From 2649c89358bfe2f37d177d835ac95a34e4646b8b Mon Sep 17 00:00:00 2001 From: Dominik Csapak Date: Mon, 12 Jul 2021 09:48:07 +0200 Subject: [PATCH] Revert "api: access: domains: add get/create/update/delete domain call" This reverts commit 5117cf4f1786e0b37d486413d658d78a4bcfdf53. we already have that in api2/config/access Signed-off-by: Dominik Csapak --- src/api2/access/domain.rs | 281 +------------------------------------- 1 file changed, 4 insertions(+), 277 deletions(-) diff --git a/src/api2/access/domain.rs b/src/api2/access/domain.rs index 6b1a4743..bfc7c184 100644 --- a/src/api2/access/domain.rs +++ b/src/api2/access/domain.rs @@ -1,18 +1,15 @@ //! List Authentication domains/realms -use anyhow::{bail, Error}; +use anyhow::{Error}; use serde::{Deserialize, Serialize}; use serde_json::{json, Value}; use proxmox::api::{api, Permission, Router, RpcEnvironment}; +use crate::config; use crate::api2::types::*; -use crate::config::{ - self, - acl::{PRIV_REALM_ALLOCATE, PRIV_SYS_AUDIT}, - domains::{OpenIdRealmConfig, OpenIdUserAttribute}, -}; +use crate::config::domains::{OpenIdRealmConfig, OpenIdUserAttribute}; #[api] #[derive(Deserialize, Serialize, PartialEq, Eq)] @@ -162,275 +159,5 @@ fn list_domains(mut rpcenv: &mut dyn RpcEnvironment) -> Result Result { - let entry = match realm.as_str() { - "pam" => json!({ - "realm": "pam", - "type": "pam", - "comment": "Linux PAM standard authentication", - "default": Some(true), - }), - "pbs" => json!({ - "realm": "pbs", - "type": "pbs", - "comment": "Proxmox Backup authentication server", - }), - _ => { - let (config, digest) = config::domains::config()?; - rpcenv["digest"] = proxmox::tools::digest_to_hex(&digest).into(); - if let Some((section_type, v)) = config.sections.get(&realm) { - let mut entry = v.clone(); - entry["type"] = Value::from(section_type.clone()); - entry - } else { - bail!("domain '{}' does not exist", realm); - } - } - }; - - Ok(serde_json::from_value(entry)?) -} - -#[api( - protected: true, - input: { - properties: { - info: { - type: RealmInfo, - flatten: true, - }, - }, - }, - access: { - permission: &Permission::Privilege(&["access", "domains"], PRIV_REALM_ALLOCATE, false), - }, -)] -/// Create a realm -fn create_domain(param: Value) -> Result<(), Error> { - let basic_info: BasicRealmInfo = serde_json::from_value(param.clone())?; - - // for now we only have to care about openid - if basic_info.ty != RealmType::OpenId { - bail!( - "Cannot create realm of type '{}'", - serde_json::to_string(&basic_info.ty)? - ); - } - - let new_realm: OpenIdRealmConfig = serde_json::from_value(param)?; - let _lock = config::domains::lock_config()?; - - let (mut config, _digest) = config::domains::config()?; - - let existing: Vec = config.convert_to_typed_array("openid")?; - - for realm in existing { - if realm.realm == new_realm.realm { - bail!("Entry '{}' already exists", realm.realm); - } - } - - config.set_data(&new_realm.realm, "openid", &new_realm)?; - - config::domains::save_config(&config)?; - - Ok(()) -} - -#[api] -#[derive(Serialize, Deserialize)] -#[serde(rename_all = "kebab-case")] -#[allow(non_camel_case_types)] -pub enum DeletableProperty { - /// Delete the comment property. - comment, - /// Delete the client-key property. - client_key, - /// Delete the autocreate property. - autocreate, -} - -#[api( - protected: true, - input: { - properties: { - realm: { - schema: REALM_ID_SCHEMA, - }, - comment: { - optional: true, - schema: SINGLE_LINE_COMMENT_SCHEMA, - }, - "issuer-url": { - description: "OpenID Issuer Url", - type: String, - optional: true, - }, - "client-id": { - description: "OpenID Client ID", - type: String, - optional: true, - }, - "client-key": { - description: "OpenID Client Key", - type: String, - optional: true, - }, - autocreate: { - description: "Automatically create users if they do not exist.", - optional: true, - type: bool, - }, - delete: { - description: "List of properties to delete.", - type: Array, - optional: true, - items: { - type: DeletableProperty, - } - }, - digest: { - optional: true, - schema: PROXMOX_CONFIG_DIGEST_SCHEMA, - }, - }, - }, - access: { - permission: &Permission::Privilege(&["access", "domains"], PRIV_REALM_ALLOCATE, false), - }, -)] -/// Update a realm -fn update_domain( - realm: String, - comment: Option, - issuer_url: Option, - client_id: Option, - client_key: Option, - autocreate: Option, - delete: Option>, - digest: Option, - _rpcenv: &mut dyn RpcEnvironment, -) -> Result<(), Error> { - let _lock = config::domains::lock_config()?; - - let (mut config, expected_digest) = config::domains::config()?; - - if let Some(ref digest) = digest { - let digest = proxmox::tools::hex_to_digest(digest)?; - crate::tools::detect_modified_configuration_file(&digest, &expected_digest)?; - } - - // only have to worry about openid for now - let mut data: OpenIdRealmConfig = config.lookup("openid", realm.as_str())?; - - if let Some(delete) = delete { - for delete_prop in delete { - match delete_prop { - DeletableProperty::comment => data.comment = None, - DeletableProperty::client_key => data.client_key = None, - DeletableProperty::autocreate => data.autocreate = None, - } - } - } - - if let Some(comment) = comment { - let comment = comment.trim().to_string(); - if comment.is_empty() { - data.comment = None; - } else { - data.comment = Some(comment); - } - } - - if let Some(issuer_url) = issuer_url { - data.issuer_url = issuer_url - }; - if let Some(client_id) = client_id { - data.client_id = client_id - }; - if let Some(client_key) = client_key { - data.client_key = if client_key.is_empty() { - None - } else { - Some(client_key) - }; - }; - if let Some(autocreate) = autocreate { - data.autocreate = Some(autocreate) - }; - - config.set_data(&realm, "openid", &data)?; - - config::domains::save_config(&config)?; - - Ok(()) -} - -#[api( - protected: true, - input: { - properties: { - realm: { - schema: REALM_ID_SCHEMA, - }, - digest: { - optional: true, - schema: PROXMOX_CONFIG_DIGEST_SCHEMA, - }, - }, - }, - access: { - permission: &Permission::Privilege(&["access", "domains"], PRIV_REALM_ALLOCATE, false), - }, -)] -/// Delete a realm -fn delete_domain(realm: String, digest: Option) -> Result<(), Error> { - if realm == "pam" || realm == "pbs" { - bail!("cannot remove realm '{}'", realm); - } - let _lock = config::domains::lock_config()?; - - let (mut config, expected_digest) = config::domains::config()?; - - if let Some(ref digest) = digest { - let digest = proxmox::tools::hex_to_digest(digest)?; - crate::tools::detect_modified_configuration_file(&digest, &expected_digest)?; - } - - match config.sections.get(&realm) { - Some(_) => { - config.sections.remove(&realm); - } - None => bail!("realm '{}' does not exist.", realm), - } - - config::domains::save_config(&config)?; - - Ok(()) -} - pub const ROUTER: Router = Router::new() - .get(&API_METHOD_LIST_DOMAINS) - .post(&API_METHOD_CREATE_DOMAIN) - .match_all("realm", &DOMAIN_ROUTER); - -const DOMAIN_ROUTER: Router = Router::new() - .get(&API_METHOD_GET_DOMAIN) - .put(&API_METHOD_UPDATE_DOMAIN) - .delete(&API_METHOD_DELETE_DOMAIN); + .get(&API_METHOD_LIST_DOMAINS);