[pmg-api.git] / PMG / LDAPConfig.pm

package PMG::LDAPConfig;

use strict;
use warnings;
use MIME::Base64;
use Data::Dumper;

use PVE::Tools;
use PVE::JSONSchema qw(get_standard_option);
use PVE::INotify;
use PVE::SectionConfig;

use base qw(PVE::SectionConfig);

my $defaultData = {
    propertyList => {
	type => { description => "Section type." },
	profile => {
	    description => "Secion ID.",
	    type => 'string', format => 'pve-configid',
	},
    },
};

sub properties {
    return {
	disable => {
	    description => "Flag to disable/deactivate the entry.",
	    type => 'boolean',
	    optional => 1,
	},
	comment => {
	    description => "Description.",
	    type => 'string',
	    optional => 1,
	    maxLength => 4096,
	},
	mode => {
	    description => "LDAP protocol mode ('ldap' or 'ldaps').",
	    type => 'string',
	    enum => ['ldap', 'ldaps'],
	    default => 'ldap',
	},
	server1 => {
	    description => "Server address.",
	    type => 'string', format => 'address',
	    maxLength => 256,
	},
	server2 => {
	    description => "Fallback server address. Userd when the first server is not available.",
	    type => 'string', format => 'address',
	    maxLength => 256,
	},
	port => {
	    description => "Specify the port to connect to.",
	    type => 'integer',
	    minimum => 1,
	    maximum => 65535,
	},
	binddn => {
	    description => "Bind domain name.",
	    type => 'string',
	},
	bindpw => {
	    description => "Bind password.",
	    type => 'string',
	},
	basedn => {
	    description => "Base domain name.",
	    type => 'string',
	},
	groupbasedn => {
	    description => "Base domain name for groups.",
	    type => 'string',
	},
	filter => {
	    description => "LDAP filter.",
	    type => 'string',
	},
	accountattr => {
	    description => "Account attribute name name.",
	    type => 'string',
	    pattern => '[a-zA-Z0-9]+',
	    default => 'sAMAccountName',
	},
	mailattr => {
	    description => "List of mail attribute names.",
	    type => 'string', format => 'string-list',
	    pattern => '[a-zA-Z0-9]+',
	    default => "mail, userPrincipalName, proxyAddresses, othermailbox",
	},
    };
}

sub options {
    return {
	disable => { optional => 1 },
	comment => { optional => 1 },
	server1 => {  optional => 0 },
	server2 => {  optional => 1 },
	port => { optional => 1 },
	mode => { optional => 1 },
	binddn => { optional => 1 },
	bindpw => { optional => 1 },
	basedn => { optional => 1 },
	groupbasedn => { optional => 1 },
	filter => { optional => 1 },
	accountattr => { optional => 1 },
	mailattr => { optional => 1 },
    };
}

sub type {
    return 'ldap';
}

sub private {
    return $defaultData;
}

sub parse_section_header {
    my ($class, $line) = @_;

    if ($line =~ m/^(\S+):\s*(\S+)\s*$/) {
	my ($type, $profileId) = ($1, $2);
	my $errmsg = undef; # set if you want to skip whole section
	eval { PVE::JSONSchema::pve_verify_configid($profileId); };
	$errmsg = $@ if $@;
	my $config = {}; # to return additional attributes
	return ($type, $profileId, $errmsg, $config);
    }
    return undef;
}

sub parse_config {
    my ($class, $filename, $raw) = @_;

    my $cfg = $class->SUPER::parse_config($filename, $raw);

    foreach my $profile (keys %{$cfg->{ids}}) {
	my $data = $cfg->{ids}->{$profile};

	$data->{comment} = PVE::Tools::decode_text($data->{comment})
	    if defined($data->{comment});

	$data->{bindpw} = decode_base64($data->{bindpw})
	    if defined($data->{bindpw});
    }

    return $cfg;
}

sub write_config {
    my ($class, $filename, $cfg) = @_;

    foreach my $profile (keys %{$cfg->{ids}}) {
	my $data = $cfg->{ids}->{$profile};

	$data->{comment} = PVE::Tools::encode_text($data->{comment})
	    if defined($data->{comment});

	$data->{bindpw} = encode_base64($data->{bindpw}, '')
	    if defined($data->{bindpw});
    }

