From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [pmg-devel] [PATCH multiple 0/7] PMG TFA support
Date: Fri, 26 Nov 2021 14:55:04 +0100 [thread overview]
Message-ID: <20211126135524.117846-1-w.bumiller@proxmox.com> (raw)
This touches multiple repos as it required some more ground-work on the
rust side:
1) proxmox-tfa
Aside from fixups and maintenance, patch 4 is the important one:
The `origin` in the webauthn configuration is now *optional*.
Note that the origin is generally required for webauthn, however, we
also have clusters where the origin shouldn't be pinned cluster-wide.
This does not really affect PVE as there we store the webauthn
configuration separately and apply it only when it is used, but in
PBS it's kept directly in tfa.json, and PMG for now does this too,
although we *could* move it to pmg.conf or some other synced file if
we wanted?
That would in theory remove the need for this, but I think this is
actually a more appropriate API anyway, since the two other parts of
the config stay the same across a cluster, and the origin can simply
be provided as an overriding parameter to the methods which actually
make use of it.
2) proxmox-perl-rs
pmg-rs is now moved into here, also, this contains fixups for the
proxmox-tfa-crate-using pve-side.
Since the newly introduced parameters are at the end and optional,
and perlmod 0.9 supports trailing Option<> parameters as actual
*optional* parameters, this may in theory even be API compatible with
PVE, so hopefully no `Breaks` on old pve-access-control is required,
but we'll see.
3) pmg-api
Same login & TFA api updates as in PVE. The config API path is
different, but that's not shared code anyway ;-)
API2/TFA.pm is very similar to PVE, I think I got the method schemas
wright, but I'm not used to the permissions system in PMG so please
double-check this.
The actual changes to the login code path is much shorter than in PVE
since we did not actually have TFA support in there yet.
4) pmg-gui
For now this only adds TFA login and the `TfaView` from WTK. The
config (which in this case only means webauthn settings) part isn't
there yet.
next reply other threads:[~2021-11-26 13:56 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-26 13:55 Wolfgang Bumiller [this message]
2021-11-26 13:55 ` [pmg-devel] [PATCH api 1/6] add tfa.json and its lock methods Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH api 2/6] add PMG::TFAConfig module Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH api 3/6] add TFA API Wolfgang Bumiller
2021-11-26 17:29 ` Stoiko Ivanov
2021-11-26 13:55 ` [pmg-devel] [PATCH api 4/6] add tfa config api Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH api 5/6] implement tfa authentication Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH api 6/6] provide qrcode.min.js from libjs-qrcodejs Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH gui] add TFA components Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 1/7] pve: bump perlmod to 0.9 Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 2/7] pve: update to proxmox-tfa 2.0 Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 3/7] pve: bump d/control Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 4/7] import pmg-rs Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 5/7] pmg: bump perlmod to 0.9 Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 6/7] pmg: add tfa module Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 7/7] pmg: bump d/control Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 1/6] tfa: fix typo in docs Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 2/6] tfa: add WebauthnConfig::digest method Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 3/6] tfa: let OriginUrl deref to its inner Url, add FromStr impl Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 4/6] tfa: make configured webauthn origin optional Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 5/6] tfa: clippy fixes Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 6/6] bump proxmox-tfa to 2.0.0-1 Wolfgang Bumiller
2021-11-26 17:34 ` [pmg-devel] [PATCH multiple 0/7] PMG TFA support Stoiko Ivanov
2021-11-28 21:17 ` [pmg-devel] applied-series: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211126135524.117846-1-w.bumiller@proxmox.com \
--to=w.bumiller@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox