]>
git.proxmox.com Git - proxmox-backup.git/blob - src/api2/access.rs
24811fb1da613df9a301939c8693527a761a94ba
4 use crate::api
::schema
::*;
5 use crate::api
::router
::*;
6 use crate::tools
::ticket
::*;
7 use crate::auth_helpers
::*;
11 use serde_json
::{json, Value}
;
13 fn authenticate_user(username
: &str, password
: &str) -> Result
<(), Error
> {
15 if username
== "root@pam" {
16 let mut auth
= pam
::Authenticator
::with_password("proxmox-backup-auth").unwrap();
17 auth
.get_handler().set_credentials("root", password
);
22 bail
!("inavlid credentials");
28 _rpcenv
: &mut RpcEnvironment
,
29 ) -> Result
<Value
, Error
> {
31 let username
= tools
::required_string_param(¶m
, "username")?
;
32 let password
= tools
::required_string_param(¶m
, "password")?
;
34 match authenticate_user(username
, password
) {
37 let ticket
= assemble_rsa_ticket( private_auth_key(), "PBS", Some(username
), None
)?
;
39 let token
= assemble_csrf_prevention_token(csrf_secret(), username
);
41 log
::info
!("successful auth for user '{}'", username
);
46 "CSRFPreventionToken": token
,
50 let client_ip
= "unknown"; // $rpcenv->get_client_ip() || '';
51 log
::error
!("authentication failure; rhost={} user={} msg={}", client_ip
, username
, err
.to_string());
52 return Err(http_err
!(UNAUTHORIZED
, "permission check failed.".into()));
57 pub fn router() -> Router
{
59 let route
= Router
::new()
64 ObjectSchema
::new("Directory index.")))
71 ObjectSchema
::new("Create or verify authentication ticket.")
74 StringSchema
::new("User name.")
79 StringSchema
::new("The secret password. This can also be a valid ticket.")
82 ObjectSchema
::new("Returns authentication ticket with additional infos.")
83 .required("username", StringSchema
::new("User name."))
84 .required("ticket", StringSchema
::new("Auth ticket."))
85 .required("CSRFPreventionToken", StringSchema
::new("Cross Site Request Forgery Prevention Token."))