From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id A91F97D714 for ; Tue, 9 Nov 2021 12:27:53 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 87603AF38 for ; Tue, 9 Nov 2021 12:27:23 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id ED966AF25 for ; Tue, 9 Nov 2021 12:27:22 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id BE4D842CF2 for ; Tue, 9 Nov 2021 12:27:22 +0100 (CET) From: Wolfgang Bumiller To: pve-devel@lists.proxmox.com Date: Tue, 9 Nov 2021 12:26:49 +0100 Message-Id: <20211109112721.130935-1-w.bumiller@proxmox.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.570 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH multiple 0/9] PBS-like TFA support in PVE X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Nov 2021 11:27:53 -0000 This is a bigger TFA upgrade for PVE. This also contains the code for a new rust repository which will merge pve-rs and pmg-rs into 1 git repository. (git clone currently only available internally as my `proxmox-perl-rs.git` repository) Most of the heavy lifting is now performed by the rust library. Note that the idea is that PVE and PBS can share this code directly, but for now the to-be-shared part is directly included here and will become its own crate after the initial PVE integration, as PBS will require a few changes (since the code originally hardcoded pbs types/paths/files...) On the perl side this contains: pve-common: * A small change to the ticket code to url-escape colons in the ticket data. We also do this in pbs and since we only had usernames or base64 encoded tfa data in there this should be fine, and we want to store JSON data directly there to be compatible with PBS. pve-cluster: * Webauthn configuration in datacenter.cfg. While PBS keeps this in the tfa json file, we already have the U2F config in datacenter.cfg in PVE, so putting it into datacenter.cfg seemed more consistent. proxmox-widget-toolkit: * This series basically copies PBS' TFA code pve-manager: * Update the login code to use the new workflow. * Add the new TFA panel. * Change the user TFA button to simply navigate to the new TFA panel instead of popping up the old window. pve-access-control: * Switch to the rust-parse for the tfa config. * Update the login code to be more in line with PBS. * Add the TFA API we have in PBS via the rust module. @Thomas: This still contains a fixme about verifying the pve-access-control versions within the cluster...