From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 0D6F878275 for ; Thu, 29 Apr 2021 15:14:03 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id F22801CE60 for ; Thu, 29 Apr 2021 15:13:32 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id AE8231CDB2 for ; Thu, 29 Apr 2021 15:13:28 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 85696464B0 for ; Thu, 29 Apr 2021 15:13:28 +0200 (CEST) From: Wolfgang Bumiller To: pbs-devel@lists.proxmox.com Date: Thu, 29 Apr 2021 15:13:19 +0200 Message-Id: <20210429131322.24319-12-w.bumiller@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210429131322.24319-1-w.bumiller@proxmox.com> References: <20210429131322.24319-1-w.bumiller@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.026 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [mod.rs, plugin.rs, client.rs] Subject: [pbs-devel] [REBASED backup 11/14] acme: create directories as needed X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Apr 2021 13:14:03 -0000 Signed-off-by: Wolfgang Bumiller --- src/acme/client.rs | 2 ++ src/config/acme/mod.rs | 27 +++++++++++++++++++++++++++ src/config/acme/plugin.rs | 7 +++++-- 3 files changed, 34 insertions(+), 2 deletions(-) diff --git a/src/acme/client.rs b/src/acme/client.rs index 16a158d5..7f88bbf9 100644 --- a/src/acme/client.rs +++ b/src/acme/client.rs @@ -124,6 +124,7 @@ impl AcmeClient { let _ = self.register_account(account).await?; + crate::config::acme::make_acme_account_dir()?; let account_path = account_path(account_name.as_ref()); let file = OpenOptions::new() .write(true) @@ -151,6 +152,7 @@ impl AcmeClient { let account_path = self.account_path.as_ref().ok_or_else(|| { format_err!("no account path set, cannot save upated account information") })?; + crate::config::acme::make_acme_account_dir()?; replace_file( account_path, &data, diff --git a/src/config/acme/mod.rs b/src/config/acme/mod.rs index c3c26c3b..c8640fcb 100644 --- a/src/config/acme/mod.rs +++ b/src/config/acme/mod.rs @@ -7,16 +7,43 @@ use serde::{Deserialize, Serialize}; use proxmox::api::api; use proxmox::sys::error::SysError; +use proxmox::tools::fs::CreateOptions; use crate::api2::types::{ DNS_ALIAS_FORMAT, DNS_NAME_FORMAT, PROXMOX_SAFE_ID_FORMAT, PROXMOX_SAFE_ID_REGEX, }; use crate::tools::ControlFlow; +pub(crate) const ACME_DIR: &str = configdir!("/acme"); pub(crate) const ACME_ACCOUNT_DIR: &str = configdir!("/acme/accounts"); pub mod plugin; +// `const fn`ify this once it is supported in `proxmox` +fn root_only() -> CreateOptions { + CreateOptions::new() + .owner(nix::unistd::ROOT) + .group(nix::unistd::Gid::from_raw(0)) + .perm(nix::sys::stat::Mode::from_bits_truncate(0o700)) +} + +fn create_acme_subdir(dir: &str) -> nix::Result<()> { + match proxmox::tools::fs::create_dir(dir, root_only()) { + Ok(()) => Ok(()), + Err(err) if err.already_exists() => Ok(()), + Err(err) => Err(err), + } +} + +pub(crate) fn make_acme_dir() -> nix::Result<()> { + create_acme_subdir(ACME_DIR) +} + +pub(crate) fn make_acme_account_dir() -> nix::Result<()> { + make_acme_dir()?; + create_acme_subdir(ACME_ACCOUNT_DIR) +} + #[api( properties: { "domain": { format: &DNS_NAME_FORMAT }, diff --git a/src/config/acme/plugin.rs b/src/config/acme/plugin.rs index e8e7771c..7c5a9b72 100644 --- a/src/config/acme/plugin.rs +++ b/src/config/acme/plugin.rs @@ -167,15 +167,17 @@ fn init() -> SectionConfig { config } -pub const ACME_PLUGIN_CFG_FILENAME: &str = "/etc/proxmox-backup/acme/plugins.cfg"; -pub const ACME_PLUGIN_CFG_LOCKFILE: &str = "/etc/proxmox-backup/acme/.plugins.lck"; +pub const ACME_PLUGIN_CFG_FILENAME: &str = configdir!("/acme/plugins.cfg"); +pub const ACME_PLUGIN_CFG_LOCKFILE: &str = configdir!("/acme/.plugins.lck"); const LOCK_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(5); pub fn read_lock() -> Result { + super::make_acme_dir()?; proxmox::tools::fs::open_file_locked(ACME_PLUGIN_CFG_LOCKFILE, LOCK_TIMEOUT, false) } pub fn write_lock() -> Result { + super::make_acme_dir()?; proxmox::tools::fs::open_file_locked(ACME_PLUGIN_CFG_LOCKFILE, LOCK_TIMEOUT, true) } @@ -196,6 +198,7 @@ pub fn config() -> Result<(PluginData, [u8; 32]), Error> { } pub fn save_config(config: &PluginData) -> Result<(), Error> { + super::make_acme_dir()?; let raw = CONFIG.write(ACME_PLUGIN_CFG_FILENAME, &config.data)?; let backup_user = crate::backup::backup_user()?; -- 2.20.1