From 2121174827b3d55a08a269c27878caa52633d3c8 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Thu, 2 Sep 2021 12:47:11 +0200 Subject: [PATCH] start new pbs-config workspace moved src/config/domains.rs --- Cargo.toml | 2 + Makefile | 1 + pbs-api-types/src/lib.rs | 6 ++ pbs-config/Cargo.toml | 20 ++++++ {src/config => pbs-config/src}/domains.rs | 6 +- pbs-config/src/lib.rs | 83 +++++++++++++++++++++++ src/api2/access/acl.rs | 2 +- src/api2/access/domain.rs | 5 +- src/api2/access/openid.rs | 8 +-- src/api2/access/user.rs | 2 +- src/api2/config/access/openid.rs | 2 +- src/api2/config/datastore.rs | 4 +- src/api2/config/remote.rs | 2 +- src/api2/config/sync.rs | 2 +- src/api2/config/tape_backup_job.rs | 2 +- src/api2/config/tape_encryption_keys.rs | 2 +- src/api2/config/verify.rs | 2 +- src/api2/node/disks/directory.rs | 2 +- src/api2/node/network.rs | 2 +- src/api2/types/mod.rs | 6 -- src/auth_helpers.rs | 4 +- src/backup/datastore.rs | 4 +- src/backup/mod.rs | 83 ----------------------- src/bin/proxmox-backup-proxy.rs | 4 +- src/bin/proxmox_backup_manager/openid.rs | 12 ++-- src/bin/sg-tape-cmd.rs | 4 +- src/config/acl.rs | 2 +- src/config/acme/plugin.rs | 6 +- src/config/datastore.rs | 5 +- src/config/drive.rs | 5 +- src/config/media_pool.rs | 5 +- src/config/mod.rs | 9 ++- src/config/node.rs | 4 +- src/config/remote.rs | 2 +- src/config/sync.rs | 2 +- src/config/tape_encryption_keys.rs | 6 +- src/config/tape_job.rs | 2 +- src/config/tfa.rs | 2 +- src/config/token_shadow.rs | 4 +- src/config/user.rs | 2 +- src/config/verify.rs | 2 +- src/rrd/cache.rs | 2 +- src/rrd/rrd.rs | 2 +- src/server/command_socket.rs | 2 +- src/server/config.rs | 2 +- src/server/jobstate.rs | 6 +- src/server/mod.rs | 2 +- src/server/worker_task.rs | 8 +-- src/tape/changer/mod.rs | 2 +- src/tape/drive/mod.rs | 4 +- src/tape/inventory.rs | 4 +- src/tape/media_catalog.rs | 6 +- src/tape/media_catalog_cache.rs | 2 +- src/tape/media_pool.rs | 2 +- src/tape/mod.rs | 8 +-- src/tools/file_logger.rs | 2 +- src/tools/memcom.rs | 2 +- src/tools/subscription.rs | 2 +- 58 files changed, 207 insertions(+), 181 deletions(-) create mode 100644 pbs-config/Cargo.toml rename {src/config => pbs-config/src}/domains.rs (95%) create mode 100644 pbs-config/src/lib.rs diff --git a/Cargo.toml b/Cargo.toml index 6352be3c..9dc5de2e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -22,6 +22,7 @@ exclude = [ "build", "debian", "tests/catar_data/test_symlink/symlink1"] members = [ "pbs-buildcfg", "pbs-client", + "pbs-config", "pbs-datastore", "pbs-fuse-loop", "pbs-runtime", @@ -102,6 +103,7 @@ proxmox-openid = "0.7.0" pbs-api-types = { path = "pbs-api-types" } pbs-buildcfg = { path = "pbs-buildcfg" } pbs-client = { path = "pbs-client" } +pbs-config = { path = "pbs-config" } pbs-datastore = { path = "pbs-datastore" } pbs-runtime = { path = "pbs-runtime" } pbs-systemd = { path = "pbs-systemd" } diff --git a/Makefile b/Makefile index 40a80493..08eccd56 100644 --- a/Makefile +++ b/Makefile @@ -35,6 +35,7 @@ SUBCRATES := \ pbs-api-types \ pbs-buildcfg \ pbs-client \ + pbs-config \ pbs-datastore \ pbs-fuse-loop \ pbs-runtime \ diff --git a/pbs-api-types/src/lib.rs b/pbs-api-types/src/lib.rs index 14c8cd35..aa0dd9a1 100644 --- a/pbs-api-types/src/lib.rs +++ b/pbs-api-types/src/lib.rs @@ -152,6 +152,12 @@ pub const DATASTORE_SCHEMA: Schema = StringSchema::new("Datastore name.") .max_length(32) .schema(); +pub const REALM_ID_SCHEMA: Schema = StringSchema::new("Realm name.") + .format(&PROXMOX_SAFE_ID_FORMAT) + .min_length(2) + .max_length(32) + .schema(); + pub const FINGERPRINT_SHA256_FORMAT: ApiStringFormat = ApiStringFormat::Pattern(&FINGERPRINT_SHA256_REGEX); diff --git a/pbs-config/Cargo.toml b/pbs-config/Cargo.toml new file mode 100644 index 00000000..cceb6cc4 --- /dev/null +++ b/pbs-config/Cargo.toml @@ -0,0 +1,20 @@ +[package] +name = "pbs-config" +version = "0.1.0" +authors = ["Proxmox Support Team "] +edition = "2018" +description = "Configuration file management for PBS" + +[dependencies] +anyhow = "1.0" +lazy_static = "1.4" +serde = { version = "1.0", features = ["derive"] } +openssl = "0.10" +nix = "0.19.1" + + +proxmox = { version = "0.13.0", default-features = false, features = [ "cli" ] } + +pbs-api-types = { path = "../pbs-api-types" } +pbs-buildcfg = { path = "../pbs-buildcfg" } +pbs-tools = { path = "../pbs-tools" } diff --git a/src/config/domains.rs b/pbs-config/src/domains.rs similarity index 95% rename from src/config/domains.rs rename to pbs-config/src/domains.rs index 387baeb5..6119cea7 100644 --- a/src/config/domains.rs +++ b/pbs-config/src/domains.rs @@ -13,8 +13,8 @@ use proxmox::api::{ } }; -use crate::api2::types::*; -use crate::backup::{open_backup_lockfile, BackupLockGuard}; +use pbs_api_types::{REALM_ID_SCHEMA, SINGLE_LINE_COMMENT_SCHEMA}; +use crate::{open_backup_lockfile, replace_backup_config, BackupLockGuard}; lazy_static! { pub static ref CONFIG: SectionConfig = init(); @@ -115,7 +115,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> { pub fn save_config(config: &SectionConfigData) -> Result<(), Error> { let raw = CONFIG.write(DOMAINS_CFG_FILENAME, &config)?; - crate::backup::replace_backup_config(DOMAINS_CFG_FILENAME, raw.as_bytes()) + replace_backup_config(DOMAINS_CFG_FILENAME, raw.as_bytes()) } // shell completion helper diff --git a/pbs-config/src/lib.rs b/pbs-config/src/lib.rs new file mode 100644 index 00000000..03aa6525 --- /dev/null +++ b/pbs-config/src/lib.rs @@ -0,0 +1,83 @@ +pub mod domains; + +use anyhow::{format_err, Error}; + +pub use pbs_buildcfg::{BACKUP_USER_NAME, BACKUP_GROUP_NAME}; + +/// Return User info for the 'backup' user (``getpwnam_r(3)``) +pub fn backup_user() -> Result { + pbs_tools::sys::query_user(BACKUP_USER_NAME)? + .ok_or_else(|| format_err!("Unable to lookup '{}' user.", BACKUP_USER_NAME)) +} + +/// Return Group info for the 'backup' group (``getgrnam(3)``) +pub fn backup_group() -> Result { + pbs_tools::sys::query_group(BACKUP_GROUP_NAME)? + .ok_or_else(|| format_err!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME)) +} +pub struct BackupLockGuard(std::fs::File); + +/// Open or create a lock file owned by user "backup" and lock it. +/// +/// Owner/Group of the file is set to backup/backup. +/// File mode is 0660. +/// Default timeout is 10 seconds. +/// +/// Note: This method needs to be called by user "root" or "backup". +pub fn open_backup_lockfile>( + path: P, + timeout: Option, + exclusive: bool, +) -> Result { + let user = backup_user()?; + let options = proxmox::tools::fs::CreateOptions::new() + .perm(nix::sys::stat::Mode::from_bits_truncate(0o660)) + .owner(user.uid) + .group(user.gid); + + let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0)); + + let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?; + Ok(BackupLockGuard(file)) +} + +/// Atomically write data to file owned by "root:backup" with permission "0640" +/// +/// Only the superuser can write those files, but group 'backup' can read them. +pub fn replace_backup_config>( + path: P, + data: &[u8], +) -> Result<(), Error> { + let backup_user = backup_user()?; + let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640); + // set the correct owner/group/permissions while saving file + // owner(rw) = root, group(r)= backup + let options = proxmox::tools::fs::CreateOptions::new() + .perm(mode) + .owner(nix::unistd::ROOT) + .group(backup_user.gid); + + proxmox::tools::fs::replace_file(path, data, options)?; + + Ok(()) +} + +/// Atomically write data to file owned by "root:root" with permission "0600" +/// +/// Only the superuser can read and write those files. +pub fn replace_secret_config>( + path: P, + data: &[u8], +) -> Result<(), Error> { + let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600); + // set the correct owner/group/permissions while saving file + // owner(rw) = root, group(r)= root + let options = proxmox::tools::fs::CreateOptions::new() + .perm(mode) + .owner(nix::unistd::ROOT) + .group(nix::unistd::Gid::from_raw(0)); + + proxmox::tools::fs::replace_file(path, data, options)?; + + Ok(()) +} diff --git a/src/api2/access/acl.rs b/src/api2/access/acl.rs index 88a2667c..296d29a3 100644 --- a/src/api2/access/acl.rs +++ b/src/api2/access/acl.rs @@ -8,7 +8,7 @@ use crate::api2::types::*; use crate::config::acl; use crate::config::acl::{Role, PRIV_SYS_AUDIT, PRIV_PERMISSIONS_MODIFY}; use crate::config::cached_user_info::CachedUserInfo; -use crate::backup::open_backup_lockfile; +use pbs_config::open_backup_lockfile; fn extract_acl_node_data( node: &acl::AclTreeNode, diff --git a/src/api2/access/domain.rs b/src/api2/access/domain.rs index afa69269..aeff387f 100644 --- a/src/api2/access/domain.rs +++ b/src/api2/access/domain.rs @@ -7,8 +7,7 @@ use serde_json::{json, Value}; use proxmox::api::{api, Permission, Router, RpcEnvironment}; -use crate::config; -use crate::api2::types::*; +use pbs_api_types::{REALM_ID_SCHEMA, SINGLE_LINE_COMMENT_SCHEMA}; #[api] #[derive(Deserialize, Serialize, PartialEq, Eq)] @@ -81,7 +80,7 @@ fn list_domains(mut rpcenv: &mut dyn RpcEnvironment) -> Result Result { - let (domains, _digest) = crate::config::domains::config()?; + let (domains, _digest) = pbs_config::domains::config()?; let config: OpenIdRealmConfig = domains.lookup("openid", &realm)?; let open_id = openid_authenticator(&config, &redirect_url)?; diff --git a/src/api2/access/user.rs b/src/api2/access/user.rs index c8647b30..bb934093 100644 --- a/src/api2/access/user.rs +++ b/src/api2/access/user.rs @@ -18,7 +18,7 @@ use crate::config::user; use crate::config::token_shadow; use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_PERMISSIONS_MODIFY}; use crate::config::cached_user_info::CachedUserInfo; -use crate::backup::open_backup_lockfile; +use pbs_config::open_backup_lockfile; pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.") .format(&PASSWORD_FORMAT) diff --git a/src/api2/config/access/openid.rs b/src/api2/config/access/openid.rs index 7a9bf384..0dcebd1a 100644 --- a/src/api2/config/access/openid.rs +++ b/src/api2/config/access/openid.rs @@ -6,7 +6,7 @@ use ::serde::{Deserialize, Serialize}; use proxmox::api::{api, Permission, Router, RpcEnvironment}; -use crate::config::domains::{self, OpenIdRealmConfig, OpenIdRealmConfigUpdater}; +use pbs_config::domains::{self, OpenIdRealmConfig, OpenIdRealmConfigUpdater}; use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_REALM_ALLOCATE}; use crate::api2::types::*; diff --git a/src/api2/config/datastore.rs b/src/api2/config/datastore.rs index 5450087c..0dbb7fec 100644 --- a/src/api2/config/datastore.rs +++ b/src/api2/config/datastore.rs @@ -10,6 +10,7 @@ use proxmox::api::schema::{ApiType, parse_property_string}; use pbs_datastore::chunk_store::ChunkStore; use pbs_datastore::task::TaskState; +use pbs_config::BackupLockGuard; use crate::api2::config::sync::delete_sync_job; use crate::api2::config::verify::delete_verification_job; @@ -19,7 +20,6 @@ use crate::api2::admin::{ verify::list_verification_jobs, }; use crate::api2::types::*; -use crate::backup::BackupLockGuard; use crate::config::cached_user_info::CachedUserInfo; use crate::config::datastore::{self, DataStoreConfig, DataStoreConfigUpdater}; use crate::config::acl::{PRIV_DATASTORE_ALLOCATE, PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_MODIFY}; @@ -68,7 +68,7 @@ pub(crate) fn do_create_datastore( ) -> Result<(), Error> { let path: PathBuf = datastore.path.clone().into(); - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let _store = ChunkStore::create(&datastore.name, path, backup_user.uid, backup_user.gid, worker)?; config.set_data(&datastore.name, "datastore", &datastore)?; diff --git a/src/api2/config/remote.rs b/src/api2/config/remote.rs index 60ddd5bf..f474e5f2 100644 --- a/src/api2/config/remote.rs +++ b/src/api2/config/remote.rs @@ -11,7 +11,7 @@ use crate::api2::types::*; use crate::config::cached_user_info::CachedUserInfo; use crate::config::remote; use crate::config::acl::{PRIV_REMOTE_AUDIT, PRIV_REMOTE_MODIFY}; -use crate::backup::open_backup_lockfile; +use pbs_config::open_backup_lockfile; #[api( input: { diff --git a/src/api2/config/sync.rs b/src/api2/config/sync.rs index bc7b9f24..18647b95 100644 --- a/src/api2/config/sync.rs +++ b/src/api2/config/sync.rs @@ -17,7 +17,7 @@ use crate::config::acl::{ use crate::config::cached_user_info::CachedUserInfo; use crate::config::sync::{self, SyncJobConfig}; -use crate::backup::open_backup_lockfile; +use pbs_config::open_backup_lockfile; pub fn check_sync_job_read_access( user_info: &CachedUserInfo, diff --git a/src/api2/config/tape_backup_job.rs b/src/api2/config/tape_backup_job.rs index 02fa6f7d..728d68ba 100644 --- a/src/api2/config/tape_backup_job.rs +++ b/src/api2/config/tape_backup_job.rs @@ -3,6 +3,7 @@ use serde_json::Value; use ::serde::{Deserialize, Serialize}; use proxmox::api::{api, Router, RpcEnvironment, Permission}; +use pbs_config::open_backup_lockfile; use crate::{ api2::types::{ @@ -16,7 +17,6 @@ use crate::{ MEDIA_POOL_NAME_SCHEMA, SYNC_SCHEDULE_SCHEMA, }, - backup::open_backup_lockfile, config::{ self, cached_user_info::CachedUserInfo, diff --git a/src/api2/config/tape_encryption_keys.rs b/src/api2/config/tape_encryption_keys.rs index 3eff7d19..7204712b 100644 --- a/src/api2/config/tape_encryption_keys.rs +++ b/src/api2/config/tape_encryption_keys.rs @@ -14,6 +14,7 @@ use proxmox::{ use pbs_api_types::Fingerprint; use pbs_datastore::{KeyInfo, Kdf}; use pbs_datastore::key_derivation::KeyConfig; +use pbs_config::open_backup_lockfile; use crate::{ config::{ @@ -35,7 +36,6 @@ use crate::{ PROXMOX_CONFIG_DIGEST_SCHEMA, PASSWORD_HINT_SCHEMA, }, - backup::open_backup_lockfile, }; #[api( diff --git a/src/api2/config/verify.rs b/src/api2/config/verify.rs index 1a613327..dc54db10 100644 --- a/src/api2/config/verify.rs +++ b/src/api2/config/verify.rs @@ -13,7 +13,7 @@ use crate::config::acl::{ use crate::config::cached_user_info::CachedUserInfo; use crate::config::verify::{self, VerificationJobConfig}; -use crate::backup::open_backup_lockfile; +use pbs_config::open_backup_lockfile; #[api( input: { diff --git a/src/api2/node/disks/directory.rs b/src/api2/node/disks/directory.rs index ff476aa3..d415023b 100644 --- a/src/api2/node/disks/directory.rs +++ b/src/api2/node/disks/directory.rs @@ -17,7 +17,7 @@ use crate::server::WorkerTask; use crate::api2::types::*; use crate::config::datastore::{self, DataStoreConfig}; -use crate::backup::open_backup_lockfile; +use pbs_config::open_backup_lockfile; #[api( properties: { diff --git a/src/api2/node/network.rs b/src/api2/node/network.rs index ebe83ef3..fd581170 100644 --- a/src/api2/node/network.rs +++ b/src/api2/node/network.rs @@ -9,7 +9,7 @@ use crate::config::network::{self, NetworkConfig}; use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_SYS_MODIFY}; use crate::api2::types::*; use crate::server::{WorkerTask}; -use crate::backup::open_backup_lockfile; +use pbs_config::open_backup_lockfile; fn split_interface_list(list: &str) -> Result, Error> { let value = parse_property_string(&list, &NETWORK_INTERFACE_ARRAY_SCHEMA)?; diff --git a/src/api2/types/mod.rs b/src/api2/types/mod.rs index bae9ded1..8632eac4 100644 --- a/src/api2/types/mod.rs +++ b/src/api2/types/mod.rs @@ -331,12 +331,6 @@ pub const BLOCKDEVICE_NAME_SCHEMA: Schema = StringSchema::new("Block device name .max_length(64) .schema(); -pub const REALM_ID_SCHEMA: Schema = StringSchema::new("Realm name.") - .format(&PROXMOX_SAFE_ID_FORMAT) - .min_length(2) - .max_length(32) - .schema(); - // Complex type definitions #[api( diff --git a/src/auth_helpers.rs b/src/auth_helpers.rs index 15e782a5..890816ac 100644 --- a/src/auth_helpers.rs +++ b/src/auth_helpers.rs @@ -95,7 +95,7 @@ pub fn generate_csrf_key() -> Result<(), Error> { use nix::sys::stat::Mode; - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; replace_file( &path, @@ -129,7 +129,7 @@ pub fn generate_auth_key() -> Result<(), Error> { let public_pem = rsa.public_key_to_pem()?; - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; replace_file( &public_path, diff --git a/src/backup/datastore.rs b/src/backup/datastore.rs index 848459e8..7986c328 100644 --- a/src/backup/datastore.rs +++ b/src/backup/datastore.rs @@ -31,7 +31,7 @@ use pbs_tools::fs::{lock_dir_noblock, DirLockGuard}; use crate::config::datastore::{self, DataStoreConfig}; use crate::tools; -use crate::backup::{open_backup_lockfile, BackupLockGuard}; +use pbs_config::{open_backup_lockfile, BackupLockGuard}; lazy_static! { @@ -700,7 +700,7 @@ impl DataStore { let mut path = self.base_path(); path.push(".gc-status"); - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644); // set the correct owner/group/permissions while saving file // owner(rw) = backup, group(r)= backup diff --git a/src/backup/mod.rs b/src/backup/mod.rs index 46f1bb1b..8c2780b5 100644 --- a/src/backup/mod.rs +++ b/src/backup/mod.rs @@ -1,24 +1,8 @@ //! Server/client-specific parts for what's otherwise in pbs-datastore. -use anyhow::{format_err, Error}; - // Note: .pcat1 => Proxmox Catalog Format version 1 pub const CATALOG_NAME: &str = "catalog.pcat1.didx"; -pub use pbs_buildcfg::{BACKUP_USER_NAME, BACKUP_GROUP_NAME}; - -/// Return User info for the 'backup' user (``getpwnam_r(3)``) -pub fn backup_user() -> Result { - pbs_tools::sys::query_user(BACKUP_USER_NAME)? - .ok_or_else(|| format_err!("Unable to lookup '{}' user.", BACKUP_USER_NAME)) -} - -/// Return Group info for the 'backup' group (``getgrnam(3)``) -pub fn backup_group() -> Result { - pbs_tools::sys::query_group(BACKUP_GROUP_NAME)? - .ok_or_else(|| format_err!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME)) -} - // Split mod read_chunk; pub use read_chunk::*; @@ -28,70 +12,3 @@ pub use datastore::*; mod verify; pub use verify::*; - -pub struct BackupLockGuard(std::fs::File); - -/// Open or create a lock file owned by user "backup" and lock it. -/// -/// Owner/Group of the file is set to backup/backup. -/// File mode is 0660. -/// Default timeout is 10 seconds. -/// -/// Note: This method needs to be called by user "root" or "backup". -pub fn open_backup_lockfile>( - path: P, - timeout: Option, - exclusive: bool, -) -> Result { - let user = backup_user()?; - let options = proxmox::tools::fs::CreateOptions::new() - .perm(nix::sys::stat::Mode::from_bits_truncate(0o660)) - .owner(user.uid) - .group(user.gid); - - let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0)); - - let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?; - Ok(BackupLockGuard(file)) -} - -/// Atomically write data to file owned by "root:backup" with permission "0640" -/// -/// Only the superuser can write those files, but group 'backup' can read them. -pub fn replace_backup_config>( - path: P, - data: &[u8], -) -> Result<(), Error> { - let backup_user = backup_user()?; - let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640); - // set the correct owner/group/permissions while saving file - // owner(rw) = root, group(r)= backup - let options = proxmox::tools::fs::CreateOptions::new() - .perm(mode) - .owner(nix::unistd::ROOT) - .group(backup_user.gid); - - proxmox::tools::fs::replace_file(path, data, options)?; - - Ok(()) -} - -/// Atomically write data to file owned by "root:root" with permission "0600" -/// -/// Only the superuser can read and write those files. -pub fn replace_secret_config>( - path: P, - data: &[u8], -) -> Result<(), Error> { - let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600); - // set the correct owner/group/permissions while saving file - // owner(rw) = root, group(r)= root - let options = proxmox::tools::fs::CreateOptions::new() - .perm(mode) - .owner(nix::unistd::ROOT) - .group(nix::unistd::Gid::from_raw(0)); - - proxmox::tools::fs::replace_file(path, data, options)?; - - Ok(()) -} diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs index 6d661062..505854e4 100644 --- a/src/bin/proxmox-backup-proxy.rs +++ b/src/bin/proxmox-backup-proxy.rs @@ -53,8 +53,8 @@ use proxmox_backup::server::do_prune_job; fn main() -> Result<(), Error> { proxmox_backup::tools::setup_safe_path_env(); - let backup_uid = proxmox_backup::backup::backup_user()?.uid; - let backup_gid = proxmox_backup::backup::backup_group()?.gid; + let backup_uid = pbs_config::backup_user()?.uid; + let backup_gid = pbs_config::backup_group()?.gid; let running_uid = nix::unistd::Uid::effective(); let running_gid = nix::unistd::Gid::effective(); diff --git a/src/bin/proxmox_backup_manager/openid.rs b/src/bin/proxmox_backup_manager/openid.rs index 13915339..24264996 100644 --- a/src/bin/proxmox_backup_manager/openid.rs +++ b/src/bin/proxmox_backup_manager/openid.rs @@ -3,7 +3,9 @@ use serde_json::Value; use proxmox::api::{api, cli::*, RpcEnvironment, ApiHandler}; -use proxmox_backup::{config, api2, api2::types::REALM_ID_SCHEMA}; +use pbs_api_types::REALM_ID_SCHEMA; + +use proxmox_backup::api2; #[api( @@ -73,25 +75,25 @@ pub fn openid_commands() -> CommandLineInterface { .insert("list", CliCommand::new(&&API_METHOD_LIST_OPENID_REALMS)) .insert("show", CliCommand::new(&&API_METHOD_SHOW_OPENID_REALM) .arg_param(&["realm"]) - .completion_cb("realm", config::domains::complete_openid_realm_name) + .completion_cb("realm", pbs_config::domains::complete_openid_realm_name) ) .insert("create", CliCommand::new(&api2::config::access::openid::API_METHOD_CREATE_OPENID_REALM) .arg_param(&["realm"]) .arg_param(&["realm"]) - .completion_cb("realm", config::domains::complete_openid_realm_name) + .completion_cb("realm", pbs_config::domains::complete_openid_realm_name) ) .insert("update", CliCommand::new(&api2::config::access::openid::API_METHOD_UPDATE_OPENID_REALM) .arg_param(&["realm"]) .arg_param(&["realm"]) - .completion_cb("realm", config::domains::complete_openid_realm_name) + .completion_cb("realm", pbs_config::domains::complete_openid_realm_name) ) .insert("delete", CliCommand::new(&api2::config::access::openid::API_METHOD_DELETE_OPENID_REALM) .arg_param(&["realm"]) .arg_param(&["realm"]) - .completion_cb("realm", config::domains::complete_openid_realm_name) + .completion_cb("realm", pbs_config::domains::complete_openid_realm_name) ) ; diff --git a/src/bin/sg-tape-cmd.rs b/src/bin/sg-tape-cmd.rs index fdba62c1..521cbdf3 100644 --- a/src/bin/sg-tape-cmd.rs +++ b/src/bin/sg-tape-cmd.rs @@ -142,8 +142,8 @@ fn set_encryption( fn main() -> Result<(), Error> { // check if we are user root or backup - let backup_uid = proxmox_backup::backup::backup_user()?.uid; - let backup_gid = proxmox_backup::backup::backup_group()?.gid; + let backup_uid = pbs_config::backup_user()?.uid; + let backup_gid = pbs_config::backup_group()?.gid; let running_uid = nix::unistd::Uid::current(); let running_gid = nix::unistd::Gid::current(); diff --git a/src/config/acl.rs b/src/config/acl.rs index b7badb79..1716b5c3 100644 --- a/src/config/acl.rs +++ b/src/config/acl.rs @@ -911,7 +911,7 @@ pub fn save_config(acl: &AclTree) -> Result<(), Error> { acl.write_config(&mut raw)?; - crate::backup::replace_backup_config(ACL_CFG_FILENAME, &raw) + pbs_config::replace_backup_config(ACL_CFG_FILENAME, &raw) } #[cfg(test)] diff --git a/src/config/acme/plugin.rs b/src/config/acme/plugin.rs index 17bb8beb..e0e3db48 100644 --- a/src/config/acme/plugin.rs +++ b/src/config/acme/plugin.rs @@ -9,8 +9,8 @@ use proxmox::api::{ section_config::{SectionConfig, SectionConfigData, SectionConfigPlugin}, }; -use crate::api2::types::PROXMOX_SAFE_ID_FORMAT; -use crate::backup::{open_backup_lockfile, BackupLockGuard}; +use pbs_config::{open_backup_lockfile, BackupLockGuard}; +use pbs_api_types::PROXMOX_SAFE_ID_FORMAT; pub const PLUGIN_ID_SCHEMA: Schema = StringSchema::new("ACME Challenge Plugin ID.") .format(&PROXMOX_SAFE_ID_FORMAT) @@ -162,7 +162,7 @@ pub fn config() -> Result<(PluginData, [u8; 32]), Error> { pub fn save_config(config: &PluginData) -> Result<(), Error> { super::make_acme_dir()?; let raw = CONFIG.write(ACME_PLUGIN_CFG_FILENAME, &config.data)?; - crate::backup::replace_backup_config(ACME_PLUGIN_CFG_FILENAME, raw.as_bytes()) + pbs_config::replace_backup_config(ACME_PLUGIN_CFG_FILENAME, raw.as_bytes()) } pub struct PluginData { diff --git a/src/config/datastore.rs b/src/config/datastore.rs index cfa03547..202f95cc 100644 --- a/src/config/datastore.rs +++ b/src/config/datastore.rs @@ -13,8 +13,9 @@ use proxmox::api::{ } }; +use pbs_config::{open_backup_lockfile, BackupLockGuard}; + use crate::api2::types::*; -use crate::backup::{open_backup_lockfile, BackupLockGuard}; lazy_static! { pub static ref CONFIG: SectionConfig = init(); @@ -152,7 +153,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> { pub fn save_config(config: &SectionConfigData) -> Result<(), Error> { let raw = CONFIG.write(DATASTORE_CFG_FILENAME, &config)?; - crate::backup::replace_backup_config(DATASTORE_CFG_FILENAME, raw.as_bytes()) + pbs_config::replace_backup_config(DATASTORE_CFG_FILENAME, raw.as_bytes()) } // shell completion helper diff --git a/src/config/drive.rs b/src/config/drive.rs index f86582ac..51e1654a 100644 --- a/src/config/drive.rs +++ b/src/config/drive.rs @@ -27,8 +27,9 @@ use proxmox::{ }, }; +use pbs_config::{open_backup_lockfile, BackupLockGuard}; + use crate::{ - backup::{open_backup_lockfile, BackupLockGuard}, api2::types::{ DRIVE_NAME_SCHEMA, VirtualTapeDrive, @@ -93,7 +94,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> { /// Save the configuration file pub fn save_config(config: &SectionConfigData) -> Result<(), Error> { let raw = CONFIG.write(DRIVE_CFG_FILENAME, &config)?; - crate::backup::replace_backup_config(DRIVE_CFG_FILENAME, raw.as_bytes()) + pbs_config::replace_backup_config(DRIVE_CFG_FILENAME, raw.as_bytes()) } /// Check if the specified drive name exists in the config. diff --git a/src/config/media_pool.rs b/src/config/media_pool.rs index d9828e0f..f7f544f0 100644 --- a/src/config/media_pool.rs +++ b/src/config/media_pool.rs @@ -22,8 +22,9 @@ use proxmox::{ }, }; +use pbs_config::{open_backup_lockfile, BackupLockGuard}; + use crate::{ - backup::{open_backup_lockfile, BackupLockGuard}, api2::types::{ MEDIA_POOL_NAME_SCHEMA, MediaPoolConfig, @@ -72,7 +73,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> { /// Save the configuration file pub fn save_config(config: &SectionConfigData) -> Result<(), Error> { let raw = CONFIG.write(MEDIA_POOL_CFG_FILENAME, &config)?; - crate::backup::replace_backup_config(MEDIA_POOL_CFG_FILENAME, raw.as_bytes()) + pbs_config::replace_backup_config(MEDIA_POOL_CFG_FILENAME, raw.as_bytes()) } // shell completion helper diff --git a/src/config/mod.rs b/src/config/mod.rs index d820ee37..05e0dcb7 100644 --- a/src/config/mod.rs +++ b/src/config/mod.rs @@ -30,7 +30,6 @@ pub mod drive; pub mod media_pool; pub mod tape_encryption_keys; pub mod tape_job; -pub mod domains; /// Check configuration directory permissions /// @@ -40,7 +39,7 @@ pub mod domains; pub fn check_configdir_permissions() -> Result<(), Error> { let cfgdir = pbs_buildcfg::CONFIGDIR; - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let backup_uid = backup_user.uid.as_raw(); let backup_gid = backup_user.gid.as_raw(); @@ -85,7 +84,7 @@ pub fn create_configdir() -> Result<(), Error> { ), } - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; nix::unistd::chown(cfgdir, Some(backup_user.uid), Some(backup_user.gid)) .map_err(|err| { @@ -197,9 +196,9 @@ pub(crate) fn set_proxy_certificate(cert_pem: &[u8], key_pem: &[u8]) -> Result<( let cert_path = PathBuf::from(configdir!("/proxy.pem")); create_configdir()?; - crate::backup::replace_backup_config(&key_path, key_pem) + pbs_config::replace_backup_config(&key_path, key_pem) .map_err(|err| format_err!("error writing certificate private key - {}", err))?; - crate::backup::replace_backup_config(&cert_path, &cert_pem) + pbs_config::replace_backup_config(&cert_path, &cert_pem) .map_err(|err| format_err!("error writing certificate file - {}", err))?; Ok(()) diff --git a/src/config/node.rs b/src/config/node.rs index a46aabed..15b153a1 100644 --- a/src/config/node.rs +++ b/src/config/node.rs @@ -9,8 +9,8 @@ use proxmox::api::schema::{ApiStringFormat, ApiType, Updater}; use proxmox_http::ProxyConfig; use pbs_buildcfg::configdir; +use pbs_config::{open_backup_lockfile, BackupLockGuard}; -use crate::backup::{open_backup_lockfile, BackupLockGuard}; use crate::acme::AcmeClient; use crate::api2::types::{ AcmeAccountName, AcmeDomain, ACME_DOMAIN_PROPERTY_SCHEMA, HTTP_PROXY_SCHEMA, @@ -39,7 +39,7 @@ pub fn save_config(config: &NodeConfig) -> Result<(), Error> { config.validate()?; let raw = crate::tools::config::to_bytes(config, &NodeConfig::API_SCHEMA)?; - crate::backup::replace_backup_config(CONF_FILE, &raw) + pbs_config::replace_backup_config(CONF_FILE, &raw) } #[api( diff --git a/src/config/remote.rs b/src/config/remote.rs index 3e6bc916..a50b319f 100644 --- a/src/config/remote.rs +++ b/src/config/remote.rs @@ -122,7 +122,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> { pub fn save_config(config: &SectionConfigData) -> Result<(), Error> { let raw = CONFIG.write(REMOTE_CFG_FILENAME, &config)?; - crate::backup::replace_backup_config(REMOTE_CFG_FILENAME, raw.as_bytes()) + pbs_config::replace_backup_config(REMOTE_CFG_FILENAME, raw.as_bytes()) } // shell completion helper diff --git a/src/config/sync.rs b/src/config/sync.rs index 5d5b2060..11174fe5 100644 --- a/src/config/sync.rs +++ b/src/config/sync.rs @@ -118,7 +118,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> { pub fn save_config(config: &SectionConfigData) -> Result<(), Error> { let raw = CONFIG.write(SYNC_CFG_FILENAME, &config)?; - crate::backup::replace_backup_config(SYNC_CFG_FILENAME, raw.as_bytes()) + pbs_config::replace_backup_config(SYNC_CFG_FILENAME, raw.as_bytes()) } // shell completion helper diff --git a/src/config/tape_encryption_keys.rs b/src/config/tape_encryption_keys.rs index fa140de0..72dda1f5 100644 --- a/src/config/tape_encryption_keys.rs +++ b/src/config/tape_encryption_keys.rs @@ -19,7 +19,7 @@ use proxmox::tools::fs::file_read_optional_string; use pbs_api_types::Fingerprint; use pbs_datastore::key_derivation::KeyConfig; -use crate::backup::open_backup_lockfile; +use pbs_config::{open_backup_lockfile, replace_secret_config}; mod hex_key { use serde::{self, Deserialize, Serializer, Deserializer}; @@ -135,7 +135,7 @@ pub fn save_keys(map: HashMap) -> Result<(), Err } let raw = serde_json::to_string_pretty(&list)?; - crate::backup::replace_secret_config(TAPE_KEYS_FILENAME, raw.as_bytes()) + replace_secret_config(TAPE_KEYS_FILENAME, raw.as_bytes()) } /// Store tape encryption key configurations (password protected keys) @@ -148,7 +148,7 @@ pub fn save_key_configs(map: HashMap) -> Result<(), Erro } let raw = serde_json::to_string_pretty(&list)?; - crate::backup::replace_backup_config(TAPE_KEY_CONFIG_FILENAME, raw.as_bytes()) + pbs_config::replace_backup_config(TAPE_KEY_CONFIG_FILENAME, raw.as_bytes()) } /// Insert a new key diff --git a/src/config/tape_job.rs b/src/config/tape_job.rs index 3c265b93..27ce183f 100644 --- a/src/config/tape_job.rs +++ b/src/config/tape_job.rs @@ -160,7 +160,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> { pub fn save_config(config: &SectionConfigData) -> Result<(), Error> { let raw = CONFIG.write(TAPE_JOB_CFG_FILENAME, &config)?; - crate::backup::replace_backup_config(TAPE_JOB_CFG_FILENAME, raw.as_bytes()) + pbs_config::replace_backup_config(TAPE_JOB_CFG_FILENAME, raw.as_bytes()) } // shell completion helper diff --git a/src/config/tfa.rs b/src/config/tfa.rs index 16df7c3d..b1c1d6c2 100644 --- a/src/config/tfa.rs +++ b/src/config/tfa.rs @@ -26,9 +26,9 @@ use proxmox::tools::uuid::Uuid; use proxmox::tools::AsHex; use pbs_buildcfg::configdir; +use pbs_config::{open_backup_lockfile, BackupLockGuard}; use crate::api2::types::Userid; -use crate::backup::{open_backup_lockfile, BackupLockGuard}; /// Mapping of userid to TFA entry. pub type TfaUsers = HashMap; diff --git a/src/config/token_shadow.rs b/src/config/token_shadow.rs index a210ffb2..6a328c0f 100644 --- a/src/config/token_shadow.rs +++ b/src/config/token_shadow.rs @@ -8,7 +8,7 @@ use proxmox::tools::fs::CreateOptions; use crate::api2::types::Authid; use crate::auth; -use crate::backup::open_backup_lockfile; +use pbs_config::open_backup_lockfile; const LOCK_FILE: &str = pbs_buildcfg::configdir!("/token.shadow.lock"); const CONF_FILE: &str = pbs_buildcfg::configdir!("/token.shadow"); @@ -33,7 +33,7 @@ fn read_file() -> Result, Error> { } fn write_file(data: HashMap) -> Result<(), Error> { - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let options = CreateOptions::new() .perm(nix::sys::stat::Mode::from_bits_truncate(0o0640)) .owner(backup_user.uid) diff --git a/src/config/user.rs b/src/config/user.rs index 89403efa..97dea117 100644 --- a/src/config/user.rs +++ b/src/config/user.rs @@ -119,7 +119,7 @@ pub fn cached_config() -> Result, Error> { pub fn save_config(config: &SectionConfigData) -> Result<(), Error> { let raw = CONFIG.write(USER_CFG_FILENAME, &config)?; - crate::backup::replace_backup_config(USER_CFG_FILENAME, raw.as_bytes())?; + pbs_config::replace_backup_config(USER_CFG_FILENAME, raw.as_bytes())?; // increase user cache generation // We use this in CachedUserInfo diff --git a/src/config/verify.rs b/src/config/verify.rs index 9001fffc..ce0d65ee 100644 --- a/src/config/verify.rs +++ b/src/config/verify.rs @@ -116,7 +116,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> { pub fn save_config(config: &SectionConfigData) -> Result<(), Error> { let raw = CONFIG.write(VERIFICATION_CFG_FILENAME, &config)?; - crate::backup::replace_backup_config(VERIFICATION_CFG_FILENAME, raw.as_bytes()) + pbs_config::replace_backup_config(VERIFICATION_CFG_FILENAME, raw.as_bytes()) } // shell completion helper diff --git a/src/rrd/cache.rs b/src/rrd/cache.rs index e5e3fe09..d593ffb5 100644 --- a/src/rrd/cache.rs +++ b/src/rrd/cache.rs @@ -22,7 +22,7 @@ lazy_static!{ /// Create rrdd stat dir with correct permission pub fn create_rrdb_dir() -> Result<(), Error> { - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let opts = CreateOptions::new() .owner(backup_user.uid) .group(backup_user.gid); diff --git a/src/rrd/rrd.rs b/src/rrd/rrd.rs index 37bdf3b9..b298f0ad 100644 --- a/src/rrd/rrd.rs +++ b/src/rrd/rrd.rs @@ -303,7 +303,7 @@ impl RRD { std::slice::from_raw_parts(self as *const _ as *const u8, std::mem::size_of::()) }; - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644); // set the correct owner/group/permissions while saving file // owner(rw) = backup, group(r)= backup diff --git a/src/server/command_socket.rs b/src/server/command_socket.rs index af41dd16..e3bd0c12 100644 --- a/src/server/command_socket.rs +++ b/src/server/command_socket.rs @@ -19,7 +19,7 @@ where { let path: PathBuf = path.into(); - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let backup_gid = backup_user.gid.as_raw(); let socket = UnixListener::bind(&path)?; diff --git a/src/server/config.rs b/src/server/config.rs index 67c01426..195d7a88 100644 --- a/src/server/config.rs +++ b/src/server/config.rs @@ -142,7 +142,7 @@ impl ApiConfig { let path: PathBuf = path.into(); if let Some(base) = path.parent() { if !base.exists() { - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid); create_path(base, None, Some(opts)).map_err(|err| format_err!("{}", err))?; } diff --git a/src/server/jobstate.rs b/src/server/jobstate.rs index cfd8be23..48a0422a 100644 --- a/src/server/jobstate.rs +++ b/src/server/jobstate.rs @@ -47,9 +47,9 @@ use proxmox::tools::fs::{ }; use pbs_systemd::time::{compute_next_event, parse_calendar_event}; +use pbs_config::{open_backup_lockfile, BackupLockGuard}; use crate::{ - backup::{open_backup_lockfile, BackupLockGuard}, api2::types::JobScheduleStatus, server::{ UPID, @@ -88,7 +88,7 @@ const JOB_STATE_BASEDIR: &str = "/var/lib/proxmox-backup/jobstates"; /// Create jobstate stat dir with correct permission pub fn create_jobstate_dir() -> Result<(), Error> { - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let opts = CreateOptions::new() .owner(backup_user.uid) .group(backup_user.gid); @@ -299,7 +299,7 @@ impl Job { let serialized = serde_json::to_string(&self.state)?; let path = get_path(&self.jobtype, &self.jobname); - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644); // set the correct owner/group/permissions while saving file // owner(rw) = backup, group(r)= backup diff --git a/src/server/mod.rs b/src/server/mod.rs index 93efe8eb..52c6e7bc 100644 --- a/src/server/mod.rs +++ b/src/server/mod.rs @@ -116,7 +116,7 @@ pub(crate) async fn notify_datastore_removed() -> Result<(), Error> { /// This exists to fixate the permissions for the run *base* directory while allowing intermediate /// directories after it to have different permissions. pub fn create_run_dir() -> Result<(), Error> { - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let opts = CreateOptions::new() .owner(backup_user.uid) .group(backup_user.gid); diff --git a/src/server/worker_task.rs b/src/server/worker_task.rs index 2f7376b5..24e08968 100644 --- a/src/server/worker_task.rs +++ b/src/server/worker_task.rs @@ -24,7 +24,7 @@ use super::{UPID, UPIDExt}; use crate::server; use crate::tools::{FileLogger, FileLogOptions}; use crate::api2::types::{Authid, TaskStateType}; -use crate::backup::{open_backup_lockfile, BackupLockGuard}; +use pbs_config::{open_backup_lockfile, BackupLockGuard}; macro_rules! taskdir { ($subdir:expr) => (concat!(pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!(), "/tasks", $subdir)) @@ -159,7 +159,7 @@ fn parse_worker_status_line(line: &str) -> Result<(String, UPID, Option Result<(), Error> { try_block!({ - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let opts = CreateOptions::new() .owner(backup_user.uid) .group(backup_user.gid); @@ -354,7 +354,7 @@ pub fn rotate_task_log_archive(size_threshold: u64, compress: bool, max_files: O // new_upid is added to the list when specified. fn update_active_workers(new_upid: Option<&UPID>) -> Result<(), Error> { - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let lock = lock_task_list_files(true)?; @@ -611,7 +611,7 @@ impl WorkerTask { path.push(format!("{:02X}", upid.pstart & 255)); - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; create_path(&path, None, Some(CreateOptions::new().owner(backup_user.uid).group(backup_user.gid)))?; diff --git a/src/tape/changer/mod.rs b/src/tape/changer/mod.rs index 1fc0d435..db407b12 100644 --- a/src/tape/changer/mod.rs +++ b/src/tape/changer/mod.rs @@ -483,7 +483,7 @@ fn save_changer_state_cache( let state = serde_json::to_string_pretty(state)?; - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644); let options = CreateOptions::new() .perm(mode) diff --git a/src/tape/drive/mod.rs b/src/tape/drive/mod.rs index 4ec3ed93..9f95d45c 100644 --- a/src/tape/drive/mod.rs +++ b/src/tape/drive/mod.rs @@ -553,7 +553,7 @@ pub fn set_tape_device_state( let mut path = PathBuf::from(crate::tape::DRIVE_STATE_DIR); path.push(drive); - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644); let options = CreateOptions::new() .perm(mode) @@ -612,7 +612,7 @@ fn open_device_lock(device_path: &str) -> Result { let mut path = std::path::PathBuf::from(crate::tape::DRIVE_LOCK_DIR); path.push(lock_name); - let user = crate::backup::backup_user()?; + let user = pbs_config::backup_user()?; let options = CreateOptions::new() .perm(Mode::from_bits_truncate(0o660)) .owner(user.uid) diff --git a/src/tape/inventory.rs b/src/tape/inventory.rs index 4de85d14..d56b2144 100644 --- a/src/tape/inventory.rs +++ b/src/tape/inventory.rs @@ -40,6 +40,7 @@ use proxmox::tools::{ }; use pbs_systemd::time::compute_next_event; +use pbs_config::{open_backup_lockfile, BackupLockGuard}; use crate::{ api2::types::{ @@ -48,7 +49,6 @@ use crate::{ MediaStatus, MediaLocation, }, - backup::{open_backup_lockfile, BackupLockGuard}, tape::{ TAPE_STATUS_DIR, MediaSet, @@ -174,7 +174,7 @@ impl Inventory { // We cannot use chown inside test environment (no permissions) CreateOptions::new().perm(mode) } else { - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; CreateOptions::new() .perm(mode) .owner(backup_user.uid) diff --git a/src/tape/media_catalog.rs b/src/tape/media_catalog.rs index 57bcafd7..f5169d4c 100644 --- a/src/tape/media_catalog.rs +++ b/src/tape/media_catalog.rs @@ -183,7 +183,7 @@ impl MediaCatalog { } fn create_basedir(base_path: &Path) -> Result<(), Error> { - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640); let opts = CreateOptions::new() .perm(mode) @@ -217,7 +217,7 @@ impl MediaCatalog { .create(create) .open(&path)?; - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; fchown(file.as_raw_fd(), Some(backup_user.uid), Some(backup_user.gid)) .map_err(|err| format_err!("fchown failed - {}", err))?; @@ -275,7 +275,7 @@ impl MediaCatalog { return Ok(file); } - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; fchown(file.as_raw_fd(), Some(backup_user.uid), Some(backup_user.gid)) .map_err(|err| format_err!("fchown failed - {}", err))?; diff --git a/src/tape/media_catalog_cache.rs b/src/tape/media_catalog_cache.rs index bf298e65..6593833d 100644 --- a/src/tape/media_catalog_cache.rs +++ b/src/tape/media_catalog_cache.rs @@ -91,7 +91,7 @@ fn write_snapshot_cache( } } - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640); let options = CreateOptions::new() .perm(mode) diff --git a/src/tape/media_pool.rs b/src/tape/media_pool.rs index 50263529..405bb14a 100644 --- a/src/tape/media_pool.rs +++ b/src/tape/media_pool.rs @@ -16,9 +16,9 @@ use proxmox::tools::Uuid; use pbs_api_types::Fingerprint; use pbs_systemd::time::compute_next_event; +use pbs_config::BackupLockGuard; use crate::{ - backup::BackupLockGuard, api2::types::{ MediaStatus, MediaLocation, diff --git a/src/tape/mod.rs b/src/tape/mod.rs index 93c24719..d8799041 100644 --- a/src/tape/mod.rs +++ b/src/tape/mod.rs @@ -71,7 +71,7 @@ pub const COMMIT_BLOCK_SIZE: usize = 128*1024*1024*1024; // 128 GiB /// Create tape status dir with correct permission pub fn create_tape_status_dir() -> Result<(), Error> { - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750); let options = CreateOptions::new() .perm(mode) @@ -86,7 +86,7 @@ pub fn create_tape_status_dir() -> Result<(), Error> { /// Create drive lock dir with correct permission pub fn create_drive_lock_dir() -> Result<(), Error> { - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750); let options = CreateOptions::new() .perm(mode) @@ -101,7 +101,7 @@ pub fn create_drive_lock_dir() -> Result<(), Error> { /// Create drive state dir with correct permission pub fn create_drive_state_dir() -> Result<(), Error> { - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750); let options = CreateOptions::new() .perm(mode) @@ -116,7 +116,7 @@ pub fn create_drive_state_dir() -> Result<(), Error> { /// Create changer state cache dir with correct permission pub fn create_changer_state_dir() -> Result<(), Error> { - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750); let options = CreateOptions::new() .perm(mode) diff --git a/src/tools/file_logger.rs b/src/tools/file_logger.rs index 611a7e4d..5b8db2c5 100644 --- a/src/tools/file_logger.rs +++ b/src/tools/file_logger.rs @@ -91,7 +91,7 @@ impl FileLogger { .open(&file_name)?; if options.owned_by_backup { - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; nix::unistd::chown(file_name.as_ref(), Some(backup_user.uid), Some(backup_user.gid))?; } diff --git a/src/tools/memcom.rs b/src/tools/memcom.rs index 87b73561..11c71903 100644 --- a/src/tools/memcom.rs +++ b/src/tools/memcom.rs @@ -38,7 +38,7 @@ impl Memcom { // Actual work of `new`: fn open() -> Result, Error> { - let user = crate::backup::backup_user()?; + let user = pbs_config::backup_user()?; let options = CreateOptions::new() .perm(Mode::from_bits_truncate(0o660)) .owner(user.uid) diff --git a/src/tools/subscription.rs b/src/tools/subscription.rs index 230d3aeb..74548931 100644 --- a/src/tools/subscription.rs +++ b/src/tools/subscription.rs @@ -304,7 +304,7 @@ pub fn write_subscription(info: SubscriptionInfo) -> Result<(), Error> { format!("{}\n{}\n{}\n", info.key.unwrap(), csum, encoded) }; - let backup_user = crate::backup::backup_user()?; + let backup_user = pbs_config::backup_user()?; let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640); let file_opts = CreateOptions::new() .perm(mode)