From ca65d297b773126b951fb9b8c475edea819571a0 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Fri, 18 Jun 2021 10:08:01 +0200 Subject: [PATCH 01/51] initial import --- .cargo/config | 5 ++ Cargo.toml | 21 ++++++ src/auth_state.rs | 107 +++++++++++++++++++++++++++ src/http_client.rs | 92 +++++++++++++++++++++++ src/lib.rs | 181 +++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 406 insertions(+) create mode 100644 .cargo/config create mode 100644 Cargo.toml create mode 100644 src/auth_state.rs create mode 100644 src/http_client.rs create mode 100644 src/lib.rs diff --git a/.cargo/config b/.cargo/config new file mode 100644 index 00000000..3b5b6e48 --- /dev/null +++ b/.cargo/config @@ -0,0 +1,5 @@ +[source] +[source.debian-packages] +directory = "/usr/share/cargo/registry" +[source.crates-io] +replace-with = "debian-packages" diff --git a/Cargo.toml b/Cargo.toml new file mode 100644 index 00000000..bc6b8a10 --- /dev/null +++ b/Cargo.toml @@ -0,0 +1,21 @@ +[package] +name = "proxmox-openid" +version = "0.1.0" +authors = ["Dietmar Maurer "] +edition = "2018" + +[lib] +name = "proxmox_openid" +path = "src/lib.rs" + + +[dependencies] +anyhow = "1.0" +serde = { version = "1.0", features = ["derive"] } +serde_json = "1.0" +url = "2.1" +http = "0.2" +curl = { version = "0.4.33" } +proxmox = { version = "0.11.5", features = [ "sortable-macro", "api-macro" ] } +nix = "0.19.1" +openidconnect = { version = "2.0", default-features = false, features = ["curl"] } diff --git a/src/auth_state.rs b/src/auth_state.rs new file mode 100644 index 00000000..29caea52 --- /dev/null +++ b/src/auth_state.rs @@ -0,0 +1,107 @@ +use anyhow::{bail, Error}; +use serde_json::{json, Value}; +use nix::unistd::Uid; + +use proxmox::tools::{ + time::epoch_i64, + fs::{ + replace_file, + open_file_locked, + file_get_json, + CreateOptions, + }, +}; + +use super::{PublicAuthState, PrivateAuthState}; + +fn load_auth_state_locked(realm: &str, default: Option) -> Result<(String, std::fs::File, Vec), Error> { + + let lock = open_file_locked( + "/tmp/proxmox-openid-auth-state.lock", + std::time::Duration::new(10, 0), + true + )?; + + let path = format!("/tmp/proxmox-openid-auth-state-{}", realm); + + let now = epoch_i64(); + + let old_data = file_get_json(&path, default)?; + + let mut data: Vec = Vec::new(); + + let timeout = 10*60; // 10 minutes + + for v in old_data.as_array().unwrap() { + let ctime = v["ctime"].as_i64().unwrap_or(0); + if (ctime + timeout) < now { + continue; + } + data.push(v.clone()); + } + + Ok((path, lock, data)) +} + +fn replace_auth_state(path: &str, data: &Vec, state_owner: Uid) -> Result<(), Error> { + + let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600); + // set the correct owner/group/permissions while saving file + // owner(rw) = root + let options = CreateOptions::new() + .perm(mode) + .owner(state_owner); + + let raw = serde_json::to_string_pretty(data)?; + + replace_file(&path, raw.as_bytes(), options)?; + + Ok(()) +} + +pub fn verify_public_auth_state(state: &str, state_owner: Uid) -> Result<(String, PrivateAuthState), Error> { + + let public_auth_state: PublicAuthState = serde_json::from_str(state)?; + + let (path, _lock, old_data) = load_auth_state_locked(&public_auth_state.realm, None)?; + + let mut data: Vec = Vec::new(); + + let mut entry: Option = None; + let find_csrf_token = public_auth_state.csrf_token.secret(); + for v in old_data { + if v["csrf_token"].as_str() == Some(find_csrf_token) { + entry = Some(serde_json::from_value(v)?); + } else { + data.push(v); + } + } + + let entry = match entry { + None => bail!("no openid auth state found (possible timeout)"), + Some(entry) => entry, + }; + + replace_auth_state(&path, &data, state_owner)?; + + Ok((public_auth_state.realm, entry)) +} + +pub fn store_auth_state( + realm: &str, + auth_state: &PrivateAuthState, + state_owner: Uid, +) -> Result<(), Error> { + + let (path, _lock, mut data) = load_auth_state_locked(realm, Some(json!([])))?; + + if data.len() > 100 { + bail!("too many pending openid auth request for realm {}", realm); + } + + data.push(serde_json::to_value(&auth_state)?); + + replace_auth_state(&path, &data, state_owner)?; + + Ok(()) +} diff --git a/src/http_client.rs b/src/http_client.rs new file mode 100644 index 00000000..f07aed0d --- /dev/null +++ b/src/http_client.rs @@ -0,0 +1,92 @@ +use std::io::Read; + +use curl::easy::Easy; +use http::header::{HeaderMap, HeaderValue, CONTENT_TYPE}; +use http::method::Method; +use http::status::StatusCode; + +use openidconnect::{ + HttpRequest, + HttpResponse, +}; + +/// Synchronous Curl HTTP client. +/// +/// Copied fron OAuth2 create, added fix https://github.com/ramosbugs/oauth2-rs/pull/147 +pub fn http_client(request: HttpRequest) -> Result { + + use openidconnect::curl::Error; + + let mut easy = Easy::new(); + easy.url(&request.url.to_string()[..]) + .map_err(Error::Curl)?; + + let mut headers = curl::easy::List::new(); + request + .headers + .iter() + .map(|(name, value)| { + headers + .append(&format!( + "{}: {}", + name, + value.to_str().map_err(|_| Error::Other(format!( + "invalid {} header value {:?}", + name, + value.as_bytes() + )))? + )) + .map_err(Error::Curl) + }) + .collect::>()?; + + easy.http_headers(headers).map_err(Error::Curl)?; + + if let Method::POST = request.method { + easy.post(true).map_err(Error::Curl)?; + easy.post_field_size(request.body.len() as u64) + .map_err(Error::Curl)?; + } else { + assert_eq!(request.method, Method::GET); + } + + let mut form_slice = &request.body[..]; + let mut data = Vec::new(); + { + let mut transfer = easy.transfer(); + + transfer + .read_function(|buf| Ok(form_slice.read(buf).unwrap_or(0))) + .map_err(Error::Curl)?; + + transfer + .write_function(|new_data| { + data.extend_from_slice(new_data); + Ok(new_data.len()) + }) + .map_err(Error::Curl)?; + + transfer.perform().map_err(Error::Curl)?; + } + + let status_code = easy.response_code().map_err(Error::Curl)? as u16; + + Ok(HttpResponse { + status_code: StatusCode::from_u16(status_code).map_err(|err| Error::Http(err.into()))?, + headers: easy + .content_type() + .map_err(Error::Curl)? + .map(|content_type| { + Ok(vec![( + CONTENT_TYPE, + HeaderValue::from_str(content_type).map_err(|err| Error::Http(err.into()))?, + )] + .into_iter() + .collect::()) + }) + .transpose()? + .unwrap_or_else(HeaderMap::new), + body: data, + }) +} + diff --git a/src/lib.rs b/src/lib.rs new file mode 100644 index 00000000..eb2d9c7b --- /dev/null +++ b/src/lib.rs @@ -0,0 +1,181 @@ +use anyhow::{format_err, Error}; +use serde::{Deserialize, Serialize}; +use url::Url; +use nix::unistd::Uid; + +mod http_client; +pub use http_client::http_client; + +mod auth_state; +pub use auth_state::*; + + +use openidconnect::{ + //curl::http_client, + core::{ + CoreProviderMetadata, + CoreClient, + CoreIdTokenClaims, + CoreIdTokenVerifier, + CoreAuthenticationFlow, + CoreAuthDisplay, + CoreAuthPrompt, + }, + PkceCodeChallenge, + PkceCodeVerifier, + AuthorizationCode, + ClientId, + ClientSecret, + CsrfToken, + IssuerUrl, + Nonce, + OAuth2TokenResponse, + RedirectUrl, + Scope, +}; + +pub struct OpenIdConfig { + pub issuer_url: String, + pub client_id: String, + pub client_key: Option, +} + +pub struct OpenIdAuthenticator { + client: CoreClient, +} + +#[derive(Debug, Deserialize, Serialize)] +pub struct PublicAuthState { + pub csrf_token: CsrfToken, + pub realm: String, +} + +#[derive(Debug, Deserialize, Serialize)] +pub struct PrivateAuthState { + pub csrf_token: CsrfToken, + pub nonce: Nonce, + pub pkce_verifier: PkceCodeVerifier, + pub ctime: i64, +} + +impl PrivateAuthState { + + pub fn new() -> Self { + let nonce = Nonce::new_random(); + let csrf_token = CsrfToken::new_random(); + let (_pkce_challenge, pkce_verifier) = PkceCodeChallenge::new_random_sha256(); + + PrivateAuthState { + csrf_token, + nonce, + pkce_verifier, + ctime: proxmox::tools::time::epoch_i64(), + } + } + + pub fn pkce_verifier(&self) -> PkceCodeVerifier { + // Note: PkceCodeVerifier does not impl. clone() + PkceCodeVerifier::new(self.pkce_verifier.secret().to_string()) + } + + pub fn pkce_challenge(&self) -> PkceCodeChallenge { + PkceCodeChallenge::from_code_verifier_sha256(&self.pkce_verifier) + } + + pub fn public_state_string(&self, realm: String) -> Result { + let pub_state = PublicAuthState { + csrf_token: self.csrf_token.clone(), + realm, + }; + Ok(serde_json::to_string(&pub_state)?) + } +} + +impl OpenIdAuthenticator { + + pub fn discover(config: &OpenIdConfig, redirect_url: &str) -> Result { + + let client_id = ClientId::new(config.client_id.clone()); + let client_key = config.client_key.clone().map(|key| ClientSecret::new(key)); + let issuer_url = IssuerUrl::new(config.issuer_url.clone())?; + + let provider_metadata = CoreProviderMetadata::discover(&issuer_url, http_client)?; + + let client = CoreClient::from_provider_metadata( + provider_metadata, + client_id, + client_key, + ).set_redirect_uri(RedirectUrl::new(String::from(redirect_url))?); + + Ok(Self { + client, + }) + } + + pub fn authorize_url(&self, realm: &str, state_owner: Uid) -> Result { + + let private_auth_state = PrivateAuthState::new(); + let public_auth_state = private_auth_state.public_state_string(realm.to_string())?; + let nonce = private_auth_state.nonce.clone(); + + store_auth_state(realm, &private_auth_state, state_owner)?; + + // Generate the authorization URL to which we'll redirect the user. + let (authorize_url, _csrf_state, _nonce) = self.client + .authorize_url( + CoreAuthenticationFlow::AuthorizationCode, + || CsrfToken::new(public_auth_state), + || nonce, + ) + .set_display(CoreAuthDisplay::Page) + .add_prompt(CoreAuthPrompt::Login) + .add_scope(Scope::new("email".to_string())) + .add_scope(Scope::new("profile".to_string())) + .set_pkce_challenge(private_auth_state.pkce_challenge()) + .url(); + + Ok(authorize_url.into()) + } + + pub fn verify_public_auth_state( + state: &str, + state_owner: Uid, + ) -> Result<(String, PrivateAuthState), Error> { + verify_public_auth_state(state, state_owner) + } + + pub fn verify_authorization_code( + &self, + code: &str, + private_auth_state: &PrivateAuthState, + ) -> Result { + + let code = AuthorizationCode::new(code.to_string()); + // Exchange the code with a token. + let token_response = self.client + .exchange_code(code) + .set_pkce_verifier(private_auth_state.pkce_verifier()) + .request(http_client) + .map_err(|err| format_err!("Failed to contact token endpoint: {}", err))?; + + println!( + "OpenId returned access token:\n{}\n", + token_response.access_token().secret() + ); + + println!("OpenId returned scopes: {:?}", token_response.scopes()); + + let id_token_verifier: CoreIdTokenVerifier = self.client.id_token_verifier(); + let id_token_claims: &CoreIdTokenClaims = token_response + .extra_fields() + .id_token() + .expect("Server did not return an ID token") + .claims(&id_token_verifier, &private_auth_state.nonce) + .map_err(|err| format_err!("Failed to verify ID token: {}", err))?; + + println!("Google returned ID token: {:?}", id_token_claims); + + Ok(id_token_claims.clone()) + } + +} From dd0d18d5ce2960d1a0883a543c852d358d7924ee Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Fri, 18 Jun 2021 10:49:38 +0200 Subject: [PATCH 02/51] make state directory configurable (pass state_dir as parameter) --- src/auth_state.rs | 46 ++++++++++++++++++++++++++++------------------ src/lib.rs | 11 ++++++----- 2 files changed, 34 insertions(+), 23 deletions(-) diff --git a/src/auth_state.rs b/src/auth_state.rs index 29caea52..087127e0 100644 --- a/src/auth_state.rs +++ b/src/auth_state.rs @@ -1,6 +1,7 @@ +use std::path::{Path, PathBuf}; + use anyhow::{bail, Error}; use serde_json::{json, Value}; -use nix::unistd::Uid; use proxmox::tools::{ time::epoch_i64, @@ -14,15 +15,23 @@ use proxmox::tools::{ use super::{PublicAuthState, PrivateAuthState}; -fn load_auth_state_locked(realm: &str, default: Option) -> Result<(String, std::fs::File, Vec), Error> { +fn load_auth_state_locked( + state_dir: &Path, + realm: &str, + default: Option, +) -> Result<(PathBuf, std::fs::File, Vec), Error> { + + let mut lock_path = state_dir.to_owned(); + lock_path.push("proxmox-openid-auth-state.lock"); let lock = open_file_locked( - "/tmp/proxmox-openid-auth-state.lock", + lock_path, std::time::Duration::new(10, 0), true )?; - let path = format!("/tmp/proxmox-openid-auth-state-{}", realm); + let mut path = state_dir.to_owned(); + path.push(format!("proxmox-openid-auth-state-{}", realm)); let now = epoch_i64(); @@ -43,27 +52,28 @@ fn load_auth_state_locked(realm: &str, default: Option) -> Result<(String Ok((path, lock, data)) } -fn replace_auth_state(path: &str, data: &Vec, state_owner: Uid) -> Result<(), Error> { +fn replace_auth_state( + path: &Path, + data: &Vec, +) -> Result<(), Error> { let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600); - // set the correct owner/group/permissions while saving file - // owner(rw) = root - let options = CreateOptions::new() - .perm(mode) - .owner(state_owner); - + let options = CreateOptions::new().perm(mode); let raw = serde_json::to_string_pretty(data)?; - replace_file(&path, raw.as_bytes(), options)?; + replace_file(path, raw.as_bytes(), options)?; Ok(()) } -pub fn verify_public_auth_state(state: &str, state_owner: Uid) -> Result<(String, PrivateAuthState), Error> { +pub fn verify_public_auth_state( + state_dir: &Path, + state: &str, +) -> Result<(String, PrivateAuthState), Error> { let public_auth_state: PublicAuthState = serde_json::from_str(state)?; - let (path, _lock, old_data) = load_auth_state_locked(&public_auth_state.realm, None)?; + let (path, _lock, old_data) = load_auth_state_locked(state_dir, &public_auth_state.realm, None)?; let mut data: Vec = Vec::new(); @@ -82,18 +92,18 @@ pub fn verify_public_auth_state(state: &str, state_owner: Uid) -> Result<(String Some(entry) => entry, }; - replace_auth_state(&path, &data, state_owner)?; + replace_auth_state(&path, &data)?; Ok((public_auth_state.realm, entry)) } pub fn store_auth_state( + state_dir: &Path, realm: &str, auth_state: &PrivateAuthState, - state_owner: Uid, ) -> Result<(), Error> { - let (path, _lock, mut data) = load_auth_state_locked(realm, Some(json!([])))?; + let (path, _lock, mut data) = load_auth_state_locked(state_dir, realm, Some(json!([])))?; if data.len() > 100 { bail!("too many pending openid auth request for realm {}", realm); @@ -101,7 +111,7 @@ pub fn store_auth_state( data.push(serde_json::to_value(&auth_state)?); - replace_auth_state(&path, &data, state_owner)?; + replace_auth_state(&path, &data)?; Ok(()) } diff --git a/src/lib.rs b/src/lib.rs index eb2d9c7b..bd3c9af8 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,7 +1,8 @@ +use std::path::Path; + use anyhow::{format_err, Error}; use serde::{Deserialize, Serialize}; use url::Url; -use nix::unistd::Uid; mod http_client; pub use http_client::http_client; @@ -112,13 +113,13 @@ impl OpenIdAuthenticator { }) } - pub fn authorize_url(&self, realm: &str, state_owner: Uid) -> Result { + pub fn authorize_url(&self, state_dir: &str, realm: &str) -> Result { let private_auth_state = PrivateAuthState::new(); let public_auth_state = private_auth_state.public_state_string(realm.to_string())?; let nonce = private_auth_state.nonce.clone(); - store_auth_state(realm, &private_auth_state, state_owner)?; + store_auth_state(Path::new(state_dir), realm, &private_auth_state)?; // Generate the authorization URL to which we'll redirect the user. let (authorize_url, _csrf_state, _nonce) = self.client @@ -138,10 +139,10 @@ impl OpenIdAuthenticator { } pub fn verify_public_auth_state( + state_dir: &str, state: &str, - state_owner: Uid, ) -> Result<(String, PrivateAuthState), Error> { - verify_public_auth_state(state, state_owner) + verify_public_auth_state(Path::new(state_dir), state) } pub fn verify_authorization_code( From 634e35489a3ffdfdf649e380c45458a90184afaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= Date: Fri, 18 Jun 2021 16:16:19 +0200 Subject: [PATCH 03/51] add packaging MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fabian Grünbichler --- Cargo.toml | 5 ++++ Makefile | 45 ++++++++++++++++++++++++++++++++++++ debian/changelog | 5 ++++ debian/control | 54 ++++++++++++++++++++++++++++++++++++++++++++ debian/copyright | 16 +++++++++++++ debian/debcargo.toml | 8 +++++++ 6 files changed, 133 insertions(+) create mode 100644 Makefile create mode 100644 debian/changelog create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/debcargo.toml diff --git a/Cargo.toml b/Cargo.toml index bc6b8a10..6840b711 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -3,6 +3,11 @@ name = "proxmox-openid" version = "0.1.0" authors = ["Dietmar Maurer "] edition = "2018" +license = "AGPL-3" +exclude = [ + "build", + "debian", +] [lib] name = "proxmox_openid" diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..e108fb10 --- /dev/null +++ b/Makefile @@ -0,0 +1,45 @@ +.PHONY: all +all: check + +.PHONY: check +check: + cargo test --all-features + +.PHONY: dinstall +dinstall: deb + sudo -k dpkg -i build/librust-*.deb + +.PHONY: build +build: + rm -rf build + rm -f debian/control + mkdir build + debcargo package \ + --config "$(PWD)/debian/debcargo.toml" \ + --changelog-ready \ + --no-overlay-write-back \ + --directory "$(PWD)/build/proxmox-openid" \ + "proxmox-openid" \ + "$$(dpkg-parsechangelog -l "debian/changelog" -SVersion | sed -e 's/-.*//')" + echo system >build/rust-toolchain + rm -f build/proxmox-openid/Cargo.lock + find build/proxmox-openid/debian -name '*.hint' -delete + cp build/proxmox-openid/debian/control debian/control + +.PHONY: deb +deb: build + (cd build/proxmox-openid && CARGO=/usr/bin/cargo RUSTC=/usr/bin/rustc dpkg-buildpackage -b -uc -us) + lintian build/*.deb + +.PHONY: clean +clean: + rm -rf build *.deb *.buildinfo *.changes *.orig.tar.gz + cargo clean + +upload: deb + cd build; \ + dcmd --deb rust-proxmox-openid_*.changes \ + | grep -v '.changes$$' \ + | tar -cf "rust-proxmox-openid-debs.tar" -T-; \ + cat "rust-proxmox-openid-debs.tar" | ssh -X repoman@repo.proxmox.com upload --product devel --dist bullseye; \ + rm -f rust-proxmox-openid-debs.tar diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 00000000..ee45134e --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +rust-proxmox-openid (0.1.0-1) devel; urgency=medium + + * initial release + + -- Proxmox Support Team Fri, 18 Jun 2021 16:05:49 +0200 diff --git a/debian/control b/debian/control new file mode 100644 index 00000000..efdaf0cb --- /dev/null +++ b/debian/control @@ -0,0 +1,54 @@ +Source: rust-proxmox-openid +Section: rust +Priority: optional +Build-Depends: debhelper (>= 12), + dh-cargo (>= 24), + cargo:native , + rustc:native , + libstd-rust-dev , + librust-anyhow-1+default-dev , + librust-curl-0.4+default-dev (>= 0.4.33-~~) , + librust-http-0.2+default-dev , + librust-nix-0.19+default-dev (>= 0.19.1-~~) , + librust-openidconnect-2+curl-dev , + librust-proxmox-0.11+api-macro-dev (>= 0.11.5-~~) , + librust-proxmox-0.11+default-dev (>= 0.11.5-~~) , + librust-proxmox-0.11+sortable-macro-dev (>= 0.11.5-~~) , + librust-serde-1+default-dev , + librust-serde-1+derive-dev , + librust-serde-json-1+default-dev , + librust-url-2+default-dev (>= 2.1-~~) +Maintainer: Proxmox Support Team +Standards-Version: 4.5.1 +Vcs-Git: +Vcs-Browser: +Rules-Requires-Root: no + +Package: librust-proxmox-openid-dev +Architecture: any +Multi-Arch: same +Depends: + ${misc:Depends}, + librust-anyhow-1+default-dev, + librust-curl-0.4+default-dev (>= 0.4.33-~~), + librust-http-0.2+default-dev, + librust-nix-0.19+default-dev (>= 0.19.1-~~), + librust-openidconnect-2+curl-dev, + librust-proxmox-0.11+api-macro-dev (>= 0.11.5-~~), + librust-proxmox-0.11+default-dev (>= 0.11.5-~~), + librust-proxmox-0.11+sortable-macro-dev (>= 0.11.5-~~), + librust-serde-1+default-dev, + librust-serde-1+derive-dev, + librust-serde-json-1+default-dev, + librust-url-2+default-dev (>= 2.1-~~) +Provides: + librust-proxmox-openid+default-dev (= ${binary:Version}), + librust-proxmox-openid-0-dev (= ${binary:Version}), + librust-proxmox-openid-0+default-dev (= ${binary:Version}), + librust-proxmox-openid-0.1-dev (= ${binary:Version}), + librust-proxmox-openid-0.1+default-dev (= ${binary:Version}), + librust-proxmox-openid-0.1.0-dev (= ${binary:Version}), + librust-proxmox-openid-0.1.0+default-dev (= ${binary:Version}) +Description: Rust crate "proxmox-openid" - Rust source code + This package contains the source for the Rust proxmox-openid crate, packaged by + debcargo for use with cargo and dh-cargo. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 00000000..477c3058 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,16 @@ +Copyright (C) 2020-2021 Proxmox Server Solutions GmbH + +This software is written by Proxmox Server Solutions GmbH + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see . diff --git a/debian/debcargo.toml b/debian/debcargo.toml new file mode 100644 index 00000000..703440fc --- /dev/null +++ b/debian/debcargo.toml @@ -0,0 +1,8 @@ +overlay = "." +crate_src_path = ".." +maintainer = "Proxmox Support Team " + +[source] +# TODO: update once public +vcs_git = "" +vcs_browser = "" From 73c5c4af7c90258b9d3b8927bf5440cdbc5a9824 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Mon, 21 Jun 2021 13:27:05 +0200 Subject: [PATCH 04/51] implement Deserialize/Serialize for OpenIdConfig Useful to create perl bindings. --- src/lib.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lib.rs b/src/lib.rs index bd3c9af8..bf9c0568 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -35,9 +35,11 @@ use openidconnect::{ Scope, }; +#[derive(Debug, Deserialize, Serialize)] pub struct OpenIdConfig { pub issuer_url: String, pub client_id: String, + #[serde(skip_serializing_if="Option::is_none")] pub client_key: Option, } From cc64c7e35dc03b61c015fd160514cddd1cb52117 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Mon, 21 Jun 2021 13:37:43 +0200 Subject: [PATCH 05/51] bump version to 0.2.0-1 --- Cargo.toml | 2 +- debian/changelog | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 6840b711..2bd959cb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.1.0" +version = "0.2.0" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" diff --git a/debian/changelog b/debian/changelog index ee45134e..e2e9212e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +rust-proxmox-openid (0.2.0-1) devel; urgency=medium + + * implement Deserialize/Serialize for OpenIdConfig + + -- Proxmox Support Team Mon, 21 Jun 2021 13:37:24 +0200 + rust-proxmox-openid (0.1.0-1) devel; urgency=medium * initial release From ac034c72da3f85b9c09ef3897d4763099f0b5ffc Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Mon, 21 Jun 2021 14:12:13 +0200 Subject: [PATCH 06/51] return Url as string To make perl bindings simple. --- debian/control | 8 ++++---- src/lib.rs | 5 ++--- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/debian/control b/debian/control index efdaf0cb..dd4a239e 100644 --- a/debian/control +++ b/debian/control @@ -45,10 +45,10 @@ Provides: librust-proxmox-openid+default-dev (= ${binary:Version}), librust-proxmox-openid-0-dev (= ${binary:Version}), librust-proxmox-openid-0+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.1-dev (= ${binary:Version}), - librust-proxmox-openid-0.1+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.1.0-dev (= ${binary:Version}), - librust-proxmox-openid-0.1.0+default-dev (= ${binary:Version}) + librust-proxmox-openid-0.2-dev (= ${binary:Version}), + librust-proxmox-openid-0.2+default-dev (= ${binary:Version}), + librust-proxmox-openid-0.2.0-dev (= ${binary:Version}), + librust-proxmox-openid-0.2.0+default-dev (= ${binary:Version}) Description: Rust crate "proxmox-openid" - Rust source code This package contains the source for the Rust proxmox-openid crate, packaged by debcargo for use with cargo and dh-cargo. diff --git a/src/lib.rs b/src/lib.rs index bf9c0568..a1614cd6 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -2,7 +2,6 @@ use std::path::Path; use anyhow::{format_err, Error}; use serde::{Deserialize, Serialize}; -use url::Url; mod http_client; pub use http_client::http_client; @@ -115,7 +114,7 @@ impl OpenIdAuthenticator { }) } - pub fn authorize_url(&self, state_dir: &str, realm: &str) -> Result { + pub fn authorize_url(&self, state_dir: &str, realm: &str) -> Result { let private_auth_state = PrivateAuthState::new(); let public_auth_state = private_auth_state.public_state_string(realm.to_string())?; @@ -137,7 +136,7 @@ impl OpenIdAuthenticator { .set_pkce_challenge(private_auth_state.pkce_challenge()) .url(); - Ok(authorize_url.into()) + Ok(authorize_url.to_string()) } pub fn verify_public_auth_state( From 8286806a19d68995620db1fb9c342a20b8f30d38 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Tue, 22 Jun 2021 09:23:59 +0200 Subject: [PATCH 07/51] =?UTF-8?q?bump=20version=20to=C3=B6=200.3.0-1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Cargo.toml | 2 +- debian/changelog | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 2bd959cb..037bb1f0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.2.0" +version = "0.3.0" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" diff --git a/debian/changelog b/debian/changelog index e2e9212e..1b610615 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +rust-proxmox-openid (0.3.0-1) unstable; urgency=medium + + * return authorize_url() as string + + -- Proxmox Support Team Tue, 22 Jun 2021 09:23:33 +0200 + rust-proxmox-openid (0.2.0-1) devel; urgency=medium * implement Deserialize/Serialize for OpenIdConfig From 4f90d7009d6bf316eb91e6367418114d2adf0787 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Wed, 23 Jun 2021 11:15:33 +0200 Subject: [PATCH 08/51] set "default-features = false" for proxmox crate --- Cargo.toml | 2 +- debian/control | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 037bb1f0..5c4edc93 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -21,6 +21,6 @@ serde_json = "1.0" url = "2.1" http = "0.2" curl = { version = "0.4.33" } -proxmox = { version = "0.11.5", features = [ "sortable-macro", "api-macro" ] } +proxmox = { version = "0.11.5", default-features = false, features = [ "sortable-macro", "api-macro" ] } nix = "0.19.1" openidconnect = { version = "2.0", default-features = false, features = ["curl"] } diff --git a/debian/control b/debian/control index dd4a239e..b9bfd99d 100644 --- a/debian/control +++ b/debian/control @@ -45,10 +45,10 @@ Provides: librust-proxmox-openid+default-dev (= ${binary:Version}), librust-proxmox-openid-0-dev (= ${binary:Version}), librust-proxmox-openid-0+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.2-dev (= ${binary:Version}), - librust-proxmox-openid-0.2+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.2.0-dev (= ${binary:Version}), - librust-proxmox-openid-0.2.0+default-dev (= ${binary:Version}) + librust-proxmox-openid-0.3-dev (= ${binary:Version}), + librust-proxmox-openid-0.3+default-dev (= ${binary:Version}), + librust-proxmox-openid-0.3.0-dev (= ${binary:Version}), + librust-proxmox-openid-0.3.0+default-dev (= ${binary:Version}) Description: Rust crate "proxmox-openid" - Rust source code This package contains the source for the Rust proxmox-openid crate, packaged by debcargo for use with cargo and dh-cargo. From 426f7b6014bdf590bfafc848d654884d7bae9054 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Wed, 23 Jun 2021 11:17:30 +0200 Subject: [PATCH 09/51] bump versionm to 0.4.0-1 --- Cargo.toml | 2 +- debian/changelog | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 5c4edc93..e02a0e9d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.3.0" +version = "0.4.0" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" diff --git a/debian/changelog b/debian/changelog index 1b610615..175607bd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +rust-proxmox-openid (0.4.0-1) unstable; urgency=medium + + * set "default-features = false" for proxmox crate + + -- Proxmox Support Team Wed, 23 Jun 2021 11:17:22 +0200 + rust-proxmox-openid (0.3.0-1) unstable; urgency=medium * return authorize_url() as string From 57516891679da1a1d313ca2f2dc3563c7a713c35 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Wed, 23 Jun 2021 11:27:55 +0200 Subject: [PATCH 10/51] avoid unused features "sortable-macro" and "api-macro" --- Cargo.toml | 2 +- debian/control | 10 ++++------ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index e02a0e9d..a0a2bddb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -21,6 +21,6 @@ serde_json = "1.0" url = "2.1" http = "0.2" curl = { version = "0.4.33" } -proxmox = { version = "0.11.5", default-features = false, features = [ "sortable-macro", "api-macro" ] } +proxmox = { version = "0.11.5", default-features = false } nix = "0.19.1" openidconnect = { version = "2.0", default-features = false, features = ["curl"] } diff --git a/debian/control b/debian/control index b9bfd99d..baf536e3 100644 --- a/debian/control +++ b/debian/control @@ -12,7 +12,6 @@ Build-Depends: debhelper (>= 12), librust-nix-0.19+default-dev (>= 0.19.1-~~) , librust-openidconnect-2+curl-dev , librust-proxmox-0.11+api-macro-dev (>= 0.11.5-~~) , - librust-proxmox-0.11+default-dev (>= 0.11.5-~~) , librust-proxmox-0.11+sortable-macro-dev (>= 0.11.5-~~) , librust-serde-1+default-dev , librust-serde-1+derive-dev , @@ -35,7 +34,6 @@ Depends: librust-nix-0.19+default-dev (>= 0.19.1-~~), librust-openidconnect-2+curl-dev, librust-proxmox-0.11+api-macro-dev (>= 0.11.5-~~), - librust-proxmox-0.11+default-dev (>= 0.11.5-~~), librust-proxmox-0.11+sortable-macro-dev (>= 0.11.5-~~), librust-serde-1+default-dev, librust-serde-1+derive-dev, @@ -45,10 +43,10 @@ Provides: librust-proxmox-openid+default-dev (= ${binary:Version}), librust-proxmox-openid-0-dev (= ${binary:Version}), librust-proxmox-openid-0+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.3-dev (= ${binary:Version}), - librust-proxmox-openid-0.3+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.3.0-dev (= ${binary:Version}), - librust-proxmox-openid-0.3.0+default-dev (= ${binary:Version}) + librust-proxmox-openid-0.4-dev (= ${binary:Version}), + librust-proxmox-openid-0.4+default-dev (= ${binary:Version}), + librust-proxmox-openid-0.4.0-dev (= ${binary:Version}), + librust-proxmox-openid-0.4.0+default-dev (= ${binary:Version}) Description: Rust crate "proxmox-openid" - Rust source code This package contains the source for the Rust proxmox-openid crate, packaged by debcargo for use with cargo and dh-cargo. From 42dedabbb1a615d84beeb4e1817c87a30e04a9de Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Wed, 23 Jun 2021 11:29:13 +0200 Subject: [PATCH 11/51] bump version to 0.5.0-1 --- Cargo.toml | 2 +- debian/changelog | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index a0a2bddb..070f7860 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.4.0" +version = "0.5.0" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" diff --git a/debian/changelog b/debian/changelog index 175607bd..8abe1124 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +rust-proxmox-openid (0.5.0-1) unstable; urgency=medium + + * avoid unused features "sortable-macro" and "api-macro" + + -- Proxmox Support Team Wed, 23 Jun 2021 11:29:05 +0200 + rust-proxmox-openid (0.4.0-1) unstable; urgency=medium * set "default-features = false" for proxmox crate From 1ecdc2ed721fbfcf67dacaa500da2bafc63f30c5 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Fri, 25 Jun 2021 11:05:56 +0200 Subject: [PATCH 12/51] use one lock file per realm --- debian/control | 14 ++++++-------- src/auth_state.rs | 2 +- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/debian/control b/debian/control index baf536e3..f775d056 100644 --- a/debian/control +++ b/debian/control @@ -11,8 +11,7 @@ Build-Depends: debhelper (>= 12), librust-http-0.2+default-dev , librust-nix-0.19+default-dev (>= 0.19.1-~~) , librust-openidconnect-2+curl-dev , - librust-proxmox-0.11+api-macro-dev (>= 0.11.5-~~) , - librust-proxmox-0.11+sortable-macro-dev (>= 0.11.5-~~) , + librust-proxmox-0.11-dev (>= 0.11.5-~~) , librust-serde-1+default-dev , librust-serde-1+derive-dev , librust-serde-json-1+default-dev , @@ -33,8 +32,7 @@ Depends: librust-http-0.2+default-dev, librust-nix-0.19+default-dev (>= 0.19.1-~~), librust-openidconnect-2+curl-dev, - librust-proxmox-0.11+api-macro-dev (>= 0.11.5-~~), - librust-proxmox-0.11+sortable-macro-dev (>= 0.11.5-~~), + librust-proxmox-0.11-dev (>= 0.11.5-~~), librust-serde-1+default-dev, librust-serde-1+derive-dev, librust-serde-json-1+default-dev, @@ -43,10 +41,10 @@ Provides: librust-proxmox-openid+default-dev (= ${binary:Version}), librust-proxmox-openid-0-dev (= ${binary:Version}), librust-proxmox-openid-0+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.4-dev (= ${binary:Version}), - librust-proxmox-openid-0.4+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.4.0-dev (= ${binary:Version}), - librust-proxmox-openid-0.4.0+default-dev (= ${binary:Version}) + librust-proxmox-openid-0.5-dev (= ${binary:Version}), + librust-proxmox-openid-0.5+default-dev (= ${binary:Version}), + librust-proxmox-openid-0.5.0-dev (= ${binary:Version}), + librust-proxmox-openid-0.5.0+default-dev (= ${binary:Version}) Description: Rust crate "proxmox-openid" - Rust source code This package contains the source for the Rust proxmox-openid crate, packaged by debcargo for use with cargo and dh-cargo. diff --git a/src/auth_state.rs b/src/auth_state.rs index 087127e0..acadaf9a 100644 --- a/src/auth_state.rs +++ b/src/auth_state.rs @@ -22,7 +22,7 @@ fn load_auth_state_locked( ) -> Result<(PathBuf, std::fs::File, Vec), Error> { let mut lock_path = state_dir.to_owned(); - lock_path.push("proxmox-openid-auth-state.lock"); + lock_path.push(format!("proxmox-openid-auth-state-{}.lck", realm)); let lock = open_file_locked( lock_path, From 60eedc0da2c7ae4385241959c0309274bd970bfd Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Fri, 25 Jun 2021 11:09:48 +0200 Subject: [PATCH 13/51] bump version to 0.6.0-1 --- Cargo.toml | 2 +- debian/changelog | 6 ++++++ debian/control | 8 ++++---- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 070f7860..b8edc533 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.5.0" +version = "0.6.0" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" diff --git a/debian/changelog b/debian/changelog index 8abe1124..398c1c7c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +rust-proxmox-openid (0.6.0-1) unstable; urgency=medium + + * use one lock file per realm + + -- Proxmox Support Team Fri, 25 Jun 2021 11:09:08 +0200 + rust-proxmox-openid (0.5.0-1) unstable; urgency=medium * avoid unused features "sortable-macro" and "api-macro" diff --git a/debian/control b/debian/control index f775d056..fb86702b 100644 --- a/debian/control +++ b/debian/control @@ -41,10 +41,10 @@ Provides: librust-proxmox-openid+default-dev (= ${binary:Version}), librust-proxmox-openid-0-dev (= ${binary:Version}), librust-proxmox-openid-0+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.5-dev (= ${binary:Version}), - librust-proxmox-openid-0.5+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.5.0-dev (= ${binary:Version}), - librust-proxmox-openid-0.5.0+default-dev (= ${binary:Version}) + librust-proxmox-openid-0.6-dev (= ${binary:Version}), + librust-proxmox-openid-0.6+default-dev (= ${binary:Version}), + librust-proxmox-openid-0.6.0-dev (= ${binary:Version}), + librust-proxmox-openid-0.6.0+default-dev (= ${binary:Version}) Description: Rust crate "proxmox-openid" - Rust source code This package contains the source for the Rust proxmox-openid crate, packaged by debcargo for use with cargo and dh-cargo. From 6c9ce7dbb611d72775a13976ad4cce8e80982b14 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Wed, 30 Jun 2021 08:42:14 +0200 Subject: [PATCH 14/51] remove debug output --- src/lib.rs | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index a1614cd6..72bcd317 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -160,13 +160,6 @@ impl OpenIdAuthenticator { .request(http_client) .map_err(|err| format_err!("Failed to contact token endpoint: {}", err))?; - println!( - "OpenId returned access token:\n{}\n", - token_response.access_token().secret() - ); - - println!("OpenId returned scopes: {:?}", token_response.scopes()); - let id_token_verifier: CoreIdTokenVerifier = self.client.id_token_verifier(); let id_token_claims: &CoreIdTokenClaims = token_response .extra_fields() @@ -175,9 +168,6 @@ impl OpenIdAuthenticator { .claims(&id_token_verifier, &private_auth_state.nonce) .map_err(|err| format_err!("Failed to verify ID token: {}", err))?; - println!("Google returned ID token: {:?}", id_token_claims); - Ok(id_token_claims.clone()) } - } From 558fbff1d72d21b3aa146203153bad89042f1d99 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Wed, 30 Jun 2021 08:43:40 +0200 Subject: [PATCH 15/51] bump version to 0.6.0-2 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 398c1c7c..025cdf8e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +rust-proxmox-openid (0.6.0-2) unstable; urgency=medium + + * remove debug output + + -- Proxmox Support Team Wed, 30 Jun 2021 08:43:06 +0200 + rust-proxmox-openid (0.6.0-1) unstable; urgency=medium * use one lock file per realm From a3de24506a377fb60d2a1e85750aafb6d03d2fe2 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Tue, 20 Jul 2021 13:51:52 +0200 Subject: [PATCH 16/51] depend on proxmox 0.12.0, bump version to 0.6.1 Signed-off-by: Thomas Lamprecht --- Cargo.toml | 4 ++-- debian/changelog | 6 ++++++ debian/control | 8 ++++---- src/auth_state.rs | 3 ++- 4 files changed, 14 insertions(+), 7 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index b8edc533..fc839c21 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.6.0" +version = "0.6.1" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" @@ -21,6 +21,6 @@ serde_json = "1.0" url = "2.1" http = "0.2" curl = { version = "0.4.33" } -proxmox = { version = "0.11.5", default-features = false } +proxmox = { version = "0.12.0", default-features = false } nix = "0.19.1" openidconnect = { version = "2.0", default-features = false, features = ["curl"] } diff --git a/debian/changelog b/debian/changelog index 025cdf8e..2e0baf4d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +rust-proxmox-openid (0.6.1-1) unstable; urgency=medium + + * depend on proxmox 0.12.0 + + -- Proxmox Support Team Tue, 20 Jul 2021 13:19:23 +0200 + rust-proxmox-openid (0.6.0-2) unstable; urgency=medium * remove debug output diff --git a/debian/control b/debian/control index fb86702b..297a1bbf 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,7 @@ Build-Depends: debhelper (>= 12), librust-http-0.2+default-dev , librust-nix-0.19+default-dev (>= 0.19.1-~~) , librust-openidconnect-2+curl-dev , - librust-proxmox-0.11-dev (>= 0.11.5-~~) , + librust-proxmox-0.12-dev , librust-serde-1+default-dev , librust-serde-1+derive-dev , librust-serde-json-1+default-dev , @@ -32,7 +32,7 @@ Depends: librust-http-0.2+default-dev, librust-nix-0.19+default-dev (>= 0.19.1-~~), librust-openidconnect-2+curl-dev, - librust-proxmox-0.11-dev (>= 0.11.5-~~), + librust-proxmox-0.12-dev, librust-serde-1+default-dev, librust-serde-1+derive-dev, librust-serde-json-1+default-dev, @@ -43,8 +43,8 @@ Provides: librust-proxmox-openid-0+default-dev (= ${binary:Version}), librust-proxmox-openid-0.6-dev (= ${binary:Version}), librust-proxmox-openid-0.6+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.6.0-dev (= ${binary:Version}), - librust-proxmox-openid-0.6.0+default-dev (= ${binary:Version}) + librust-proxmox-openid-0.6.1-dev (= ${binary:Version}), + librust-proxmox-openid-0.6.1+default-dev (= ${binary:Version}) Description: Rust crate "proxmox-openid" - Rust source code This package contains the source for the Rust proxmox-openid crate, packaged by debcargo for use with cargo and dh-cargo. diff --git a/src/auth_state.rs b/src/auth_state.rs index acadaf9a..318931b1 100644 --- a/src/auth_state.rs +++ b/src/auth_state.rs @@ -27,7 +27,8 @@ fn load_auth_state_locked( let lock = open_file_locked( lock_path, std::time::Duration::new(10, 0), - true + true, + CreateOptions::new() )?; let mut path = state_dir.to_owned(); From 8d0c0ed699c3d5c2c8e414fdec9a191110aced50 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Tue, 24 Aug 2021 16:07:22 +0200 Subject: [PATCH 17/51] bump version to 0.7.0, depend on proxmox 0.13.0 Signed-off-by: Wolfgang Bumiller --- Cargo.toml | 4 ++-- debian/changelog | 6 ++++++ debian/control | 12 ++++++------ 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index fc839c21..a86ee1c4 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.6.1" +version = "0.7.0" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" @@ -21,6 +21,6 @@ serde_json = "1.0" url = "2.1" http = "0.2" curl = { version = "0.4.33" } -proxmox = { version = "0.12.0", default-features = false } +proxmox = { version = "0.13.0", default-features = false } nix = "0.19.1" openidconnect = { version = "2.0", default-features = false, features = ["curl"] } diff --git a/debian/changelog b/debian/changelog index 2e0baf4d..328dfe8e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +rust-proxmox-openid (0.7.0-1) unstable; urgency=medium + + * bump proxmox to 0.13.0 + + -- Proxmox Support Team Tue, 24 Aug 2021 16:06:55 +0200 + rust-proxmox-openid (0.6.1-1) unstable; urgency=medium * depend on proxmox 0.12.0 diff --git a/debian/control b/debian/control index 297a1bbf..bee537a0 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,7 @@ Build-Depends: debhelper (>= 12), librust-http-0.2+default-dev , librust-nix-0.19+default-dev (>= 0.19.1-~~) , librust-openidconnect-2+curl-dev , - librust-proxmox-0.12-dev , + librust-proxmox-0.13-dev , librust-serde-1+default-dev , librust-serde-1+derive-dev , librust-serde-json-1+default-dev , @@ -32,7 +32,7 @@ Depends: librust-http-0.2+default-dev, librust-nix-0.19+default-dev (>= 0.19.1-~~), librust-openidconnect-2+curl-dev, - librust-proxmox-0.12-dev, + librust-proxmox-0.13-dev, librust-serde-1+default-dev, librust-serde-1+derive-dev, librust-serde-json-1+default-dev, @@ -41,10 +41,10 @@ Provides: librust-proxmox-openid+default-dev (= ${binary:Version}), librust-proxmox-openid-0-dev (= ${binary:Version}), librust-proxmox-openid-0+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.6-dev (= ${binary:Version}), - librust-proxmox-openid-0.6+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.6.1-dev (= ${binary:Version}), - librust-proxmox-openid-0.6.1+default-dev (= ${binary:Version}) + librust-proxmox-openid-0.7-dev (= ${binary:Version}), + librust-proxmox-openid-0.7+default-dev (= ${binary:Version}), + librust-proxmox-openid-0.7.0-dev (= ${binary:Version}), + librust-proxmox-openid-0.7.0+default-dev (= ${binary:Version}) Description: Rust crate "proxmox-openid" - Rust source code This package contains the source for the Rust proxmox-openid crate, packaged by debcargo for use with cargo and dh-cargo. From d65b2df750cb5ae2fe7b61bf1e896c9a7a81f5bf Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Fri, 8 Oct 2021 12:20:20 +0200 Subject: [PATCH 18/51] update to proxmox split and bump version to 0.8.0-1 Signed-off-by: Wolfgang Bumiller --- Cargo.toml | 14 ++++++++------ debian/changelog | 6 ++++++ debian/control | 14 ++++++++------ src/auth_state.rs | 2 +- src/lib.rs | 2 +- 5 files changed, 24 insertions(+), 14 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index a86ee1c4..c79bc7b2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.7.0" +version = "0.8.0" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" @@ -16,11 +16,13 @@ path = "src/lib.rs" [dependencies] anyhow = "1.0" +curl = { version = "0.4.33" } +http = "0.2" +nix = "0.19.1" +openidconnect = { version = "2.0", default-features = false, features = ["curl"] } serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" url = "2.1" -http = "0.2" -curl = { version = "0.4.33" } -proxmox = { version = "0.13.0", default-features = false } -nix = "0.19.1" -openidconnect = { version = "2.0", default-features = false, features = ["curl"] } + +proxmox = "0.14.0" +proxmox-time = "1" diff --git a/debian/changelog b/debian/changelog index 328dfe8e..21a363c0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +rust-proxmox-openid (0.8.0-1) unstable; urgency=medium + + * update to proxmox crate split + + -- Proxmox Support Team Fri, 08 Oct 2021 12:19:55 +0200 + rust-proxmox-openid (0.7.0-1) unstable; urgency=medium * bump proxmox to 0.13.0 diff --git a/debian/control b/debian/control index bee537a0..9e53c8da 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,8 @@ Build-Depends: debhelper (>= 12), librust-http-0.2+default-dev , librust-nix-0.19+default-dev (>= 0.19.1-~~) , librust-openidconnect-2+curl-dev , - librust-proxmox-0.13-dev , + librust-proxmox-0.14+default-dev , + librust-proxmox-time-1+default-dev , librust-serde-1+default-dev , librust-serde-1+derive-dev , librust-serde-json-1+default-dev , @@ -32,7 +33,8 @@ Depends: librust-http-0.2+default-dev, librust-nix-0.19+default-dev (>= 0.19.1-~~), librust-openidconnect-2+curl-dev, - librust-proxmox-0.13-dev, + librust-proxmox-0.14+default-dev, + librust-proxmox-time-1+default-dev, librust-serde-1+default-dev, librust-serde-1+derive-dev, librust-serde-json-1+default-dev, @@ -41,10 +43,10 @@ Provides: librust-proxmox-openid+default-dev (= ${binary:Version}), librust-proxmox-openid-0-dev (= ${binary:Version}), librust-proxmox-openid-0+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.7-dev (= ${binary:Version}), - librust-proxmox-openid-0.7+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.7.0-dev (= ${binary:Version}), - librust-proxmox-openid-0.7.0+default-dev (= ${binary:Version}) + librust-proxmox-openid-0.8-dev (= ${binary:Version}), + librust-proxmox-openid-0.8+default-dev (= ${binary:Version}), + librust-proxmox-openid-0.8.0-dev (= ${binary:Version}), + librust-proxmox-openid-0.8.0+default-dev (= ${binary:Version}) Description: Rust crate "proxmox-openid" - Rust source code This package contains the source for the Rust proxmox-openid crate, packaged by debcargo for use with cargo and dh-cargo. diff --git a/src/auth_state.rs b/src/auth_state.rs index 318931b1..dcf564d2 100644 --- a/src/auth_state.rs +++ b/src/auth_state.rs @@ -4,7 +4,6 @@ use anyhow::{bail, Error}; use serde_json::{json, Value}; use proxmox::tools::{ - time::epoch_i64, fs::{ replace_file, open_file_locked, @@ -12,6 +11,7 @@ use proxmox::tools::{ CreateOptions, }, }; +use proxmox_time::epoch_i64; use super::{PublicAuthState, PrivateAuthState}; diff --git a/src/lib.rs b/src/lib.rs index 72bcd317..34c74c90 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -71,7 +71,7 @@ impl PrivateAuthState { csrf_token, nonce, pkce_verifier, - ctime: proxmox::tools::time::epoch_i64(), + ctime: proxmox_time::epoch_i64(), } } From 6aa28f0a08da107dda73bfe193cd6b3a1200666e Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Wed, 20 Oct 2021 14:55:15 +0200 Subject: [PATCH 19/51] add fsync parameter to replace_file Depend on proxmox 0.15.0 Signed-off-by: Dietmar Maurer --- Cargo.toml | 2 +- src/auth_state.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index c79bc7b2..e0c8d5a9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -24,5 +24,5 @@ serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" url = "2.1" -proxmox = "0.14.0" +proxmox = "0.15.0" proxmox-time = "1" diff --git a/src/auth_state.rs b/src/auth_state.rs index dcf564d2..f7c7cd0f 100644 --- a/src/auth_state.rs +++ b/src/auth_state.rs @@ -62,7 +62,7 @@ fn replace_auth_state( let options = CreateOptions::new().perm(mode); let raw = serde_json::to_string_pretty(data)?; - replace_file(path, raw.as_bytes(), options)?; + replace_file(path, raw.as_bytes(), options, false)?; Ok(()) } From 8471451a7b262c754435e4b4d55a989eb39df94e Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Thu, 21 Oct 2021 07:15:11 +0200 Subject: [PATCH 20/51] bump version to 0.8.1-1 Signed-off-by: Dietmar Maurer --- Cargo.toml | 2 +- debian/changelog | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index e0c8d5a9..bff3f587 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.8.0" +version = "0.8.1" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" diff --git a/debian/changelog b/debian/changelog index 21a363c0..3630b67c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +rust-proxmox-openid (0.8.1-1) unstable; urgency=medium + + * add fsync parameter to replace_file + + * Depend on proxmox 0.15.0 + + -- Proxmox Support Team Thu, 21 Oct 2021 07:14:52 +0200 + rust-proxmox-openid (0.8.0-1) unstable; urgency=medium * update to proxmox crate split From 5937e44062acb44d8bdcfe43730e9d76f9df5b2d Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Fri, 6 Aug 2021 13:57:36 +0200 Subject: [PATCH 21/51] allow to configure used scopes --- src/lib.rs | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 34c74c90..d0d36546 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -34,16 +34,19 @@ use openidconnect::{ Scope, }; -#[derive(Debug, Deserialize, Serialize)] +#[derive(Debug, Deserialize, Serialize, Clone)] pub struct OpenIdConfig { pub issuer_url: String, pub client_id: String, #[serde(skip_serializing_if="Option::is_none")] pub client_key: Option, + #[serde(skip_serializing_if="Option::is_none")] + pub scopes: Option>, } pub struct OpenIdAuthenticator { client: CoreClient, + config: OpenIdConfig, } #[derive(Debug, Deserialize, Serialize)] @@ -111,6 +114,7 @@ impl OpenIdAuthenticator { Ok(Self { client, + config: config.clone(), }) } @@ -123,18 +127,25 @@ impl OpenIdAuthenticator { store_auth_state(Path::new(state_dir), realm, &private_auth_state)?; // Generate the authorization URL to which we'll redirect the user. - let (authorize_url, _csrf_state, _nonce) = self.client + let mut request = self.client .authorize_url( CoreAuthenticationFlow::AuthorizationCode, || CsrfToken::new(public_auth_state), || nonce, ) - .set_display(CoreAuthDisplay::Page) - .add_prompt(CoreAuthPrompt::Login) - .add_scope(Scope::new("email".to_string())) - .add_scope(Scope::new("profile".to_string())) - .set_pkce_challenge(private_auth_state.pkce_challenge()) - .url(); + .set_pkce_challenge(private_auth_state.pkce_challenge()); + + request = request.set_display(CoreAuthDisplay::Page); + + request = request.add_prompt(CoreAuthPrompt::Login); + + if let Some(ref scopes) = self.config.scopes { + for scope in scopes.clone() { + request = request.add_scope(Scope::new(scope)); + } + } + + let (authorize_url, _csrf_state, _nonce) = request.url(); Ok(authorize_url.to_string()) } From cfecbee92cd6256bdc727414fe37707b8844363f Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Fri, 6 Aug 2021 13:57:40 +0200 Subject: [PATCH 22/51] also return data from UserInfo endpoint --- src/lib.rs | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index d0d36546..a0548f78 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -20,6 +20,7 @@ use openidconnect::{ CoreAuthenticationFlow, CoreAuthDisplay, CoreAuthPrompt, + CoreGenderClaim, }, PkceCodeChallenge, PkceCodeVerifier, @@ -32,9 +33,18 @@ use openidconnect::{ OAuth2TokenResponse, RedirectUrl, Scope, + UserInfoClaims, + AdditionalClaims, }; -#[derive(Debug, Deserialize, Serialize, Clone)] +/// Stores Additional Claims into a serde_json::Value; +#[derive(Debug, Deserialize, Serialize)] +pub struct GenericClaims(serde_json::Value); +impl AdditionalClaims for GenericClaims {} + +pub type GenericUserInfoClaims = UserInfoClaims; + + #[derive(Debug, Deserialize, Serialize, Clone)] pub struct OpenIdConfig { pub issuer_url: String, pub client_id: String, @@ -161,7 +171,7 @@ impl OpenIdAuthenticator { &self, code: &str, private_auth_state: &PrivateAuthState, - ) -> Result { + ) -> Result<(CoreIdTokenClaims, GenericUserInfoClaims), Error> { let code = AuthorizationCode::new(code.to_string()); // Exchange the code with a token. @@ -179,6 +189,11 @@ impl OpenIdAuthenticator { .claims(&id_token_verifier, &private_auth_state.nonce) .map_err(|err| format_err!("Failed to verify ID token: {}", err))?; - Ok(id_token_claims.clone()) + let userinfo_claims: GenericUserInfoClaims = self.client + .user_info(token_response.access_token().to_owned(), None)? + .request(http_client) + .map_err(|err| format_err!("Failed to contact userinfo endpoint: {}", err))?; + + Ok((id_token_claims.clone(), userinfo_claims)) } } From f53d242cb01b83c52f21f8e88188366ecfddf650 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Fri, 6 Aug 2021 13:57:41 +0200 Subject: [PATCH 23/51] new helper verify_authorization_code_simple() Simply return data as serde_json::Value. --- src/lib.rs | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index a0548f78..de2251fc 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -2,6 +2,7 @@ use std::path::Path; use anyhow::{format_err, Error}; use serde::{Deserialize, Serialize}; +use serde_json::Value; mod http_client; pub use http_client::http_client; @@ -39,7 +40,7 @@ use openidconnect::{ /// Stores Additional Claims into a serde_json::Value; #[derive(Debug, Deserialize, Serialize)] -pub struct GenericClaims(serde_json::Value); +pub struct GenericClaims(Value); impl AdditionalClaims for GenericClaims {} pub type GenericUserInfoClaims = UserInfoClaims; @@ -196,4 +197,29 @@ impl OpenIdAuthenticator { Ok((id_token_claims.clone(), userinfo_claims)) } + + /// Like verify_authorization_code(), but returns claims as serde_json::Value + pub fn verify_authorization_code_simple( + &self, + code: &str, + private_auth_state: &PrivateAuthState, + ) -> Result { + + let (id_token_claims, userinfo_claims) = self.verify_authorization_code(&code, &private_auth_state)?; + + let mut data = serde_json::to_value(id_token_claims)?; + + let data2 = serde_json::to_value(userinfo_claims)?; + + if let Some(map) = data2.as_object() { + for (key, value) in map { + if data[key] != Value::Null { + continue; // already set + } + data[key] = value.clone(); + } + } + + Ok(data) + } } From 897c5c75691032a0c3e3b340a5a514db9ceed43e Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Fri, 6 Aug 2021 13:57:42 +0200 Subject: [PATCH 24/51] allow to configure prompt behaviour And do not set it by default. --- src/lib.rs | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index de2251fc..aead3d74 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -45,7 +45,7 @@ impl AdditionalClaims for GenericClaims {} pub type GenericUserInfoClaims = UserInfoClaims; - #[derive(Debug, Deserialize, Serialize, Clone)] +#[derive(Debug, Deserialize, Serialize, Clone)] pub struct OpenIdConfig { pub issuer_url: String, pub client_id: String, @@ -53,6 +53,8 @@ pub struct OpenIdConfig { pub client_key: Option, #[serde(skip_serializing_if="Option::is_none")] pub scopes: Option>, + #[serde(skip_serializing_if="Option::is_none")] + pub prompt: Option, } pub struct OpenIdAuthenticator { @@ -148,7 +150,24 @@ impl OpenIdAuthenticator { request = request.set_display(CoreAuthDisplay::Page); - request = request.add_prompt(CoreAuthPrompt::Login); + match self.config.prompt.as_deref() { + None => { /* nothing */ }, + Some("none") => { + request = request.add_prompt(CoreAuthPrompt::None); + } + Some("login") => { + request = request.add_prompt(CoreAuthPrompt::Login); + } + Some("consent") => { + request = request.add_prompt(CoreAuthPrompt::Consent); + } + Some("select_account") => { + request = request.add_prompt(CoreAuthPrompt::SelectAccount); + } + Some(extension) => { + request = request.add_prompt(CoreAuthPrompt::Extension(extension.into())); + } + } if let Some(ref scopes) = self.config.scopes { for scope in scopes.clone() { From 6454a54704578309a44a0a2b437a5ee3ab97436c Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Fri, 6 Aug 2021 13:57:43 +0200 Subject: [PATCH 25/51] allow to configure acr values --- src/lib.rs | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/lib.rs b/src/lib.rs index aead3d74..e9fbd940 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -36,6 +36,7 @@ use openidconnect::{ Scope, UserInfoClaims, AdditionalClaims, + AuthenticationContextClass, }; /// Stores Additional Claims into a serde_json::Value; @@ -55,6 +56,8 @@ pub struct OpenIdConfig { pub scopes: Option>, #[serde(skip_serializing_if="Option::is_none")] pub prompt: Option, + #[serde(skip_serializing_if="Option::is_none")] + pub acr_values: Option>, } pub struct OpenIdAuthenticator { @@ -175,6 +178,12 @@ impl OpenIdAuthenticator { } } + if let Some(ref acr_values) = self.config.acr_values { + for acr in acr_values.clone() { + request = request.add_auth_context_value(AuthenticationContextClass::new(acr)); + } + } + let (authorize_url, _csrf_state, _nonce) = request.url(); Ok(authorize_url.to_string()) From ea637eec281a42e6b73c0b1f58435935a693d54e Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Thu, 18 Nov 2021 09:37:12 +0100 Subject: [PATCH 26/51] bump version to 0.9.0-1 --- Cargo.toml | 2 +- debian/changelog | 14 ++++++++++++++ debian/control | 12 ++++++------ 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index bff3f587..4bd03a0a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.8.1" +version = "0.9.0" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" diff --git a/debian/changelog b/debian/changelog index 3630b67c..dc80a77a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +rust-proxmox-openid (0.9.0-1) unstable; urgency=medium + + * allow to configure used scopes + + * allow to configure prompt behaviour + + * allow to configure acr values + + * new helper verify_authorization_code_simple() + + * also return data from UserInfo endpoint + + -- Proxmox Support Team Thu, 18 Nov 2021 09:36:29 +0100 + rust-proxmox-openid (0.8.1-1) unstable; urgency=medium * add fsync parameter to replace_file diff --git a/debian/control b/debian/control index 9e53c8da..69047ab1 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,7 @@ Build-Depends: debhelper (>= 12), librust-http-0.2+default-dev , librust-nix-0.19+default-dev (>= 0.19.1-~~) , librust-openidconnect-2+curl-dev , - librust-proxmox-0.14+default-dev , + librust-proxmox-0.15+default-dev , librust-proxmox-time-1+default-dev , librust-serde-1+default-dev , librust-serde-1+derive-dev , @@ -33,7 +33,7 @@ Depends: librust-http-0.2+default-dev, librust-nix-0.19+default-dev (>= 0.19.1-~~), librust-openidconnect-2+curl-dev, - librust-proxmox-0.14+default-dev, + librust-proxmox-0.15+default-dev, librust-proxmox-time-1+default-dev, librust-serde-1+default-dev, librust-serde-1+derive-dev, @@ -43,10 +43,10 @@ Provides: librust-proxmox-openid+default-dev (= ${binary:Version}), librust-proxmox-openid-0-dev (= ${binary:Version}), librust-proxmox-openid-0+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.8-dev (= ${binary:Version}), - librust-proxmox-openid-0.8+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.8.0-dev (= ${binary:Version}), - librust-proxmox-openid-0.8.0+default-dev (= ${binary:Version}) + librust-proxmox-openid-0.9-dev (= ${binary:Version}), + librust-proxmox-openid-0.9+default-dev (= ${binary:Version}), + librust-proxmox-openid-0.9.0-dev (= ${binary:Version}), + librust-proxmox-openid-0.9.0+default-dev (= ${binary:Version}) Description: Rust crate "proxmox-openid" - Rust source code This package contains the source for the Rust proxmox-openid crate, packaged by debcargo for use with cargo and dh-cargo. From a3592355a13e8edfd3ecfddc5faadc16bac52d03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= Date: Thu, 18 Nov 2021 12:53:37 +0100 Subject: [PATCH 27/51] bump openidconnect dep to 2.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit for updated rand/base64 support Signed-off-by: Fabian Grünbichler --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 4bd03a0a..cc0105ba 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -19,7 +19,7 @@ anyhow = "1.0" curl = { version = "0.4.33" } http = "0.2" nix = "0.19.1" -openidconnect = { version = "2.0", default-features = false, features = ["curl"] } +openidconnect = { version = "2.1", default-features = false, features = ["curl"] } serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" url = "2.1" From d6e7e2599f5190d38dfab58426ebd0ce6a55dd1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= Date: Thu, 18 Nov 2021 12:54:31 +0100 Subject: [PATCH 28/51] bump version to 0.9.1-1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fabian Grünbichler --- Cargo.toml | 2 +- debian/changelog | 6 ++++++ debian/control | 8 ++++---- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index cc0105ba..12ea041c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.9.0" +version = "0.9.1" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" diff --git a/debian/changelog b/debian/changelog index dc80a77a..8194f83b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +rust-proxmox-openid (0.9.1-1) unstable; urgency=medium + + * rebuild with openidconnect 0.2.1 + + -- Proxmox Support Team Thu, 18 Nov 2021 12:54:24 +0100 + rust-proxmox-openid (0.9.0-1) unstable; urgency=medium * allow to configure used scopes diff --git a/debian/control b/debian/control index 69047ab1..ba51c871 100644 --- a/debian/control +++ b/debian/control @@ -10,7 +10,7 @@ Build-Depends: debhelper (>= 12), librust-curl-0.4+default-dev (>= 0.4.33-~~) , librust-http-0.2+default-dev , librust-nix-0.19+default-dev (>= 0.19.1-~~) , - librust-openidconnect-2+curl-dev , + librust-openidconnect-2+curl-dev (>= 2.1-~~) , librust-proxmox-0.15+default-dev , librust-proxmox-time-1+default-dev , librust-serde-1+default-dev , @@ -32,7 +32,7 @@ Depends: librust-curl-0.4+default-dev (>= 0.4.33-~~), librust-http-0.2+default-dev, librust-nix-0.19+default-dev (>= 0.19.1-~~), - librust-openidconnect-2+curl-dev, + librust-openidconnect-2+curl-dev (>= 2.1-~~), librust-proxmox-0.15+default-dev, librust-proxmox-time-1+default-dev, librust-serde-1+default-dev, @@ -45,8 +45,8 @@ Provides: librust-proxmox-openid-0+default-dev (= ${binary:Version}), librust-proxmox-openid-0.9-dev (= ${binary:Version}), librust-proxmox-openid-0.9+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.9.0-dev (= ${binary:Version}), - librust-proxmox-openid-0.9.0+default-dev (= ${binary:Version}) + librust-proxmox-openid-0.9.1-dev (= ${binary:Version}), + librust-proxmox-openid-0.9.1+default-dev (= ${binary:Version}) Description: Rust crate "proxmox-openid" - Rust source code This package contains the source for the Rust proxmox-openid crate, packaged by debcargo for use with cargo and dh-cargo. From a92d77bf1f914e053397637d1fb70ed7aa459fbe Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Tue, 23 Nov 2021 12:38:34 +0100 Subject: [PATCH 29/51] bump version to 0.9.2-1, depend on proxmox-sys 0.2 Signed-off-by: Dietmar Maurer --- Cargo.toml | 4 ++-- debian/changelog | 6 ++++++ debian/control | 4 ++-- src/auth_state.rs | 12 +++++------- 4 files changed, 15 insertions(+), 11 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 12ea041c..5f322a98 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.9.1" +version = "0.9.2" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" @@ -24,5 +24,5 @@ serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" url = "2.1" -proxmox = "0.15.0" proxmox-time = "1" +proxmox-sys = "0.2" diff --git a/debian/changelog b/debian/changelog index 8194f83b..f00e008e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +rust-proxmox-openid (0.9.2-1) stable; urgency=medium + + * depend on proxmox-sys 0.2 + + -- Proxmox Support Team Tue, 23 Nov 2021 12:35:41 +0100 + rust-proxmox-openid (0.9.1-1) unstable; urgency=medium * rebuild with openidconnect 0.2.1 diff --git a/debian/control b/debian/control index ba51c871..88873a25 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,7 @@ Build-Depends: debhelper (>= 12), librust-http-0.2+default-dev , librust-nix-0.19+default-dev (>= 0.19.1-~~) , librust-openidconnect-2+curl-dev (>= 2.1-~~) , - librust-proxmox-0.15+default-dev , + librust-proxmox-sys-0.2+default-dev , librust-proxmox-time-1+default-dev , librust-serde-1+default-dev , librust-serde-1+derive-dev , @@ -33,7 +33,7 @@ Depends: librust-http-0.2+default-dev, librust-nix-0.19+default-dev (>= 0.19.1-~~), librust-openidconnect-2+curl-dev (>= 2.1-~~), - librust-proxmox-0.15+default-dev, + librust-proxmox-sys-0.2+default-dev, librust-proxmox-time-1+default-dev, librust-serde-1+default-dev, librust-serde-1+derive-dev, diff --git a/src/auth_state.rs b/src/auth_state.rs index f7c7cd0f..7692ff31 100644 --- a/src/auth_state.rs +++ b/src/auth_state.rs @@ -3,13 +3,11 @@ use std::path::{Path, PathBuf}; use anyhow::{bail, Error}; use serde_json::{json, Value}; -use proxmox::tools::{ - fs::{ - replace_file, - open_file_locked, - file_get_json, - CreateOptions, - }, +use proxmox_sys::fs::{ + replace_file, + open_file_locked, + file_get_json, + CreateOptions, }; use proxmox_time::epoch_i64; From bdcecd3214fc11f2a8b96611624c7075eb20a435 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Wed, 24 Nov 2021 10:16:37 +0100 Subject: [PATCH 30/51] update debian/control --- debian/control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index 88873a25..f7748eb4 100644 --- a/debian/control +++ b/debian/control @@ -45,8 +45,8 @@ Provides: librust-proxmox-openid-0+default-dev (= ${binary:Version}), librust-proxmox-openid-0.9-dev (= ${binary:Version}), librust-proxmox-openid-0.9+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.9.1-dev (= ${binary:Version}), - librust-proxmox-openid-0.9.1+default-dev (= ${binary:Version}) + librust-proxmox-openid-0.9.2-dev (= ${binary:Version}), + librust-proxmox-openid-0.9.2+default-dev (= ${binary:Version}) Description: Rust crate "proxmox-openid" - Rust source code This package contains the source for the Rust proxmox-openid crate, packaged by debcargo for use with cargo and dh-cargo. From f3ddce5297fa168c6d4fcb0d46b07f34109d85d9 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Tue, 1 Feb 2022 08:09:44 +0100 Subject: [PATCH 31/51] use ureq (with native-tls) instead of curl Signed-off-by: Dietmar Maurer --- Cargo.toml | 5 +- debian/control | 14 ++++-- src/http_client.rs | 123 ++++++++++++++++++++------------------------- 3 files changed, 67 insertions(+), 75 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 5f322a98..e13fe9b0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -16,12 +16,13 @@ path = "src/lib.rs" [dependencies] anyhow = "1.0" -curl = { version = "0.4.33" } http = "0.2" nix = "0.19.1" -openidconnect = { version = "2.1", default-features = false, features = ["curl"] } +openidconnect = { version = "2.2", default-features = false, features = [] } serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" +thiserror="1.0" +ureq = { version = "2.4", features = ["native-tls"] } url = "2.1" proxmox-time = "1" diff --git a/debian/control b/debian/control index f7748eb4..992dfed0 100644 --- a/debian/control +++ b/debian/control @@ -2,20 +2,22 @@ Source: rust-proxmox-openid Section: rust Priority: optional Build-Depends: debhelper (>= 12), - dh-cargo (>= 24), + dh-cargo (>= 25), cargo:native , rustc:native , libstd-rust-dev , librust-anyhow-1+default-dev , - librust-curl-0.4+default-dev (>= 0.4.33-~~) , librust-http-0.2+default-dev , librust-nix-0.19+default-dev (>= 0.19.1-~~) , - librust-openidconnect-2+curl-dev (>= 2.1-~~) , + librust-openidconnect-2-dev (>= 2.2-~~) , librust-proxmox-sys-0.2+default-dev , librust-proxmox-time-1+default-dev , librust-serde-1+default-dev , librust-serde-1+derive-dev , librust-serde-json-1+default-dev , + librust-thiserror-1+default-dev , + librust-ureq-2+default-dev (>= 2.4-~~) , + librust-ureq-2+native-tls-dev (>= 2.4-~~) , librust-url-2+default-dev (>= 2.1-~~) Maintainer: Proxmox Support Team Standards-Version: 4.5.1 @@ -29,15 +31,17 @@ Multi-Arch: same Depends: ${misc:Depends}, librust-anyhow-1+default-dev, - librust-curl-0.4+default-dev (>= 0.4.33-~~), librust-http-0.2+default-dev, librust-nix-0.19+default-dev (>= 0.19.1-~~), - librust-openidconnect-2+curl-dev (>= 2.1-~~), + librust-openidconnect-2-dev (>= 2.2-~~), librust-proxmox-sys-0.2+default-dev, librust-proxmox-time-1+default-dev, librust-serde-1+default-dev, librust-serde-1+derive-dev, librust-serde-json-1+default-dev, + librust-thiserror-1+default-dev, + librust-ureq-2+default-dev (>= 2.4-~~), + librust-ureq-2+native-tls-dev (>= 2.4-~~), librust-url-2+default-dev (>= 2.1-~~) Provides: librust-proxmox-openid+default-dev (= ${binary:Version}), diff --git a/src/http_client.rs b/src/http_client.rs index f07aed0d..89a720fb 100644 --- a/src/http_client.rs +++ b/src/http_client.rs @@ -1,6 +1,3 @@ -use std::io::Read; - -use curl::easy::Easy; use http::header::{HeaderMap, HeaderValue, CONTENT_TYPE}; use http::method::Method; use http::status::StatusCode; @@ -10,83 +7,73 @@ use openidconnect::{ HttpResponse, }; -/// Synchronous Curl HTTP client. +// Copied from OAuth2 create, because we want to use ureq with +// native-tls. But current OAuth2 crate pulls in rustls, so we cannot +// use their 'ureq' feature. + /// -/// Copied fron OAuth2 create, added fix https://github.com/ramosbugs/oauth2-rs/pull/147 -pub fn http_client(request: HttpRequest) -> Result { +/// Error type returned by failed ureq HTTP requests. +/// +#[derive(Debug, thiserror::Error)] +pub enum Error { + /// Non-ureq HTTP error. + #[error("HTTP error")] + Http(#[from] http::Error), + /// IO error + #[error("IO error")] + IO(#[from] std::io::Error), + /// Other error. + #[error("Other error: {}", _0)] + Other(String), + /// Error returned by ureq crate. + // boxed due to https://github.com/algesten/ureq/issues/296 + #[error("ureq request failed")] + Ureq(#[from] Box), +} - use openidconnect::curl::Error; - - let mut easy = Easy::new(); - easy.url(&request.url.to_string()[..]) - .map_err(Error::Curl)?; +/// +/// Synchronous HTTP client for ureq. +/// +pub fn http_client(request: HttpRequest) -> Result { + let mut req = if let Method::POST = request.method { + ureq::post(&request.url.to_string()) + } else { + ureq::get(&request.url.to_string()) + }; - let mut headers = curl::easy::List::new(); - request - .headers - .iter() - .map(|(name, value)| { - headers - .append(&format!( - "{}: {}", - name, - value.to_str().map_err(|_| Error::Other(format!( + for (name, value) in request.headers { + if let Some(name) = name { + req = req.set( + &name.to_string(), + value.to_str().map_err(|_| { + Error::Other(format!( "invalid {} header value {:?}", name, value.as_bytes() - )))? - )) - .map_err(Error::Curl) - }) - .collect::>()?; + )) + })?, + ); + } + } - easy.http_headers(headers).map_err(Error::Curl)?; - - if let Method::POST = request.method { - easy.post(true).map_err(Error::Curl)?; - easy.post_field_size(request.body.len() as u64) - .map_err(Error::Curl)?; + let response = if let Method::POST = request.method { + req.send(&*request.body) } else { - assert_eq!(request.method, Method::GET); + req.call() } + .map_err(Box::new)?; - let mut form_slice = &request.body[..]; - let mut data = Vec::new(); - { - let mut transfer = easy.transfer(); + let status_code = StatusCode::from_u16(response.status()) + .map_err(|err| Error::Http(err.into()))?; - transfer - .read_function(|buf| Ok(form_slice.read(buf).unwrap_or(0))) - .map_err(Error::Curl)?; - - transfer - .write_function(|new_data| { - data.extend_from_slice(new_data); - Ok(new_data.len()) - }) - .map_err(Error::Curl)?; - - transfer.perform().map_err(Error::Curl)?; - } - - let status_code = easy.response_code().map_err(Error::Curl)? as u16; + let content_type = HeaderValue::from_str(response.content_type()) + .map_err(|err| Error::Http(err.into()))?; Ok(HttpResponse { - status_code: StatusCode::from_u16(status_code).map_err(|err| Error::Http(err.into()))?, - headers: easy - .content_type() - .map_err(Error::Curl)? - .map(|content_type| { - Ok(vec![( - CONTENT_TYPE, - HeaderValue::from_str(content_type).map_err(|err| Error::Http(err.into()))?, - )] - .into_iter() - .collect::()) - }) - .transpose()? - .unwrap_or_else(HeaderMap::new), - body: data, + status_code, + headers: vec![(CONTENT_TYPE, content_type)] + .into_iter() + .collect::(), + body: response.into_string()?.as_bytes().into(), }) } - From cf18776173354bf53fb1d8acbd62a47235ad6c55 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Tue, 1 Feb 2022 09:03:56 +0100 Subject: [PATCH 32/51] cargo: enable "accept-rfc3339-timestamps" feature for OIDC It doesn't pull in any new dependency and we require it to be able to work with the auth0 provider. https://github.com/ramosbugs/openidconnect-rs/pull/55#issuecomment-1026567725 Signed-off-by: Thomas Lamprecht --- Cargo.toml | 2 +- debian/control | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index e13fe9b0..2af5638b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -18,7 +18,7 @@ path = "src/lib.rs" anyhow = "1.0" http = "0.2" nix = "0.19.1" -openidconnect = { version = "2.2", default-features = false, features = [] } +openidconnect = { version = "2.2", default-features = false, features = ["accept-rfc3339-timestamps"] } serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" thiserror="1.0" diff --git a/debian/control b/debian/control index 992dfed0..325a5269 100644 --- a/debian/control +++ b/debian/control @@ -9,7 +9,7 @@ Build-Depends: debhelper (>= 12), librust-anyhow-1+default-dev , librust-http-0.2+default-dev , librust-nix-0.19+default-dev (>= 0.19.1-~~) , - librust-openidconnect-2-dev (>= 2.2-~~) , + librust-openidconnect-2+accept-rfc3339-timestamps-dev (>= 2.2-~~) , librust-proxmox-sys-0.2+default-dev , librust-proxmox-time-1+default-dev , librust-serde-1+default-dev , @@ -33,7 +33,7 @@ Depends: librust-anyhow-1+default-dev, librust-http-0.2+default-dev, librust-nix-0.19+default-dev (>= 0.19.1-~~), - librust-openidconnect-2-dev (>= 2.2-~~), + librust-openidconnect-2+accept-rfc3339-timestamps-dev (>= 2.2-~~), librust-proxmox-sys-0.2+default-dev, librust-proxmox-time-1+default-dev, librust-serde-1+default-dev, From ce9a84c54f24d55b39142077d8a3c123af4c0d1e Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Tue, 1 Feb 2022 09:13:21 +0100 Subject: [PATCH 33/51] enable gzip feature for ureq Signed-off-by: Dietmar Maurer --- Cargo.toml | 2 +- debian/control | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 2af5638b..a699a642 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -22,7 +22,7 @@ openidconnect = { version = "2.2", default-features = false, features = ["accept serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" thiserror="1.0" -ureq = { version = "2.4", features = ["native-tls"] } +ureq = { version = "2.4", features = ["native-tls", "gzip"] } url = "2.1" proxmox-time = "1" diff --git a/debian/control b/debian/control index 325a5269..ddb9453c 100644 --- a/debian/control +++ b/debian/control @@ -17,6 +17,7 @@ Build-Depends: debhelper (>= 12), librust-serde-json-1+default-dev , librust-thiserror-1+default-dev , librust-ureq-2+default-dev (>= 2.4-~~) , + librust-ureq-2+gzip-dev (>= 2.4-~~) , librust-ureq-2+native-tls-dev (>= 2.4-~~) , librust-url-2+default-dev (>= 2.1-~~) Maintainer: Proxmox Support Team @@ -41,6 +42,7 @@ Depends: librust-serde-json-1+default-dev, librust-thiserror-1+default-dev, librust-ureq-2+default-dev (>= 2.4-~~), + librust-ureq-2+gzip-dev (>= 2.4-~~), librust-ureq-2+native-tls-dev (>= 2.4-~~), librust-url-2+default-dev (>= 2.1-~~) Provides: From bd2bf045cc194aa362f91cf9995a0db6fb96a4f1 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Tue, 1 Feb 2022 10:35:10 +0100 Subject: [PATCH 34/51] use native-tls for ureq Signed-off-by: Wolfgang Bumiller --- Cargo.toml | 4 ++-- src/http_client.rs | 27 +++++++++++++++++++++------ 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index a699a642..d4e10373 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -13,7 +13,6 @@ exclude = [ name = "proxmox_openid" path = "src/lib.rs" - [dependencies] anyhow = "1.0" http = "0.2" @@ -22,7 +21,8 @@ openidconnect = { version = "2.2", default-features = false, features = ["accept serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" thiserror="1.0" -ureq = { version = "2.4", features = ["native-tls", "gzip"] } +ureq = { version = "2.4", default-features = false, features = ["native-tls", "gzip"] } +native-tls = "0.2" url = "2.1" proxmox-time = "1" diff --git a/src/http_client.rs b/src/http_client.rs index 89a720fb..afaae248 100644 --- a/src/http_client.rs +++ b/src/http_client.rs @@ -1,3 +1,5 @@ +use std::sync::Arc; + use http::header::{HeaderMap, HeaderValue, CONTENT_TYPE}; use http::method::Method; use http::status::StatusCode; @@ -19,26 +21,39 @@ pub enum Error { /// Non-ureq HTTP error. #[error("HTTP error")] Http(#[from] http::Error), + /// IO error #[error("IO error")] IO(#[from] std::io::Error), - /// Other error. - #[error("Other error: {}", _0)] - Other(String), + /// Error returned by ureq crate. // boxed due to https://github.com/algesten/ureq/issues/296 #[error("ureq request failed")] Ureq(#[from] Box), + + #[error("TLS error: {0}")] + Tls(#[from] native_tls::Error), + + /// Other error. + #[error("Other error: {}", _0)] + Other(String), +} + +fn ureq_agent() -> Result { + Ok(ureq::AgentBuilder::new() + .tls_connector(Arc::new(native_tls::TlsConnector::new()?)) + .build()) } /// /// Synchronous HTTP client for ureq. /// pub fn http_client(request: HttpRequest) -> Result { - let mut req = if let Method::POST = request.method { - ureq::post(&request.url.to_string()) + let agent = ureq_agent()?; + let mut req = if let Method::POST = request.method { + agent.post(&request.url.to_string()) } else { - ureq::get(&request.url.to_string()) + agent.get(&request.url.to_string()) }; for (name, value) in request.headers { From 353172992185dbe2504da14954d594ef689cf0fe Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Tue, 1 Feb 2022 10:39:23 +0100 Subject: [PATCH 35/51] include error messages in error display Signed-off-by: Wolfgang Bumiller --- src/http_client.rs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/http_client.rs b/src/http_client.rs index afaae248..5cceafba 100644 --- a/src/http_client.rs +++ b/src/http_client.rs @@ -19,23 +19,23 @@ use openidconnect::{ #[derive(Debug, thiserror::Error)] pub enum Error { /// Non-ureq HTTP error. - #[error("HTTP error")] + #[error("HTTP error - {0}")] Http(#[from] http::Error), /// IO error - #[error("IO error")] + #[error("IO error - {0}")] IO(#[from] std::io::Error), /// Error returned by ureq crate. // boxed due to https://github.com/algesten/ureq/issues/296 - #[error("ureq request failed")] + #[error("ureq request failed - {0}")] Ureq(#[from] Box), - #[error("TLS error: {0}")] + #[error("TLS error - {0}")] Tls(#[from] native_tls::Error), /// Other error. - #[error("Other error: {}", _0)] + #[error("Other error: {0}")] Other(String), } From 1ab70b8c210b42641509d9c21f932e24e065b6a1 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Tue, 1 Feb 2022 09:08:41 +0100 Subject: [PATCH 36/51] bump version to 0.9.3-1 Signed-off-by: Thomas Lamprecht --- Cargo.toml | 2 +- debian/changelog | 9 +++++++++ debian/control | 4 ++-- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index d4e10373..97144bd9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.9.2" +version = "0.9.3" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" diff --git a/debian/changelog b/debian/changelog index f00e008e..d3b63be2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +rust-proxmox-openid (0.9.3-1) stable; urgency=medium + + * use much simpler ureq (with native-tls) HTTP client instead of curl + + * enable "accept-rfc3339-timestamps" feature to fix support for some OIDC + providers like `auth0` + + -- Proxmox Support Team Tue, 01 Feb 2022 09:08:31 +0100 + rust-proxmox-openid (0.9.2-1) stable; urgency=medium * depend on proxmox-sys 0.2 diff --git a/debian/control b/debian/control index ddb9453c..2ff4540b 100644 --- a/debian/control +++ b/debian/control @@ -51,8 +51,8 @@ Provides: librust-proxmox-openid-0+default-dev (= ${binary:Version}), librust-proxmox-openid-0.9-dev (= ${binary:Version}), librust-proxmox-openid-0.9+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.9.2-dev (= ${binary:Version}), - librust-proxmox-openid-0.9.2+default-dev (= ${binary:Version}) + librust-proxmox-openid-0.9.3-dev (= ${binary:Version}), + librust-proxmox-openid-0.9.3+default-dev (= ${binary:Version}) Description: Rust crate "proxmox-openid" - Rust source code This package contains the source for the Rust proxmox-openid crate, packaged by debcargo for use with cargo and