From f72ccdd65d6a85c4b70657508cb03584830c5a8e Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Tue, 13 Dec 2022 13:55:16 +0100 Subject: [PATCH] move pbs_tools::ticket to pbs_ticket Signed-off-by: Wolfgang Bumiller --- Cargo.toml | 3 +++ pbs-client/Cargo.toml | 1 + pbs-client/src/http_client.rs | 5 ++--- pbs-ticket/Cargo.toml | 14 ++++++++++++++ pbs-tools/src/ticket.rs => pbs-ticket/src/lib.rs | 0 pbs-tools/Cargo.toml | 1 - pbs-tools/src/lib.rs | 1 - src/api2/access/mod.rs | 4 ++-- src/api2/access/openid.rs | 2 +- src/api2/node/mod.rs | 6 +++--- src/client_helpers.rs | 2 +- src/server/auth.rs | 4 ++-- 12 files changed, 29 insertions(+), 14 deletions(-) create mode 100644 pbs-ticket/Cargo.toml rename pbs-tools/src/ticket.rs => pbs-ticket/src/lib.rs (100%) diff --git a/Cargo.toml b/Cargo.toml index 6fce247d..16f4822c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -37,6 +37,7 @@ members = [ "pbs-key-config", "pbs-pxar-fuse", "pbs-tape", + "pbs-ticket", "pbs-tools", "proxmox-backup-banner", @@ -93,6 +94,7 @@ pbs-fuse-loop = { path = "pbs-fuse-loop" } pbs-key-config = { path = "pbs-key-config" } pbs-pxar-fuse = { path = "pbs-pxar-fuse" } pbs-tape = { path = "pbs-tape" } +pbs-ticket = { path = "pbs-ticket" } pbs-tools = { path = "pbs-tools" } proxmox-rrd = { path = "proxmox-rrd" } @@ -229,6 +231,7 @@ pbs-config.workspace = true pbs-datastore.workspace = true pbs-key-config.workspace = true pbs-tape.workspace = true +pbs-ticket.workspace = true pbs-tools.workspace = true proxmox-rrd.workspace = true diff --git a/pbs-client/Cargo.toml b/pbs-client/Cargo.toml index 02d33854..4bae79d6 100644 --- a/pbs-client/Cargo.toml +++ b/pbs-client/Cargo.toml @@ -48,4 +48,5 @@ pxar.workspace = true pbs-api-types.workspace = true pbs-buildcfg.workspace = true pbs-datastore.workspace = true +pbs-ticket.workspace = true pbs-tools.workspace = true diff --git a/pbs-client/src/http_client.rs b/pbs-client/src/http_client.rs index c78d08f3..c86b1925 100644 --- a/pbs-client/src/http_client.rs +++ b/pbs-client/src/http_client.rs @@ -28,7 +28,6 @@ use proxmox_http::ProxyConfig; use pbs_api_types::percent_encoding::DEFAULT_ENCODE_SET; use pbs_api_types::{Authid, RateLimitConfig, Userid}; -use pbs_tools::ticket; use super::pipe_to_stream::PipeToSendStream; use super::PROXMOX_BACKUP_TCP_KEEPALIVE_TIME; @@ -250,7 +249,7 @@ fn store_ticket_info( let mut new_data = json!({}); - let ticket_lifetime = ticket::TICKET_LIFETIME - 60; + let ticket_lifetime = pbs_ticket::TICKET_LIFETIME - 60; let empty = serde_json::map::Map::new(); for (server, info) in data.as_object().unwrap_or(&empty) { @@ -281,7 +280,7 @@ fn load_ticket_info(prefix: &str, server: &str, userid: &Userid) -> Option<(Stri let path = base.place_runtime_file("tickets").ok()?; let data = file_get_json(&path, None).ok()?; let now = proxmox_time::epoch_i64(); - let ticket_lifetime = ticket::TICKET_LIFETIME - 60; + let ticket_lifetime = pbs_ticket::TICKET_LIFETIME - 60; let uinfo = data[server][userid.as_str()].as_object()?; let timestamp = uinfo["timestamp"].as_i64()?; let age = now - timestamp; diff --git a/pbs-ticket/Cargo.toml b/pbs-ticket/Cargo.toml new file mode 100644 index 00000000..afe99b91 --- /dev/null +++ b/pbs-ticket/Cargo.toml @@ -0,0 +1,14 @@ +[package] +name = "pbs-ticket" +version = "0.1.0" +authors.workspace = true +edition.workspace = true +description = "pbs ticket handling" + +[dependencies] +anyhow.workspace = true +base64.workspace = true +openssl.workspace = true +percent-encoding.workspace = true + +proxmox-time.workspace = true diff --git a/pbs-tools/src/ticket.rs b/pbs-ticket/src/lib.rs similarity index 100% rename from pbs-tools/src/ticket.rs rename to pbs-ticket/src/lib.rs diff --git a/pbs-tools/Cargo.toml b/pbs-tools/Cargo.toml index 45467a85..61132734 100644 --- a/pbs-tools/Cargo.toml +++ b/pbs-tools/Cargo.toml @@ -22,7 +22,6 @@ log.workspace = true nix.workspace = true nom.workspace = true openssl.workspace = true -percent-encoding.workspace = true regex.workspace = true serde_json.workspace = true # rt-multi-thread is required for block_in_place diff --git a/pbs-tools/src/lib.rs b/pbs-tools/src/lib.rs index aded6a01..bee5c1c0 100644 --- a/pbs-tools/src/lib.rs +++ b/pbs-tools/src/lib.rs @@ -5,7 +5,6 @@ pub mod json; pub mod lru_cache; pub mod nom; pub mod sha; -pub mod ticket; pub mod async_lru_cache; diff --git a/src/api2/access/mod.rs b/src/api2/access/mod.rs index 01736269..9274b782 100644 --- a/src/api2/access/mod.rs +++ b/src/api2/access/mod.rs @@ -18,7 +18,7 @@ use pbs_api_types::{ }; use pbs_config::acl::AclTreeNode; use pbs_config::CachedUserInfo; -use pbs_tools::ticket::{self, Empty, Ticket}; +use pbs_ticket::{Empty, Ticket}; use crate::auth_helpers::*; use crate::config::tfa::TfaChallenge; @@ -84,7 +84,7 @@ fn authenticate_user( if let Ok(Empty) = Ticket::parse(password).and_then(|ticket| { ticket.verify( public_auth_key(), - ticket::TERM_PREFIX, + pbs_ticket::TERM_PREFIX, Some(&crate::tools::ticket::term_aad(userid, &path, port)), ) }) { diff --git a/src/api2/access/openid.rs b/src/api2/access/openid.rs index c6d59de0..095726fd 100644 --- a/src/api2/access/openid.rs +++ b/src/api2/access/openid.rs @@ -15,7 +15,7 @@ use pbs_api_types::{ OPENID_DEFAILT_SCOPE_LIST, REALM_ID_SCHEMA, }; use pbs_buildcfg::PROXMOX_BACKUP_RUN_DIR_M; -use pbs_tools::ticket::Ticket; +use pbs_ticket::Ticket; use pbs_config::open_backup_lockfile; use pbs_config::CachedUserInfo; diff --git a/src/api2/node/mod.rs b/src/api2/node/mod.rs index 5859567e..763e6ea9 100644 --- a/src/api2/node/mod.rs +++ b/src/api2/node/mod.rs @@ -25,7 +25,7 @@ use proxmox_schema::*; use proxmox_rest_server::WorkerTask; use pbs_api_types::{Authid, NODE_SCHEMA, PRIV_SYS_CONSOLE}; -use pbs_tools::ticket::{self, Empty, Ticket}; +use pbs_ticket::{Empty, Ticket}; use crate::auth_helpers::private_auth_key; use crate::tools; @@ -119,7 +119,7 @@ async fn termproxy(cmd: Option, rpcenv: &mut dyn RpcEnvironment) -> Resu let listener = TcpListener::bind("localhost:0")?; let port = listener.local_addr()?.port(); - let ticket = Ticket::new(ticket::TERM_PREFIX, &Empty)?.sign( + let ticket = Ticket::new(pbs_ticket::TERM_PREFIX, &Empty)?.sign( private_auth_key(), Some(&tools::ticket::term_aad(userid, path, port)), )?; @@ -292,7 +292,7 @@ fn upgrade_to_websocket( // will be checked again by termproxy Ticket::::parse(ticket)?.verify( crate::auth_helpers::public_auth_key(), - ticket::TERM_PREFIX, + pbs_ticket::TERM_PREFIX, Some(&tools::ticket::term_aad(userid, "/system", port)), )?; diff --git a/src/client_helpers.rs b/src/client_helpers.rs index 18a4b411..4dc7f052 100644 --- a/src/client_helpers.rs +++ b/src/client_helpers.rs @@ -2,7 +2,7 @@ use anyhow::Error; use pbs_api_types::{Authid, Userid}; use pbs_client::{HttpClient, HttpClientOptions}; -use pbs_tools::ticket::Ticket; +use pbs_ticket::Ticket; use crate::auth_helpers::private_auth_key; diff --git a/src/server/auth.rs b/src/server/auth.rs index 04bc4185..e9ed9585 100644 --- a/src/server/auth.rs +++ b/src/server/auth.rs @@ -6,7 +6,7 @@ use proxmox_router::UserInformation; use pbs_api_types::{Authid, Userid}; use pbs_config::{token_shadow, CachedUserInfo}; -use pbs_tools::ticket::{self, Ticket}; +use pbs_ticket::Ticket; use proxmox_rest_server::{extract_cookie, AuthError}; use crate::auth_helpers::*; @@ -61,7 +61,7 @@ pub async fn check_pbs_auth( match auth_data { Some(AuthData::User(user_auth_data)) => { let ticket = user_auth_data.ticket.clone(); - let ticket_lifetime = ticket::TICKET_LIFETIME; + let ticket_lifetime = pbs_ticket::TICKET_LIFETIME; let userid: Userid = Ticket::::parse(&ticket)? .verify_with_time_frame(public_auth_key(), "PBS", None, -300..ticket_lifetime)?