api: add list_domains

2020-04-09 11:36:45 +02:00
parent 685e13347e
commit 708db4b3ae
3 changed files with 48 additions and 1 deletions
--- a/src/api2/access.rs
+++ b/src/api2/access.rs
@ -13,6 +13,7 @@ use crate::auth_helpers::*;
 use crate::api2::types::*;

 pub mod user;
+pub mod domain;

 fn authenticate_user(username: &str, password: &str) -> Result<(), Error> {

@ -137,6 +138,7 @@ const SUBDIRS: SubdirMap = &[
        "ticket", &Router::new()
            .post(&API_METHOD_CREATE_TICKET)
    ),
+    ("domains", &domain::ROUTER),
    ("users", &user::ROUTER),
 ];

--- a/src/api2/access/domain.rs
+++ b/src/api2/access/domain.rs
@ -0,0 +1,42 @@
+use failure::*;
+
+use serde_json::{json, Value};
+
+use proxmox::api::api;
+use proxmox::api::router::Router;
+
+use crate::api2::types::*;
+
+#[api(
+    returns: {
+        description: "List of realms.",
+        type: Array,
+        items: {
+            type: Object,
+            description: "User configuration (without password).",
+            properties: {
+                realm: {
+                    description: "Realm ID.",
+                    type: String,
+                },
+                comment: {
+                    schema: SINGLE_LINE_COMMENT_SCHEMA,
+                    optional: true,
+                },
+            },
+        }
+    }
+)]
+/// Authentication domain/realm index.
+///
+/// Anyone can access this, because we need that list for the login
+/// box (before the user is authenticated).
+fn list_domains() -> Result<Value, Error> {
+    let mut list = Vec::new();
+    list.push(json!({ "realm": "pam", "comment": "Linux PAM standard authentication" }));
+    list.push(json!({ "realm": "pbs", "comment": "Proxmox Backup authentication server" }));
+    Ok(list.into())
+}
+
+pub const ROUTER: Router = Router::new()
+    .get(&API_METHOD_LIST_DOMAINS);
--- a/src/server/rest.rs
+++ b/src/server/rest.rs
@ -524,7 +524,10 @@ pub async fn handle_request(api: Arc<ApiConfig>, req: Request<Body>) -> Result<R

            let mut uri_param = HashMap::new();

-            if comp_len == 4 && components[2] == "access" && components[3] == "ticket" {
+            if comp_len == 4 && components[2] == "access" && (
+                (components[3] == "ticket" && method ==  hyper::Method::POST) ||
+                (components[3] == "domains" && method ==  hyper::Method::GET)
+            ) {
                // explicitly allow those calls without auth
            } else {
                let (ticket, token) = extract_auth_data(&parts.headers);