[pve-devel] r5587 - in pve-access-control/trunk: . PVE PVE/API2

svn-commits at proxmox.com svn-commits at proxmox.com
Tue Feb 22 15:00:39 CET 2011 

Author: dietmar
Date: 2011-02-22 15:00:39 +0100 (Tue, 22 Feb 2011)
New Revision: 5587

Modified:
   pve-access-control/trunk/ChangeLog
   pve-access-control/trunk/PVE/API2/Domains.pm
   pve-access-control/trunk/PVE/AccessControl.pm
   pve-access-control/trunk/PVE/RPCEnvironment.pm
Log:
make 'domains.cfg' readable by www-data,
	add 'default' attribute.


Modified: pve-access-control/trunk/ChangeLog
===================================================================
--- pve-access-control/trunk/ChangeLog	2011-02-22 13:59:04 UTC (rev 5586)
+++ pve-access-control/trunk/ChangeLog	2011-02-22 14:00:39 UTC (rev 5587)
@@ -1,5 +1,8 @@
 2011-02-22  Proxmox Support Team  <support at proxmox.com>
 
+	* PVE/AccessControl.pm: make 'domains.cfg' readable by www-data,
+	add 'default' attribute.
+
 	* PVE/AccessControl.pm: realm is now part of the username.
 	Example: 'userid at realm'
 	(valid_attributes): add 'domain, port, secure' attributes for AD. 

Modified: pve-access-control/trunk/PVE/API2/Domains.pm
===================================================================
--- pve-access-control/trunk/PVE/API2/Domains.pm	2011-02-22 13:59:04 UTC (rev 5586)
+++ pve-access-control/trunk/PVE/API2/Domains.pm	2011-02-22 14:00:39 UTC (rev 5587)
@@ -12,7 +12,7 @@
 
 use PVE::RESTHandler;
 
-my $domainconfigfile = "priv/domains.cfg";
+my $domainconfigfile = "domains.cfg";
 
 use base qw(PVE::RESTHandler);
 
@@ -21,7 +21,6 @@
     path => '', 
     method => 'GET',
     description => "Authentication domain index.",
-    protected => 1,
     parameters => {
 	additionalProperties => 0,
 	properties => {},
@@ -48,6 +47,7 @@
 	    my $d = $cfg->{$realm};
 	    my $entry = { id => $realm, type => $d->{type} };
 	    $entry->{comment} = $d->{comment} if $d->{comment};
+	    $entry->{default} = 1 if $d->{default};
 	    push @$res, $entry;
 	}
 
@@ -83,6 +83,11 @@
 		type => 'boolean', 
 		optional => 1,
 	    },
+	    default => { 
+		description => "Use this as default realm",
+		type => 'boolean', 
+		optional => 1,
+	    },
 	    comment => { 
 		type => 'string', 
 		optional => 1,
@@ -126,6 +131,12 @@
 		if (defined($param->{secure})) {
 		    $cfg->{$realm}->{secure} = $param->{secure} ? 1 : 0;
 		}
+	
+		if ($param->{default}) {
+		    foreach my $r (keys %$cfg) {
+			delete $cfg->{$r}->{default};
+		    }
+		}
 
 		foreach my $p (keys %$param) {
 		    next if $p eq 'realm';
@@ -163,6 +174,11 @@
 		type => 'boolean', 
 		optional => 1,
 	    },
+	    default => { 
+		description => "Use this as default realm",
+		type => 'boolean', 
+		optional => 1,
+	    },
 	    comment => { 
 		type => 'string', 
 		optional => 1,
@@ -208,6 +224,12 @@
 		    $cfg->{$realm}->{secure} = $param->{secure} ? 1 : 0;
 		}
 
+		if ($param->{default}) {
+		    foreach my $r (keys %$cfg) {
+			delete $cfg->{$r}->{default};
+		    }
+		}
+
 		foreach my $p (keys %$param) {
 		    $cfg->{$realm}->{$p} = $param->{$p};
 		}
@@ -224,7 +246,6 @@
     path => '{realm}', 
     method => 'GET',
     description => "Get auth server configuration.",
-    protected => 1,
     parameters => {
    	additionalProperties => 0,
 	properties => {

Modified: pve-access-control/trunk/PVE/AccessControl.pm
===================================================================
--- pve-access-control/trunk/PVE/AccessControl.pm	2011-02-22 13:59:04 UTC (rev 5586)
+++ pve-access-control/trunk/PVE/AccessControl.pm	2011-02-22 14:00:39 UTC (rev 5587)
@@ -22,7 +22,7 @@
 my $authprivkeyfn = "$authdir/authkey.key";
 my $authpubkeyfn = "$confdir/authkey.pub";
 my $shadowconfigfile = "priv/shadow.cfg";
-my $domainconfigfile = "priv/domains.cfg";
+my $domainconfigfile = "domains.cfg";
 
 my $ticket_lifetime = 3600*2; # 2 hours
 
@@ -538,7 +538,7 @@
 	server2 => '[\w\d]+(.[\w\d]+)*',
 	domain => '\S+',
 	port => '\d*',
-	secure => '[01]',
+	secure => '',
 	comment => '.*',
     },
     ldap => {
@@ -546,7 +546,7 @@
 	server2 => '[\w\d]+(.[\w\d]+)*',
 	base_dn => '\w+=[\w\s]+(,\s*\w+=[\w\s]+)*',
 	user_attr => '\S{2,}',
-	secure => '[01]',
+	secure => '',
 	port => '\d*',
 	comment => '.*',
     }
@@ -862,6 +862,8 @@
 
     my $data = '';
 
+    my $wrote_default;
+
     foreach my $realm (sort keys %$cfg) {
 	my $entry = $cfg->{$realm};
 	my $type = $entry->{type};
@@ -877,8 +879,13 @@
 	foreach my $k (sort keys %$entry) {
 	    next if $k eq 'type';
 	    my $v = $entry->{$k};
-	    if ($formats->{$k}) {
-		if ($v =~ m/^$formats->{$k}$/) {
+	    if ($k eq 'default') {
+		    $data .= "\t$k\n" if $v && !$wrote_default;
+		    $wrote_default = 1;
+	    } elsif (defined($formats->{$k})) {
+		if (!$formats->{$k}) {
+		    $data .= "\t$k\n";
+		} elsif ($v =~ m/^$formats->{$k}$/) {
 		    $v = encode_text($v) if $k eq 'comment';
 		    $data .= "\t$k $v\n";
 		} else {
@@ -902,6 +909,8 @@
 
     $raw = "" if !defined($raw);
 
+    my $default;
+
     while ($raw =~ s/^(.*)\n//) {
 	my $line = $1;
  
@@ -934,10 +943,14 @@
 		    
 		next if $ignore; # skip
 
-		if ($line =~ m/^\s+(\S+)(\s+(.*\S))?\s*$/) {
+		if ($line =~ m/^\s+(default)\s*$/) {
+		    $default = $realm if !$default;
+		} elsif ($line =~ m/^\s+(\S+)(\s+(.*\S))?\s*$/) {
 		    my ($k, $v) = (lc($1), $3);
-		    if ($formats->{$k}) {
-			if ($v =~ m/^$formats->{$k}$/) {
+		    if (defined($formats->{$k})) {
+			if (!$formats->{$k} && !defined($v)) {
+				$entry->{$k} = 1;			    
+			} elsif ($formats->{$k} && $v =~ m/^$formats->{$k}$/) {
 			    if (!defined($entry->{$k})) {
 				$v = decode_text($v) if $k eq 'comment';
 				$entry->{$k} = $v;
@@ -977,6 +990,8 @@
 	}
     }
 
+    $cfg->{$default}->{default} = 1 if $default;
+
     # add default domains
 
     $cfg->{pve} = {

Modified: pve-access-control/trunk/PVE/RPCEnvironment.pm
===================================================================
--- pve-access-control/trunk/PVE/RPCEnvironment.pm	2011-02-22 13:59:04 UTC (rev 5586)
+++ pve-access-control/trunk/PVE/RPCEnvironment.pm	2011-02-22 14:00:39 UTC (rev 5587)
@@ -135,6 +135,12 @@
     return PVE::AccessControl::user_enabled($cfg, $user);
 }
 
+sub realm_list {
+    my ($self) = @_;
+    
+    return $self->{realms};
+}
+
 # initialize environment - must be called once at program startup
 sub init {
     my ($class, $type, %params) = @_;
@@ -217,6 +223,25 @@
 		my $cfg = PVE::Cluster::cfs_read_file('user.cfg');
 		$self->{user_cfg} = $cfg;
 	    }
+	    my $dcvers = PVE::Cluster::cfs_file_version('domains.cfg'); 
+	    if (!$self->{realms} || !defined($self->{domainsversion}) || 
+		!defined($dcvers) ||  ($dcvers ne $self->{domainsversion})) {
+		$self->{domainsversion} = $dcvers;
+		my $dcfg = PVE::Cluster::cfs_read_file('domains.cfg');
+		my $ra = [];
+		foreach my $realm (keys %$dcfg) {
+		    my $data = $dcfg->{$realm};
+		    my $entry = { 
+			id => $realm,
+			comment => $data->{comment} || $realm,
+		    };
+
+		    $entry->{default} = 1 if $data->{default};
+
+		    push @$ra, $entry;
+		}
+		$self->{realms} = $ra;
+	    }
 	}
     };
     if (my $err = $@) {

More information about the pve-devel mailing list