From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 7DCA19633D for ; Tue, 24 Jan 2023 11:03:43 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id CACDA1C76 for ; Tue, 24 Jan 2023 11:03:42 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 24 Jan 2023 11:03:40 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 9B9AC45D8D for ; Tue, 24 Jan 2023 11:03:40 +0100 (CET) From: Lukas Wagner To: pbs-devel@lists.proxmox.com Date: Tue, 24 Jan 2023 11:03:31 +0100 Message-Id: <20230124100337.152394-1-l.wagner@proxmox.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 2.467 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_HI -5 Sender listed at https://www.dnswl.org/, high trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [lib.rs, glauth.rs, ldap.rs, proxmox.com] Subject: [pbs-devel] [PATCH v3 proxmox 0/6] introduce proxmox-ldap crate X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jan 2023 10:03:43 -0000 This patch series adds the new `proxmox-ldap` crate. The crate is mostly based on `src/server/ldap.rs` from [1]. The main reason for breaking this out into a separate crate is to make it easily reusable from PVE/PMG via perlmod -- at some point in the future, all products could use the same LDAP implemenation. This is sent as a separate patch series, as the original [1] was already quite large with 17 commits, affecting multiple repositories. Changes v2 -> v3: * Move the `proxmox-ldap` crate into the `proxmox` repo * Let FilterElement take &str instead of String * Implement the Display trait instead of ToString Changes [1]@v1 -> v2: * Change how custom TLS-certificates work: Pass certificate paths instead of strings containing the certificate. Now, users of this crate can pass additional root certs that are to be trusted. Alternatively, and this was added with PVE compatibility in mind, one can add whole certificate store directories, replacing the system's default at `/etc/ssl/certs`. * Add integration tests, testing the implementation against a real LDAP server (`glauth`). The test can be executed via the `run_integratin_tests.sh` helper and require the `glauth` binary to be available. The integration tests are #[ignored] by default, so they don't interfere with regular unit-test execution. Thanks to Wolfgang and Thomas for their review of v2. [1] https://lists.proxmox.com/pipermail/pbs-devel/2023-January/005788.html Lukas Wagner (6): ldap: create new `proxmox-ldap` crate ldap: add basic user auth functionality ldap: add helpers for constructing LDAP filters ldap: allow searching for LDAP entities ldap: tests: add LDAP integration tests ldap: add debian packaging Cargo.toml | 3 + proxmox-ldap/Cargo.toml | 18 + proxmox-ldap/debian/changelog | 5 + proxmox-ldap/debian/control | 43 ++ proxmox-ldap/debian/copyright | 16 + proxmox-ldap/debian/debcargo.toml | 7 + proxmox-ldap/run_integration_tests.sh | 31 ++ proxmox-ldap/src/lib.rs | 390 ++++++++++++++++++ .../tests/assets/generate_certificate.sh | 4 + proxmox-ldap/tests/assets/glauth.cfg | 67 +++ proxmox-ldap/tests/assets/glauth.crt | 29 ++ proxmox-ldap/tests/assets/glauth.key | 52 +++ proxmox-ldap/tests/assets/glauth_v6.cfg | 67 +++ proxmox-ldap/tests/glauth.rs | 166 ++++++++ 14 files changed, 898 insertions(+) create mode 100644 proxmox-ldap/Cargo.toml create mode 100644 proxmox-ldap/debian/changelog create mode 100644 proxmox-ldap/debian/control create mode 100644 proxmox-ldap/debian/copyright create mode 100644 proxmox-ldap/debian/debcargo.toml create mode 100755 proxmox-ldap/run_integration_tests.sh create mode 100644 proxmox-ldap/src/lib.rs create mode 100755 proxmox-ldap/tests/assets/generate_certificate.sh create mode 100644 proxmox-ldap/tests/assets/glauth.cfg create mode 100644 proxmox-ldap/tests/assets/glauth.crt create mode 100644 proxmox-ldap/tests/assets/glauth.key create mode 100644 proxmox-ldap/tests/assets/glauth_v6.cfg create mode 100644 proxmox-ldap/tests/glauth.rs -- 2.30.2