From: Dietmar Maurer <dietmar@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup v2 10/16] rest server: return UserInformation from ApiAuth::check_auth
Date: Tue, 21 Sep 2021 07:58:48 +0200 [thread overview]
Message-ID: <20210921055854.3799470-11-dietmar@proxmox.com> (raw)
In-Reply-To: <20210921055854.3799470-1-dietmar@proxmox.com>
This need impl UserInformation for Arc<CachedUserInfo> which is implemented
with proxmox 0.13.2
---
proxmox-rest-server/src/lib.rs | 3 ++-
src/bin/proxmox_restore_daemon/auth.rs | 16 ++++++++++++++--
src/server/auth.rs | 9 ++++++---
src/server/rest.rs | 23 +++++++++++++++++------
4 files changed, 39 insertions(+), 12 deletions(-)
diff --git a/proxmox-rest-server/src/lib.rs b/proxmox-rest-server/src/lib.rs
index 9107a03f..55a10ca6 100644
--- a/proxmox-rest-server/src/lib.rs
+++ b/proxmox-rest-server/src/lib.rs
@@ -3,6 +3,7 @@ use std::os::unix::io::RawFd;
use anyhow::{bail, format_err, Error};
use proxmox::tools::fd::Fd;
+use proxmox::api::UserInformation;
mod compression;
pub use compression::*;
@@ -41,7 +42,7 @@ pub trait ApiAuth {
&self,
headers: &http::HeaderMap,
method: &hyper::Method,
- ) -> Result<String, AuthError>;
+ ) -> Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>;
}
static mut SHUTDOWN_REQUESTED: bool = false;
diff --git a/src/bin/proxmox_restore_daemon/auth.rs b/src/bin/proxmox_restore_daemon/auth.rs
index ea1dabe6..6d6e9c58 100644
--- a/src/bin/proxmox_restore_daemon/auth.rs
+++ b/src/bin/proxmox_restore_daemon/auth.rs
@@ -4,10 +4,22 @@ use std::io::prelude::*;
use anyhow::{bail, format_err, Error};
+use proxmox::api::UserInformation;
+
use proxmox_rest_server::{ApiAuth, AuthError};
const TICKET_FILE: &str = "/ticket";
+struct SimpleUserInformation {}
+
+impl UserInformation for SimpleUserInformation {
+ fn is_superuser(&self, userid: &str) -> bool {
+ userid == "root@pam"
+ }
+ fn is_group_member(&self, _userid: &str, _group: &str) -> bool { false }
+ fn lookup_privs(&self, _userid: &str, _path: &[&str]) -> u64 { 0 }
+}
+
pub struct StaticAuth {
ticket: String,
}
@@ -17,10 +29,10 @@ impl ApiAuth for StaticAuth {
&self,
headers: &http::HeaderMap,
_method: &hyper::Method,
- ) -> Result<String, AuthError> {
+ ) -> Result<(String, Box<dyn UserInformation + Send + Sync>), AuthError> {
match headers.get(hyper::header::AUTHORIZATION) {
Some(header) if header.to_str().unwrap_or("") == &self.ticket => {
- Ok(String::from("root@pam"))
+ Ok((String::from("root@pam"), Box::new(SimpleUserInformation {})))
}
_ => {
return Err(AuthError::Generic(format_err!(
diff --git a/src/server/auth.rs b/src/server/auth.rs
index e4cf9034..90252435 100644
--- a/src/server/auth.rs
+++ b/src/server/auth.rs
@@ -3,6 +3,8 @@ use anyhow::format_err;
use std::sync::Arc;
+use proxmox::api::UserInformation;
+
use pbs_tools::ticket::{self, Ticket};
use pbs_config::{token_shadow, CachedUserInfo};
use pbs_api_types::{Authid, Userid};
@@ -56,11 +58,12 @@ impl UserApiAuth {
}
impl ApiAuth for UserApiAuth {
+
fn check_auth(
&self,
headers: &http::HeaderMap,
method: &hyper::Method,
- ) -> Result<String, AuthError> {
+ ) -> Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError> {
let user_info = CachedUserInfo::new()?;
@@ -93,7 +96,7 @@ impl ApiAuth for UserApiAuth {
}
}
- Ok(auth_id.to_string())
+ Ok((auth_id.to_string(), Box::new(user_info)))
}
Some(AuthData::ApiToken(api_token)) => {
let mut parts = api_token.splitn(2, ':');
@@ -115,7 +118,7 @@ impl ApiAuth for UserApiAuth {
token_shadow::verify_secret(&tokenid, &tokensecret)?;
- Ok(tokenid.to_string())
+ Ok((tokenid.to_string(), Box::new(user_info)))
}
None => Err(AuthError::NoData),
}
diff --git a/src/server/rest.rs b/src/server/rest.rs
index 9ed0eb32..d87985c1 100644
--- a/src/server/rest.rs
+++ b/src/server/rest.rs
@@ -26,7 +26,7 @@ use proxmox::api::schema::{
};
use proxmox::api::{
check_api_permission, ApiHandler, ApiMethod, HttpError, Permission, RpcEnvironment,
- RpcEnvironmentType,
+ RpcEnvironmentType, UserInformation,
};
use proxmox::http_err;
