From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <f.gleumes@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id ACBE99A09F
 for <pmg-devel@lists.proxmox.com>; Tue, 14 Nov 2023 15:14:33 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 956B61CCE0
 for <pmg-devel@lists.proxmox.com>; Tue, 14 Nov 2023 15:14:33 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pmg-devel@lists.proxmox.com>; Tue, 14 Nov 2023 15:14:32 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 5C2EB429FA
 for <pmg-devel@lists.proxmox.com>; Tue, 14 Nov 2023 15:14:32 +0100 (CET)
From: Folke Gleumes <f.gleumes@proxmox.com>
To: pmg-devel@lists.proxmox.com
Date: Tue, 14 Nov 2023 15:13:59 +0100
Message-Id: <20231114141408.228705-1-f.gleumes@proxmox.com>
X-Mailer: git-send-email 2.39.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.019 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [client.rs, proxmox.com, pmgconfig.pm, lib.rs, acme.pm, acme.rs,
 directory.rs, account.rs, eab.rs, error.rs]
Subject: [pmg-devel] [PATCH acme-rs/backup/perl-rs/pmg-api 0/8] add external
 account binding to pmg and pbs
X-BeenThere: pmg-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Mail Gateway development discussion
 <pmg-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pmg-devel>, 
 <mailto:pmg-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pmg-devel/>
List-Post: <mailto:pmg-devel@lists.proxmox.com>
List-Help: <mailto:pmg-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel>, 
 <mailto:pmg-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2023 14:14:33 -0000

Following the implementation for pve [0], this implements external account
binding for pmg and pbs.

For pmg, the tos endpoint was replaced with a meta endpoint, for pbs
this was not necessary, although it might be in the future if the
functionality is introduced in the gui.

Similar to the pve implementation, the cli will ask for eab credentials
if the ca requires it, or optionally if the user provided a custom
directory url.

The patches were tested against pebble with eab and le-staging + pebble
without eab to ensure no regression have taken place.

[0] https://lists.proxmox.com/pipermail/pve-devel/2023-October/059726.html

acme-rs:
Folke Gleumes (2):
  add external account binding
  add meta fields returned by the directory

 src/account.rs   | 28 +++++++++++++++-----
 src/client.rs    |  6 ++++-
 src/directory.rs | 25 ++++++++++++++++--
 src/eab.rs       | 66 ++++++++++++++++++++++++++++++++++++++++++++++++
 src/error.rs     | 10 ++++++++
 src/lib.rs       |  1 +
 6 files changed, 127 insertions(+), 9 deletions(-)
 create mode 100644 src/eab.rs

backup:
Folke Gleumes (2):
  acme: api: add eab options to api
  cli: acme: add possibility to set eab via the cli

 src/acme/client.rs                     |  9 +++-
 src/api2/config/acme.rs                | 35 +++++++++++++--
 src/bin/proxmox_backup_manager/acme.rs | 61 +++++++++++++++++++++-----
 3 files changed, 89 insertions(+), 16 deletions(-)

perl-rs:
Folke Gleumes (1):
  acme: add eab fields for pmg

 pmg-rs/src/acme.rs | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

pmg-api:
Folke Gleumes (3):
  api: acme: add eab parameters
  api: acme: deprecate tos endpoint in favor of new meta endpoint
  cli: acme: expose acme eab options on the cli

 src/PMG/API2/ACME.pm     | 75 ++++++++++++++++++++++++++++++++++++++--
 src/PMG/CLI/pmgconfig.pm | 29 ++++++++++++++--
 2 files changed, 99 insertions(+), 5 deletions(-)
-- 
2.39.2