From 39a90ca6c5164b53134d9a2db2ca6ab8cc72440a Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Tue, 29 Jan 2019 13:15:33 +0100
Subject: [PATCH] bin/proxmox-backup-api.rs: gererate secret for csrf token

---
 src/bin/proxmox-backup-api.rs | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/src/bin/proxmox-backup-api.rs b/src/bin/proxmox-backup-api.rs
index e1a808ba..95e96a21 100644
--- a/src/bin/proxmox-backup-api.rs
+++ b/src/bin/proxmox-backup-api.rs
@@ -18,7 +18,27 @@ use futures::future::Future;
 
 use hyper;
 
-pub fn gen_auth_key() -> Result<(), Error> {
+pub fn generate_csrf_key() -> Result<(), Error> {
+
+    let path = PathBuf::from("/etc/proxmox-backup/csrf.key");
+
+    if path.exists() { return Ok(()); }
+
+    let rsa = Rsa::generate(2048).unwrap();
+
+    let pem = rsa.private_key_to_pem()?;
+
+    use nix::sys::stat::Mode;
+
+    tools::file_set_contents(
+        &path, &pem, Some(Mode::from_bits_truncate(0o0640)))?;
+
+    nix::unistd::chown(&path, Some(nix::unistd::ROOT), Some(nix::unistd::Gid::from_raw(33)))?;
+
+    Ok(())
+}
+
+pub fn generate_auth_key() -> Result<(), Error> {
 
     let priv_path = PathBuf::from("/etc/proxmox-backup/authkey.key");
 
@@ -54,11 +74,16 @@ fn main() {
         std::process::exit(-1);
     }
 
-    if let Err(err) = gen_auth_key() {
+    if let Err(err) = generate_auth_key() {
         eprintln!("unable to generate auth key: {}", err);
         std::process::exit(-1);
     }
 
+    if let Err(err) = generate_csrf_key() {
+        eprintln!("unable to generate csrf key: {}", err);
+        std::process::exit(-1);
+    }
+
     let command : Arc<Schema> = StringSchema::new("Command.")
         .format(Arc::new(ApiStringFormat::Enum(vec![
             "start".into(),