From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id D4874A2CBC for ; Tue, 20 Jun 2023 15:39:10 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id BDF0735EF1 for ; Tue, 20 Jun 2023 15:39:10 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 20 Jun 2023 15:39:10 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id D54DF41CC7 for ; Tue, 20 Jun 2023 15:39:09 +0200 (CEST) From: Maximiliano Sandoval To: pbs-devel@lists.proxmox.com Date: Tue, 20 Jun 2023 15:39:08 +0200 Message-Id: <20230620133908.250387-3-m.sandoval@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230620133908.250387-1-m.sandoval@proxmox.com> References: <20230620133908.250387-1-m.sandoval@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.050 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment PROLO_LEO1 0.1 Meta Catches all Leo drug variations so far SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pbs-devel] [PATCH v2 manager 2/2] fix #4734: manager: add user tfa {list, delete} commands X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2023 13:39:11 -0000 Adds the commands proxmox-backup-manager user tfa list proxmox-backup-manager user tfa delete Signed-off-by: Maximiliano Sandoval --- src/api2/access/tfa.rs | 4 +- src/bin/proxmox_backup_manager/user.rs | 53 ++++++++++++++++++++++++++ src/config/tfa.rs | 48 +++++++++++++++++++++++ 3 files changed, 103 insertions(+), 2 deletions(-) diff --git a/src/api2/access/tfa.rs b/src/api2/access/tfa.rs index 89d7e353..589535a6 100644 --- a/src/api2/access/tfa.rs +++ b/src/api2/access/tfa.rs @@ -69,7 +69,7 @@ async fn tfa_update_auth( }, )] /// Add a TOTP secret to the user. -fn list_user_tfa(userid: Userid) -> Result, Error> { +pub fn list_user_tfa(userid: Userid) -> Result, Error> { let _lock = crate::config::tfa::read_lock()?; methods::list_user_tfa(&crate::config::tfa::read()?, userid.as_str()) @@ -122,7 +122,7 @@ fn get_tfa_entry(userid: Userid, id: String) -> Result, diff --git a/src/bin/proxmox_backup_manager/user.rs b/src/bin/proxmox_backup_manager/user.rs index ecaaa554..1a36f393 100644 --- a/src/bin/proxmox_backup_manager/user.rs +++ b/src/bin/proxmox_backup_manager/user.rs @@ -157,6 +157,40 @@ fn list_permissions(param: Value, rpcenv: &mut dyn RpcEnvironment) -> Result Result { + let output_format = get_output_format(¶m); + + let info = &api2::access::tfa::API_METHOD_LIST_USER_TFA; + let mut data = match info.handler { + ApiHandler::Sync(handler) => (handler)(param, info, rpcenv)?, + _ => unreachable!(), + }; + + let options = default_table_format_options() + .column(ColumnConfig::new("id")) + .column(ColumnConfig::new("type")) + .column(ColumnConfig::new("description")) + .column(ColumnConfig::new("created").renderer(pbs_tools::format::render_epoch)); + + format_and_print_result_full(&mut data, &info.returns, &output_format, &options); + + Ok(Value::Null) +} + pub fn user_commands() -> CommandLineInterface { let cmd_def = CliCommandMap::new() .insert("list", CliCommand::new(&API_METHOD_LIST_USERS)) @@ -196,6 +230,7 @@ pub fn user_commands() -> CommandLineInterface { .completion_cb("userid", pbs_config::user::complete_userid) .completion_cb("token-name", pbs_config::user::complete_token_name), ) + .insert("tfa", tfa_commands()) .insert( "permissions", CliCommand::new(&API_METHOD_LIST_PERMISSIONS) @@ -206,3 +241,21 @@ pub fn user_commands() -> CommandLineInterface { cmd_def.into() } + +fn tfa_commands() -> CommandLineInterface { + CliCommandMap::new() + .insert( + "list", + CliCommand::new(&API_METHOD_LIST_USER_TFA) + .arg_param(&["userid"]) + .completion_cb("userid", pbs_config::user::complete_userid), + ) + .insert( + "delete", + CliCommand::new(&api2::access::tfa::API_METHOD_DELETE_TFA) + .arg_param(&["userid", "id"]) + .completion_cb("userid", pbs_config::user::complete_userid) + .completion_cb("id", proxmox_backup::config::tfa::complete_tfa_id), + ) + .into() +} diff --git a/src/config/tfa.rs b/src/config/tfa.rs index 6b1312bb..3cd7f9aa 100644 --- a/src/config/tfa.rs +++ b/src/config/tfa.rs @@ -1,3 +1,4 @@ +use std::collections::HashMap; use std::fs::File; use std::io::{self, Read, Seek, SeekFrom}; use std::os::unix::fs::OpenOptionsExt; @@ -302,3 +303,50 @@ impl proxmox_tfa::api::UserChallengeAccess for TfaUserChallengeData { TfaUserChallengeData::save(self) } } + +// shell completion helper +pub fn complete_tfa_id(_arg: &str, param: &HashMap) -> Vec { + let mut results = Vec::new(); + + let data = match read() { + Ok(data) => data, + Err(_err) => return results, + }; + let user = match param + .get("userid") + .and_then(|user_name| data.users.get(user_name)) + { + Some(user) => user, + None => return results, + }; + + results.extend( + user.totp + .iter() + .map(|token| token.info.id.clone()) + .collect::>(), + ); + results.extend( + user.u2f + .iter() + .map(|token| token.info.id.clone()) + .collect::>(), + ); + results.extend( + user.webauthn + .iter() + .map(|token| token.info.id.clone()) + .collect::>(), + ); + results.extend( + user.yubico + .iter() + .map(|token| token.info.id.clone()) + .collect::>(), + ); + if user.recovery.is_some() { + results.push("recovery".to_string()); + }; + + results +} -- 2.39.2