1 package PVE
::API2
::Domains
;
5 use PVE
::Cluster qw
(cfs_read_file cfs_write_file
);
6 use PVE
::AccessControl
;
7 use PVE
::JSONSchema
qw(get_standard_option);
12 my $domainconfigfile = "domains.cfg";
14 use base
qw(PVE::RESTHandler);
16 __PACKAGE__-
>register_method ({
20 description
=> "Authentication domain index.",
21 permissions
=> { user
=> 'world' },
23 additionalProperties
=> 0,
31 realm
=> { type
=> 'string' },
32 comment
=> { type
=> 'string', optional
=> 1 },
35 links
=> [ { rel
=> 'child', href
=> "{realm}" } ],
42 my $cfg = cfs_read_file
($domainconfigfile);
44 foreach my $realm (keys %$cfg) {
45 my $d = $cfg->{$realm};
46 my $entry = { realm
=> $realm, type
=> $d->{type
} };
47 $entry->{comment
} = $d->{comment
} if $d->{comment
};
48 $entry->{default} = 1 if $d->{default};
55 __PACKAGE__-
>register_method ({
61 check
=> ['perm', '/access', ['Sys.Modify']],
63 description
=> "Add an authentication server.",
65 additionalProperties
=> 0,
67 realm
=> get_standard_option
('realm'),
69 description
=> "Server type.",
71 enum
=> [ 'ad', 'ldap' ],
74 description
=> "Server IP address (or DNS name)",
78 description
=> "Fallback Server IP address (or DNS name)",
83 description
=> "Use secure LDAPS protocol.",
88 description
=> "Use this as default realm",
97 description
=> "Server port. Use '0' if you want to use default settings'",
104 description
=> "AD domain name",
109 description
=> "LDAP base domain name",
114 description
=> "LDAP user attribute name",
120 returns
=> { type
=> 'null' },
124 PVE
::AccessControl
::lock_domain_config
(
127 my $cfg = cfs_read_file
($domainconfigfile);
129 my $realm = $param->{realm
};
131 die "domain '$realm' already exists\n"
134 die "unable to use reserved name '$realm'\n"
135 if ($realm eq 'pam' || $realm eq 'pve');
137 if (defined($param->{secure
})) {
138 $cfg->{$realm}->{secure
} = $param->{secure
} ?
1 : 0;
141 if ($param->{default}) {
142 foreach my $r (keys %$cfg) {
143 delete $cfg->{$r}->{default};
147 foreach my $p (keys %$param) {
148 next if $p eq 'realm';
149 $cfg->{$realm}->{$p} = $param->{$p} if $param->{$p};
152 # port 0 ==> use default
153 # server2 == '' ===> delete server2
154 for my $p (qw(port server2)) {
155 if (defined($param->{$p}) && !$param->{$p}) {
156 delete $cfg->{$realm}->{$p};
160 cfs_write_file
($domainconfigfile, $cfg);
161 }, "add auth server failed");
166 __PACKAGE__-
>register_method ({
171 check
=> ['perm', '/access', ['Sys.Modify']],
173 description
=> "Update authentication server settings.",
176 additionalProperties
=> 0,
178 realm
=> get_standard_option
('realm'),
180 description
=> "Server IP address (or DNS name)",
185 description
=> "Fallback Server IP address (or DNS name)",
190 description
=> "Use secure LDAPS protocol.",
195 description
=> "Use this as default realm",
204 description
=> "Server port. Use '0' if you want to use default settings'",
211 description
=> "AD domain name",
216 description
=> "LDAP base domain name",
221 description
=> "LDAP user attribute name",
227 returns
=> { type
=> 'null' },
231 PVE
::AccessControl
::lock_domain_config
(
234 my $cfg = cfs_read_file
($domainconfigfile);
236 my $realm = $param->{realm
};
237 delete $param->{realm
};
239 die "unable to modify bultin domain '$realm'\n"
240 if ($realm eq 'pam' || $realm eq 'pve');
242 die "domain '$realm' does not exist\n"
245 if (defined($param->{secure
})) {
246 $cfg->{$realm}->{secure
} = $param->{secure
} ?
1 : 0;
249 if ($param->{default}) {
250 foreach my $r (keys %$cfg) {
251 delete $cfg->{$r}->{default};
255 foreach my $p (keys %$param) {
257 $cfg->{$realm}->{$p} = $param->{$p};
259 delete $cfg->{$realm}->{$p};
263 cfs_write_file
($domainconfigfile, $cfg);
264 }, "update auth server failed");
269 # fixme: return format!
270 __PACKAGE__-
>register_method ({
274 description
=> "Get auth server configuration.",
276 check
=> ['perm', '/access', ['Sys.Audit']],
279 additionalProperties
=> 0,
281 realm
=> get_standard_option
('realm'),
288 my $cfg = cfs_read_file
($domainconfigfile);
290 my $realm = $param->{realm
};
292 my $data = $cfg->{$realm};
293 die "domain '$realm' does not exist\n" if !$data;
299 __PACKAGE__-
>register_method ({
304 check
=> ['perm', '/access', ['Sys.Modify']],
306 description
=> "Delete an authentication server.",
309 additionalProperties
=> 0,
311 realm
=> get_standard_option
('realm'),
314 returns
=> { type
=> 'null' },
318 PVE
::AccessControl
::lock_user_config
(
321 my $cfg = cfs_read_file
($domainconfigfile);
323 my $realm = $param->{realm
};
325 die "domain '$realm' does not exist\n" if !$cfg->{$realm};
327 delete $cfg->{$realm};
329 cfs_write_file
($domainconfigfile, $cfg);
330 }, "delete auth server failed");