proxmox-mirrors/proxmox-perl-rs
1
0
Fork 0
mirror of https://git.proxmox.com/git/proxmox-perl-rs synced 2025-05-25 08:21:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

update to new tfa crate

Browse Source 
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2023-03-07 12:48:46 +01:00
parent bd90bdf495
commit 9fdb289df2
2 changed files with 30 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
pmg-rs/src/tfa.rs
View File

@ -18,7 +18,8 @@ use nix::errno::Errno;
use nix::sys::stat::Mode; use nix::sys::stat::Mode;
pub(self) use proxmox_tfa::api::{ pub(self) use proxmox_tfa::api::{
RecoveryState, TfaChallenge, TfaConfig, TfaResponse, U2fConfig, WebauthnConfig, RecoveryState, TfaChallenge, TfaConfig, TfaResponse, U2fConfig, UserChallengeAccess,
WebauthnConfig,
}; };
#[perlmod::package(name = "PMG::RS::TFA")] #[perlmod::package(name = "PMG::RS::TFA")]
@ -105,7 +106,7 @@ mod export {
) -> Result<String, Error> { ) -> Result<String, Error> {
let this: &Tfa = (&raw_this).try_into()?; let this: &Tfa = (&raw_this).try_into()?;
let mut inner = this.inner.lock().unwrap(); let mut inner = this.inner.lock().unwrap();
inner.u2f_registration_challenge(UserAccess::new(&raw_this)?, userid, description) inner.u2f_registration_challenge(&UserAccess::new(&raw_this)?, userid, description)
} }
/// Finish a u2f registration. This updates temporary data in `/run` and therefore the config /// Finish a u2f registration. This updates temporary data in `/run` and therefore the config
@ -120,7 +121,7 @@ mod export {
) -> Result<String, Error> { ) -> Result<String, Error> {
let this: &Tfa = (&raw_this).try_into()?; let this: &Tfa = (&raw_this).try_into()?;
let mut inner = this.inner.lock().unwrap(); let mut inner = this.inner.lock().unwrap();
inner.u2f_registration_finish(UserAccess::new(&raw_this)?, userid, challenge, response) inner.u2f_registration_finish(&UserAccess::new(&raw_this)?, userid, challenge, response)
} }
/// Check if a user has any TFA entries of a given type. /// Check if a user has any TFA entries of a given type.
@ -203,7 +204,7 @@ mod export {
let this: &Tfa = (&raw_this).try_into()?; let this: &Tfa = (&raw_this).try_into()?;
let mut inner = this.inner.lock().unwrap(); let mut inner = this.inner.lock().unwrap();
match inner.authentication_challenge( match inner.authentication_challenge(
UserAccess::new(&raw_this)?, &UserAccess::new(&raw_this)?,
userid, userid,
origin.as_ref(), origin.as_ref(),
)? { )? {
@ -246,7 +247,7 @@ mod export {
let mut inner = this.inner.lock().unwrap(); let mut inner = this.inner.lock().unwrap();
inner inner
.verify( .verify(
UserAccess::new(&raw_this)?, &UserAccess::new(&raw_this)?,
userid, userid,
&challenge, &challenge,
response, response,
@ -314,7 +315,7 @@ mod export {
let this: &Tfa = (&raw_this).try_into()?; let this: &Tfa = (&raw_this).try_into()?;
methods::add_tfa_entry( methods::add_tfa_entry(
&mut this.inner.lock().unwrap(), &mut this.inner.lock().unwrap(),
UserAccess::new(&raw_this)?, &UserAccess::new(&raw_this)?,
userid, userid,
description, description,
totp, totp,
@ -440,9 +441,7 @@ fn challenge_data_path(userid: &str, debug: bool) -> PathBuf {
} }
impl proxmox_tfa::api::OpenUserChallengeData for UserAccess { impl proxmox_tfa::api::OpenUserChallengeData for UserAccess {
type Data = UserChallengeData; fn open(&self, userid: &str) -> Result<Box<dyn UserChallengeAccess>, Error> {
fn open(&self, userid: &str) -> Result<UserChallengeData, Error> {
if self.is_debug() { if self.is_debug() {
mkdir("./local-tfa-challenges", 0o700)?; mkdir("./local-tfa-challenges", 0o700)?;
} else { } else {
@ -485,15 +484,15 @@ impl proxmox_tfa::api::OpenUserChallengeData for UserAccess {
} }
}; };
Ok(UserChallengeData { Ok(Box::new(UserChallengeData {
inner, inner,
path, path,
lock: file, lock: file,
}) }))
} }
/// `open` without creating the file if it doesn't exist, to finish WA authentications. /// `open` without creating the file if it doesn't exist, to finish WA authentications.
fn open_no_create(&self, userid: &str) -> Result<Option<UserChallengeData>, Error> { fn open_no_create(&self, userid: &str) -> Result<Option<Box<dyn UserChallengeAccess>>, Error> {
let path = challenge_data_path(userid, self.is_debug()); let path = challenge_data_path(userid, self.is_debug());
let mut file = match std::fs::OpenOptions::new() let mut file = match std::fs::OpenOptions::new()
@ -514,11 +513,11 @@ impl proxmox_tfa::api::OpenUserChallengeData for UserAccess {
format_err!("failed to read challenge data for user {}: {}", userid, err) format_err!("failed to read challenge data for user {}: {}", userid, err)
})?; })?;
Ok(Some(UserChallengeData { Ok(Some(Box::new(UserChallengeData {
inner, inner,
path, path,
lock: file, lock: file,
})) })))
} }
fn remove(&self, userid: &str) -> Result<bool, Error> { fn remove(&self, userid: &str) -> Result<bool, Error> {
@ -546,7 +545,7 @@ impl proxmox_tfa::api::UserChallengeAccess for UserChallengeData {
&mut self.inner &mut self.inner
} }
fn save(self) -> Result<(), Error> { fn save(&mut self) -> Result<(), Error> {
UserChallengeData::save(self) UserChallengeData::save(self)
} }
} }
@ -591,7 +590,7 @@ impl UserChallengeData {
/// ///
/// This currently consumes selfe as we never perform more than 1 insertion/removal, and this /// This currently consumes selfe as we never perform more than 1 insertion/removal, and this
/// way also unlocks early. /// way also unlocks early.
fn save(mut self) -> Result<(), Error> { fn save(&mut self) -> Result<(), Error> {
self.rewind()?; self.rewind()?;
serde_json::to_writer(&mut &self.lock, &self.inner).map_err(|err| { serde_json::to_writer(&mut &self.lock, &self.inner).map_err(|err| {

31
pve-rs/src/tfa.rs
View File

@ -21,7 +21,8 @@ use nix::sys::stat::Mode;
use serde_json::Value as JsonValue; use serde_json::Value as JsonValue;
pub(self) use proxmox_tfa::api::{ pub(self) use proxmox_tfa::api::{
RecoveryState, TfaChallenge, TfaConfig, TfaResponse, TfaUserData, U2fConfig, WebauthnConfig, RecoveryState, TfaChallenge, TfaConfig, TfaResponse, TfaUserData, U2fConfig,
UserChallengeAccess, WebauthnConfig,
}; };
#[perlmod::package(name = "PVE::RS::TFA")] #[perlmod::package(name = "PVE::RS::TFA")]
@ -173,7 +174,7 @@ mod export {
) -> Result<String, Error> { ) -> Result<String, Error> {
let this: &Tfa = (&raw_this).try_into()?; let this: &Tfa = (&raw_this).try_into()?;
let mut inner = this.inner.lock().unwrap(); let mut inner = this.inner.lock().unwrap();
inner.u2f_registration_challenge(UserAccess::new(&raw_this)?, userid, description) inner.u2f_registration_challenge(&UserAccess::new(&raw_this)?, userid, description)
} }
/// Finish a u2f registration. This updates temporary data in `/run` and therefore the config /// Finish a u2f registration. This updates temporary data in `/run` and therefore the config
@ -188,7 +189,7 @@ mod export {
) -> Result<String, Error> { ) -> Result<String, Error> {
let this: &Tfa = (&raw_this).try_into()?; let this: &Tfa = (&raw_this).try_into()?;
let mut inner = this.inner.lock().unwrap(); let mut inner = this.inner.lock().unwrap();
inner.u2f_registration_finish(UserAccess::new(&raw_this)?, userid, challenge, response) inner.u2f_registration_finish(&UserAccess::new(&raw_this)?, userid, challenge, response)
} }
/// Check if a user has any TFA entries of a given type. /// Check if a user has any TFA entries of a given type.
@ -249,7 +250,7 @@ mod export {
let this: &Tfa = (&raw_this).try_into()?; let this: &Tfa = (&raw_this).try_into()?;
let mut inner = this.inner.lock().unwrap(); let mut inner = this.inner.lock().unwrap();
match inner.authentication_challenge( match inner.authentication_challenge(
UserAccess::new(&raw_this)?, &UserAccess::new(&raw_this)?,
userid, userid,
origin.as_ref(), origin.as_ref(),
)? { )? {
@ -292,7 +293,7 @@ mod export {
let mut inner = this.inner.lock().unwrap(); let mut inner = this.inner.lock().unwrap();
inner inner
.verify( .verify(
UserAccess::new(&raw_this)?, &UserAccess::new(&raw_this)?,
userid, userid,
&challenge, &challenge,
response, response,
@ -360,7 +361,7 @@ mod export {
let this: &Tfa = (&raw_this).try_into()?; let this: &Tfa = (&raw_this).try_into()?;
methods::add_tfa_entry( methods::add_tfa_entry(
&mut this.inner.lock().unwrap(), &mut this.inner.lock().unwrap(),
UserAccess::new(&raw_this)?, &UserAccess::new(&raw_this)?,
userid, userid,
description, description,
totp, totp,
@ -841,9 +842,7 @@ fn challenge_data_path(userid: &str, debug: bool) -> PathBuf {
} }
impl proxmox_tfa::api::OpenUserChallengeData for UserAccess { impl proxmox_tfa::api::OpenUserChallengeData for UserAccess {
type Data = UserChallengeData; fn open(&self, userid: &str) -> Result<Box<dyn UserChallengeAccess>, Error> {
fn open(&self, userid: &str) -> Result<UserChallengeData, Error> {
if self.is_debug() { if self.is_debug() {
mkdir("./local-tfa-challenges", 0o700)?; mkdir("./local-tfa-challenges", 0o700)?;
} else { } else {
@ -886,15 +885,15 @@ impl proxmox_tfa::api::OpenUserChallengeData for UserAccess {
} }
}; };
Ok(UserChallengeData { Ok(Box::new(UserChallengeData {
inner, inner,
path, path,
lock: file, lock: file,
}) }))
} }
/// `open` without creating the file if it doesn't exist, to finish WA authentications. /// `open` without creating the file if it doesn't exist, to finish WA authentications.
fn open_no_create(&self, userid: &str) -> Result<Option<UserChallengeData>, Error> { fn open_no_create(&self, userid: &str) -> Result<Option<Box<dyn UserChallengeAccess>>, Error> {
let path = challenge_data_path(userid, self.is_debug()); let path = challenge_data_path(userid, self.is_debug());
let mut file = match std::fs::OpenOptions::new() let mut file = match std::fs::OpenOptions::new()
@ -915,11 +914,11 @@ impl proxmox_tfa::api::OpenUserChallengeData for UserAccess {
format_err!("failed to read challenge data for user {}: {}", userid, err) format_err!("failed to read challenge data for user {}: {}", userid, err)
})?; })?;
Ok(Some(UserChallengeData { Ok(Some(Box::new(UserChallengeData {
inner, inner,
path, path,
lock: file, lock: file,
})) })))
} }
fn remove(&self, userid: &str) -> Result<bool, Error> { fn remove(&self, userid: &str) -> Result<bool, Error> {
@ -947,7 +946,7 @@ impl proxmox_tfa::api::UserChallengeAccess for UserChallengeData {
&mut self.inner &mut self.inner
} }
fn save(self) -> Result<(), Error> { fn save(&mut self) -> Result<(), Error> {
UserChallengeData::save(self) UserChallengeData::save(self)
} }
} }
@ -992,7 +991,7 @@ impl UserChallengeData {
/// ///
/// This currently consumes selfe as we never perform more than 1 insertion/removal, and this /// This currently consumes selfe as we never perform more than 1 insertion/removal, and this
/// way also unlocks early. /// way also unlocks early.
fn save(mut self) -> Result<(), Error> { fn save(&mut self) -> Result<(), Error> {
self.rewind()?; self.rewind()?;
serde_json::to_writer(&mut &self.lock, &self.inner).map_err(|err| { serde_json::to_writer(&mut &self.lock, &self.inner).map_err(|err| {