rest server: return UserInformation from ApiAuth::check_auth

This need impl UserInformation for Arc<CachedUserInfo> which is implemented with proxmox 0.13.2 Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-09-21 07:58:48 +02:00 · 2021-09-21 07:58:48 +02:00 · 2ea6f8d01d
commit 2ea6f8d01d
parent efeccc11cc
2 changed files with 19 additions and 7 deletions
--- a/proxmox-rest-server/src/lib.rs
+++ b/proxmox-rest-server/src/lib.rs
@ -3,6 +3,7 @@ use std::os::unix::io::RawFd;
 use anyhow::{bail, format_err, Error};

 use proxmox::tools::fd::Fd;
+use proxmox::api::UserInformation;

 mod compression;
 pub use compression::*;
@ -41,7 +42,7 @@ pub trait ApiAuth {
        &self,
        headers: &http::HeaderMap,
        method: &hyper::Method,
-    ) -> Result<String, AuthError>;
+    ) -> Result<(String, Box<dyn UserInformation + Sync + Send>), AuthError>;
 }

 static mut SHUTDOWN_REQUESTED: bool = false;
--- a/src/server/rest.rs
+++ b/src/server/rest.rs
@ -26,7 +26,7 @@ use proxmox::api::schema::{
 };
 use proxmox::api::{
    check_api_permission, ApiHandler, ApiMethod, HttpError, Permission, RpcEnvironment,
-    RpcEnvironmentType,
+    RpcEnvironmentType, UserInformation,
 };
 use proxmox::http_err;
 use proxmox::tools::fs::CreateOptions;
@ -40,12 +40,18 @@ use proxmox_rest_server::{
 };
 use proxmox_rest_server::formatter::*;

-use pbs_config::CachedUserInfo;
-
 extern "C" {
    fn tzset();
 }

+struct EmptyUserInformation {}
+
+impl UserInformation for EmptyUserInformation {
+    fn is_superuser(&self, _userid: &str) -> bool { false }
+    fn is_group_member(&self, _userid: &str, _group: &str) -> bool { false }
+    fn lookup_privs(&self, _userid: &str, _path: &[&str]) -> u64 { 0 }
+}
+
 pub struct RestServer {
    pub api_config: Arc<ApiConfig>,
 }
@ -652,9 +658,14 @@ async fn handle_request(
                }
            }

+            let mut user_info: Box<dyn UserInformation + Send + Sync> = Box::new(EmptyUserInformation {});
+
            if auth_required {
                match auth.check_auth(&parts.headers, &method) {
-                    Ok(authid) => rpcenv.set_auth_id(Some(authid)),
+                    Ok((authid, info)) => {
+                        rpcenv.set_auth_id(Some(authid));
+                        user_info = info;
+                    }
                    Err(auth_err) => {
                        let err = match auth_err {
                            AuthError::Generic(err) => err,
@ -683,7 +694,7 @@ async fn handle_request(
                }
                Some(api_method) => {
                    let auth_id = rpcenv.get_auth_id();
-                    let user_info = CachedUserInfo::new()?;
+                    let user_info = user_info;

                    if !check_api_permission(
                        api_method.access.permission,
@ -727,7 +738,7 @@ async fn handle_request(
        if comp_len == 0 {
            let language = extract_lang_header(&parts.headers);
            match auth.check_auth(&parts.headers, &method) {
-                Ok(auth_id) => {
+                Ok((auth_id, _user_info)) => {
                    return Ok(api.get_index(Some(auth_id), language, parts));
                }
                Err(AuthError::Generic(_)) => {