From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id EC52581EF0 for ; Fri, 26 Nov 2021 14:55:47 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id E4B0219309 for ; Fri, 26 Nov 2021 14:55:47 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id B92AD191EA for ; Fri, 26 Nov 2021 14:55:40 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 95D4C46AB4 for ; Fri, 26 Nov 2021 14:55:40 +0100 (CET) From: Wolfgang Bumiller To: pmg-devel@lists.proxmox.com Date: Fri, 26 Nov 2021 14:55:13 +0100 Message-Id: <20211126135524.117846-10-w.bumiller@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20211126135524.117846-1-w.bumiller@proxmox.com> References: <20211126135524.117846-1-w.bumiller@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.044 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_NUMSUBJECT 0.5 Subject ends in numbers excluding current years POISEN_SPAM_PILL 0.1 Meta: its spam POISEN_SPAM_PILL_2 0.1 random spam to be learned in bayes POISEN_SPAM_PILL_4 0.1 random spam to be learned in bayes SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [tfa.rs] Subject: [pmg-devel] [PATCH perl-rs 2/7] pve: update to proxmox-tfa 2.0 X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Nov 2021 13:55:48 -0000 Signed-off-by: Wolfgang Bumiller --- pve-rs/Cargo.toml | 3 ++- pve-rs/debian/control | 4 ++-- pve-rs/src/tfa.rs | 24 +++++++++++++++++++----- 3 files changed, 23 insertions(+), 8 deletions(-) diff --git a/pve-rs/Cargo.toml b/pve-rs/Cargo.toml index f7cbd8a..74f45e3 100644 --- a/pve-rs/Cargo.toml +++ b/pve-rs/Cargo.toml @@ -25,9 +25,10 @@ openssl = "0.10" serde = "1.0" serde_bytes = "0.11" serde_json = "1.0" +url = "2" perlmod = { version = "0.9", features = [ "exporter" ] } proxmox-apt = "0.8" proxmox-openid = "0.9" -proxmox-tfa = { version = "1.3.2", features = ["api"] } +proxmox-tfa = { version = "2", features = ["api"] } diff --git a/pve-rs/debian/control b/pve-rs/debian/control index 4988e33..62ab4cb 100644 --- a/pve-rs/debian/control +++ b/pve-rs/debian/control @@ -17,8 +17,8 @@ Build-Depends: debhelper (>= 12), librust-perlmod-0.8+exporter-dev (>= 0.8.1-~~), librust-proxmox-apt-0.8+default-dev, librust-proxmox-openid-0.9+default-dev, - librust-proxmox-tfa-1+api-dev (>= 1.3-~~), - librust-proxmox-tfa-1+default-dev (>= 1.3-~~), + librust-proxmox-tfa-2+api-dev, + librust-proxmox-tfa-2+default-dev, librust-serde-1+default-dev, librust-serde-bytes-0.11+default-dev, librust-serde-json-1+default-dev, diff --git a/pve-rs/src/tfa.rs b/pve-rs/src/tfa.rs index ecc5eb0..cc53118 100644 --- a/pve-rs/src/tfa.rs +++ b/pve-rs/src/tfa.rs @@ -31,6 +31,7 @@ mod export { use anyhow::{bail, format_err, Error}; use serde_bytes::ByteBuf; + use url::Url; use perlmod::Value; use proxmox_tfa::api::methods; @@ -243,10 +244,15 @@ mod export { #[raw] raw_this: Value, //#[try_from_ref] this: &Tfa, userid: &str, + origin: Option, ) -> Result, Error> { let this: &Tfa = (&raw_this).try_into()?; let mut inner = this.inner.lock().unwrap(); - match inner.authentication_challenge(UserAccess::new(&raw_this)?, userid)? { + match inner.authentication_challenge( + UserAccess::new(&raw_this)?, + userid, + origin.as_ref(), + )? { Some(challenge) => Ok(Some(serde_json::to_string(&challenge)?)), None => Ok(None), } @@ -278,13 +284,20 @@ mod export { userid: &str, challenge: &str, //super::TfaChallenge, response: &str, + origin: Option, ) -> Result { let this: &Tfa = (&raw_this).try_into()?; let challenge: super::TfaChallenge = serde_json::from_str(challenge)?; let response: super::TfaResponse = response.parse()?; let mut inner = this.inner.lock().unwrap(); inner - .verify(UserAccess::new(&raw_this)?, userid, &challenge, response) + .verify( + UserAccess::new(&raw_this)?, + userid, + &challenge, + response, + origin.as_ref(), + ) .map(|save| save.needs_saving()) } @@ -342,6 +355,7 @@ mod export { value: Option, challenge: Option, ty: methods::TfaType, + origin: Option, ) -> Result { let this: &Tfa = (&raw_this).try_into()?; methods::add_tfa_entry( @@ -353,6 +367,7 @@ mod export { value, challenge, ty, + origin.as_ref(), ) } @@ -864,11 +879,10 @@ impl proxmox_tfa::api::OpenUserChallengeData for UserAccess { Err(err) => { eprintln!( "failed to parse challenge data for user {}: {}", - userid, - err + userid, err ); Default::default() - }, + } } }; -- 2.30.2