//! server using https.
use anyhow::Error;
+use openssl::pkey::{PKey, Private};
use pbs_api_types::{Authid, Userid};
use pbs_tools::ticket::Ticket;
use pbs_tools::cert::CertInfo;
-use pbs_tools::auth::private_auth_key;
pub mod catalog_shell;
pub mod dynamic_index;
/// Connect to localhost:8007 as root@pam
///
/// This automatically creates a ticket if run as 'root' user.
-pub fn connect_to_localhost() -> Result<HttpClient, Error> {
-
- let uid = nix::unistd::Uid::current();
-
- let client = if uid.is_root() {
+pub fn connect_to_localhost(auth_key: Option<&PKey<Private>>) -> Result<HttpClient, Error> {
+ let options = if let Some(auth_key) = auth_key {
let ticket = Ticket::new("PBS", Userid::root_userid())?
- .sign(private_auth_key(), None)?;
+ .sign(auth_key, None)?;
let fingerprint = CertInfo::new()?.fingerprint()?;
- let options = HttpClientOptions::new_non_interactive(ticket, Some(fingerprint));
-
- HttpClient::new("localhost", 8007, Authid::root_auth_id(), options)?
+ HttpClientOptions::new_non_interactive(ticket, Some(fingerprint))
} else {
- let options = HttpClientOptions::new_interactive(None, None);
-
- HttpClient::new("localhost", 8007, Authid::root_auth_id(), options)?
+ HttpClientOptions::new_interactive(None, None)
};
- Ok(client)
+ HttpClient::new("localhost", 8007, Authid::root_auth_id(), options)
}
+++ /dev/null
-//! Helpers for authentication used by both client and server.
-
-use anyhow::Error;
-use lazy_static::lazy_static;
-use openssl::pkey::{PKey, Private};
-use openssl::rsa::Rsa;
-
-use proxmox::tools::fs::file_get_contents;
-
-use pbs_buildcfg::configdir;
-
-fn load_private_auth_key() -> Result<PKey<Private>, Error> {
- let pem = file_get_contents(configdir!("/authkey.key"))?;
- let rsa = Rsa::private_key_from_pem(&pem)?;
- let key = PKey::from_rsa(rsa)?;
-
- Ok(key)
-}
-
-pub fn private_auth_key() -> &'static PKey<Private> {
- lazy_static! {
- static ref KEY: PKey<Private> = load_private_auth_key().unwrap();
- }
-
- &KEY
-}
pub mod acl;
-pub mod auth;
pub mod blocking;
pub mod borrow;
pub mod broadcast_future;
Userid, Authid, PASSWORD_SCHEMA, ACL_PATH_SCHEMA,
PRIVILEGES, PRIV_PERMISSIONS_MODIFY, PRIV_SYS_AUDIT,
};
-use pbs_tools::auth::private_auth_key;
use pbs_tools::ticket::{self, Empty, Ticket};
use pbs_config::acl::AclTreeNode;
+use pbs_config::CachedUserInfo;
use crate::auth_helpers::*;
-use crate::server::ticket::ApiTicket;
-
-use pbs_config::CachedUserInfo;
use crate::config::tfa::TfaChallenge;
+use crate::server::ticket::ApiTicket;
pub mod acl;
pub mod domain;
use pbs_api_types::{Userid, User, REALM_ID_SCHEMA};
use pbs_buildcfg::PROXMOX_BACKUP_RUN_DIR_M;
-use pbs_tools::auth::private_auth_key;
use pbs_tools::ticket::Ticket;
use pbs_config::domains::{OpenIdUserAttribute, OpenIdRealmConfig};
-use crate::server::ticket::ApiTicket;
use pbs_config::CachedUserInfo;
-
use pbs_config::open_backup_lockfile;
use crate::auth_helpers::*;
+use crate::server::ticket::ApiTicket;
fn openid_authenticator(realm_config: &OpenIdRealmConfig, redirect_url: &str) -> Result<OpenIdAuthenticator, Error> {
let config = OpenIdConfig {
use proxmox::{identity, sortable};
use proxmox_http::websocket::WebSocket;
+use proxmox_rest_server::WorkerTask;
+
use pbs_api_types::{Authid, NODE_SCHEMA, PRIV_SYS_CONSOLE};
-use pbs_tools::auth::private_auth_key;
use pbs_tools::ticket::{self, Empty, Ticket};
-use proxmox_rest_server::WorkerTask;
use crate::tools;
+use crate::auth_helpers::private_auth_key;
pub mod apt;
pub mod certificates;
use anyhow::{bail, format_err, Error};
use lazy_static::lazy_static;
-use openssl::pkey::{PKey, Public};
+use openssl::pkey::{PKey, Private, Public};
use openssl::rsa::Rsa;
use openssl::sha;
&KEY
}
+
+fn load_private_auth_key() -> Result<PKey<Private>, Error> {
+ let pem = file_get_contents(configdir!("/authkey.key"))?;
+ let rsa = Rsa::private_key_from_pem(&pem)?;
+ let key = PKey::from_rsa(rsa)?;
+
+ Ok(key)
+}
+
+pub fn private_auth_key() -> &'static PKey<Private> {
+ lazy_static! {
+ static ref KEY: PKey<Private> = load_private_auth_key().unwrap();
+ }
+
+ &KEY
+}
use proxmox::api::RpcEnvironmentType;
use proxmox::tools::fs::CreateOptions;
-use pbs_tools::auth::private_auth_key;
use proxmox_rest_server::{daemon, ApiConfig, RestServer};
use proxmox_backup::server::auth::default_api_auth;
use proxmox::api::{api, cli::*, RpcEnvironment};
use proxmox::tools::fs::CreateOptions;
-use pbs_client::{connect_to_localhost, display_task_log, view_task_result};
+use pbs_client::{display_task_log, view_task_result};
use pbs_tools::percent_encoding::percent_encode_component;
use pbs_tools::json::required_string_param;
use pbs_api_types::{
use proxmox_rest_server::wait_for_local_worker;
-use proxmox_backup::config;
use proxmox_backup::api2;
+use proxmox_backup::client_helpers::connect_to_localhost;
+use proxmox_backup::config;
mod proxmox_backup_manager;
use proxmox_backup_manager::*;
},
};
-use pbs_client::{connect_to_localhost, view_task_result};
+use pbs_client::view_task_result;
use pbs_tools::format::{
HumanByte,
render_epoch,
proxmox_tape_magic_to_text,
},
},
+ client_helpers::connect_to_localhost,
};
mod proxmox_tape;
};
use pbs_api_types::{PROXMOX_UPID_REGEX, UPID};
-use pbs_client::{connect_to_localhost, view_task_result};
+use pbs_client::view_task_result;
use proxmox_rest_server::normalize_uri_path;
+use proxmox_backup::client_helpers::connect_to_localhost;
+
const PROG_NAME: &str = "proxmox-backup-debug api";
const URL_ASCIISET: percent_encoding::AsciiSet = percent_encoding::NON_ALPHANUMERIC.remove(b'/');
use proxmox::api::{api, cli::*, RpcEnvironment, ApiHandler};
-use pbs_client::{connect_to_localhost, view_task_result};
+use pbs_client::view_task_result;
use pbs_api_types::{DataStoreConfig, DATASTORE_SCHEMA};
use proxmox_backup::api2;
+use proxmox_backup::client_helpers::connect_to_localhost;
#[api(
input: {
use proxmox::api::{api, cli::*, RpcEnvironment, ApiHandler};
use pbs_api_types::JOB_ID_SCHEMA;
-use pbs_client::{connect_to_localhost, view_task_result};
+use pbs_client::view_task_result;
use proxmox_backup::api2;
+use proxmox_backup::client_helpers::connect_to_localhost;
#[api(
input: {
--- /dev/null
+use anyhow::Error;
+
+use crate::auth_helpers::private_auth_key;
+
+/// As root we have access to the private key file and can use it directly. Otherwise the connect
+/// call will interactively query the password.
+pub fn connect_to_localhost() -> Result<pbs_client::HttpClient, Error> {
+ pbs_client::connect_to_localhost(if nix::unistd::Uid::current().is_root() {
+ Some(private_auth_key())
+ } else {
+ None
+ })
+}
pub mod tape;
pub mod acme;
+
+pub mod client_helpers;