public inbox for pmg-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [pmg-devel] [PATCH multiple 0/7] PMG TFA support
Date: Fri, 26 Nov 2021 14:55:04 +0100	[thread overview]
Message-ID: <20211126135524.117846-1-w.bumiller@proxmox.com> (raw)

This touches multiple repos as it required some more ground-work on the
rust side:

1) proxmox-tfa
   Aside from fixups and maintenance, patch 4 is the important one:
   The `origin` in the webauthn configuration is now *optional*.

   Note that the origin is generally required for webauthn, however, we
   also have clusters where the origin shouldn't be pinned cluster-wide.

   This does not really affect PVE as there we store the webauthn
   configuration separately and apply it only when it is used, but in
   PBS it's kept directly in tfa.json, and PMG for now does this too,
   although we *could* move it to pmg.conf or some other synced file if
   we wanted?
   That would in theory remove the need for this, but I think this is
   actually a more appropriate API anyway, since the two other parts of
   the config stay the same across a cluster, and the origin can simply
   be provided as an overriding parameter to the methods which actually
   make use of it.

2) proxmox-perl-rs
   pmg-rs is now moved into here, also, this contains fixups for the
   proxmox-tfa-crate-using pve-side.
   Since the newly introduced parameters are at the end and optional,
   and perlmod 0.9 supports trailing Option<> parameters as actual
   *optional* parameters, this may in theory even be API compatible with
   PVE, so hopefully no `Breaks` on old pve-access-control is required,
   but we'll see.

3) pmg-api
   Same login & TFA api updates as in PVE. The config API path is
   different, but that's not shared code anyway ;-)
   API2/TFA.pm is very similar to PVE, I think I got the method schemas
   wright, but I'm not used to the permissions system in PMG so please
   double-check this.
   The actual changes to the login code path is much shorter than in PVE
   since we did not actually have TFA support in there yet.

4) pmg-gui
   For now this only adds TFA login and the `TfaView` from WTK. The
   config (which in this case only means webauthn settings) part isn't
   there yet.




             reply	other threads:[~2021-11-26 13:56 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-26 13:55 Wolfgang Bumiller [this message]
2021-11-26 13:55 ` [pmg-devel] [PATCH api 1/6] add tfa.json and its lock methods Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH api 2/6] add PMG::TFAConfig module Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH api 3/6] add TFA API Wolfgang Bumiller
2021-11-26 17:29   ` Stoiko Ivanov
2021-11-26 13:55 ` [pmg-devel] [PATCH api 4/6] add tfa config api Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH api 5/6] implement tfa authentication Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH api 6/6] provide qrcode.min.js from libjs-qrcodejs Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH gui] add TFA components Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 1/7] pve: bump perlmod to 0.9 Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 2/7] pve: update to proxmox-tfa 2.0 Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 3/7] pve: bump d/control Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 4/7] import pmg-rs Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 5/7] pmg: bump perlmod to 0.9 Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 6/7] pmg: add tfa module Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 7/7] pmg: bump d/control Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 1/6] tfa: fix typo in docs Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 2/6] tfa: add WebauthnConfig::digest method Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 3/6] tfa: let OriginUrl deref to its inner Url, add FromStr impl Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 4/6] tfa: make configured webauthn origin optional Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 5/6] tfa: clippy fixes Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 6/6] bump proxmox-tfa to 2.0.0-1 Wolfgang Bumiller
2021-11-26 17:34 ` [pmg-devel] [PATCH multiple 0/7] PMG TFA support Stoiko Ivanov
2021-11-28 21:17 ` [pmg-devel] applied-series: " Thomas Lamprecht

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211126135524.117846-1-w.bumiller@proxmox.com \
    --to=w.bumiller@proxmox.com \
    --cc=pmg-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal