, 21 Dec 2020 13:27:13 +0000 (14:27 +0100)]
tfa: fixup for challenge file split
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 11 Dec 2020 13:34:47 +0000 (14:34 +0100)]
tfa: remove tfa user when a user is deleted
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 18 Dec 2020 13:12:03 +0000 (14:12 +0100)]
tfa: improve user existence check
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 18 Dec 2020 13:09:47 +0000 (14:09 +0100)]
tfa: allow deletion of entries of non-existent users
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 18 Dec 2020 13:01:18 +0000 (14:01 +0100)]
typo fixups
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 18 Dec 2020 12:59:35 +0000 (13:59 +0100)]
tfa api: return types and 'pub' structs/methods
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Mon, 14 Dec 2020 15:35:41 +0000 (16:35 +0100)]
tfa: entry access/iteration cleanup
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Mon, 14 Dec 2020 15:32:42 +0000 (16:32 +0100)]
tfa: r#type parameter name
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Mon, 14 Dec 2020 13:27:26 +0000 (14:27 +0100)]
tfa: _entry api method name suffix consistency
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Thu, 10 Dec 2020 12:43:09 +0000 (13:43 +0100)]
tfa gui: fix adding recovery keys as user
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Wed, 2 Dec 2020 10:17:20 +0000 (11:17 +0100)]
tfa view: html-escape description text
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Mon, 2 Nov 2020 13:36:10 +0000 (14:36 +0100)]
gui: tfa support
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Thu, 19 Nov 2020 10:10:02 +0000 (11:10 +0100)]
proxy: expose qrcodejs
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Thu, 19 Nov 2020 10:07:24 +0000 (11:07 +0100)]
depend on libjs-qrcodejs
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Mon, 16 Nov 2020 13:37:22 +0000 (14:37 +0100)]
api: tfa management and login
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Mon, 16 Nov 2020 13:36:14 +0000 (14:36 +0100)]
config: add tfa configuration
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Mon, 14 Dec 2020 13:11:32 +0000 (14:11 +0100)]
buildcfg: add rundir helper macro
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Mon, 14 Dec 2020 13:11:23 +0000 (14:11 +0100)]
tools: add create_run_dir helper
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Mon, 2 Nov 2020 10:52:03 +0000 (11:52 +0100)]
add tools::serde_filter submodule
can be used to perform filtering at parse time
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Dietmar Maurer [Mon, 11 Jan 2021 06:11:17 +0000 (07:11 +0100)]
tape: improve retention period docu
Dietmar Maurer [Sun, 10 Jan 2021 15:20:18 +0000 (16:20 +0100)]
tape: remove unused eject_on_unload method
Dietmar Maurer [Sun, 10 Jan 2021 14:32:52 +0000 (15:32 +0100)]
tape: more MediaChange cleanups
Try to provide generic implementation for complex operations:
- unload_to_free_slot
- load_media
- export media
- clean drive
- online_media_changer_ids
Dietmar Maurer [Sun, 10 Jan 2021 12:44:44 +0000 (13:44 +0100)]
tape: improve export media to directly export from drive, add CLI
Dietmar Maurer [Sun, 10 Jan 2021 11:18:30 +0000 (12:18 +0100)]
tape: cleanup: s/transfer/transfer_media/, avoid compiler warnings
Dietmar Maurer [Sun, 10 Jan 2021 10:59:55 +0000 (11:59 +0100)]
tape: backup - implement export-media-set option
Dietmar Maurer [Sun, 10 Jan 2021 10:51:09 +0000 (11:51 +0100)]
tape: MediaChange - add transfer, implement export
Dietmar Maurer [Sun, 10 Jan 2021 09:06:24 +0000 (10:06 +0100)]
tape: renamed src/tape/changer/linux_tape.rs -> src/tape/changer/mtx.rs
Dietmar Maurer [Sun, 10 Jan 2021 09:02:01 +0000 (10:02 +0100)]
tape: simplify media changer implementation - new struct MtxMediaChanger
Dietmar Maurer [Sat, 9 Jan 2021 14:17:03 +0000 (15:17 +0100)]
tape: backup - implement --eject-media option
Dietmar Maurer [Sat, 9 Jan 2021 11:34:00 +0000 (12:34 +0100)]
tape: abort backup when we detect critical tape alert flags
Dietmar Maurer [Sat, 9 Jan 2021 09:51:51 +0000 (10:51 +0100)]
tape: change default media set naming template to "%c"
Dietmar Maurer [Sat, 9 Jan 2021 09:24:48 +0000 (10:24 +0100)]
tape: show catalog status in media list
Dietmar Maurer [Sat, 9 Jan 2021 07:54:58 +0000 (08:54 +0100)]
tape: split MediaSet into extra file
Dietmar Maurer [Fri, 8 Jan 2021 18:17:31 +0000 (19:17 +0100)]
tape: docu - improve Administration section
Dietmar Maurer [Fri, 8 Jan 2021 18:01:38 +0000 (19:01 +0100)]
tape: minor docu update in retention policy
Dietmar Maurer [Fri, 8 Jan 2021 16:34:58 +0000 (17:34 +0100)]
tape: add retention policy docu
Dietmar Maurer [Fri, 8 Jan 2021 15:53:46 +0000 (16:53 +0100)]
tape: improve media set docu
Dietmar Maurer [Fri, 8 Jan 2021 10:32:56 +0000 (11:32 +0100)]
tape: implement drive clean
Dietmar Maurer [Fri, 8 Jan 2021 08:16:42 +0000 (09:16 +0100)]
tape: correctly skip cleaning tapes (not regular tapes)
Dietmar Maurer [Fri, 8 Jan 2021 07:46:25 +0000 (08:46 +0100)]
tape: add some media pool docu
Dietmar Maurer [Thu, 7 Jan 2021 16:09:47 +0000 (17:09 +0100)]
tape: changer transfer - make name parameter optional