1 package PVE
::API2
::Domains
;
5 use PVE
::Tools
qw(extract_param);
6 use PVE
::Cluster qw
(cfs_read_file cfs_write_file
);
7 use PVE
::AccessControl
;
8 use PVE
::JSONSchema
qw(get_standard_option);
12 use PVE
::Auth
::Plugin
;
14 my $domainconfigfile = "domains.cfg";
16 use base
qw(PVE::RESTHandler);
18 __PACKAGE__-
>register_method ({
22 description
=> "Authentication domain index.",
24 description
=> "Anyone can access that, because we need that list for the login box (before the user is authenticated).",
28 additionalProperties
=> 0,
36 realm
=> { type
=> 'string' },
37 comment
=> { type
=> 'string', optional
=> 1 },
40 links
=> [ { rel
=> 'child', href
=> "{realm}" } ],
47 my $cfg = cfs_read_file
($domainconfigfile);
48 my $ids = $cfg->{ids
};
50 foreach my $realm (keys %$ids) {
51 my $d = $ids->{$realm};
52 my $entry = { realm
=> $realm, type
=> $d->{type
} };
53 $entry->{comment
} = $d->{comment
} if $d->{comment
};
54 $entry->{default} = 1 if $d->{default};
61 __PACKAGE__-
>register_method ({
67 check
=> ['perm', '/access/realm', ['Realm.Allocate']],
69 description
=> "Add an authentication server.",
70 parameters
=> PVE
::Auth
::Plugin-
>createSchema(),
71 returns
=> { type
=> 'null' },
75 PVE
::Auth
::Plugin
::lock_domain_config
(
78 my $cfg = cfs_read_file
($domainconfigfile);
79 my $ids = $cfg->{ids
};
81 my $realm = extract_param
($param, 'realm');
82 my $type = $param->{type
};
84 die "domain '$realm' already exists\n"
87 die "unable to use reserved name '$realm'\n"
88 if ($realm eq 'pam' || $realm eq 'pve');
90 die "unable to create builtin type '$type'\n"
91 if ($type eq 'pam' || $type eq 'pve');
93 my $plugin = PVE
::Auth
::Plugin-
>lookup($type);
94 my $config = $plugin->check_config($realm, $param, 1, 1);
96 if ($config->{default}) {
97 foreach my $r (keys %$ids) {
98 delete $ids->{$r}->{default};
102 $ids->{$realm} = $config;
104 cfs_write_file
($domainconfigfile, $cfg);
105 }, "add auth server failed");
110 __PACKAGE__-
>register_method ({
115 check
=> ['perm', '/access/realm', ['Realm.Allocate']],
117 description
=> "Update authentication server settings.",
119 parameters
=> PVE
::Auth
::Plugin-
>updateSchema(),
120 returns
=> { type
=> 'null' },
124 PVE
::Auth
::Plugin
::lock_domain_config
(
127 my $cfg = cfs_read_file
($domainconfigfile);
128 my $ids = $cfg->{ids
};
130 my $digest = extract_param
($param, 'digest');
131 PVE
::SectionConfig
::assert_if_modified
($cfg, $digest);
133 my $realm = extract_param
($param, 'realm');
135 die "unable to modify bultin domain '$realm'\n"
136 if ($realm eq 'pam' || $realm eq 'pve');
138 die "domain '$realm' does not exist\n"
141 my $delete_str = extract_param
($param, 'delete');
142 die "no options specified\n" if !$delete_str && !scalar(keys %$param);
144 foreach my $opt (PVE
::Tools
::split_list
($delete_str)) {
145 delete $ids->{$realm}->{$opt};
148 my $plugin = PVE
::Auth
::Plugin-
>lookup($ids->{$realm}->{type
});
149 my $config = $plugin->check_config($realm, $param, 0, 1);
151 if ($config->{default}) {
152 foreach my $r (keys %$ids) {
153 delete $ids->{$r}->{default};
157 foreach my $p (keys %$config) {
158 $ids->{$realm}->{$p} = $config->{$p};
161 cfs_write_file
($domainconfigfile, $cfg);
162 }, "update auth server failed");
167 # fixme: return format!
168 __PACKAGE__-
>register_method ({
172 description
=> "Get auth server configuration.",
174 check
=> ['perm', '/access/realm', ['Realm.Allocate', 'Sys.Audit'], any
=> 1],
177 additionalProperties
=> 0,
179 realm
=> get_standard_option
('realm'),
186 my $cfg = cfs_read_file
($domainconfigfile);
188 my $realm = $param->{realm
};
190 my $data = $cfg->{ids
}->{$realm};
191 die "domain '$realm' does not exist\n" if !$data;
193 $data->{digest
} = $cfg->{digest
};
199 __PACKAGE__-
>register_method ({
204 check
=> ['perm', '/access/realm', ['Realm.Allocate']],
206 description
=> "Delete an authentication server.",
209 additionalProperties
=> 0,
211 realm
=> get_standard_option
('realm'),
214 returns
=> { type
=> 'null' },
218 PVE
::Auth
::Plugin
::lock_domain_config
(
221 my $cfg = cfs_read_file
($domainconfigfile);
222 my $ids = $cfg->{ids
};
224 my $realm = $param->{realm
};
226 die "domain '$realm' does not exist\n" if !$ids->{$realm};
228 delete $ids->{$realm};
230 cfs_write_file
($domainconfigfile, $cfg);
231 }, "delete auth server failed");