For PMG we for now only provide an empty stub and warn to syslog -
we need basic notification system integration there first.
On PMG, we still use a pure Perl implementation at the moment,
so this should not be an issue unless we change that.
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
The context has now been moved to `proxmox-notify` due to the fact
that we also need it in `proxmox-mail-forward` now.
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
Instead of blessed raw pointers as these can easily lead to double
free corruptions when they're copied in perl.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Also splitting PVE-specific context into its own file.
Suggested-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
The function returns all other entities referenced by a filter/target.
This is useful for permission checks, where the user must have the
appropriate permissions for all entities.
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
This parameter allows to send mails to the email address configured
for users from the product's user database.
`proxmox-notify` now has a `Context` that must be set via
`proxmox_notify::context::set_context` before the crate is used.
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
Logging behaviour can be overridden by the {PMG,PVE}_LOG environment
variable.
This commit also disables styled output and timestamps in log messages,
since we usually log to the journal anyway. The log output is configured
to match with other log messages in task logs.
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
- Add a 'common' symlink inside pve-rs/pmg-rs
- Have the `build/` target replace it with a dir and copy
`common/src` into it.
- Depend on perlmod-bin to generate the perl package files.
now pve-rs and pmg-rs can be built directly from within via
dpkg-buildpackage
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit sets up logging by hooking into module loading/bootstraping
process to call a new `init` function exported by the `Proxmox::Lib::{PVE,PMG}`
module, which initializes `env_logger` with its default settings.
This allows us to use `log::*` macros from Rust code.
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
backed by the proxmox-resource-scheduling crate.
Initially to be used by the HA manager to allow it basing its decision
where to start a new or recovered service on static usage information
rather than just counting.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
while introducing a 'product' parameter to the relevant functions and
adding wrappers for backwards-compatibility.
Suggested-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
by returning default data, in case the challenge data is not parseable.
this allows a new challenge to be started for the userid in question
without manual cleanup.
currently this can be triggered if an ongoing challenge created with
webauthn-rs 0.2.5 is stored in /run and attempted to be read
post-upgrade.
Reported-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
for users with incompatible tfa entries, generate an
'incompatible' entry so they cannot log in via the old api
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
it can happen that we have leftover entries with non-completed challenges.
since a user cannot continue here in a sensible way, ignore and discard
them
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
to is the last *valid* character, and ranges end by default with one
less, so extend the range to the actual last character
this fixes an issue that we could not parse old configs with
non-padded base64 values
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This consists of two parts:
1) A proxmox_tfa_api module which temporarily lives here but
will become its own crate.
Most of this is a copy from ' src/config/tfa.rs with some
compatibility changes:
* The #[api] macro is guarded by a feature flag, since we
cannot use it for PVE.
* The Userid type is replaced by &str since we don't have
Userid in PVE either.
* The file locking/reading is removed, this will stay in
the corresponding product code, and the main entry
point is now the TfaConfig object.
* Access to the runtime active challenges in /run is
provided via a trait implementation since PVE and PBS
will use different paths for this.
Essentially anything pbs-specific was removed and the
code split into a few submodules (one per tfa type
basically).
2) The tfa module in pve-rs, which contains:
* The parser for the OLD /etc/pve/priv/tfa.cfg
* The parser for the NEW /etc/pve/priv/tfa.cfg
* These create a blessed PVE::RS::TFA instance which:
- Wraps access to the TfaConfig rust object.
- Has methods all the TFA API call implementations
These are copied from PBS' src/api2/access/tfa.rs,
and pbs specific code removed.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
