use PVE::SafeSyslog;
use PVE::RPCEnvironment;
use PVE::Cluster qw(cfs_read_file);
+use PVE::Corosync;
use PVE::RESTHandler;
use PVE::AccessControl;
use PVE::JSONSchema qw(get_standard_option);
my $priv_re_map = {
vms => qr/VM\.|Permissions\.Modify/,
access => qr/(User|Group)\.|Permissions\.Modify/,
- storage => qr/Datastore\./,
+ storage => qr/Datastore\.|Permissions\.Modify/,
nodes => qr/Sys\.|Permissions\.Modify/,
dc => qr/Sys\.Audit/,
};
path => 'ticket',
method => 'GET',
permissions => { user => 'world' },
- description => "Dummy. Useful for formaters which want to provide a login page.",
+ description => "Dummy. Useful for formatters which want to provide a login page.",
parameters => {
additionalProperties => 0,
},
additionalProperties => 0,
properties => {
username => {
- description => "User name",
- type => 'string',
- maxLength => 64,
- completion => \&PVE::AccessControl::complete_username,
+ description => "User name",
+ type => 'string',
+ maxLength => 64,
+ completion => \&PVE::AccessControl::complete_username,
},
realm => get_standard_option('realm', {
description => "You can optionally pass the realm using this parameter. Normally the realm is simply added to the username <username>\@<relam>.",
username => { type => 'string' },
ticket => { type => 'string', optional => 1},
CSRFPreventionToken => { type => 'string', optional => 1 },
+ clustername => { type => 'string', optional => 1 },
}
},
code => sub {
$res->{cap} = &$compute_api_permission($rpcenv, $username);
+ if (PVE::Corosync::check_conf_exists(1)) {
+ if ($rpcenv->check($username, '/', ['Sys.Audit'], 1)) {
+ my $conf = cfs_read_file('corosync.conf');
+ my $totem = PVE::Corosync::totem_config($conf);
+ if ($totem->{cluster_name}) {
+ $res->{clustername} = $totem->{cluster_name};
+ }
+ }
+ }
+
PVE::Cluster::log_msg('info', 'root@pam', "successful auth for user '$username'");
return $res;
}});
__PACKAGE__->register_method ({
- name => 'change_passsword',
+ name => 'change_password',
path => 'password',
method => 'PUT',
permissions => {
parameters => {
additionalProperties => 0,
properties => {
- userid => get_standard_option('userid', {
- completion => \&PVE::AccessControl::complete_username,
- }),
+ userid => get_standard_option('userid-completed'),
password => {
description => "The new password.",
type => 'string',