2735 Commits

Author SHA1 Message Date
Wolfgang Bumiller
f02ce77ad6 schema: make wrap_text less awkward
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-17 13:43:37 +02:00
Wolfgang Bumiller
dc7273e888 schema: drop trailing double-newlines in wrap_text
This is completely wrong and make working with it extremely annoying.
Whether or not there should be separation should be decided where
multiple elements are connected, they shouldn't automatically come
with a bunch of trailing new lines for absolutely no reason.

Places using this will need to be fixed as they get noticed.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-17 13:43:37 +02:00
Wolfgang Bumiller
d240ef1e92 router: set help context on help invocation
instead of during parsing...

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-17 13:43:37 +02:00
Wolfgang Bumiller
83b3c1794a router: completion callbacks for global options
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-17 13:43:37 +02:00
Wolfgang Bumiller
afe746b02f router: let completion take global options into account
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-17 13:43:37 +02:00
Wolfgang Bumiller
420e238126 router: hook help/completion/docgen into new cli parser
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-17 13:43:37 +02:00
Wolfgang Bumiller
eb5614adf1 router: new cli parser with global option support
This one does *explicitly* *not* support long options with a single
dash because it is too ambiguous if we want to add support for short
options at some point.

The parsing of the command line and invoking of the command is
separated. `CommandLine::parse` returns an `Invocation` which is
called and consumed via its `call` method.
This allows updating the CLI environment between parsing and invoking
the command, in order to allow *handling* the global options in
between those two steps if desired.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-17 13:43:37 +02:00
Wolfgang Bumiller
59f1bdbe85 router: cli: store extra CLI args by type
The CLI environment can now contain ApiType structs which can be
accessed by their type.
The TypeId is used since the options inside must be unique anyway and
we can't have the same type specified multiple times. It also makes
for a somewhat convenient interface:

    env.take_global_option::<ConnectInfo>()

where ConnectInfo is a struct containing the server, user, port, ...
since these will not be passed as *parameters* to the API functions.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-17 13:43:37 +02:00
Wolfgang Bumiller
41b08323a7 router: AsAny: add as_any_mut
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-17 13:43:37 +02:00
Thomas Lamprecht
f78c28dd11 acme: update d/control
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-07-17 11:41:11 +02:00
Thomas Lamprecht
d1aa14eb71 apt: bump version to 0.11.2-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-07-17 11:39:46 +02:00
Thomas Lamprecht
f41664e087 workspace: bump dependency for apt-api-types to 1.0.1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-07-17 10:07:43 +02:00
Thomas Lamprecht
301e268fc4 apt-api-types: bump version to 1.0.1-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-07-17 09:54:33 +02:00
Dietmar Maurer
79f2b89d29 apt: updates for changed api (digest as array)
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2024-07-17 09:50:29 +02:00
Dietmar Maurer
bcca060a93 apt-api-types: fix backward compatibility by encoding digest as array
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
2024-07-17 09:45:07 +02:00
Wolfgang Bumiller
282e00d429 syslog-api: bump to 0.1.1-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-12 11:13:24 +02:00
Wolfgang Bumiller
870ec33574 log: documentation fixup
The scope and sync_scope methods simply activate the context, they
don't affect the counter, the counter is initialized when creating the
context with LogContext::new().

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-12 10:51:08 +02:00
Wolfgang Bumiller
64ff97d8e2 time-api: bump to 0.1.3-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 15:31:50 +02:00
Wolfgang Bumiller
ae92195687 network-api: bump to 0.1.2-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 15:28:39 +02:00
Wolfgang Bumiller
98adeb73f2 dns-api: bump to 0.1.3-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 15:27:13 +02:00
Wolfgang Bumiller
540e9a8134 auth-api: bump to 0.4.3
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 15:26:00 +02:00
Wolfgang Bumiller
e294d74026 acme-api: bump to 0.1.3-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 15:25:25 +02:00
Wolfgang Bumiller
978f28d67c subscription: bump to 0.4.5-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 15:24:52 +02:00
Wolfgang Bumiller
a6a9ca1d70 rrd: bump to 0.2.1-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 15:24:52 +02:00
Wolfgang Bumiller
9d1758dfa2 openid: bump to 0.10.2-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 15:24:52 +02:00
Wolfgang Bumiller
69e410d130 notify: bump to 0.4.2-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 15:24:52 +02:00
Wolfgang Bumiller
aa29c54859 shared-memory: bump to 0.3.1-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 15:24:52 +02:00
Wolfgang Bumiller
ad60e1bde5 rest-server: bump to 0.6.0-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 15:13:36 +02:00
Wolfgang Bumiller
b21034b485 http: bump to 0.9.3-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 15:13:36 +02:00
Wolfgang Bumiller
68125e67fc product-config: bump to 0.2.1-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 15:11:39 +02:00
Wolfgang Bumiller
24210a3a86 apt: bump 0.11.1-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 14:50:54 +02:00
Wolfgang Bumiller
bf02bebbac access-control: bump to 0.2.1-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 14:47:30 +02:00
Wolfgang Bumiller
355d949cd4 log: bump to 0.1.0-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 14:47:28 +02:00
Wolfgang Bumiller
1a00570898 sys: bump to 0.6.0-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 14:47:27 +02:00
Wolfgang Bumiller
36e552de47 worker-task: bump to 0.1.0-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 14:47:25 +02:00
Wolfgang Bumiller
4b9c907b68 log: introduce a shareable LogContext struct
Since hyper can spawn() more tasks, when we stop passing `WorkerTask`
references down the stack, we still need to be able to *inherit* the
current logging context. Hyper provides a way to replace its used
`spawn()` method, so we need to provide a way to reuse the logging
context.

Instead of having the `FileLogger` and warn counter separately
available with local-only access, put them behind an Arc<Mutex<>>.
Previously they already *were* behind an Arc<Mutex<>> as part of the
WorkerTaskState.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 14:45:26 +02:00
Wolfgang Bumiller
847a57740b new worker-task crate, move WorkerTaskContext from sys
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 14:43:37 +02:00
Wolfgang Bumiller
f3021e686a sys: remove email module
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 14:43:37 +02:00
Lukas Wagner
3c1c34043e notify: copy sendmail/forward fn's from proxmox_sys
proxmox_notify is the only user of those functions, so it makes
sense to move them here. A future commit will mark the
original functions from proxmox_sys as deprecated.

The functions were slightly modified, mostly to not
rely on anyhow for error reporting. Also they
are now private functions.

Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
2024-07-11 14:43:37 +02:00
Wolfgang Bumiller
c6cccff92e sys: remove deprecations
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 14:43:37 +02:00
Wolfgang Bumiller
3dde52e5ce log: deny(unsafe_op_in_unsafe_fn) and feature(doc_cfg)
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 14:43:37 +02:00
Wolfgang Bumiller
cbc30882e7 acme-api: adapt to tracing infrastructure
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 14:43:37 +02:00
Wolfgang Bumiller
2fd7b13fbe log: reexport the logging macros
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 14:43:37 +02:00
Gabriel Goller
ddb91a6594 enable tracing logger, remove task_log macros
Enable the tracing-system by setting the LOGGER task local variable
to a instance of a FileLogger and initializing the WARN_COUNTER.
Removed the task_log! macros and some occurences.

Reviewed-by: Lukas Wagner <l.wagner@proxmox.com>
Tested-by: Lukas Wagner <l.wagner@proxmox.com>
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
[WB: remove flog! import in doctests]
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 14:43:37 +02:00
Gabriel Goller
0550659cd1 proxmox-log: add tracing infrastructure
Add the `proxmox_log` crate which includes the new logging infra.
Export the `init_logger` function, which creates the `tracing` logger
that includes the default subscriber and two layer.

The first layer comes from the tracing-journald crate and logs
everything that does not come from a worker-task/thread to the syslog.
The second layer filters the exact opposite and writes the logs into the
corresponding task-log file.

Reviewed-by: Lukas Wagner <l.wagner@proxmox.com>
Tested-by: Lukas Wagner <l.wagner@proxmox.com>
Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
2024-07-11 14:43:37 +02:00
Wolfgang Bumiller
f1920d9b94 rest-server: fix a build warning
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-11 14:43:37 +02:00
Wolfgang Bumiller
9c3e4d5ccf rest-server: bump version to 0.5.4-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-10 12:44:29 +02:00
Wolfgang Bumiller
ce802d8320 rest-server: drop some unnecessary 'pub's
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2024-07-10 12:37:51 +02:00
Max Carrara
f6bacbb58f fix #5105: rest-server: connection: overhaul TLS handshake check logic
On rare occasions, the TLS "client hello" message [1] is delayed after
a connection with the server was established, which causes HTTPS
requests to fail before TLS was even negotiated. In these cases, the
server would incorrectly respond with "HTTP/1.1 400 Bad Request"
instead of closing the connection (or similar).

The reasons for the "client hello" being delayed seem to vary; one
user noticed that the issue went away completely after they turned off
UFW [2]. Another user noticed (during private correspondence) that the
issue only appeared when connecting to their PBS instance via WAN, but
not from within their VPN. In the WAN case a firewall was also
present. The same user kindly provided tcpdumps and strace logs on
request.

The issue was finally reproduced with the following Python script:

  import socket
  import time

  HOST: str = ...
  PORT: int = ...

  with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
      sock.connect((HOST, PORT))
      time.sleep(1.5) # simulate firewall / proxy / etc. delay
      sock.sendall(b"\x16\x03\x01\x02\x00")
      data = sock.recv(256)
      print(data)

The additional delay before sending the first 5 bytes of the "client
hello" message causes the handshake checking logic to incorrectly fall
back to plain HTTP.

All of this is fixed by the following:

  1. Increase the timeout duration to 10 seconds (from 1)
  2. Instead of falling back to plain HTTP, refuse to accept the
     connection if the TLS handshake wasn't initiated before the
     timeout limit is reached
  3. Only accept plain HTTP if the first 5 bytes do not correspond to
     a TLS handshake fragment [3]
  4. Do not take the last number of bytes that were in the buffer into
     account; instead, only perform the actual handshake check if
     5 bytes are in the peek buffer using some of tokio's low-level
     functionality

Regarding 1.: This should be generous enough for any client to be able
to initiate a TLS handshake, despite its surrounding circumstances.

Regarding 4.: While this is not 100% related to the issue, peeking into
the buffer in this manner should ensure that our implementation here
remains correct, even if the kernel's underlying behaviour regarding
edge-triggering is changed [4]. At the same time, there's no need for
busy-waiting and continuously yielding to the event loop anymore.

[1]: https://www.rfc-editor.org/rfc/rfc8446.html#section-4.1.2
[2]: https://forum.proxmox.com/threads/disable-default-http-redirects-on-8007.142312/post-675352
[3]: https://www.rfc-editor.org/rfc/rfc8446.html#section-5.1
[4]: https://lwn.net/Articles/864947/

Signed-off-by: Max Carrara <m.carrara@proxmox.com>
2024-07-10 12:22:17 +02:00
Max Carrara
847ca5d14d rest-server: connection: log peer address on error
.. in order to make debugging easier and logs more helpful.

Signed-off-by: Max Carrara <m.carrara@proxmox.com>
2024-07-10 12:22:17 +02:00