From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 1677D1FF169 for ; Mon, 12 Aug 2024 15:56:08 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 7604534577; Mon, 12 Aug 2024 15:56:17 +0200 (CEST) From: Christoph Heiss To: pbs-devel@lists.proxmox.com Date: Mon, 12 Aug 2024 15:55:09 +0200 Message-ID: <20240812135550.1461574-13-c.heiss@proxmox.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240812135550.1461574-1-c.heiss@proxmox.com> References: <20240812135550.1461574-1-c.heiss@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.031 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pbs-devel] [PATCH proxmox-backup v2 12/14] api2: access: add update support for built-in PBS realm X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" Signed-off-by: Christoph Heiss --- src/api2/config/access/mod.rs | 2 + src/api2/config/access/pbs.rs | 130 ++++++++++++++++++++++++++++++++++ 2 files changed, 132 insertions(+) create mode 100644 src/api2/config/access/pbs.rs diff --git a/src/api2/config/access/mod.rs b/src/api2/config/access/mod.rs index 36ecd005..1e6070c7 100644 --- a/src/api2/config/access/mod.rs +++ b/src/api2/config/access/mod.rs @@ -6,11 +6,13 @@ pub mod ad; pub mod ldap; pub mod openid; pub mod pam; +pub mod pbs; pub mod tfa; #[sortable] const SUBDIRS: SubdirMap = &sorted!([ ("pam", &pam::ROUTER), + ("pbs", &pbs::ROUTER), ("ad", &ad::ROUTER), ("ldap", &ldap::ROUTER), ("openid", &openid::ROUTER), diff --git a/src/api2/config/access/pbs.rs b/src/api2/config/access/pbs.rs new file mode 100644 index 00000000..2873eabb --- /dev/null +++ b/src/api2/config/access/pbs.rs @@ -0,0 +1,130 @@ +use ::serde::{Deserialize, Serialize}; +use anyhow::Error; +use hex::FromHex; + +use proxmox_router::{Permission, Router, RpcEnvironment}; +use proxmox_schema::api; + +use pbs_api_types::{ + PbsRealmConfig, PbsRealmConfigUpdater, PRIV_REALM_ALLOCATE, PRIV_SYS_AUDIT, + PROXMOX_CONFIG_DIGEST_SCHEMA, +}; + +use pbs_config::domains; + +#[api( + returns: { + type: PbsRealmConfig, + }, + access: { + permission: &Permission::Privilege(&["access", "domains"], PRIV_SYS_AUDIT, false), + }, +)] +/// Read the Proxmox Backup authentication server realm configuration +pub fn read_pbs_realm(rpcenv: &mut dyn RpcEnvironment) -> Result { + let (domains, digest) = domains::config()?; + + let config = domains.lookup("pbs", "pbs")?; + + rpcenv["digest"] = hex::encode(digest).into(); + + Ok(config) +} + +#[api] +#[derive(Serialize, Deserialize)] +#[serde(rename_all = "kebab-case")] +/// Deletable property name +pub enum DeletableProperty { + /// Delete the comment property. + Comment, + /// Delete the default property. + Default, +} + +#[api( + protected: true, + input: { + properties: { + update: { + type: PbsRealmConfigUpdater, + flatten: true, + }, + delete: { + description: "List of properties to delete.", + type: Array, + optional: true, + items: { + type: DeletableProperty, + } + }, + digest: { + optional: true, + schema: PROXMOX_CONFIG_DIGEST_SCHEMA, + }, + }, + }, + returns: { + type: PbsRealmConfig, + }, + access: { + permission: &Permission::Privilege(&["access", "domains"], PRIV_REALM_ALLOCATE, false), + }, +)] +/// Update the Proxmox Backup authentication server realm configuration +pub fn update_pbs_realm( + update: PbsRealmConfigUpdater, + delete: Option>, + digest: Option, + _rpcenv: &mut dyn RpcEnvironment, +) -> Result<(), Error> { + let _lock = domains::lock_config()?; + + let (mut domains, expected_digest) = domains::config()?; + + if let Some(ref digest) = digest { + let digest = <[u8; 32]>::from_hex(digest)?; + crate::tools::detect_modified_configuration_file(&digest, &expected_digest)?; + } + + let mut config: PbsRealmConfig = domains.lookup("pbs", "pbs")?; + + if let Some(delete) = delete { + for delete_prop in delete { + match delete_prop { + DeletableProperty::Comment => { + config.comment = None; + } + DeletableProperty::Default => { + config.default = None; + } + } + } + } + + if let Some(comment) = update.comment { + let comment = comment.trim().to_string(); + if comment.is_empty() { + config.comment = None; + } else { + config.comment = Some(comment); + } + } + + if let Some(true) = update.default { + pbs_config::domains::unset_default_realm(&mut domains)?; + config.default = Some(true); + } else { + config.default = None; + } + + domains.set_data("pbs", "pbs", &config)?; + + domains::save_config(&domains)?; + + Ok(()) +} + +pub const ROUTER: Router = Router::new() + .get(&API_METHOD_READ_PBS_REALM) + .put(&API_METHOD_UPDATE_PBS_REALM); -- 2.45.2 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel