]>
Commit | Line | Data |
---|---|---|
bf78f708 DM |
1 | //! List Authentication domains/realms |
2 | ||
2649c893 | 3 | use anyhow::{Error}; |
708db4b3 | 4 | |
0c27d880 | 5 | use serde::{Deserialize, Serialize}; |
708db4b3 DM |
6 | use serde_json::{json, Value}; |
7 | ||
6ef1b649 WB |
8 | use proxmox_router::{Router, RpcEnvironment, Permission}; |
9 | use proxmox_schema::api; | |
708db4b3 | 10 | |
21211748 | 11 | use pbs_api_types::{REALM_ID_SCHEMA, SINGLE_LINE_COMMENT_SCHEMA}; |
708db4b3 | 12 | |
0c27d880 DC |
13 | #[api] |
14 | #[derive(Deserialize, Serialize, PartialEq, Eq)] | |
15 | #[serde(rename_all = "lowercase")] | |
16 | /// type of the realm | |
17 | pub enum RealmType { | |
18 | /// The PAM realm | |
19 | Pam, | |
20 | /// The PBS realm | |
21 | Pbs, | |
22 | /// An OpenID Connect realm | |
23 | OpenId, | |
24 | } | |
25 | ||
26 | #[api( | |
27 | properties: { | |
28 | realm: { | |
29 | schema: REALM_ID_SCHEMA, | |
30 | }, | |
31 | "type": { | |
32 | type: RealmType, | |
33 | }, | |
34 | comment: { | |
35 | optional: true, | |
36 | schema: SINGLE_LINE_COMMENT_SCHEMA, | |
37 | }, | |
38 | }, | |
39 | )] | |
40 | #[derive(Deserialize, Serialize)] | |
41 | #[serde(rename_all = "kebab-case")] | |
42 | /// Basic Information about a realm | |
43 | pub struct BasicRealmInfo { | |
44 | pub realm: String, | |
45 | #[serde(rename = "type")] | |
46 | pub ty: RealmType, | |
47 | /// True if it is the default realm | |
48 | #[serde(skip_serializing_if = "Option::is_none")] | |
49 | pub default: Option<bool>, | |
50 | #[serde(skip_serializing_if = "Option::is_none")] | |
51 | pub comment: Option<String>, | |
52 | } | |
53 | ||
54 | ||
708db4b3 DM |
55 | #[api( |
56 | returns: { | |
0c27d880 | 57 | description: "List of realms with basic info.", |
708db4b3 DM |
58 | type: Array, |
59 | items: { | |
0c27d880 | 60 | type: BasicRealmInfo, |
708db4b3 | 61 | } |
4b40148c DM |
62 | }, |
63 | access: { | |
64 | description: "Anyone can access this, because we need that list for the login box (before the user is authenticated).", | |
65 | permission: &Permission::World, | |
708db4b3 DM |
66 | } |
67 | )] | |
68 | /// Authentication domain/realm index. | |
0c27d880 | 69 | fn list_domains(mut rpcenv: &mut dyn RpcEnvironment) -> Result<Vec<BasicRealmInfo>, Error> { |
708db4b3 | 70 | let mut list = Vec::new(); |
bbff6c49 | 71 | |
0c27d880 DC |
72 | list.push(serde_json::from_value(json!({ |
73 | "realm": "pam", | |
74 | "type": "pam", | |
75 | "comment": "Linux PAM standard authentication", | |
76 | "default": Some(true), | |
77 | }))?); | |
78 | list.push(serde_json::from_value(json!({ | |
79 | "realm": "pbs", | |
80 | "type": "pbs", | |
81 | "comment": "Proxmox Backup authentication server", | |
82 | }))?); | |
bbff6c49 | 83 | |
21211748 | 84 | let (config, digest) = pbs_config::domains::config()?; |
bbff6c49 | 85 | |
0c27d880 DC |
86 | for (_, (section_type, v)) in config.sections.iter() { |
87 | let mut entry = v.clone(); | |
88 | entry["type"] = Value::from(section_type.clone()); | |
89 | list.push(serde_json::from_value(entry)?); | |
bbff6c49 DM |
90 | } |
91 | ||
0c27d880 DC |
92 | rpcenv["digest"] = proxmox::tools::digest_to_hex(&digest).into(); |
93 | ||
94 | Ok(list) | |
708db4b3 DM |
95 | } |
96 | ||
97 | pub const ROUTER: Router = Router::new() | |
2649c893 | 98 | .get(&API_METHOD_LIST_DOMAINS); |