Go to file
Wolfgang Bumiller a3448feb1a tfa: log all tfa verify errors and treat as failure, count
Use a custom result type to return success/failure and the
need to save the user data to the caller, while having
logged the error messages rather than returning them.

We count general TFA failures and also TOTP specifically,
and lock the user out of their 2nd factors on too many
failures.

To this end, all errors are now treated as failures.
While technically we can have crypto errors the user might
not be able to cause, we can't always know, and not all
errors are guaranteed to be a host side configuration issue,
so instead, all errors (since they are rare) now now counted
as a regular TFA error.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2023-05-10 10:35:54 +02:00
.cargo cargo: switch to use packaged crates by default 2020-01-03 09:39:52 +01:00
proxmox-api-macro api-macro: support non-idents in serde(rename) 2023-04-03 10:01:44 +02:00
proxmox-async workspace: switch remaining dependencies 2022-12-12 11:05:30 +01:00
proxmox-auth-api bump proxmox-auth-api to 0.1.0-1 2023-03-02 16:44:35 +01:00
proxmox-borrow move common metadata to workspace 2022-12-07 09:48:25 +01:00
proxmox-compression workspace: switch remaining dependencies 2022-12-12 11:05:30 +01:00
proxmox-http http: sync: drop unused &self parameter 2023-03-07 09:30:13 +01:00
proxmox-io io: add boxed module for boxed bytes like vec::zeroed... 2022-12-12 11:00:22 +01:00
proxmox-lang move common metadata to workspace 2022-12-07 09:48:25 +01:00
proxmox-ldap ldap: test fixup 2023-03-02 15:44:11 +01:00
proxmox-login proxmox-longin: allow access to RecoveryState keys (make it pub) 2023-05-08 10:26:54 +02:00
proxmox-metrics bump proxmox-metrics to 0.2.2 2023-03-02 16:14:04 +01:00
proxmox-rest-server bump proxmox-rest-server to 0.3.0-1 2023-03-02 16:14:04 +01:00
proxmox-router router: make format&print generic 2023-02-28 14:57:35 +01:00
proxmox-schema bump proxmox-schema to 1.3.7-1 2023-03-02 16:44:35 +01:00
proxmox-section-config section-config: silence clippy 2022-12-13 14:53:28 +01:00
proxmox-serde update d/control files 2022-12-07 09:48:47 +01:00
proxmox-shared-memory update d/control files 2023-01-05 12:17:00 +01:00
proxmox-sortable-macro inherit shared, external dependencies 2022-12-07 09:48:38 +01:00
proxmox-subscription bump proxmox-subscription to 0.3.1 2023-03-02 16:14:04 +01:00
proxmox-sys sys: drop sortable and identity macros 2023-03-01 13:40:40 +01:00
proxmox-tfa tfa: log all tfa verify errors and treat as failure, count 2023-05-10 10:35:54 +02:00
proxmox-time bump proxmox-time to 1.1.5-1 2023-01-12 14:23:11 +01:00
proxmox-uuid re-add proxmox-uuid d/control 2023-01-12 14:22:52 +01:00
.gitignore git: ignore top level *-deb make target files 2022-08-26 12:18:44 +02:00
build.sh build: track d/control in git 2020-11-30 15:13:01 +01:00
bump.sh add bump.sh 2022-12-07 10:36:27 +01:00
Cargo.toml add new proxmox-login to workspace members 2023-05-05 09:29:50 +02:00
Makefile buildsys: get crate list via cargo metadata in Makefile 2022-12-09 13:18:23 +01:00
README.rst update/extend README.rst 2022-12-12 11:05:30 +01:00
rustfmt.toml bump edition in rustfmt.toml 2022-10-13 15:00:28 +02:00

Local cargo config
==================

This repository ships with a ``.cargo/config`` that replaces the crates.io
registry with packaged crates located in ``/usr/share/cargo/registry``.

A similar config is also applied building with dh_cargo. Cargo.lock needs to be
deleted when switching between packaged crates and crates.io, since the
checksums are not compatible.

To reference new dependencies (or updated versions) that are not yet packaged,
the dependency needs to point directly to a path or git source.

Steps for Releases
==================

- Run ./bump.sh <CRATE> [patch|minor|major|<VERSION>]
-- Fill out changelog
-- Confirm bump commit
- Build packages with `make deb`.
-- Don't forget to commit updated d/control!

Adding Crates
=============

1) At the top level:
  - Generate the crate: ``cargo new --lib the-name``
  - Sort the crate into ``Cargo.toml``'s ``workspace.members``

2) In the new crate's ``Cargo.toml``:
  - In ``[package]`` set:
      authors.workspace = true
      license.workspace = true
      edition.workspace = true
      exclude.workspace = true
  - Add a meaningful ``description``
  - Copy ``debian/copyright`` and ``debian/debcargo.toml`` from another subcrate.

Adding a new Dependency
=======================

1) At the top level:
  - Add it to ``[workspace.dependencies]`` specifying the version and any
    features that should be enabled throughout the workspace

2) In each member's ``Cargo.toml``:
  - Add it to the desired dependencies section with ``workspace = true`` and no
    version specified.
  - If this member requires additional features, add only the extra features to
    the member dependency.

Updating a Dependency's Version
===============================

1) At the top level:
  - Bump the version in ``[workspace.dependencies]`` as desired.
  - Check for deprecations or breakage throughout the workspace.

Notes on Workspace Inheritance
==============================

Common metadata (like authors, license, ..) are inherited throughout the
workspace. If new fields are added that are identical for all crates, they
should be defined in the top-level ``Cargo.toml`` file's
``[workspace.package]`` section, and inherited in all members explicitly by
setting ``FIELD.workspace = true`` in the member's ``[package]`` section.

Dependency information is also inherited throughout the workspace, allowing a
single dependency specification in the top-level Cargo.toml file to be used by
all members.

Some restrictions apply:
- features can only be added in members, never removed (this includes
  ``default_features = false``!)
 - the base feature set at the workspace level should be the minimum (possibly
   empty!) set required by all members
- workspace dependency specifications cannot include ``optional``
 - if needed, the ``optional`` flag needs to be set at the member level when
   using a workspace dependency