move pbs_tools::ticket to pbs_ticket

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Cargo.toml

@@ -37,6 +37,7 @@ members = [
     "pbs-key-config",
     "pbs-pxar-fuse",
     "pbs-tape",
+    "pbs-ticket",
     "pbs-tools",
 
     "proxmox-backup-banner",
@@ -93,6 +94,7 @@ pbs-fuse-loop = { path = "pbs-fuse-loop" }
 pbs-key-config = { path = "pbs-key-config" }
 pbs-pxar-fuse = { path = "pbs-pxar-fuse" }
 pbs-tape = { path = "pbs-tape" }
+pbs-ticket = { path = "pbs-ticket" }
 pbs-tools = { path = "pbs-tools" }
 proxmox-rrd = { path = "proxmox-rrd" }
 
@@ -229,6 +231,7 @@ pbs-config.workspace = true
 pbs-datastore.workspace = true
 pbs-key-config.workspace = true
 pbs-tape.workspace = true
+pbs-ticket.workspace = true
 pbs-tools.workspace = true
 proxmox-rrd.workspace = true
 

pbs-client/Cargo.toml

@@ -48,4 +48,5 @@ pxar.workspace = true
 pbs-api-types.workspace = true
 pbs-buildcfg.workspace = true
 pbs-datastore.workspace = true
+pbs-ticket.workspace = true
 pbs-tools.workspace = true

pbs-client/src/http_client.rs

@@ -28,7 +28,6 @@ use proxmox_http::ProxyConfig;
 
 use pbs_api_types::percent_encoding::DEFAULT_ENCODE_SET;
 use pbs_api_types::{Authid, RateLimitConfig, Userid};
-use pbs_tools::ticket;
 
 use super::pipe_to_stream::PipeToSendStream;
 use super::PROXMOX_BACKUP_TCP_KEEPALIVE_TIME;
@@ -250,7 +249,7 @@ fn store_ticket_info(
 
     let mut new_data = json!({});
 
-    let ticket_lifetime = ticket::TICKET_LIFETIME - 60;
+    let ticket_lifetime = pbs_ticket::TICKET_LIFETIME - 60;
 
     let empty = serde_json::map::Map::new();
     for (server, info) in data.as_object().unwrap_or(&empty) {
@@ -281,7 +280,7 @@ fn load_ticket_info(prefix: &str, server: &str, userid: &Userid) -> Option<(Stri
     let path = base.place_runtime_file("tickets").ok()?;
     let data = file_get_json(&path, None).ok()?;
     let now = proxmox_time::epoch_i64();
-    let ticket_lifetime = ticket::TICKET_LIFETIME - 60;
+    let ticket_lifetime = pbs_ticket::TICKET_LIFETIME - 60;
     let uinfo = data[server][userid.as_str()].as_object()?;
     let timestamp = uinfo["timestamp"].as_i64()?;
     let age = now - timestamp;

pbs-ticket/Cargo.toml

@@ -0,0 +1,14 @@
+[package]
+name = "pbs-ticket"
+version = "0.1.0"
+authors.workspace = true
+edition.workspace = true
+description = "pbs ticket handling"
+
+[dependencies]
+anyhow.workspace = true
+base64.workspace = true
+openssl.workspace = true
+percent-encoding.workspace = true
+
+proxmox-time.workspace = true

pbs-tools/Cargo.toml

@@ -22,7 +22,6 @@ log.workspace = true
 nix.workspace = true
 nom.workspace = true
 openssl.workspace = true
-percent-encoding.workspace = true
 regex.workspace = true
 serde_json.workspace = true
 # rt-multi-thread is required for block_in_place

pbs-tools/src/lib.rs

@@ -5,7 +5,6 @@ pub mod json;
 pub mod lru_cache;
 pub mod nom;
 pub mod sha;
-pub mod ticket;
 
 pub mod async_lru_cache;
 

