1 package PVE
::API2
::Domains
;
5 use PVE
::Cluster qw
(cfs_read_file cfs_write_file
);
6 use PVE
::AccessControl
;
7 use PVE
::JSONSchema
qw(get_standard_option);
11 use Data
::Dumper
; # fixme: remove
15 my $domainconfigfile = "domains.cfg";
17 use base
qw(PVE::RESTHandler);
19 __PACKAGE__-
>register_method ({
23 description
=> "Authentication domain index.",
24 permissions
=> { user
=> 'world' },
26 additionalProperties
=> 0,
34 realm
=> { type
=> 'string' },
35 comment
=> { type
=> 'string', optional
=> 1 },
38 links
=> [ { rel
=> 'child', href
=> "{realm}" } ],
45 my $cfg = cfs_read_file
($domainconfigfile);
47 foreach my $realm (keys %$cfg) {
48 my $d = $cfg->{$realm};
49 my $entry = { realm
=> $realm, type
=> $d->{type
} };
50 $entry->{comment
} = $d->{comment
} if $d->{comment
};
51 $entry->{default} = 1 if $d->{default};
58 __PACKAGE__-
>register_method ({
63 description
=> "Add an authentication server.",
65 additionalProperties
=> 0,
67 realm
=> get_standard_option
('realm'),
69 description
=> "Server type.",
71 enum
=> [ 'ad', 'ldap' ],
74 description
=> "Server IP address (or DNS name)",
78 description
=> "Fallback Server IP address (or DNS name)",
83 description
=> "Use secure LDAPS protocol.",
88 description
=> "Use this as default realm",
97 description
=> "Server port",
104 description
=> "LDAP base domain name",
109 description
=> "LDAP user attribute name",
115 returns
=> { type
=> 'null' },
119 PVE
::AccessControl
::lock_domain_config
(
122 my $cfg = cfs_read_file
($domainconfigfile);
124 my $realm = $param->{realm
};
126 die "domain '$realm' already exists\n"
129 die "unable to use reserved name '$realm'\n"
130 if ($realm eq 'pam' || $realm eq 'pve');
132 if (defined($param->{secure
})) {
133 $cfg->{$realm}->{secure
} = $param->{secure
} ?
1 : 0;
136 if ($param->{default}) {
137 foreach my $r (keys %$cfg) {
138 delete $cfg->{$r}->{default};
142 foreach my $p (keys %$param) {
143 next if $p eq 'realm';
144 $cfg->{$realm}->{$p} = $param->{$p};
147 cfs_write_file
($domainconfigfile, $cfg);
148 }, "add auth server failed");
153 __PACKAGE__-
>register_method ({
157 description
=> "Update authentication server settings.",
160 additionalProperties
=> 0,
162 realm
=> get_standard_option
('realm'),
164 description
=> "Server IP address (or DNS name)",
169 description
=> "Fallback Server IP address (or DNS name)",
174 description
=> "Use secure LDAPS protocol.",
179 description
=> "Use this as default realm",
188 description
=> "Server port",
195 description
=> "LDAP base domain name",
200 description
=> "LDAP user attribute name",
206 returns
=> { type
=> 'null' },
210 PVE
::AccessControl
::lock_domain_config
(
213 my $cfg = cfs_read_file
($domainconfigfile);
215 my $realm = $param->{realm
};
216 delete $param->{realm
};
218 die "unable to modify bultin domain '$realm'\n"
219 if ($realm eq 'pam' || $realm eq 'pve');
221 die "domain '$realm' does not exist\n"
224 if (defined($param->{secure
})) {
225 $cfg->{$realm}->{secure
} = $param->{secure
} ?
1 : 0;
228 if ($param->{default}) {
229 foreach my $r (keys %$cfg) {
230 delete $cfg->{$r}->{default};
234 foreach my $p (keys %$param) {
235 $cfg->{$realm}->{$p} = $param->{$p};
238 cfs_write_file
($domainconfigfile, $cfg);
239 }, "update auth server failed");
244 # fixme: return format!
245 __PACKAGE__-
>register_method ({
249 description
=> "Get auth server configuration.",
251 additionalProperties
=> 0,
253 realm
=> get_standard_option
('realm'),
260 my $cfg = cfs_read_file
($domainconfigfile);
262 my $realm = $param->{realm
};
264 my $data = $cfg->{$realm};
265 die "domain '$realm' does not exist\n" if !$data;
271 __PACKAGE__-
>register_method ({
275 description
=> "Delete an authentication server.",
278 additionalProperties
=> 0,
280 realm
=> get_standard_option
('realm'),
283 returns
=> { type
=> 'null' },
287 PVE
::AccessControl
::lock_user_config
(
290 my $cfg = cfs_read_file
($domainconfigfile);
292 my $realm = $param->{realm
};
294 die "domain '$realm' does not exist\n" if !$cfg->{$realm};
296 delete $cfg->{$realm};
298 cfs_write_file
($domainconfigfile, $cfg);
299 }, "delete auth server failed");