- Add a 'common' symlink inside pve-rs/pmg-rs
- Have the `build/` target replace it with a dir and copy
`common/src` into it.
- Depend on perlmod-bin to generate the perl package files.
now pve-rs and pmg-rs can be built directly from within via
dpkg-buildpackage
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit sets up logging by hooking into module loading/bootstraping
process to call a new `init` function exported by the `Proxmox::Lib::{PVE,PMG}`
module, which initializes `env_logger` with its default settings.
This allows us to use `log::*` macros from Rust code.
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
backed by the proxmox-resource-scheduling crate.
Initially to be used by the HA manager to allow it basing its decision
where to start a new or recovered service on static usage information
rather than just counting.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
while introducing a 'product' parameter to the relevant functions and
adding wrappers for backwards-compatibility.
Suggested-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
by returning default data, in case the challenge data is not parseable.
this allows a new challenge to be started for the userid in question
without manual cleanup.
currently this can be triggered if an ongoing challenge created with
webauthn-rs 0.2.5 is stored in /run and attempted to be read
post-upgrade.
Reported-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
for users with incompatible tfa entries, generate an
'incompatible' entry so they cannot log in via the old api
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
it can happen that we have leftover entries with non-completed challenges.
since a user cannot continue here in a sensible way, ignore and discard
them
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
to is the last *valid* character, and ranges end by default with one
less, so extend the range to the actual last character
this fixes an issue that we could not parse old configs with
non-padded base64 values
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This consists of two parts:
1) A proxmox_tfa_api module which temporarily lives here but
will become its own crate.
Most of this is a copy from ' src/config/tfa.rs with some
compatibility changes:
* The #[api] macro is guarded by a feature flag, since we
cannot use it for PVE.
* The Userid type is replaced by &str since we don't have
Userid in PVE either.
* The file locking/reading is removed, this will stay in
the corresponding product code, and the main entry
point is now the TfaConfig object.
* Access to the runtime active challenges in /run is
provided via a trait implementation since PVE and PBS
will use different paths for this.
Essentially anything pbs-specific was removed and the
code split into a few submodules (one per tfa type
basically).
2) The tfa module in pve-rs, which contains:
* The parser for the OLD /etc/pve/priv/tfa.cfg
* The parser for the NEW /etc/pve/priv/tfa.cfg
* These create a blessed PVE::RS::TFA instance which:
- Wraps access to the TfaConfig rust object.
- Has methods all the TFA API call implementations
These are copied from PBS' src/api2/access/tfa.rs,
and pbs specific code removed.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