dh-cargo. From 8b15ac202ec9f59fcc3c46633d34196f01857928 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Tue, 1 Feb 2022 13:18:22 +0100 Subject: [PATCH 37/51] d/control: update Signed-off-by: Thomas Lamprecht --- debian/control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index 2ff4540b..f304969a 100644 --- a/debian/control +++ b/debian/control @@ -8,6 +8,7 @@ Build-Depends: debhelper (>= 12), libstd-rust-dev , librust-anyhow-1+default-dev , librust-http-0.2+default-dev , + librust-native-tls-0.2+default-dev , librust-nix-0.19+default-dev (>= 0.19.1-~~) , librust-openidconnect-2+accept-rfc3339-timestamps-dev (>= 2.2-~~) , librust-proxmox-sys-0.2+default-dev , @@ -16,7 +17,6 @@ Build-Depends: debhelper (>= 12), librust-serde-1+derive-dev , librust-serde-json-1+default-dev , librust-thiserror-1+default-dev , - librust-ureq-2+default-dev (>= 2.4-~~) , librust-ureq-2+gzip-dev (>= 2.4-~~) , librust-ureq-2+native-tls-dev (>= 2.4-~~) , librust-url-2+default-dev (>= 2.1-~~) @@ -33,6 +33,7 @@ Depends: ${misc:Depends}, librust-anyhow-1+default-dev, librust-http-0.2+default-dev, + librust-native-tls-0.2+default-dev, librust-nix-0.19+default-dev (>= 0.19.1-~~), librust-openidconnect-2+accept-rfc3339-timestamps-dev (>= 2.2-~~), librust-proxmox-sys-0.2+default-dev, @@ -41,7 +42,6 @@ Depends: librust-serde-1+derive-dev, librust-serde-json-1+default-dev, librust-thiserror-1+default-dev, - librust-ureq-2+default-dev (>= 2.4-~~), librust-ureq-2+gzip-dev (>= 2.4-~~), librust-ureq-2+native-tls-dev (>= 2.4-~~), librust-url-2+default-dev (>= 2.1-~~) From e0535e56add8da5aa2b6e716c2004e972ca35a4d Mon Sep 17 00:00:00 2001 From: Mira Limbeck Date: Tue, 22 Mar 2022 10:41:54 +0100 Subject: [PATCH 38/51] add http proxy support ureq has support for a HTTP proxy, but no support for HTTPS proxy yet. ureq doesn't query `all_proxy` and `ALL_PROXY` environment variables by itself, the way curl does. So set the proxy in code if any of the above environment variables are set. Signed-off-by: Mira Limbeck --- src/http_client.rs | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/http_client.rs b/src/http_client.rs index 5cceafba..9f9e9868 100644 --- a/src/http_client.rs +++ b/src/http_client.rs @@ -40,9 +40,15 @@ pub enum Error { } fn ureq_agent() -> Result { - Ok(ureq::AgentBuilder::new() - .tls_connector(Arc::new(native_tls::TlsConnector::new()?)) - .build()) + let mut agent = + ureq::AgentBuilder::new().tls_connector(Arc::new(native_tls::TlsConnector::new()?)); + if let Ok(val) = std::env::var("all_proxy").or_else(|_| std::env::var("ALL_PROXY")) { + let proxy = ureq::Proxy::new(val).map_err(Box::new)?; + agent = agent.proxy(proxy); + } + + + Ok(agent.build()) } /// From 23e6c398a2ddd07e9a9537b1d06f93f6aa7cf819 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Tue, 22 Mar 2022 10:57:21 +0100 Subject: [PATCH 39/51] http client: rust format and whitespace cleanup Signed-off-by: Thomas Lamprecht --- src/http_client.rs | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/src/http_client.rs b/src/http_client.rs index 9f9e9868..a2bf6ee4 100644 --- a/src/http_client.rs +++ b/src/http_client.rs @@ -1,13 +1,11 @@ +use std::env; use std::sync::Arc; use http::header::{HeaderMap, HeaderValue, CONTENT_TYPE}; use http::method::Method; use http::status::StatusCode; -use openidconnect::{ - HttpRequest, - HttpResponse, -}; +use openidconnect::{HttpRequest, HttpResponse}; // Copied from OAuth2 create, because we want to use ureq with // native-tls. But current OAuth2 crate pulls in rustls, so we cannot @@ -40,14 +38,13 @@ pub enum Error { } fn ureq_agent() -> Result { - let mut agent = + let mut agent = ureq::AgentBuilder::new().tls_connector(Arc::new(native_tls::TlsConnector::new()?)); - if let Ok(val) = std::env::var("all_proxy").or_else(|_| std::env::var("ALL_PROXY")) { + if let Ok(val) = env::var("all_proxy").or_else(|_| env::var("ALL_PROXY")) { let proxy = ureq::Proxy::new(val).map_err(Box::new)?; agent = agent.proxy(proxy); } - Ok(agent.build()) } @@ -67,7 +64,7 @@ pub fn http_client(request: HttpRequest) -> Result { req = req.set( &name.to_string(), value.to_str().map_err(|_| { - Error::Other(format!( + Error::Other(format!( "invalid {} header value {:?}", name, value.as_bytes() @@ -84,11 +81,11 @@ pub fn http_client(request: HttpRequest) -> Result { } .map_err(Box::new)?; - let status_code = StatusCode::from_u16(response.status()) - .map_err(|err| Error::Http(err.into()))?; + let status_code = + StatusCode::from_u16(response.status()).map_err(|err| Error::Http(err.into()))?; - let content_type = HeaderValue::from_str(response.content_type()) - .map_err(|err| Error::Http(err.into()))?; + let content_type = + HeaderValue::from_str(response.content_type()).map_err(|err| Error::Http(err.into()))?; Ok(HttpResponse { status_code, From 1f47f7d3ebbce6a667d780770f74db600fdca02b Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Tue, 22 Mar 2022 11:32:10 +0100 Subject: [PATCH 40/51] bump version to 0.9.4-1 Signed-off-by: Thomas Lamprecht --- Cargo.toml | 2 +- debian/changelog | 7 +++++++ debian/control | 4 ++-- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 97144bd9..b12bee31 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.9.3" +version = "0.9.4" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" diff --git a/debian/changelog b/debian/changelog index d3b63be2..281889d5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +rust-proxmox-openid (0.9.4-1) stable; urgency=medium + + * re-add HTTP proxy support via the ALL_PROXY environment variable. This got + lost with switching the HTTP client from curl to ureq. + + -- Proxmox Support Team Tue, 22 Mar 2022 11:31:08 +0100 + rust-proxmox-openid (0.9.3-1) stable; urgency=medium * use much simpler ureq (with native-tls) HTTP client instead of curl diff --git a/debian/control b/debian/control index f304969a..272b6284 100644 --- a/debian/control +++ b/debian/control @@ -51,8 +51,8 @@ Provides: librust-proxmox-openid-0+default-dev (= ${binary:Version}), librust-proxmox-openid-0.9-dev (= ${binary:Version}), librust-proxmox-openid-0.9+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.9.3-dev (= ${binary:Version}), - librust-proxmox-openid-0.9.3+default-dev (= ${binary:Version}) + librust-proxmox-openid-0.9.4-dev (= ${binary:Version}), + librust-proxmox-openid-0.9.4+default-dev (= ${binary:Version}) Description: Rust crate "proxmox-openid" - Rust source code This package contains the source for the Rust proxmox-openid crate, packaged by debcargo for use with cargo and dh-cargo. From 4aff0d7c95049b736f7c1ba7919886d0b61d1839 Mon Sep 17 00:00:00 2001 From: Mira Limbeck Date: Fri, 1 Apr 2022 11:44:25 +0200 Subject: [PATCH 41/51] fix Open ID with Azure as provider Azure doesn't accept `Transfer-Encoding: chunked` on their token endpoint, but with the switch to ureq we always send requests with this set. Fix by switching to `Content-Length` in the header instead. ureq only sets `Transfer-Encoding: chunked` when the body length is not known beforehand, which is the case when using `send`. See https://docs.rs/ureq/2.4.0/ureq/index.html#content-length-and-transfer-encoding See https://forum.proxmox.com/threads/openid-401-with-azure-ad.105892/ for the issue. Signed-off-by: Mira Limbeck --- src/http_client.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/http_client.rs b/src/http_client.rs index a2bf6ee4..e391421a 100644 --- a/src/http_client.rs +++ b/src/http_client.rs @@ -75,7 +75,10 @@ pub fn http_client(request: HttpRequest) -> Result { } let response = if let Method::POST = request.method { - req.send(&*request.body) + // send_bytes makes sure that Content-Length is set. This is important, because some + // endpoints don't accept `Transfer-Encoding: chunked`, which would otherwise be set. + // see https://docs.rs/ureq/2.4.0/ureq/index.html#content-length-and-transfer-encoding + req.send_bytes(request.body.as_slice()) } else { req.call() } From 0afe853119bfa74b15c21f25888b6adfb35342ef Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Fri, 1 Apr 2022 15:56:38 +0200 Subject: [PATCH 42/51] bump version to 0.9.5-1 Signed-off-by: Thomas Lamprecht --- Cargo.toml | 2 +- debian/changelog | 8 ++++++++ debian/control | 4 ++-- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index b12bee31..061d28f7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.9.4" +version = "0.9.5" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" diff --git a/debian/changelog b/debian/changelog index 281889d5..6c4b16bd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +rust-proxmox-openid (0.9.5-1) stable; urgency=medium + + * avoid chunked transfer-encoding when submitting to the provider's token + endpoint, as some providers like Microsoft's Azure are quite inflexible + and cannot cope with such basic HTTP requests. + + -- Proxmox Support Team Fri, 01 Apr 2022 15:56:07 +0200 + rust-proxmox-openid (0.9.4-1) stable; urgency=medium * re-add HTTP proxy support via the ALL_PROXY environment variable. This got diff --git a/debian/control b/debian/control index 272b6284..3bc6a116 100644 --- a/debian/control +++ b/debian/control @@ -51,8 +51,8 @@ Provides: librust-proxmox-openid-0+default-dev (= ${binary:Version}), librust-proxmox-openid-0.9-dev (= ${binary:Version}), librust-proxmox-openid-0.9+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.9.4-dev (= ${binary:Version}), - librust-proxmox-openid-0.9.4+default-dev (= ${binary:Version}) + librust-proxmox-openid-0.9.5-dev (= ${binary:Version}), + librust-proxmox-openid-0.9.5+default-dev (= ${binary:Version}) Description: Rust crate "proxmox-openid" - Rust source code This package contains the source for the Rust proxmox-openid crate, packaged by debcargo for use with cargo and dh-cargo. From 0ec392e425a946b018c64e98a4181a22e0e25a2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= Date: Thu, 2 Jun 2022 12:38:33 +0200 Subject: [PATCH 43/51] bump version to 0.9.6 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit for nix 0.24 rebuild Signed-off-by: Fabian Grünbichler --- Cargo.toml | 6 +++--- debian/changelog | 6 ++++++ debian/control | 12 ++++++------ 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 061d28f7..70265a5a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.9.5" +version = "0.9.6" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" @@ -16,7 +16,7 @@ path = "src/lib.rs" [dependencies] anyhow = "1.0" http = "0.2" -nix = "0.19.1" +nix = "0.24" openidconnect = { version = "2.2", default-features = false, features = ["accept-rfc3339-timestamps"] } serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" @@ -26,4 +26,4 @@ native-tls = "0.2" url = "2.1" proxmox-time = "1" -proxmox-sys = "0.2" +proxmox-sys = "0.3" diff --git a/debian/changelog b/debian/changelog index 6c4b16bd..e12cf18e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +rust-proxmox-openid (0.9.6-1) stable; urgency=medium + + * rebuild with nix 0.24 and proxmox-sys 0.3 + + -- Proxmox Support Team Thu, 2 Jun 2022 12:38:28 +0200 + rust-proxmox-openid (0.9.5-1) stable; urgency=medium * avoid chunked transfer-encoding when submitting to the provider's token diff --git a/debian/control b/debian/control index 3bc6a116..d2376895 100644 --- a/debian/control +++ b/debian/control @@ -9,9 +9,9 @@ Build-Depends: debhelper (>= 12), librust-anyhow-1+default-dev , librust-http-0.2+default-dev , librust-native-tls-0.2+default-dev , - librust-nix-0.19+default-dev (>= 0.19.1-~~) , + librust-nix-0.24+default-dev , librust-openidconnect-2+accept-rfc3339-timestamps-dev (>= 2.2-~~) , - librust-proxmox-sys-0.2+default-dev , + librust-proxmox-sys-0.3+default-dev , librust-proxmox-time-1+default-dev , librust-serde-1+default-dev , librust-serde-1+derive-dev , @@ -34,9 +34,9 @@ Depends: librust-anyhow-1+default-dev, librust-http-0.2+default-dev, librust-native-tls-0.2+default-dev, - librust-nix-0.19+default-dev (>= 0.19.1-~~), + librust-nix-0.24+default-dev, librust-openidconnect-2+accept-rfc3339-timestamps-dev (>= 2.2-~~), - librust-proxmox-sys-0.2+default-dev, + librust-proxmox-sys-0.3+default-dev, librust-proxmox-time-1+default-dev, librust-serde-1+default-dev, librust-serde-1+derive-dev, @@ -51,8 +51,8 @@ Provides: librust-proxmox-openid-0+default-dev (= ${binary:Version}), librust-proxmox-openid-0.9-dev (= ${binary:Version}), librust-proxmox-openid-0.9+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.9.5-dev (= ${binary:Version}), - librust-proxmox-openid-0.9.5+default-dev (= ${binary:Version}) + librust-proxmox-openid-0.9.6-dev (= ${binary:Version}), + librust-proxmox-openid-0.9.6+default-dev (= ${binary:Version}) Description: Rust crate "proxmox-openid" - Rust source code This package contains the source for the Rust proxmox-openid crate, packaged by debcargo for use with cargo and dh-cargo. From 40aae0593a021fec32d74cdf69cba3bf026df526 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Thu, 28 Jul 2022 13:40:37 +0200 Subject: [PATCH 44/51] bump proxmox-sys dep to 0.4 Signed-off-by: Wolfgang Bumiller --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 70265a5a..39f901a3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -26,4 +26,4 @@ native-tls = "0.2" url = "2.1" proxmox-time = "1" -proxmox-sys = "0.3" +proxmox-sys = { version = "0.4", features = ["timer"] } From ce6def219262b5c1f6dbe5440f9f90038bafb3d8 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Thu, 28 Jul 2022 13:41:01 +0200 Subject: [PATCH 45/51] bump version to 0.9.7-1 Signed-off-by: Wolfgang Bumiller --- Cargo.toml | 2 +- debian/changelog | 6 ++++++ debian/control | 10 ++++++---- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 39f901a3..e42f4953 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.9.6" +version = "0.9.7" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" diff --git a/debian/changelog b/debian/changelog index e12cf18e..74a03cfc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +rust-proxmox-openid (0.9.7-1) stable; urgency=medium + + * bump proxmox-sys to 0.4 + + -- Proxmox Support Team Thu, 28 Jul 2022 13:40:44 +0200 + rust-proxmox-openid (0.9.6-1) stable; urgency=medium * rebuild with nix 0.24 and proxmox-sys 0.3 diff --git a/debian/control b/debian/control index d2376895..eb576761 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,8 @@ Build-Depends: debhelper (>= 12), librust-native-tls-0.2+default-dev , librust-nix-0.24+default-dev , librust-openidconnect-2+accept-rfc3339-timestamps-dev (>= 2.2-~~) , - librust-proxmox-sys-0.3+default-dev , + librust-proxmox-sys-0.4+default-dev , + librust-proxmox-sys-0.4+timer-dev , librust-proxmox-time-1+default-dev , librust-serde-1+default-dev , librust-serde-1+derive-dev , @@ -36,7 +37,8 @@ Depends: librust-native-tls-0.2+default-dev, librust-nix-0.24+default-dev, librust-openidconnect-2+accept-rfc3339-timestamps-dev (>= 2.2-~~), - librust-proxmox-sys-0.3+default-dev, + librust-proxmox-sys-0.4+default-dev, + librust-proxmox-sys-0.4+timer-dev, librust-proxmox-time-1+default-dev, librust-serde-1+default-dev, librust-serde-1+derive-dev, @@ -51,8 +53,8 @@ Provides: librust-proxmox-openid-0+default-dev (= ${binary:Version}), librust-proxmox-openid-0.9-dev (= ${binary:Version}), librust-proxmox-openid-0.9+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.9.6-dev (= ${binary:Version}), - librust-proxmox-openid-0.9.6+default-dev (= ${binary:Version}) + librust-proxmox-openid-0.9.7-dev (= ${binary:Version}), + librust-proxmox-openid-0.9.7+default-dev (= ${binary:Version}) Description: Rust crate "proxmox-openid" - Rust source code This package contains the source for the Rust proxmox-openid crate, packaged by debcargo for use with cargo and dh-cargo. From 773400829a24b52536cec97d3b9b4680692ca1f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= Date: Thu, 5 Jan 2023 12:24:46 +0100 Subject: [PATCH 46/51] update d/control MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fabian Grünbichler --- debian/control | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/control b/debian/control index eb576761..55fc0a54 100644 --- a/debian/control +++ b/debian/control @@ -22,9 +22,10 @@ Build-Depends: debhelper (>= 12), librust-ureq-2+native-tls-dev (>= 2.4-~~) , librust-url-2+default-dev (>= 2.1-~~) Maintainer: Proxmox Support Team -Standards-Version: 4.5.1 +Standards-Version: 4.6.1 Vcs-Git: Vcs-Browser: +X-Cargo-Crate: proxmox-openid Rules-Requires-Root: no Package: librust-proxmox-openid-dev From ae6bf664dd57e053df76a1d258786736e2b1bcc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= Date: Thu, 5 Jan 2023 12:24:51 +0100 Subject: [PATCH 47/51] update nix to 0.26 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fabian Grünbichler --- Cargo.toml | 2 +- debian/control | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index e42f4953..6253bb7e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -16,7 +16,7 @@ path = "src/lib.rs" [dependencies] anyhow = "1.0" http = "0.2" -nix = "0.24" +nix = "0.26" openidconnect = { version = "2.2", default-features = false, features = ["accept-rfc3339-timestamps"] } serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" diff --git a/debian/control b/debian/control index 55fc0a54..e7fa1e2a 100644 --- a/debian/control +++ b/debian/control @@ -9,7 +9,7 @@ Build-Depends: debhelper (>= 12), librust-anyhow-1+default-dev , librust-http-0.2+default-dev , librust-native-tls-0.2+default-dev , - librust-nix-0.24+default-dev , + librust-nix-0.26+default-dev , librust-openidconnect-2+accept-rfc3339-timestamps-dev (>= 2.2-~~) , librust-proxmox-sys-0.4+default-dev , librust-proxmox-sys-0.4+timer-dev , @@ -36,7 +36,7 @@ Depends: librust-anyhow-1+default-dev, librust-http-0.2+default-dev, librust-native-tls-0.2+default-dev, - librust-nix-0.24+default-dev, + librust-nix-0.26+default-dev, librust-openidconnect-2+accept-rfc3339-timestamps-dev (>= 2.2-~~), librust-proxmox-sys-0.4+default-dev, librust-proxmox-sys-0.4+timer-dev, From 093afb985f019e4c73bf20ffc5d7b3c6755cc1f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= Date: Thu, 5 Jan 2023 12:26:04 +0100 Subject: [PATCH 48/51] bump version to 0.9.8-1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fabian Grünbichler --- Cargo.toml | 2 +- debian/changelog | 6 ++++++ debian/control | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 6253bb7e..cd00670c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.9.7" +version = "0.9.8" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" diff --git a/debian/changelog b/debian/changelog index 74a03cfc..525c2ef0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +rust-proxmox-openid (0.9.8-1) stable; urgency=medium + + * update nix to 0.26 + + -- Proxmox Support Team Thu, 05 Jan 2023 12:25:10 +0100 + rust-proxmox-openid (0.9.7-1) stable; urgency=medium * bump proxmox-sys to 0.4 diff --git a/debian/control b/debian/control index e7fa1e2a..13621c49 100644 --- a/debian/control +++ b/debian/control @@ -54,8 +54,8 @@ Provides: librust-proxmox-openid-0+default-dev (= ${binary:Version}), librust-proxmox-openid-0.9-dev (= ${binary:Version}), librust-proxmox-openid-0.9+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.9.7-dev (= ${binary:Version}), - librust-proxmox-openid-0.9.7+default-dev (= ${binary:Version}) + librust-proxmox-openid-0.9.8-dev (= ${binary:Version}), + librust-proxmox-openid-0.9.8+default-dev (= ${binary:Version}) Description: Rust crate "proxmox-openid" - Rust source code This package contains the source for the Rust proxmox-openid crate, packaged by debcargo for use with cargo and dh-cargo. From 2f4254b414971de7722e92ea39cf575becc2663f Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Wed, 11 Jan 2023 18:41:06 +0100 Subject: [PATCH 49/51] cargo: update openidconnect to 2.4 Signed-off-by: Thomas Lamprecht --- Cargo.toml | 2 +- debian/control | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index cd00670c..e1c2a8e2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -17,7 +17,7 @@ path = "src/lib.rs" anyhow = "1.0" http = "0.2" nix = "0.26" -openidconnect = { version = "2.2", default-features = false, features = ["accept-rfc3339-timestamps"] } +openidconnect = { version = "2.4", default-features = false, features = ["accept-rfc3339-timestamps"] } serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" thiserror="1.0" diff --git a/debian/control b/debian/control index 13621c49..98489e5e 100644 --- a/debian/control +++ b/debian/control @@ -10,7 +10,7 @@ Build-Depends: debhelper (>= 12), librust-http-0.2+default-dev , librust-native-tls-0.2+default-dev , librust-nix-0.26+default-dev , - librust-openidconnect-2+accept-rfc3339-timestamps-dev (>= 2.2-~~) , + librust-openidconnect-2+accept-rfc3339-timestamps-dev (>= 2.4-~~) , librust-proxmox-sys-0.4+default-dev , librust-proxmox-sys-0.4+timer-dev , librust-proxmox-time-1+default-dev , @@ -37,7 +37,7 @@ Depends: librust-http-0.2+default-dev, librust-native-tls-0.2+default-dev, librust-nix-0.26+default-dev, - librust-openidconnect-2+accept-rfc3339-timestamps-dev (>= 2.2-~~), + librust-openidconnect-2+accept-rfc3339-timestamps-dev (>= 2.4-~~), librust-proxmox-sys-0.4+default-dev, librust-proxmox-sys-0.4+timer-dev, librust-proxmox-time-1+default-dev, From ecf59cbb74278ea0e9710466508158ed6a6828c4 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Wed, 11 Jan 2023 18:41:29 +0100 Subject: [PATCH 50/51] bump version to 0.9.9-1 Signed-off-by: Thomas Lamprecht --- Cargo.toml | 2 +- debian/changelog | 6 ++++++ debian/control | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index e1c2a8e2..2410ac5f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "proxmox-openid" -version = "0.9.8" +version = "0.9.9" authors = ["Dietmar Maurer "] edition = "2018" license = "AGPL-3" diff --git a/debian/changelog b/debian/changelog index 525c2ef0..21341cea 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +rust-proxmox-openid (0.9.9-1) stable; urgency=medium + + * update openidconnect to 2.4 + + -- Proxmox Support Team Wed, 11 Jan 2023 18:41:25 +0100 + rust-proxmox-openid (0.9.8-1) stable; urgency=medium * update nix to 0.26 diff --git a/debian/control b/debian/control index 98489e5e..4c5e7c5e 100644 --- a/debian/control +++ b/debian/control @@ -54,8 +54,8 @@ Provides: librust-proxmox-openid-0+default-dev (= ${binary:Version}), librust-proxmox-openid-0.9-dev (= ${binary:Version}), librust-proxmox-openid-0.9+default-dev (= ${binary:Version}), - librust-proxmox-openid-0.9.8-dev (= ${binary:Version}), - librust-proxmox-openid-0.9.8+default-dev (= ${binary:Version}) + librust-proxmox-openid-0.9.9-dev (= ${binary:Version}), + librust-proxmox-openid-0.9.9+default-dev (= ${binary:Version}) Description: Rust crate "proxmox-openid" - Rust source code This package contains the source for the Rust proxmox-openid crate, packaged by debcargo for use with cargo and dh-cargo. From 88d1783a65ac93fc2b85439155170680c66dbaf2 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Wed, 24 May 2023 09:20:44 +0200 Subject: [PATCH 51/51] move to proxmox-openid/ Signed-off-by: Wolfgang Bumiller --- .cargo/config | 5 --- Makefile | 45 ------------------- Cargo.toml => proxmox-openid/Cargo.toml | 0 {debian => proxmox-openid/debian}/changelog | 0 {debian => proxmox-openid/debian}/control | 0 {debian => proxmox-openid/debian}/copyright | 0 .../debian}/debcargo.toml | 0 {src => proxmox-openid/src}/auth_state.rs | 0 {src => proxmox-openid/src}/http_client.rs | 0 {src => proxmox-openid/src}/lib.rs | 0 10 files changed, 50 deletions(-) delete mode 100644 .cargo/config delete mode 100644 Makefile rename Cargo.toml => proxmox-openid/Cargo.toml (100%) rename {debian => proxmox-openid/debian}/changelog (100%) rename {debian => proxmox-openid/debian}/control (100%) rename {debian => proxmox-openid/debian}/copyright (100%) rename {debian => proxmox-openid/debian}/debcargo.toml (100%) rename {src => proxmox-openid/src}/auth_state.rs (100%) rename {src => proxmox-openid/src}/http_client.rs (100%) rename {src => proxmox-openid/src}/lib.rs (100%) diff --git a/.cargo/config b/.cargo/config deleted file mode 100644 index 3b5b6e48..00000000 --- a/.cargo/config +++ /dev/null @@ -1,5 +0,0 @@ -[source] -[source.debian-packages] -directory = "/usr/share/cargo/registry" -[source.crates-io] -replace-with = "debian-packages" diff --git a/Makefile b/Makefile deleted file mode 100644 index e108fb10..00000000 --- a/Makefile +++ /dev/null @@ -1,45 +0,0 @@ -.PHONY: all -all: check - -.PHONY: check -check: - cargo test --all-features - -.PHONY: dinstall -dinstall: deb - sudo -k dpkg -i build/librust-*.deb - -.PHONY: build -build: - rm -rf build - rm -f debian/control - mkdir build - debcargo package \ - --config "$(PWD)/debian/debcargo.toml" \ - --changelog-ready \ - --no-overlay-write-back \ - --directory "$(PWD)/build/proxmox-openid" \ - "proxmox-openid" \ - "$$(dpkg-parsechangelog -l "debian/changelog" -SVersion | sed -e 's/-.*//')" - echo system >build/rust-toolchain - rm -f build/proxmox-openid/Cargo.lock - find build/proxmox-openid/debian -name '*.hint' -delete - cp build/proxmox-openid/debian/control debian/control - -.PHONY: deb -deb: build - (cd build/proxmox-openid && CARGO=/usr/bin/cargo RUSTC=/usr/bin/rustc dpkg-buildpackage -b -uc -us) - lintian build/*.deb - -.PHONY: clean -clean: - rm -rf build *.deb *.buildinfo *.changes *.orig.tar.gz - cargo clean - -upload: deb - cd build; \ - dcmd --deb rust-proxmox-openid_*.changes \ - | grep -v '.changes$$' \ - | tar -cf "rust-proxmox-openid-debs.tar" -T-; \ - cat "rust-proxmox-openid-debs.tar" | ssh -X repoman@repo.proxmox.com upload --product devel --dist bullseye; \ - rm -f rust-proxmox-openid-debs.tar diff --git a/Cargo.toml b/proxmox-openid/Cargo.toml similarity index 100% rename from Cargo.toml rename to proxmox-openid/Cargo.toml diff --git a/debian/changelog b/proxmox-openid/debian/changelog similarity index 100% rename from debian/changelog rename to proxmox-openid/debian/changelog diff --git a/debian/control b/proxmox-openid/debian/control similarity index 100% rename from debian/control rename to proxmox-openid/debian/control diff --git a/debian/copyright b/proxmox-openid/debian/copyright similarity index 100% rename from debian/copyright rename to proxmox-openid/debian/copyright diff --git a/debian/debcargo.toml b/proxmox-openid/debian/debcargo.toml similarity index 100% rename from debian/debcargo.toml rename to proxmox-openid/debian/debcargo.toml diff --git a/src/auth_state.rs b/proxmox-openid/src/auth_state.rs similarity index 100% rename from src/auth_state.rs rename to proxmox-openid/src/auth_state.rs diff --git a/src/http_client.rs b/proxmox-openid/src/http_client.rs similarity index 100% rename from src/http_client.rs rename to proxmox-openid/src/http_client.rs diff --git a/src/lib.rs b/proxmox-openid/src/lib.rs similarity index 100% rename from src/lib.rs rename to proxmox-openid/src/lib.rs