From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 30A6E7EEF8 for ; Thu, 11 Nov 2021 16:53:30 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 1A3A5EC22 for ; Thu, 11 Nov 2021 16:53:00 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 92E5DEC14 for ; Thu, 11 Nov 2021 16:52:59 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 6525F43422 for ; Thu, 11 Nov 2021 16:52:59 +0100 (CET) Message-ID: <7b20f023-31d9-55fe-90e8-196c908fff2a@proxmox.com> Date: Thu, 11 Nov 2021 16:52:58 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:95.0) Gecko/20100101 Thunderbird/95.0 Content-Language: en-US To: Proxmox VE development discussion , Wolfgang Bumiller References: <20211109112721.130935-1-w.bumiller@proxmox.com> From: Thomas Lamprecht In-Reply-To: <20211109112721.130935-1-w.bumiller@proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.128 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] applied-series: [PATCH multiple 0/9] PBS-like TFA support in PVE X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Nov 2021 15:53:30 -0000 On 09.11.21 12:26, Wolfgang Bumiller wrote: > This is a bigger TFA upgrade for PVE. > > This also contains the code for a new rust repository which will merge > pve-rs and pmg-rs into 1 git repository. > (git clone currently only available internally as my > `proxmox-perl-rs.git` repository) > > Most of the heavy lifting is now performed by the rust library. > Note that the idea is that PVE and PBS can share this code directly, but > for now the to-be-shared part is directly included here and will become > its own crate after the initial PVE integration, as PBS will require a > few changes (since the code originally hardcoded pbs types/paths/files...) > > On the perl side this contains: > > pve-common: > * A small change to the ticket code to url-escape colons in > the ticket data. > We also do this in pbs and since we only had usernames or base64 > encoded tfa data in there this should be fine, and we want to store > JSON data directly there to be compatible with PBS. > pve-cluster: > * Webauthn configuration in datacenter.cfg. > While PBS keeps this in the tfa json file, we already have the U2F > config in datacenter.cfg in PVE, so putting it into datacenter.cfg > seemed more consistent. > proxmox-widget-toolkit: > * This series basically copies PBS' TFA code > pve-manager: > * Update the login code to use the new workflow. > * Add the new TFA panel. > * Change the user TFA button to simply navigate to the new TFA panel > instead of popping up the old window. > pve-access-control: > * Switch to the rust-parse for the tfa config. > * Update the login code to be more in line with PBS. > * Add the TFA API we have in PBS via the rust module. > applied remaining access-control and pve-manager patches of this series, thanks!