[pbs-devel] [PATCH proxmox-backup 10/15] rest server: return UserInformation from ApiAuth::check_auth

Dietmar Maurer dietmar at proxmox.com
Mon Sep 20 09:38:08 CEST 2021


This need impl UserInformation for Arc<CachedUserInfo> which is implemented
with proxmox 0.13.2 (thus the version bump).
---
 Cargo.toml                             |  2 +-
 pbs-api-types/Cargo.toml               |  2 +-
 pbs-client/Cargo.toml                  |  2 +-
 pbs-config/Cargo.toml                  |  2 +-
 pbs-datastore/Cargo.toml               |  2 +-
 pbs-fuse-loop/Cargo.toml               |  2 +-
 pbs-server/Cargo.toml                  |  2 +-
 pbs-server/src/lib.rs                  |  3 ++-
 pbs-systemd/Cargo.toml                 |  2 +-
 pbs-tape/Cargo.toml                    |  2 +-
 pbs-tools/Cargo.toml                   |  2 +-
 proxmox-backup-client/Cargo.toml       |  2 +-
 proxmox-backup-debug/Cargo.toml        |  2 +-
 proxmox-file-restore/Cargo.toml        |  2 +-
 pxar-bin/Cargo.toml                    |  2 +-
 src/bin/proxmox_restore_daemon/auth.rs | 16 ++++++++++++++--
 src/server/auth.rs                     |  9 ++++++---
 src/server/rest.rs                     | 23 +++++++++++++++++------
 18 files changed, 53 insertions(+), 26 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 58abf7c6..f2739b91 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -96,7 +96,7 @@ zstd = { version = "0.6", features = [ "bindgen" ] }
 pathpatterns = "0.1.2"
 pxar = { version = "0.10.1", features = [ "tokio-io" ] }
 
-proxmox = { version = "0.13.0", features = [ "sortable-macro", "api-macro", "cli", "router", "tfa" ] }
+proxmox = { version = "0.13.2", features = [ "sortable-macro", "api-macro", "cli", "router", "tfa" ] }
 proxmox-acme-rs = "0.2.1"
 proxmox-apt = "0.7.0"
 proxmox-http = { version = "0.4.0", features = [ "client", "http-helpers", "websocket" ] }
diff --git a/pbs-api-types/Cargo.toml b/pbs-api-types/Cargo.toml
index 15507328..5a5785fa 100644
--- a/pbs-api-types/Cargo.toml
+++ b/pbs-api-types/Cargo.toml
@@ -14,7 +14,7 @@ openssl = "0.10"
 regex = "1.2"
 serde = { version = "1.0", features = ["derive"] }
 
-proxmox = { version = "0.13.0", default-features = false, features = [ "api-macro" ] }
+proxmox = { version = "0.13.2", default-features = false, features = [ "api-macro" ] }
 
 pbs-systemd = { path = "../pbs-systemd" }
 pbs-tools = { path = "../pbs-tools" }
diff --git a/pbs-client/Cargo.toml b/pbs-client/Cargo.toml
index fb12636f..8ed5fcb6 100644
--- a/pbs-client/Cargo.toml
+++ b/pbs-client/Cargo.toml
@@ -28,7 +28,7 @@ tower-service = "0.3.0"
 xdg = "2.2"
 
 pathpatterns = "0.1.2"
-proxmox = { version = "0.13.0", default-features = false, features = [ "cli" ] }
+proxmox = { version = "0.13.2", default-features = false, features = [ "cli" ] }
 proxmox-fuse = "0.1.1"
 proxmox-http = { version = "0.4.0", features = [ "client", "http-helpers", "websocket" ] }
 pxar = { version = "0.10.1", features = [ "tokio-io" ] }
diff --git a/pbs-config/Cargo.toml b/pbs-config/Cargo.toml
index 7f4258bd..553cbdd5 100644
--- a/pbs-config/Cargo.toml
+++ b/pbs-config/Cargo.toml
@@ -16,7 +16,7 @@ nix = "0.19.1"
 regex = "1.2"
 once_cell = "1.3.1"
 
-proxmox = { version = "0.13.0", default-features = false, features = [ "cli" ] }
+proxmox = { version = "0.13.2", default-features = false, features = [ "cli" ] }
 
 pbs-api-types = { path = "../pbs-api-types" }
 pbs-buildcfg = { path = "../pbs-buildcfg" }
diff --git a/pbs-datastore/Cargo.toml b/pbs-datastore/Cargo.toml
index 32eae0d7..fd54e756 100644
--- a/pbs-datastore/Cargo.toml
+++ b/pbs-datastore/Cargo.toml
@@ -23,7 +23,7 @@ zstd = { version = "0.6", features = [ "bindgen" ] }
 pathpatterns = "0.1.2"
 pxar = "0.10.1"
 
-proxmox = { version = "0.13.0", default-features = false, features = [ "api-macro" ] }
+proxmox = { version = "0.13.2", default-features = false, features = [ "api-macro" ] }
 
 pbs-api-types = { path = "../pbs-api-types" }
 pbs-tools = { path = "../pbs-tools" }
diff --git a/pbs-fuse-loop/Cargo.toml b/pbs-fuse-loop/Cargo.toml
index 5865a463..eaf3fe3f 100644
--- a/pbs-fuse-loop/Cargo.toml
+++ b/pbs-fuse-loop/Cargo.toml
@@ -14,7 +14,7 @@ nix = "0.19.1"
 regex = "1.2"
 tokio = { version = "1.6", features = [] }
 
-proxmox = "0.13.0"
+proxmox = "0.13.2"
 proxmox-fuse = "0.1.1"
 
 pbs-tools = { path = "../pbs-tools" }
diff --git a/pbs-server/Cargo.toml b/pbs-server/Cargo.toml
index 9f76f720..581016c8 100644
--- a/pbs-server/Cargo.toml
+++ b/pbs-server/Cargo.toml
@@ -20,7 +20,7 @@ serde = { version = "1.0", features = [] }
 serde_json = "1.0"
 tokio = { version = "1.6", features = ["signal", "process"] }
 
-proxmox = { version = "0.13.0", features = [ "router"] }
+proxmox = { version = "0.13.2", features = [ "router"] }
 
 # fixme: remove this dependency (pbs_tools::broadcast_future)
 pbs-tools = { path = "../pbs-tools" }
diff --git a/pbs-server/src/lib.rs b/pbs-server/src/lib.rs
index 9107a03f..55a10ca6 100644
--- a/pbs-server/src/lib.rs
+++ b/pbs-server/src/lib.rs
@@ -3,6 +3,7 @@ use std::os::unix::io::RawFd;
 use anyhow::{bail, format_err, Error};
 
 use proxmox::tools::fd::Fd;
+use proxmox::api::UserInformation;
 
 mod compression;
 pub use compression::*;
@@ -41,7 +42,7 @@ pub trait ApiAuth {
         &self,
         headers: &http::HeaderMap,
         method: &hyper::Method,
-    ) -> Result<String, AuthError>;
+    ) -> Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>;
 }
 
 static mut SHUTDOWN_REQUESTED: bool = false;
diff --git a/pbs-systemd/Cargo.toml b/pbs-systemd/Cargo.toml
index fcb60445..82bde2c0 100644
--- a/pbs-systemd/Cargo.toml
+++ b/pbs-systemd/Cargo.toml
@@ -11,6 +11,6 @@ bitflags = "1.2.1"
 lazy_static = "1.4"
 nom = "5.1"
 
-proxmox = { version = "0.13.0", default-features = false }
+proxmox = { version = "0.13.2", default-features = false }
 
 pbs-tools = { path = "../pbs-tools" }
diff --git a/pbs-tape/Cargo.toml b/pbs-tape/Cargo.toml
index 719ef01c..19c75c82 100644
--- a/pbs-tape/Cargo.toml
+++ b/pbs-tape/Cargo.toml
@@ -18,7 +18,7 @@ bitflags = "1.2.1"
 regex = "1.2"
 udev = ">= 0.3, <0.5"
 
-proxmox = { version = "0.13.0", default-features = false, features = [] }
+proxmox = { version = "0.13.2", default-features = false, features = [] }
 
 pbs-api-types = { path = "../pbs-api-types" }
 pbs-tools = { path = "../pbs-tools" }
diff --git a/pbs-tools/Cargo.toml b/pbs-tools/Cargo.toml
index 89c6303c..6d31eb44 100644
--- a/pbs-tools/Cargo.toml
+++ b/pbs-tools/Cargo.toml
@@ -30,7 +30,7 @@ url = "2.1"
 walkdir = "2"
 zstd = { version = "0.6", features = [ "bindgen" ] }
 
-proxmox = { version = "0.13.0", default-features = false, features = [ "tokio" ] }
+proxmox = { version = "0.13.2", default-features = false, features = [ "tokio" ] }
 
 pbs-buildcfg = { path = "../pbs-buildcfg" }
 pbs-runtime = { path = "../pbs-runtime" }
diff --git a/proxmox-backup-client/Cargo.toml b/proxmox-backup-client/Cargo.toml
index b1ecf3e4..cfe0952f 100644
--- a/proxmox-backup-client/Cargo.toml
+++ b/proxmox-backup-client/Cargo.toml
@@ -22,7 +22,7 @@ zstd = { version = "0.6", features = [ "bindgen" ] }
 pathpatterns = "0.1.2"
 pxar = { version = "0.10.1", features = [ "tokio-io" ] }
 
-proxmox = { version = "0.13.0", features = [ "sortable-macro", "api-macro", "cli", "router" ] }
+proxmox = { version = "0.13.2", features = [ "sortable-macro", "api-macro", "cli", "router" ] }
 
 pbs-api-types = { path = "../pbs-api-types" }
 pbs-buildcfg = { path = "../pbs-buildcfg" }
diff --git a/proxmox-backup-debug/Cargo.toml b/proxmox-backup-debug/Cargo.toml
index 7f1f596d..0af375d3 100644
--- a/proxmox-backup-debug/Cargo.toml
+++ b/proxmox-backup-debug/Cargo.toml
@@ -9,7 +9,7 @@ anyhow = "1.0"
 walkdir = "2"
 serde_json = "1.0"
 
-proxmox = { version = "0.13.0", features = [ "api-macro", "cli" ] }
+proxmox = { version = "0.13.2", features = [ "api-macro", "cli" ] }
 
 pbs-config = { path = "../pbs-config" }
 pbs-client = { path = "../pbs-client" }
diff --git a/proxmox-file-restore/Cargo.toml b/proxmox-file-restore/Cargo.toml
index 127397b6..2d0415e4 100644
--- a/proxmox-file-restore/Cargo.toml
+++ b/proxmox-file-restore/Cargo.toml
@@ -16,7 +16,7 @@ tokio = { version = "1.6", features = [ "io-std", "rt", "rt-multi-thread", "time
 
 pxar = { version = "0.10.1", features = [ "tokio-io" ] }
 
-proxmox = { version = "0.13.0", features = [ "api-macro", "cli" ] }
+proxmox = { version = "0.13.2", features = [ "api-macro", "cli" ] }
 
 pbs-api-types = { path = "../pbs-api-types" }
 pbs-buildcfg = { path = "../pbs-buildcfg" }
diff --git a/pxar-bin/Cargo.toml b/pxar-bin/Cargo.toml
index e1a47604..43d63218 100644
--- a/pxar-bin/Cargo.toml
+++ b/pxar-bin/Cargo.toml
@@ -16,7 +16,7 @@ serde_json = "1.0"
 tokio = { version = "1.6", features = [ "rt", "rt-multi-thread" ] }
 
 pathpatterns = "0.1.2"
-proxmox = { version = "0.13.0", default-features = false, features = [] }
+proxmox = { version = "0.13.2", default-features = false, features = [] }
 pxar = { version = "0.10.1", features = [ "tokio-io" ] }
 
 pbs-client = { path = "../pbs-client" }
diff --git a/src/bin/proxmox_restore_daemon/auth.rs b/src/bin/proxmox_restore_daemon/auth.rs
index e24ef160..05e7f9ce 100644
--- a/src/bin/proxmox_restore_daemon/auth.rs
+++ b/src/bin/proxmox_restore_daemon/auth.rs
@@ -4,10 +4,22 @@ use std::io::prelude::*;
 
 use anyhow::{bail, format_err, Error};
 
+use proxmox::api::UserInformation;
+
 use pbs_server::{ApiAuth, AuthError};
 
 const TICKET_FILE: &str = "/ticket";
 
+struct SimpleUserInformation {}
+
+impl UserInformation for SimpleUserInformation {
+    fn is_superuser(&self, userid: &str) -> bool {
+        userid == "root at pam"
+    }
+    fn is_group_member(&self, _userid: &str, _group: &str) -> bool { false }
+    fn lookup_privs(&self, _userid: &str, _path: &[&str]) -> u64 { 0 }
+}
+
 pub struct StaticAuth {
     ticket: String,
 }
@@ -17,10 +29,10 @@ impl ApiAuth for StaticAuth {
         &self,
         headers: &http::HeaderMap,
         _method: &hyper::Method,
-    ) -> Result<String, AuthError> {
+    ) -> Result<(String, Box<dyn UserInformation + Send + Sync>),  AuthError> {
         match headers.get(hyper::header::AUTHORIZATION) {
             Some(header) if header.to_str().unwrap_or("") == &self.ticket => {
-                Ok(String::from("root at pam"))
+                Ok((String::from("root at pam"), Box::new(SimpleUserInformation {})))
             }
             _ => {
                 return Err(AuthError::Generic(format_err!(
diff --git a/src/server/auth.rs b/src/server/auth.rs
index d7fbf511..e67b9d9d 100644
--- a/src/server/auth.rs
+++ b/src/server/auth.rs
@@ -3,6 +3,8 @@ use anyhow::format_err;
 
 use std::sync::Arc;
 
+use proxmox::api::UserInformation;
+
 use pbs_tools::ticket::{self, Ticket};
 use pbs_config::{token_shadow, CachedUserInfo};
 use pbs_api_types::{Authid, Userid};
@@ -56,11 +58,12 @@ impl UserApiAuth {
 }
 
 impl ApiAuth for UserApiAuth {
+
     fn check_auth(
         &self,
         headers: &http::HeaderMap,
         method: &hyper::Method,
-    ) -> Result<String, AuthError> {
+    ) -> Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError> {
 
         let user_info = CachedUserInfo::new()?;
 
@@ -93,7 +96,7 @@ impl ApiAuth for UserApiAuth {
                     }
                 }
 
-                Ok(auth_id.to_string())
+                Ok((auth_id.to_string(), Box::new(user_info)))
             }
             Some(AuthData::ApiToken(api_token)) => {
                 let mut parts = api_token.splitn(2, ':');
@@ -115,7 +118,7 @@ impl ApiAuth for UserApiAuth {
 
                 token_shadow::verify_secret(&tokenid, &tokensecret)?;
 
-                Ok(tokenid.to_string())
+                Ok((tokenid.to_string(), Box::new(user_info)))
             }
             None => Err(AuthError::NoData),
         }
diff --git a/src/server/rest.rs b/src/server/rest.rs
index 659179c7..fab9705c 100644
--- a/src/server/rest.rs
+++ b/src/server/rest.rs
@@ -26,7 +26,7 @@ use proxmox::api::schema::{
 };
 use proxmox::api::{
     check_api_permission, ApiHandler, ApiMethod, HttpError, Permission, RpcEnvironment,
-    RpcEnvironmentType,
+    RpcEnvironmentType, UserInformation,
 };
 use proxmox::http_err;
 use proxmox::tools::fs::CreateOptions;
@@ -40,12 +40,18 @@ use pbs_server::{
 };
 use pbs_server::formatter::*;
 
-use pbs_config::CachedUserInfo;
-
 extern "C" {
     fn tzset();
 }
 
+struct EmptyUserInformation {}
+
+impl UserInformation for EmptyUserInformation {
+    fn is_superuser(&self, _userid: &str) -> bool { false }
+    fn is_group_member(&self, _userid: &str, _group: &str) -> bool { false }
+    fn lookup_privs(&self, _userid: &str, _path: &[&str]) -> u64 { 0 }
+}
+
 pub struct RestServer {
     pub api_config: Arc<ApiConfig>,
 }
@@ -652,9 +658,14 @@ async fn handle_request(
                 }
             }
 
+            let mut user_info: Box<dyn UserInformation + Send + Sync> = Box::new(EmptyUserInformation {});
+
             if auth_required {
                 match auth.check_auth(&parts.headers, &method) {
-                    Ok(authid) => rpcenv.set_auth_id(Some(authid)),
+                    Ok((authid, info)) => {
+                        rpcenv.set_auth_id(Some(authid));
+                        user_info = info;
+                    }
                     Err(auth_err) => {
                         let err = match auth_err {
                             AuthError::Generic(err) => err,
@@ -683,7 +694,7 @@ async fn handle_request(
                 }
                 Some(api_method) => {
                     let auth_id = rpcenv.get_auth_id();
-                    let user_info = CachedUserInfo::new()?;
+                    let user_info = user_info;
 
                     if !check_api_permission(
                         api_method.access.permission,
@@ -727,7 +738,7 @@ async fn handle_request(
         if comp_len == 0 {
             let language = extract_lang_header(&parts.headers);
             match auth.check_auth(&parts.headers, &method) {
-                Ok(auth_id) => {
+                Ok((auth_id, _user_info)) => {
                     return Ok(api.get_index(Some(auth_id), language, parts));
                 }
                 Err(AuthError::Generic(_)) => {
-- 
2.30.2






More information about the pbs-devel mailing list