use proxmox::tools::fs::CreateOptions;
@@ -40,12 +40,18 @@ use proxmox_rest_server::{
};
use proxmox_rest_server::formatter::*;
-use pbs_config::CachedUserInfo;
-
extern "C" {
fn tzset();
}
+struct EmptyUserInformation {}
+
+impl UserInformation for EmptyUserInformation {
+ fn is_superuser(&self, _userid: &str) -> bool { false }
+ fn is_group_member(&self, _userid: &str, _group: &str) -> bool { false }
+ fn lookup_privs(&self, _userid: &str, _path: &[&str]) -> u64 { 0 }
+}
+
pub struct RestServer {
pub api_config: Arc<ApiConfig>,
}
@@ -652,9 +658,14 @@ async fn handle_request(
}
}
+ let mut user_info: Box<dyn UserInformation + Send + Sync> = Box::new(EmptyUserInformation {});
+
if auth_required {
match auth.check_auth(&parts.headers, &method) {
- Ok(authid) => rpcenv.set_auth_id(Some(authid)),
+ Ok((authid, info)) => {
+ rpcenv.set_auth_id(Some(authid));
+ user_info = info;
+ }
Err(auth_err) => {
let err = match auth_err {
AuthError::Generic(err) => err,
@@ -683,7 +694,7 @@ async fn handle_request(
}
Some(api_method) => {
let auth_id = rpcenv.get_auth_id();
- let user_info = CachedUserInfo::new()?;
+ let user_info = user_info;
if !check_api_permission(
api_method.access.permission,
@@ -727,7 +738,7 @@ async fn handle_request(
if comp_len == 0 {
let language = extract_lang_header(&parts.headers);
match auth.check_auth(&parts.headers, &method) {
- Ok(auth_id) => {
+ Ok((auth_id, _user_info)) => {
return Ok(api.get_index(Some(auth_id), language, parts));
}
Err(AuthError::Generic(_)) => {
--
2.30.2
next prev parent reply other threads:[~2021-09-21 5:59 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-21 5:58 [pbs-devel] [PATCH proxmox-backup v2 00/16] move rest server into extra crate Dietmar Maurer
2021-09-21 5:58 ` [pbs-devel] [PATCH proxmox-backup v2 01/16] start new proxmox-rest-server workspace Dietmar Maurer
2021-09-21 5:58 ` [pbs-devel] [PATCH proxmox-backup v2 02/16] move ApiConfig, FileLogger and CommandoSocket to " Dietmar Maurer
2021-09-21 5:58 ` [pbs-devel] [PATCH proxmox-backup v2 03/16] move src/tools/daemon.rs " Dietmar Maurer
2021-09-21 5:58 ` [pbs-devel] [PATCH proxmox-backup v2 04/16] move src/server/environment.rs to proxmox-rest-server crate Dietmar Maurer
2021-09-21 5:58 ` [pbs-devel] [PATCH proxmox-backup v2 05/16] move src/server/formatter.rs " Dietmar Maurer
2021-09-21 5:58 ` [pbs-devel] [PATCH proxmox-backup v2 06/16] move src/tools/compression.rs " Dietmar Maurer
2021-09-21 5:58 ` [pbs-devel] [PATCH proxmox-backup v2 07/16] move normalize_uri_path and extract_cookie " Dietmar Maurer
2021-09-21 5:58 ` [pbs-devel] [PATCH proxmox-backup v2 08/16] rest server: simplify get_index() method signature Dietmar Maurer
2021-09-21 5:58 ` [pbs-devel] [PATCH proxmox-backup v2 09/16] make get_index and ApiConfig property (callback) Dietmar Maurer
2021-09-21 5:58 ` Dietmar Maurer [this message]
2021-09-21 5:58 ` [pbs-devel] [PATCH proxmox-backup v2 11/16] rest server: do not use pbs_api_types::Authid Dietmar Maurer
2021-09-21 5:58 ` [pbs-devel] [PATCH proxmox-backup v2 12/16] rest server: cleanup auth-log handling Dietmar Maurer
2021-09-21 5:58 ` [pbs-devel] [PATCH proxmox-backup v2 13/16] move src/server/rest.rs to proxmox-rest-server crate Dietmar Maurer
2021-09-21 5:58 ` [pbs-devel] [PATCH proxmox-backup v2 14/16] move proxmox_restore_daemon code into extra crate Dietmar Maurer
2021-09-21 5:58 ` [pbs-devel] [PATCH proxmox-backup v2 15/16] basically a (semantic) revert of commit 991be99c37c6f55f43a3d9a2c54edb2a8dc6d4f2 "buildsys: workaround linkage issues from openid/curl build server stuff separate" Dietmar Maurer
2021-09-21 5:58 ` [pbs-devel] [PATCH proxmox-backup v2 16/16] worker_state: move tasktype() code to src/api2/node/tasks.rs Dietmar Maurer
2021-09-21 7:37 ` [pbs-devel] applied-series: [PATCH proxmox-backup v2 00/16] move rest server into extra crate Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210921055854.3799470-11-dietmar@proxmox.com \
--to=dietmar@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox