Reuse id parse code.

[pve-common.git] / src / PVE / JSONSchema.pm

diff --git a/src/PVE/JSONSchema.pm b/src/PVE/JSONSchema.pm
index db38d44bc0a0016c8da05fb0a542606246902e87..50a08243295ab63b617671344ac2d3f764d7710d 100644 (file)
--- a/src/PVE/JSONSchema.pm
+++ b/src/PVE/JSONSchema.pm
@@ -180,14 +180,19 @@ PVE::JSONSchema::register_format('pve-storage-id', \&parse_storage_id);
 sub parse_storage_id {
     my ($storeid, $noerr) = @_;
 
-    if ($storeid !~ m/^[a-z][a-z0-9\-\_\.]*[a-z0-9]$/i) {
+    return parse_id($storeid, 'storage', $noerr);
+}
+
+sub parse_id {
+    my ($id, $type, $noerr) = @_;
+
+     if ($id !~ m/^[a-z][a-z0-9\-\_\.]*[a-z0-9]$/i) {
        return undef if $noerr;
-       die "storage ID '$storeid' contains illegal characters\n";
+       die "$type ID '$id' contains illegal characters\n";
     }
-    return $storeid;
+    return $id;
 }
 
-
 register_format('pve-vmid', \&pve_verify_vmid);
 sub pve_verify_vmid {
     my ($vmid, $noerr) = @_;
@@ -265,6 +270,19 @@ sub pve_verify_ip {
     return $ip;
 }
 
+PVE::JSONSchema::register_format('ldap-simple-attr', \&verify_ldap_simple_attr);
+sub verify_ldap_simple_attr {
+    my ($attr, $noerr) = @_;
+
+    if ($attr =~ m/^[a-zA-Z0-9]+$/) {
+       return $attr;
+    }
+
+    die "value '$attr' does not look like a simple ldap attribute name\n" if !$noerr;
+
+    return undef;
+}
+
 my $ipv4_mask_hash = {
     '0.0.0.0' => 0,
     '128.0.0.0' => 1,
@@ -499,6 +517,18 @@ register_standard_option('bwlimit', {
     format => $bwlimit_format,
 });
 
+# used for pve-tag-list in e.g., guest configs
+register_format('pve-tag', \&pve_verify_tag);
+sub pve_verify_tag {
+    my ($value, $noerr) = @_;
+
+    return $value if $value =~ m/^[a-z0-9_][a-z0-9_\-\+\.]*$/i;
+
+    return undef if $noerr;
+
+    die "invalid characters in tag\n";
+}
+
 sub pve_parse_startup_order {
     my ($value) = @_;
 
@@ -530,6 +560,25 @@ PVE::JSONSchema::register_standard_option('pve-startup-order', {
     typetext => '[[order=]\d+] [,up=\d+] [,down=\d+] ',
 });
 
+register_format('pve-tfa-secret', \&pve_verify_tfa_secret);
+sub pve_verify_tfa_secret {
+    my ($key, $noerr) = @_;
+
+    # The old format used 16 base32 chars or 40 hex digits. Since they have a common subset it's
+    # hard to distinguish them without the our previous length constraints, so add a 'v2' of the
+    # format to support arbitrary lengths properly:
+    if ($key =~ /^v2-0x[0-9a-fA-F]{16,128}$/ || # hex
+        $key =~ /^v2-[A-Z2-7=]{16,128}$/ ||     # base32
+        $key =~ /^(?:[A-Z2-7=]{16}|[A-Fa-f0-9]{40})$/) # and the old pattern copy&pasted
+    {
+       return $key;
+    }
+
+    return undef if $noerr;
+
+    die "unable to decode TFA secret\n";
+}
+
 sub check_format {
     my ($format, $value, $path) = @_;
 
@@ -1263,6 +1312,12 @@ my $method_schema = {
            description => "Method needs special privileges - only pvedaemon can execute it",
            optional => 1,
         },
+       allowtoken => {
+           type => 'boolean',
+           description => "Method is available for clients authenticated using an API token.",
+           optional => 1,
+           default => 1,
+       },
         download => {
             type => 'boolean',
            description => "Method downloads the file content (filename is the return value of the method).",