    $class->SUPER::write_config($filename, $cfg);
}

my $lockfile = "/var/lock/pmgldapconfig.lck";

sub lock_config {
    my ($code, $errmsg) = @_;

    my $p = PVE::Tools::lock_file($lockfile, undef, $code);
    if (my $err = $@) {
	$errmsg ? die "$errmsg: $err" : die $err;
    }
}


__PACKAGE__->register();
__PACKAGE__->init();

sub read_pmg_ldap_conf {
    my ($filename, $fh) = @_;

    local $/ = undef; # slurp mode

    my $raw = <$fh>;

    return __PACKAGE__->parse_config($filename, $raw);
}

sub write_pmg_ldap_conf {
    my ($filename, $fh, $cfg) = @_;

    my $raw = __PACKAGE__->write_config($filename, $cfg);

    chmod(0600, $fh);

    PVE::Tools::safe_print($filename, $fh, $raw);
}

PVE::INotify::register_file('pmg-ldap.conf', "/etc/pmg/ldap.conf",
			    \&read_pmg_ldap_conf,
			    \&write_pmg_ldap_conf);


1;
Commit	Line	Data
a6e3ac60 DM	1	package PMG::LDAPConfig;
	2
	3	use strict;
	4	use warnings;
49a16f65	5	use MIME::Base64;
a6e3ac60 DM	6	use Data::Dumper;
	7
	8	use PVE::Tools;
	9	use PVE::JSONSchema qw(get_standard_option);
	10	use PVE::INotify;
	11	use PVE::SectionConfig;
	12
	13	use base qw(PVE::SectionConfig);
	14
	15	my $defaultData = {
	16	propertyList => {
	17	type => { description => "Section type." },
c2ef4490	18	profile => {
a6e3ac60 DM	19	description => "Secion ID.",
	20	type => 'string', format => 'pve-configid',
	21	},
2fdba966 DM	22	},
	23	};
	24
	25	sub properties {
	26	return {
1c4fa5b1 DM	27	disable => {
	28	description => "Flag to disable/deactivate the entry.",
	29	type => 'boolean',
	30	optional => 1,
	31	},
bfed5777 DM	32	comment => {
	33	description => "Description.",
	34	type => 'string',
	35	optional => 1,
	36	maxLength => 4096,
	37	},
a6e3ac60 DM	38	mode => {
	39	description => "LDAP protocol mode ('ldap' or 'ldaps').",
	40	type => 'string',
	41	enum => ['ldap', 'ldaps'],
	42	default => 'ldap',
	43	},
49a16f65 DM	44	server1 => {
	45	description => "Server address.",
	46	type => 'string', format => 'address',
bfed5777	47	maxLength => 256,
49a16f65 DM	48	},
	49	server2 => {
	50	description => "Fallback server address. Userd when the first server is not available.",
	51	type => 'string', format => 'address',
bfed5777	52	maxLength => 256,
49a16f65 DM	53	},
	54	port => {
	55	description => "Specify the port to connect to.",
	56	type => 'integer',
	57	minimum => 1,
	58	maximum => 65535,
	59	},
	60	binddn => {
	61	description => "Bind domain name.",
	62	type => 'string',
	63	},
	64	bindpw => {
	65	description => "Bind password.",
	66	type => 'string',
	67	},
	68	basedn => {
	69	description => "Base domain name.",
	70	type => 'string',
	71	},
	72	groupbasedn => {
	73	description => "Base domain name for groups.",
	74	type => 'string',
	75	},
	76	filter => {
	77	description => "LDAP filter.",
	78	type => 'string',
	79	},
	80	accountattr => {
	81	description => "Account attribute name name.",
	82	type => 'string',
	83	pattern => '[a-zA-Z0-9]+',
	84	default => 'sAMAccountName',
	85	},
	86	mailattr => {
	87	description => "List of mail attribute names.",
e1c64277	88	type => 'string', format => 'string-list',
49a16f65 DM	89	pattern => '[a-zA-Z0-9]+',
	90	default => "mail, userPrincipalName, proxyAddresses, othermailbox",
	91	},
