src/bin/proxmox_restore_daemon/auth.rs

   1 //! Authentication via a static ticket file
   2 use std::fs::File;
   3 use std::io::prelude::*;
   4
   5 use anyhow::{bail, format_err, Error};
   6
   7 use proxmox_rest_server::{ApiAuth, AuthError};
   8
   9 const TICKET_FILE: &str = "/ticket";
  10
  11 pub struct StaticAuth {
  12     ticket: String,
  13 }
  14
  15 impl ApiAuth for StaticAuth {
  16     fn check_auth(
  17         &self,
  18         headers: &http::HeaderMap,
  19         _method: &hyper::Method,
  20     ) -> Result<String, AuthError> {
  21         match headers.get(hyper::header::AUTHORIZATION) {
  22             Some(header) if header.to_str().unwrap_or("") == &self.ticket => {
  23                 Ok(String::from("root@pam"))
  24             }
  25             _ => {
  26                 return Err(AuthError::Generic(format_err!(
  27                     "invalid file restore ticket provided"
  28                 )));
  29             }
  30         }
  31     }
  32 }
  33
  34 pub fn ticket_auth() -> Result<StaticAuth, Error> {
  35     let mut ticket_file = File::open(TICKET_FILE)?;
  36     let mut ticket = String::new();
  37     let len = ticket_file.read_to_string(&mut ticket)?;
  38     if len <= 0 {
  39         bail!("invalid ticket: cannot be empty");
  40     }
  41     Ok(StaticAuth { ticket })
  42 }