src/api2/access/mod.rs

@@ -18,7 +18,7 @@ use pbs_api_types::{
 };
 use pbs_config::acl::AclTreeNode;
 use pbs_config::CachedUserInfo;
-use pbs_tools::ticket::{self, Empty, Ticket};
+use pbs_ticket::{Empty, Ticket};
 
 use crate::auth_helpers::*;
 use crate::config::tfa::TfaChallenge;
@@ -84,7 +84,7 @@ fn authenticate_user(
         if let Ok(Empty) = Ticket::parse(password).and_then(|ticket| {
             ticket.verify(
                 public_auth_key(),
-                ticket::TERM_PREFIX,
+                pbs_ticket::TERM_PREFIX,
                 Some(&crate::tools::ticket::term_aad(userid, &path, port)),
             )
         }) {

src/api2/access/openid.rs

@@ -15,7 +15,7 @@ use pbs_api_types::{
     OPENID_DEFAILT_SCOPE_LIST, REALM_ID_SCHEMA,
 };
 use pbs_buildcfg::PROXMOX_BACKUP_RUN_DIR_M;
-use pbs_tools::ticket::Ticket;
+use pbs_ticket::Ticket;
 
 use pbs_config::open_backup_lockfile;
 use pbs_config::CachedUserInfo;

src/api2/node/mod.rs

@@ -25,7 +25,7 @@ use proxmox_schema::*;
 use proxmox_rest_server::WorkerTask;
 
 use pbs_api_types::{Authid, NODE_SCHEMA, PRIV_SYS_CONSOLE};
-use pbs_tools::ticket::{self, Empty, Ticket};
+use pbs_ticket::{Empty, Ticket};
 
 use crate::auth_helpers::private_auth_key;
 use crate::tools;
@@ -119,7 +119,7 @@ async fn termproxy(cmd: Option<String>, rpcenv: &mut dyn RpcEnvironment) -> Resu
     let listener = TcpListener::bind("localhost:0")?;
     let port = listener.local_addr()?.port();
 
-    let ticket = Ticket::new(ticket::TERM_PREFIX, &Empty)?.sign(
+    let ticket = Ticket::new(pbs_ticket::TERM_PREFIX, &Empty)?.sign(
         private_auth_key(),
         Some(&tools::ticket::term_aad(userid, path, port)),
     )?;
@@ -292,7 +292,7 @@ fn upgrade_to_websocket(
         // will be checked again by termproxy
         Ticket::<Empty>::parse(ticket)?.verify(
             crate::auth_helpers::public_auth_key(),
-            ticket::TERM_PREFIX,
+            pbs_ticket::TERM_PREFIX,
             Some(&tools::ticket::term_aad(userid, "/system", port)),
         )?;
 

src/client_helpers.rs

@@ -2,7 +2,7 @@ use anyhow::Error;
 
 use pbs_api_types::{Authid, Userid};
 use pbs_client::{HttpClient, HttpClientOptions};
-use pbs_tools::ticket::Ticket;
+use pbs_ticket::Ticket;
 
 use crate::auth_helpers::private_auth_key;
 

src/server/auth.rs

@@ -6,7 +6,7 @@ use proxmox_router::UserInformation;
 
 use pbs_api_types::{Authid, Userid};
 use pbs_config::{token_shadow, CachedUserInfo};
-use pbs_tools::ticket::{self, Ticket};
+use pbs_ticket::Ticket;
 use proxmox_rest_server::{extract_cookie, AuthError};
 
 use crate::auth_helpers::*;
@@ -61,7 +61,7 @@ pub async fn check_pbs_auth(
     match auth_data {
         Some(AuthData::User(user_auth_data)) => {
             let ticket = user_auth_data.ticket.clone();
-            let ticket_lifetime = ticket::TICKET_LIFETIME;
+            let ticket_lifetime = pbs_ticket::TICKET_LIFETIME;
 
             let userid: Userid = Ticket::<super::ticket::ApiTicket>::parse(&ticket)?
                 .verify_with_time_frame(public_auth_key(), "PBS", None, -300..ticket_lifetime)?