2fdba966 DM	92	};
2fdba966 DM	93	}
a6e3ac60 DM	94
	95	sub options {
	96	return {
ff4776b6	97	disable => { optional => 1 },
bfed5777	98	comment => { optional => 1 },
49a16f65 DM	99	server1 => { optional => 0 },
	100	server2 => { optional => 1 },
	101	port => { optional => 1 },
a6e3ac60	102	mode => { optional => 1 },
49a16f65 DM	103	binddn => { optional => 1 },
	104	bindpw => { optional => 1 },
	105	basedn => { optional => 1 },
	106	groupbasedn => { optional => 1 },
	107	filter => { optional => 1 },
	108	accountattr => { optional => 1 },
	109	mailattr => { optional => 1 },
a6e3ac60 DM	110	};
	111	}
	112
	113	sub type {
	114	return 'ldap';
	115	}
	116
	117	sub private {
	118	return $defaultData;
	119	}
	120
05b856e3 DM	121	sub parse_section_header {
	122	my ($class, $line) = @_;
	123
	124	if ($line =~ m/^(\S+):\s(\S+)\s$/) {
c2ef4490	125	my ($type, $profileId) = ($1, $2);
05b856e3	126	my $errmsg = undef; # set if you want to skip whole section
c2ef4490	127	eval { PVE::JSONSchema::pve_verify_configid($profileId); };
05b856e3 DM	128	$errmsg = $@ if $@;
05b856e3 DM	129	my $config = {}; # to return additional attributes
c2ef4490	130	return ($type, $profileId, $errmsg, $config);
05b856e3 DM	131	}
	132	return undef;
	133	}
	134
bfed5777 DM	135	sub parse_config {
	136	my ($class, $filename, $raw) = @_;
	137
	138	my $cfg = $class->SUPER::parse_config($filename, $raw);
	139
c2ef4490 DM	140	foreach my $profile (keys %{$cfg->{ids}}) {
c2ef4490 DM	141	my $data = $cfg->{ids}->{$profile};
bfed5777 DM	142
	143	$data->{comment} = PVE::Tools::decode_text($data->{comment})
	144	if defined($data->{comment});
	145
	146	$data->{bindpw} = decode_base64($data->{bindpw})
	147	if defined($data->{bindpw});
	148	}
	149
	150	return $cfg;
	151	}
	152
	153	sub write_config {
	154	my ($class, $filename, $cfg) = @_;
	155
c2ef4490 DM	156	foreach my $profile (keys %{$cfg->{ids}}) {
c2ef4490 DM	157	my $data = $cfg->{ids}->{$profile};
bfed5777 DM	158
	159	$data->{comment} = PVE::Tools::encode_text($data->{comment})
	160	if defined($data->{comment});
	161
	162	$data->{bindpw} = encode_base64($data->{bindpw}, '')
	163	if defined($data->{bindpw});
	164	}
	165
	166	$class->SUPER::write_config($filename, $cfg);
	167	}
	168
e1c64277 DM	169	my $lockfile = "/var/lock/pmgldapconfig.lck";
	170
	171	sub lock_config {
	172	my ($code, $errmsg) = @_;
	173
	174	my $p = PVE::Tools::lock_file($lockfile, undef, $code);
	175	if (my $err = $@) {
	176	$errmsg ? die "$errmsg: $err" : die $err;
	177	}
	178	}
	179
49a16f65	180
a6e3ac60 DM	181	__PACKAGE__->register();
	182	__PACKAGE__->init();
	183
	184	sub read_pmg_ldap_conf {
	185	my ($filename, $fh) = @_;
	186
	187	local $/ = undef; # slurp mode
	188
	189	my $raw = <$fh>;
	190
	191	return __PACKAGE__->parse_config($filename, $raw);
	192	}
	193
	194	sub write_pmg_ldap_conf {
	195	my ($filename, $fh, $cfg) = @_;
	196
	197	my $raw = __PACKAGE__->write_config($filename, $cfg);
	198
d5121ced DM	199	chmod(0600, $fh);
d5121ced DM	200
a6e3ac60 DM	201	PVE::Tools::safe_print($filename, $fh, $raw);
	202	}
	203
3278b571	204	PVE::INotify::register_file('pmg-ldap.conf', "/etc/pmg/ldap.conf",
a6e3ac60 DM	205	\&read_pmg_ldap_conf,
	206	\&write_pmg_ldap_conf);
	207
	208
	209	1;