From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <pmg-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
by lore.proxmox.com (Postfix) with ESMTPS id 2D4A21FF165
for <inbox@lore.proxmox.com>; Wed, 26 Feb 2025 18:38:32 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id F24771A764;
Wed, 26 Feb 2025 18:38:30 +0100 (CET)
From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pmg-devel@lists.proxmox.com
Date: Wed, 26 Feb 2025 18:37:36 +0100
Message-Id: <20250226173737.577869-3-s.ivanov@proxmox.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20250226173737.577869-1-s.ivanov@proxmox.com>
References: <20250226173737.577869-1-s.ivanov@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results: 0
AWL 0.064 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DMARC_MISSING 0.1 Missing DMARC policy
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
information.
RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
information.
RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
information.
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
information. [accesscontrol.pm, authrealm.pm, oidc.pm, plugin.pm]
Subject: [pmg-devel] [PATCH pmg-api 2/3] access control: rename realms.cfg
to realms.conf
X-BeenThere: pmg-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Mail Gateway development discussion
<pmg-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pmg-devel>,
<mailto:pmg-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pmg-devel/>
List-Post: <mailto:pmg-devel@lists.proxmox.com>
List-Help: <mailto:pmg-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel>,
<mailto:pmg-devel-request@lists.proxmox.com?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pmg-devel-bounces@lists.proxmox.com
Sender: "pmg-devel" <pmg-devel-bounces@lists.proxmox.com>
by defining the name once in PMG::Auth::Plugin, and using the sub
there to retrieve it where needed.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
src/PMG/API2/AuthRealm.pm | 16 ++++++++--------
src/PMG/API2/OIDC.pm | 5 +++--
src/PMG/AccessControl.pm | 4 ++--
src/PMG/Auth/Plugin.pm | 11 ++++++-----
4 files changed, 19 insertions(+), 17 deletions(-)
diff --git a/src/PMG/API2/AuthRealm.pm b/src/PMG/API2/AuthRealm.pm
index 57c5fea..e9fee38 100644
--- a/src/PMG/API2/AuthRealm.pm
+++ b/src/PMG/API2/AuthRealm.pm
@@ -51,7 +51,7 @@ __PACKAGE__->register_method ({
my $res = [];
- my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_cfg_id());
+ my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_conf_id());
my $ids = $cfg->{ids};
for my $realm (keys %$ids) {
@@ -82,7 +82,7 @@ __PACKAGE__->register_method ({
PMG::Auth::Plugin::lock_realm_config(
sub {
- my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_cfg_id());
+ my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_conf_id());
my $ids = $cfg->{ids};
my $realm = extract_param($param, 'realm');
@@ -117,7 +117,7 @@ __PACKAGE__->register_method ({
}
$plugin->on_add_hook($realm, $config, password => $password);
- PVE::INotify::write_file(PMG::Auth::Plugin->realm_cfg_id(), $cfg);
+ PVE::INotify::write_file(PMG::Auth::Plugin->realm_conf_id(), $cfg);
},
"add auth server failed",
);
@@ -141,7 +141,7 @@ __PACKAGE__->register_method ({
PMG::Auth::Plugin::lock_realm_config(
sub {
- my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_cfg_id());
+ my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_conf_id());
my $ids = $cfg->{ids};
my $digest = extract_param($param, 'digest');
@@ -184,7 +184,7 @@ __PACKAGE__->register_method ({
$plugin->on_update_hook($realm, $config);
}
- PVE::INotify::write_file(PMG::Auth::Plugin->realm_cfg_id(), $cfg);
+ PVE::INotify::write_file(PMG::Auth::Plugin->realm_conf_id(), $cfg);
},
"update auth server failed"
);
@@ -208,7 +208,7 @@ __PACKAGE__->register_method ({
code => sub {
my ($param) = @_;
- my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_cfg_id());
+ my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_conf_id());
my $realm = $param->{realm};
@@ -242,7 +242,7 @@ __PACKAGE__->register_method ({
PMG::Auth::Plugin::lock_realm_config(
sub {
- my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_cfg_id());
+ my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_conf_id());
my $ids = $cfg->{ids};
my $realm = $param->{realm};
@@ -254,7 +254,7 @@ __PACKAGE__->register_method ({
delete $ids->{$realm};
- PVE::INotify::write_file(PMG::Auth::Plugin->realm_cfg_id(), $cfg);
+ PVE::INotify::write_file(PMG::Auth::Plugin->realm_conf_id(), $cfg);
},
"delete auth server failed",
);
diff --git a/src/PMG/API2/OIDC.pm b/src/PMG/API2/OIDC.pm
index da9c774..92ff88d 100644
--- a/src/PMG/API2/OIDC.pm
+++ b/src/PMG/API2/OIDC.pm
@@ -10,10 +10,11 @@ use PVE::Exception qw(raise raise_perm_exc raise_param_exc);
use PVE::SafeSyslog;
use PVE::INotify;
use PVE::JSONSchema qw(get_standard_option);
+use PVE::RESTHandler;
use PMG::AccessControl;
+use PMG::Auth::Plugin;
use PMG::RESTEnvironment;
-use PVE::RESTHandler;
use base qw(PVE::RESTHandler);
@@ -22,7 +23,7 @@ my $oidc_state_path = "/var/lib/pmg";
my $lookup_oidc_auth = sub {
my ($realm, $redirect_url) = @_;
- my $cfg = PVE::INotify::read_file('realms.cfg');
+ my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin::realm_conf_id());
my $ids = $cfg->{ids};
die "authentication domain '$realm' does not exist\n" if !$ids->{$realm};
diff --git a/src/PMG/AccessControl.pm b/src/PMG/AccessControl.pm
index 57d80f8..0cf8067 100644
--- a/src/PMG/AccessControl.pm
+++ b/src/PMG/AccessControl.pm
@@ -66,7 +66,7 @@ sub authenticate_user : prototype($$$) {
}
die "ldap login failed\n";
} elsif ($realm =~ m!(${realm_regex})!) {
- my $realm_cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_cfg_id());
+ my $realm_cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_conf_id());
my $cfg = $realm_cfg->{ids}->{$realm};
my $plugin = PMG::Auth::Plugin->lookup($cfg->{type});
$plugin->authenticate_user($cfg, $realm, $ruid, $password);
@@ -111,7 +111,7 @@ sub set_user_password {
} elsif ($realm eq 'pmg') {
PMG::UserConfig->set_user_password($username, $password);
} elsif ($realm =~ m!(${realm_regex})!) {
- my $realm_cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_cfg_id());
+ my $realm_cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_conf_id());
my $cfg = $realm_cfg->{ids}->{$realm};
my $plugin = PMG::Auth::Plugin->lookup($cfg->{type});
$plugin->store_password($cfg, $realm, $username, $password);
diff --git a/src/PMG/Auth/Plugin.pm b/src/PMG/Auth/Plugin.pm
index f6792ac..1a9f68a 100755
--- a/src/PMG/Auth/Plugin.pm
+++ b/src/PMG/Auth/Plugin.pm
@@ -13,11 +13,12 @@ use PVE::Tools;
use base qw(PVE::SectionConfig);
-my $realm_cfg_id = "realms.cfg";
+my $realm_conf_id = "realms.conf";
+my $realm_conf_filename = "/etc/pmg/$realm_conf_id";
my $lockfile = "/var/lock/pmg-realms.lck";
-sub realm_cfg_id {
- return $realm_cfg_id;
+sub realm_conf_id {
+ return $realm_conf_id;
}
sub read_realms_conf {
@@ -38,8 +39,8 @@ sub write_realms_conf {
}
PVE::INotify::register_file(
- $realm_cfg_id,
- "/etc/pmg/realms.cfg",
+ $realm_conf_id,
+ $realm_conf_filename,
\&read_realms_conf,
\&write_realms_conf,
undef,
--
2.39.5
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel