[pve-devel] applied-series: [PATCH multiple 0/9] PBS-like TFA support in PVE

[Thomas Lamprecht]

On 09.11.21 12:26, Wolfgang Bumiller wrote:
> This is a bigger TFA upgrade for PVE.
> 
> This also contains the code for a new rust repository which will merge
> pve-rs and pmg-rs into 1 git repository.
> (git clone currently only available internally as my
> `proxmox-perl-rs.git` repository)
> 
> Most of the heavy lifting is now performed by the rust library.
> Note that the idea is that PVE and PBS can share this code directly, but
> for now the to-be-shared part is directly included here and will become
> its own crate after the initial PVE integration, as PBS will require a
> few changes (since the code originally hardcoded pbs types/paths/files...)
> 
> On the perl side this contains:
> 
> pve-common:
>   * A small change to the ticket code to url-escape colons in
>     the ticket data.
>     We also do this in pbs and since we only had usernames or base64
>     encoded tfa data in there this should be fine, and we want to store
>     JSON data directly there to be compatible with PBS.
> pve-cluster:
>   * Webauthn configuration in datacenter.cfg.
>     While PBS keeps this in the tfa json file, we already have the U2F
>     config in datacenter.cfg in PVE, so putting it into datacenter.cfg
>     seemed more consistent.
> proxmox-widget-toolkit:
>   * This series basically copies PBS' TFA code
> pve-manager:
>   * Update the login code to use the new workflow.
>   * Add the new TFA panel.
>   * Change the user TFA button to simply navigate to the new TFA panel
>     instead of popping up the old window.
> pve-access-control:
>   * Switch to the rust-parse for the tfa config.
>   * Update the login code to be more in line with PBS.
>   * Add the TFA API we have in PBS via the rust module.
> 

applied remaining access-control and pve-manager patches of this series, thanks!