[proxmox-backup.git] / pbs-config / src / domains.rs

use std::collections::HashMap;

use anyhow::Error;
use lazy_static::lazy_static;

use pbs_buildcfg::configdir;
use proxmox_schema::{ApiType, ObjectSchema};
use proxmox_section_config::{SectionConfig, SectionConfigData, SectionConfigPlugin};

use crate::{open_backup_lockfile, replace_backup_config, BackupLockGuard};
use pbs_api_types::{AdRealmConfig, LdapRealmConfig, OpenIdRealmConfig, REALM_ID_SCHEMA};

lazy_static! {
    pub static ref CONFIG: SectionConfig = init();
}

fn init() -> SectionConfig {
    const AD_SCHEMA: &ObjectSchema = AdRealmConfig::API_SCHEMA.unwrap_object_schema();
    const LDAP_SCHEMA: &ObjectSchema = LdapRealmConfig::API_SCHEMA.unwrap_object_schema();
    const OPENID_SCHEMA: &ObjectSchema = OpenIdRealmConfig::API_SCHEMA.unwrap_object_schema();

    let mut config = SectionConfig::new(&REALM_ID_SCHEMA);

    let plugin = SectionConfigPlugin::new(
        "openid".to_string(),
        Some(String::from("realm")),
        OPENID_SCHEMA,
    );

    config.register_plugin(plugin);

    let plugin =
        SectionConfigPlugin::new("ldap".to_string(), Some(String::from("realm")), LDAP_SCHEMA);

    config.register_plugin(plugin);

    let plugin = SectionConfigPlugin::new("ad".to_string(), Some(String::from("realm")), AD_SCHEMA);

    config.register_plugin(plugin);

    config
}

pub const DOMAINS_CFG_FILENAME: &str = configdir!("/domains.cfg");
pub const DOMAINS_CFG_LOCKFILE: &str = configdir!("/.domains.lck");

/// Get exclusive lock
pub fn lock_config() -> Result<BackupLockGuard, Error> {
    open_backup_lockfile(DOMAINS_CFG_LOCKFILE, None, true)
}

pub fn config() -> Result<(SectionConfigData, [u8; 32]), Error> {
    let content =
        proxmox_sys::fs::file_read_optional_string(DOMAINS_CFG_FILENAME)?.unwrap_or_default();

    let digest = openssl::sha::sha256(content.as_bytes());
    let data = CONFIG.parse(DOMAINS_CFG_FILENAME, &content)?;
    Ok((data, digest))
}

pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
    let raw = CONFIG.write(DOMAINS_CFG_FILENAME, config)?;
    replace_backup_config(DOMAINS_CFG_FILENAME, raw.as_bytes())
}

/// Check if a realm with the given name exists
pub fn exists(domains: &SectionConfigData, realm: &str) -> bool {
    realm == "pbs" || realm == "pam" || domains.sections.get(realm).is_some()
}

// shell completion helper
pub fn complete_realm_name(_arg: &str, _param: &HashMap<String, String>) -> Vec<String> {
    match config() {
        Ok((data, _digest)) => data.sections.keys().map(|id| id.to_string()).collect(),
        Err(_) => Vec::new(),
    }
}

fn complete_realm_of_type(realm_type: &str) -> Vec<String> {
    match config() {
        Ok((data, _digest)) => data
            .sections
            .iter()
            .filter_map(|(id, (t, _))| {
                if t == realm_type {
                    Some(id.to_string())
                } else {
                    None
                }
            })
            .collect(),
        Err(_) => Vec::new(),
    }
}

pub fn complete_openid_realm_name(_arg: &str, _param: &HashMap<String, String>) -> Vec<String> {
    complete_realm_of_type("openid")
}

pub fn complete_ldap_realm_name(_arg: &str, _param: &HashMap<String, String>) -> Vec<String> {
    complete_realm_of_type("ldap")
}

pub fn complete_ad_realm_name(_arg: &str, _param: &HashMap<String, String>) -> Vec<String> {
    complete_realm_of_type("ad")
}
Commit	Line	Data
6ef1b649 WB	1	use std::collections::HashMap;
6ef1b649 WB	2
35f151e0	3	use anyhow::Error;
bbff6c49	4	use lazy_static::lazy_static;
bbff6c49	5
3f22f650 LW	6	use pbs_buildcfg::configdir;
3f22f650 LW	7	use proxmox_schema::{ApiType, ObjectSchema};
6ef1b649	8	use proxmox_section_config::{SectionConfig, SectionConfigData, SectionConfigPlugin};
bbff6c49	9
21211748	10	use crate::{open_backup_lockfile, replace_backup_config, BackupLockGuard};
d07013a4	11	use pbs_api_types::{AdRealmConfig, LdapRealmConfig, OpenIdRealmConfig, REALM_ID_SCHEMA};
bbff6c49 DM	12
	13	lazy_static! {
	14	pub static ref CONFIG: SectionConfig = init();
	15	}
	16
bbff6c49	17	fn init() -> SectionConfig {
d07013a4	18	const AD_SCHEMA: &ObjectSchema = AdRealmConfig::API_SCHEMA.unwrap_object_schema();
3f22f650 LW	19	const LDAP_SCHEMA: &ObjectSchema = LdapRealmConfig::API_SCHEMA.unwrap_object_schema();
	20	const OPENID_SCHEMA: &ObjectSchema = OpenIdRealmConfig::API_SCHEMA.unwrap_object_schema();
	21
	22	let mut config = SectionConfig::new(&REALM_ID_SCHEMA);
bbff6c49	23
35f151e0 TL	24	let plugin = SectionConfigPlugin::new(
	25	"openid".to_string(),
	26	Some(String::from("realm")),
3f22f650	27	OPENID_SCHEMA,
35f151e0	28	);
3f22f650 LW	29
	30	config.register_plugin(plugin);
	31
	32	let plugin =
	33	SectionConfigPlugin::new("ldap".to_string(), Some(String::from("realm")), LDAP_SCHEMA);
	34
bbff6c49 DM	35	config.register_plugin(plugin);
bbff6c49 DM	36
d07013a4 CH	37	let plugin = SectionConfigPlugin::new("ad".to_string(), Some(String::from("realm")), AD_SCHEMA);
	38
	39	config.register_plugin(plugin);
	40
bbff6c49 DM	41	config
	42	}
	43
3f22f650 LW	44	pub const DOMAINS_CFG_FILENAME: &str = configdir!("/domains.cfg");
3f22f650 LW	45	pub const DOMAINS_CFG_LOCKFILE: &str = configdir!("/.domains.lck");
bbff6c49 DM	46
bbff6c49 DM	47	/// Get exclusive lock
7526d864 DM	48	pub fn lock_config() -> Result<BackupLockGuard, Error> {
7526d864 DM	49	open_backup_lockfile(DOMAINS_CFG_LOCKFILE, None, true)
bbff6c49 DM	50	}
bbff6c49 DM	51
35f151e0	52	pub fn config() -> Result<(SectionConfigData, [u8; 32]), Error> {
16f6766a FG	53	let content =
16f6766a FG	54	proxmox_sys::fs::file_read_optional_string(DOMAINS_CFG_FILENAME)?.unwrap_or_default();
bbff6c49 DM	55
	56	let digest = openssl::sha::sha256(content.as_bytes());
	57	let data = CONFIG.parse(DOMAINS_CFG_FILENAME, &content)?;
	58	Ok((data, digest))
	59	}
	60
	61	pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
9a37bd6c	62	let raw = CONFIG.write(DOMAINS_CFG_FILENAME, config)?;
21211748	63	replace_backup_config(DOMAINS_CFG_FILENAME, raw.as_bytes())
bbff6c49 DM	64	}
bbff6c49 DM	65
3f22f650 LW	66	/// Check if a realm with the given name exists
	67	pub fn exists(domains: &SectionConfigData, realm: &str) -> bool {
	68	realm == "pbs" \|\| realm == "pam" \|\| domains.sections.get(realm).is_some()
	69	}
	70
bbff6c49 DM	71	// shell completion helper
	72	pub fn complete_realm_name(_arg: &str, _param: &HashMap<String, String>) -> Vec<String> {
	73	match config() {
82c0194e	74	Ok((data, _digest)) => data.sections.keys().map(\|id\| id.to_string()).collect(),
4597eedf	75	Err(_) => Vec::new(),
bbff6c49 DM	76	}
bbff6c49 DM	77	}
0decd11e	78
2b75fbaa	79	fn complete_realm_of_type(realm_type: &str) -> Vec<String> {
0decd11e	80	match config() {
35f151e0 TL	81	Ok((data, _digest)) => data
	82	.sections
	83	.iter()
	84	.filter_map(\|(id, (t, _))\| {
2b75fbaa	85	if t == realm_type {
35f151e0 TL	86	Some(id.to_string())
	87	} else {
	88	None
	89	}
	90	})
0decd11e	91	.collect(),
4597eedf	92	Err(_) => Vec::new(),
0decd11e DM	93	}
0decd11e DM	94	}
2b75fbaa LW	95
	96	pub fn complete_openid_realm_name(_arg: &str, _param: &HashMap<String, String>) -> Vec<String> {
	97	complete_realm_of_type("openid")
	98	}
	99
	100	pub fn complete_ldap_realm_name(_arg: &str, _param: &HashMap<String, String>) -> Vec<String> {
	101	complete_realm_of_type("ldap")
	102	}
1819989b CH	103
	104	pub fn complete_ad_realm_name(_arg: &str, _param: &HashMap<String, String>) -> Vec<String> {
	105	complete_realm_of_type("ad")
	106	}