]>
git.proxmox.com Git - proxmox-backup.git/log
Dietmar Maurer [Thu, 21 Jan 2021 15:38:24 +0000 (16:38 +0100)]
tape: do not export/doc low level libsgutils2 bindings
Thomas Lamprecht [Thu, 21 Jan 2021 14:09:22 +0000 (15:09 +0100)]
ui: cleanup order of declraing properties
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 21 Jan 2021 14:06:15 +0000 (15:06 +0100)]
ui: fix on-parse use of global Proxmox.UserName
This is wrong most of the time, when not loading the web interface
with valid credentials, and thus some checks or defaults did not
evaluated correctly when the underlying value was only set later.
Needs to be set on component creation only, this can be done through
initComponent, even listeners, view controllers or cbind closures.
Use the latter, as all affected components already use cbind.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dietmar Maurer [Thu, 21 Jan 2021 12:19:07 +0000 (13:19 +0100)]
tape: improve code docs
Dietmar Maurer [Thu, 21 Jan 2021 10:56:54 +0000 (11:56 +0100)]
cleanup: always compute fingerprint in KeyConfig constructors
Dietmar Maurer [Thu, 21 Jan 2021 09:56:52 +0000 (10:56 +0100)]
Merge branch 'master' of ssh://proxdev.maurer-it.com/rust/proxmox-backup
Dietmar Maurer [Thu, 21 Jan 2021 09:30:29 +0000 (10:30 +0100)]
tape: try to set encryption key with read-label command
Dietmar Maurer [Thu, 21 Jan 2021 06:46:21 +0000 (07:46 +0100)]
tape: restore_key - always update key, even if there is already an entry
Dietmar Maurer [Thu, 21 Jan 2021 06:27:43 +0000 (07:27 +0100)]
tape: fix file permissions for tape encryptiuon keys
Dietmar Maurer [Thu, 21 Jan 2021 06:23:51 +0000 (07:23 +0100)]
cleanup: remove missleading wording from code docs
Dietmar Maurer [Thu, 21 Jan 2021 06:13:56 +0000 (07:13 +0100)]
cleanup: KeyConfig::decrypt - show password hint on error
Dietmar Maurer [Wed, 20 Jan 2021 16:53:06 +0000 (17:53 +0100)]
tape: use type Uuid instead of String
Dietmar Maurer [Wed, 20 Jan 2021 16:27:01 +0000 (17:27 +0100)]
tape: use specialized encryption key per media-set
Dietmar Maurer [Wed, 20 Jan 2021 16:16:46 +0000 (17:16 +0100)]
api: add types for UUIDs
Fabian Grünbichler [Wed, 20 Jan 2021 12:31:01 +0000 (13:31 +0100)]
clippy: replace transmute with &*
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Wed, 20 Jan 2021 12:21:44 +0000 (13:21 +0100)]
clippy: remove drop(&..)
it does nothing.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Wed, 20 Jan 2021 10:38:24 +0000 (11:38 +0100)]
clippy: use is_null to check for null pointers
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Wed, 20 Jan 2021 09:50:35 +0000 (10:50 +0100)]
clippy: remove some unnecessary reference taking
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Wed, 20 Jan 2021 09:42:57 +0000 (10:42 +0100)]
clippy: fix for_kv_map
and allow it in the one case where the entry loop is intended, but the
code is not yet implemented fully.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 14:03:04 +0000 (15:03 +0100)]
clippy: fix/allow needless_range_loop
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 13:52:20 +0000 (14:52 +0100)]
clippy: use while let loops
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 13:46:39 +0000 (14:46 +0100)]
clippy: pass &str/&[..] instead of &String/&Vec
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 13:40:13 +0000 (14:40 +0100)]
clippy: remove unnecessary &mut
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 13:24:31 +0000 (14:24 +0100)]
clippy: remove unnecessary `let` binding
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 13:19:47 +0000 (14:19 +0100)]
clippy: remove/replace needless explicit lifetimes
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 13:12:07 +0000 (14:12 +0100)]
clippy: fix/allow identity_op
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 13:04:46 +0000 (14:04 +0100)]
clippy: us *_or_else with function calls
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 11:09:33 +0000 (12:09 +0100)]
clippy: convert single match to if let
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 10:37:49 +0000 (11:37 +0100)]
clippy: misc. fixes
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 10:36:26 +0000 (11:36 +0100)]
clippy: don't pass along unit value
make it explicit. this whole section should probably be re-written with
select!
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 10:31:37 +0000 (11:31 +0100)]
clippy: use unwrap_or_default
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 10:30:30 +0000 (11:30 +0100)]
clippy: use copied/cloned instead of map
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 10:12:01 +0000 (11:12 +0100)]
clippy: shorten assignments
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 10:10:40 +0000 (11:10 +0100)]
clippy: fix option_as_ref_deref
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 10:08:10 +0000 (11:08 +0100)]
clippy: use matches!
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 10:06:26 +0000 (11:06 +0100)]
clippy: collapse nested ifs
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 09:54:37 +0000 (10:54 +0100)]
clippy: avoid useless format!
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 09:50:42 +0000 (10:50 +0100)]
clippy: remove explicit returns
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 09:38:00 +0000 (10:38 +0100)]
clippy: use chars / byte string literals
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Tue, 19 Jan 2021 09:27:59 +0000 (10:27 +0100)]
clippy: is_some/none/ok/err/empty
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Mon, 18 Jan 2021 13:12:27 +0000 (14:12 +0100)]
clippy: remove needless bool literals
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Mon, 18 Jan 2021 12:50:28 +0000 (13:50 +0100)]
clippy: use strip_prefix instead of manual stripping
it's less error-prone (off-by-one!)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Mon, 18 Jan 2021 12:25:04 +0000 (13:25 +0100)]
clippy: drop redundant 'static lifetime
those declarations are already const/static..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Fri, 15 Jan 2021 14:21:34 +0000 (15:21 +0100)]
clippy: remove unnecessary closures
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Fri, 15 Jan 2021 13:38:27 +0000 (14:38 +0100)]
clippy: remove unnecessary clones
and from::<T>(T)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Fri, 15 Jan 2021 13:10:24 +0000 (14:10 +0100)]
clippy: collapse/rework nested ifs
no semantic changes (intended).
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Dietmar Maurer [Wed, 20 Jan 2021 10:24:58 +0000 (11:24 +0100)]
tape: allocate new media set when pool encryption key changes
Dietmar Maurer [Wed, 20 Jan 2021 10:01:38 +0000 (11:01 +0100)]
improve code docs
Dietmar Maurer [Wed, 20 Jan 2021 09:20:41 +0000 (10:20 +0100)]
tape: implemenmt show key
Moved API types Kdf and KeyInfo to src/api2/types/mod.rs.
Dietmar Maurer [Wed, 20 Jan 2021 07:25:42 +0000 (08:25 +0100)]
tape: implement change-passphrase for tape encryption keys
Dietmar Maurer [Wed, 20 Jan 2021 06:49:35 +0000 (07:49 +0100)]
tape: add --kdf parameter to create key api
Dietmar Maurer [Tue, 19 Jan 2021 16:55:27 +0000 (17:55 +0100)]
cleanup KeyConfig
Dietmar Maurer [Tue, 19 Jan 2021 11:35:15 +0000 (12:35 +0100)]
add "password hint" to KeyConfig
Thomas Lamprecht [Tue, 19 Jan 2021 18:44:19 +0000 (19:44 +0100)]
ui: tfa: rework removal confirmation dialog
present all relevant information about the TFA token to be removed,
so that a user can make a better decision.
Rework layout to match our commonly used style.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 19 Jan 2021 18:43:54 +0000 (19:43 +0100)]
ui: tfa view: add userid to TFA data model
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 19 Jan 2021 18:43:25 +0000 (19:43 +0100)]
ui: login view: fix missing trailing comma
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dietmar Maurer [Tue, 19 Jan 2021 05:19:18 +0000 (06:19 +0100)]
tape: generate random encryptions keys and store key_config on media
Dietmar Maurer [Tue, 19 Jan 2021 09:50:00 +0000 (10:50 +0100)]
cleanup: factor out decrypt_key_config
Thomas Lamprecht [Mon, 18 Jan 2021 15:27:00 +0000 (16:27 +0100)]
ui: tfa/totp: fix setting issuer in secret URL
it's recommended to set the issuer for both, the get parameter and
the initial issuer label prefix[0].
[0]: https://github.com/google/google-authenticator/wiki/Key-Uri-Format#label
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Wolfgang Bumiller [Mon, 18 Jan 2021 14:11:16 +0000 (15:11 +0100)]
tfa: remove/empty description for recovery keys
While the user chosen description is not allowed to be
empty, we do leave it empty for recovery keys, as a "dummy
description" makes little sense...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Thomas Lamprecht [Mon, 18 Jan 2021 13:31:15 +0000 (14:31 +0100)]
ui: tfa: fix ctime column width
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Wolfgang Bumiller [Mon, 18 Jan 2021 12:50:02 +0000 (13:50 +0100)]
gui: tfa: make description fill the remaining space
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Mon, 18 Jan 2021 12:50:01 +0000 (13:50 +0100)]
gui: tfa: show when entries were created
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Mon, 18 Jan 2021 12:50:00 +0000 (13:50 +0100)]
tfa: add 'created' timestamp to entries
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Oguz Bektas [Mon, 18 Jan 2021 11:18:39 +0000 (12:18 +0100)]
docs: fix typo in client manpage
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
Wolfgang Bumiller [Mon, 18 Jan 2021 11:46:47 +0000 (12:46 +0100)]
gui: enumerate recovery keys and list in 2nd factor window
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Mon, 18 Jan 2021 11:46:46 +0000 (12:46 +0100)]
tfa: remember recovery indices
and tell the client which keys are still available rather
than just yes/no/low
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Dietmar Maurer [Mon, 18 Jan 2021 12:36:11 +0000 (13:36 +0100)]
tape: implement encrypted backup - simple version
This is just a proof of concept, only storing the encryption key fingerprint
inside the media-set label.
Dietmar Maurer [Mon, 18 Jan 2021 11:14:05 +0000 (12:14 +0100)]
implement FromStr for Fingerprint
Dietmar Maurer [Mon, 18 Jan 2021 07:16:44 +0000 (08:16 +0100)]
tape: add encrypt property to media pool configuration
Dietmar Maurer [Mon, 18 Jan 2021 06:42:50 +0000 (07:42 +0100)]
tape: clear encryption key before writing labels
We always write labels unencrypted.
Dietmar Maurer [Mon, 18 Jan 2021 06:16:06 +0000 (07:16 +0100)]
tape: add hardware encryption key managenent api
Thomas Lamprecht [Mon, 18 Jan 2021 12:28:02 +0000 (13:28 +0100)]
ui: tfa: fix title for removal confirmation
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 18 Jan 2021 09:45:47 +0000 (10:45 +0100)]
ui: tfa/recovery: add print button to key info window
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 18 Jan 2021 09:45:28 +0000 (10:45 +0100)]
ui: tfa/recovery: fix copy button text, add icon
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 18 Jan 2021 09:44:37 +0000 (10:44 +0100)]
ui: tfa/recovery: disallow to close key info window with ESC
to avoid accidental closing it
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 18 Jan 2021 09:12:21 +0000 (10:12 +0100)]
ui: tfa: specify which confirmation password is required
Clarify that the password of the user one wants to add TFA too is
required, which is not necessarily the one of the current logged in
user. Use an empty text for that.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 18 Jan 2021 09:10:16 +0000 (10:10 +0100)]
ui: tfa totp: whitespace and padding fix
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 18 Jan 2021 08:33:29 +0000 (09:33 +0100)]
ui: access: stream line add/edit/.. button order and separators
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Fabian Grünbichler [Fri, 15 Jan 2021 10:48:54 +0000 (11:48 +0100)]
pull: add error context for initial group list call
otherwise the user is confronted with a generic error like "permission
check failed" with no indication that it refers to a request made to the
remote PBS instance..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Fri, 15 Jan 2021 10:48:53 +0000 (11:48 +0100)]
pull: rustfmt
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Dietmar Maurer [Sat, 16 Jan 2021 17:24:04 +0000 (18:24 +0100)]
tape: encryption scsi command cleanup
Dietmar Maurer [Sat, 16 Jan 2021 14:57:43 +0000 (15:57 +0100)]
tape: add scsi commands to control drive hardware encryption
Dietmar Maurer [Sat, 16 Jan 2021 14:15:54 +0000 (15:15 +0100)]
tape: sgutils2.rs - add do_out_command()
Make it possible to run commands that writes data.
Thomas Lamprecht [Fri, 15 Jan 2021 15:25:47 +0000 (16:25 +0100)]
ui: webauthn config: set default values for unconfigured case
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Fri, 15 Jan 2021 15:25:26 +0000 (16:25 +0100)]
ui: webauthn config: use ID instead of Id/id
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Wolfgang Bumiller [Fri, 15 Jan 2021 10:06:18 +0000 (11:06 +0100)]
gui: tfa configuration
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 15 Jan 2021 10:06:17 +0000 (11:06 +0100)]
tfa: add webauthn configuration API entry points
Currently there's not yet a node config and the WA config is
somewhat "tightly coupled" to the user entries in that
changing it can lock them all out, so for now I opted for
fewer reorganization and just use a digest of the
canonicalized config here, and keep it all in the tfa.json
file.
Experimentally using the flatten feature on the methods with
an`Updater` struct similar to what the api macro is supposed
to be able to derive on its own in the future.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 15 Jan 2021 10:06:16 +0000 (11:06 +0100)]
bakckup::manifest: use tools::json for canonical representation
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 15 Jan 2021 10:06:15 +0000 (11:06 +0100)]
add tools::json for canonical json generation
moving this from backup::manifest, no functional changes
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Dietmar Maurer [Fri, 15 Jan 2021 10:43:17 +0000 (11:43 +0100)]
tape: do not abort backup if tape drive does not support tape-alert-flags
Dietmar Maurer [Fri, 15 Jan 2021 08:44:20 +0000 (09:44 +0100)]
tape: update restore docu
Thomas Lamprecht [Thu, 14 Jan 2021 16:30:09 +0000 (17:30 +0100)]
d/rules: patch out wrongly linked libraries from ELFs
this is a HACK!
It seems that due to lots of binaries getting compiled from a single
crate the compiler is confused when linking in dependencies to each
binaries ELF.
It picks up the combined set (union) of all dependencies and sets
those to every ELF. This results in the client, for example, linking
to libapt-pkg or libsystemd even if none of that symbols are used..
This could be possibly fixed by restructuring the source tree into
sub crates/workspaces or what not, not really tested and *lots* of
work.
So as stop gap measure use `ldd -u` to find out unused linkage and
remove them using `patchelf`.
While this works well, and seems to not interfere with any debug
symbol usage or other usage in general it still is a hack and should
be dropped once the restructuring of the source tree has shown to
bring similar effects.
This allows for much easier re-use of the generated client .deb
package on other Debian derivaties (e.g., Ubuntu) which got blocked
until now due to wrong libt-apt verison or the like.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 14 Jan 2021 15:23:50 +0000 (16:23 +0100)]
debian/control: set VCS urls
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 14 Jan 2021 14:11:06 +0000 (15:11 +0100)]
d/control: sort and fix whitespace errors
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Oguz Bektas [Wed, 13 Jan 2021 16:26:15 +0000 (17:26 +0100)]
access: restrict password changes on @pam realm to superuser
for behavior consistency with `update_user`
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
Oguz Bektas [Wed, 13 Jan 2021 16:26:14 +0000 (17:26 +0100)]
access: limit editing pam credentials to superuser
modifying @pam users credentials should be only possible for root@pam,
otherwise it can have unintended consequences.
also enforce the same limit on user creation (except self_service check,
since it makes no sense during user creation)
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
Fabian Grünbichler [Wed, 13 Jan 2021 13:48:33 +0000 (14:48 +0100)]
proxmox 0.10: adapt to moved ParameterSchema
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Fri, 4 Dec 2020 10:53:34 +0000 (11:53 +0100)]
cleanup: remove unnecessary 'mut' and '.clone()'
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Fri, 4 Dec 2020 11:59:34 +0000 (12:59 +0100)]
examples: unify h2 examples
update them to the new tokio-openssl API and remove socket buffer size
setting - it was removed from the TcpStream API, and is now only
available via TcpSocket (which can in turn be converted to a
TcpListener), but this is not needed for this example.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>