[pmg-devel] [PATCH pmg-api 2/3] access control: rename realms.cfg to realms.conf

Stoiko Ivanov s.ivanov at proxmox.com
Wed Feb 26 18:37:36 CET 2025 

by defining the name once in PMG::Auth::Plugin, and using the sub
there to retrieve it where needed.

Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
 src/PMG/API2/AuthRealm.pm | 16 ++++++++--------
 src/PMG/API2/OIDC.pm      |  5 +++--
 src/PMG/AccessControl.pm  |  4 ++--
 src/PMG/Auth/Plugin.pm    | 11 ++++++-----
 4 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/src/PMG/API2/AuthRealm.pm b/src/PMG/API2/AuthRealm.pm
index 57c5fea..e9fee38 100644
--- a/src/PMG/API2/AuthRealm.pm
+++ b/src/PMG/API2/AuthRealm.pm
@@ -51,7 +51,7 @@ __PACKAGE__->register_method ({
 
 	my $res = [];
 
-	my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_cfg_id());
+	my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_conf_id());
 	my $ids = $cfg->{ids};
 
 	for my $realm (keys %$ids) {
@@ -82,7 +82,7 @@ __PACKAGE__->register_method ({
 
 	PMG::Auth::Plugin::lock_realm_config(
 	    sub {
-		my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_cfg_id());
+		my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_conf_id());
 		my $ids = $cfg->{ids};
 
 		my $realm = extract_param($param, 'realm');
@@ -117,7 +117,7 @@ __PACKAGE__->register_method ({
 		}
 		$plugin->on_add_hook($realm, $config, password => $password);
 
-		PVE::INotify::write_file(PMG::Auth::Plugin->realm_cfg_id(), $cfg);
+		PVE::INotify::write_file(PMG::Auth::Plugin->realm_conf_id(), $cfg);
 	    },
 	    "add auth server failed",
 	);
@@ -141,7 +141,7 @@ __PACKAGE__->register_method ({
 
 	PMG::Auth::Plugin::lock_realm_config(
 	    sub {
-		my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_cfg_id());
+		my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_conf_id());
 		my $ids = $cfg->{ids};
 
 		my $digest = extract_param($param, 'digest');
@@ -184,7 +184,7 @@ __PACKAGE__->register_method ({
 		    $plugin->on_update_hook($realm, $config);
 		}
 
-		PVE::INotify::write_file(PMG::Auth::Plugin->realm_cfg_id(), $cfg);
+		PVE::INotify::write_file(PMG::Auth::Plugin->realm_conf_id(), $cfg);
 	    },
 	    "update auth server failed"
 	);
@@ -208,7 +208,7 @@ __PACKAGE__->register_method ({
     code => sub {
 	my ($param) = @_;
 
-	my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_cfg_id());
+	my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_conf_id());
 
 	my $realm = $param->{realm};
 
@@ -242,7 +242,7 @@ __PACKAGE__->register_method ({
 
 	PMG::Auth::Plugin::lock_realm_config(
 	    sub {
-		my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_cfg_id());
+		my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_conf_id());
 		my $ids = $cfg->{ids};
 		my $realm = $param->{realm};
 
@@ -254,7 +254,7 @@ __PACKAGE__->register_method ({
 
 		delete $ids->{$realm};
 
-		PVE::INotify::write_file(PMG::Auth::Plugin->realm_cfg_id(), $cfg);
+		PVE::INotify::write_file(PMG::Auth::Plugin->realm_conf_id(), $cfg);
 	    },
 	    "delete auth server failed",
 	);
diff --git a/src/PMG/API2/OIDC.pm b/src/PMG/API2/OIDC.pm
index da9c774..92ff88d 100644
--- a/src/PMG/API2/OIDC.pm
+++ b/src/PMG/API2/OIDC.pm
@@ -10,10 +10,11 @@ use PVE::Exception qw(raise raise_perm_exc raise_param_exc);
 use PVE::SafeSyslog;
 use PVE::INotify;
 use PVE::JSONSchema qw(get_standard_option);
+use PVE::RESTHandler;
 
 use PMG::AccessControl;
+use PMG::Auth::Plugin;
 use PMG::RESTEnvironment;
-use PVE::RESTHandler;
 
 use base qw(PVE::RESTHandler);
 
@@ -22,7 +23,7 @@ my $oidc_state_path = "/var/lib/pmg";
 my $lookup_oidc_auth = sub {
     my ($realm, $redirect_url) = @_;
 
-    my $cfg = PVE::INotify::read_file('realms.cfg');
+    my $cfg = PVE::INotify::read_file(PMG::Auth::Plugin::realm_conf_id());
     my $ids = $cfg->{ids};
 
     die "authentication domain '$realm' does not exist\n" if !$ids->{$realm};
diff --git a/src/PMG/AccessControl.pm b/src/PMG/AccessControl.pm
index 57d80f8..0cf8067 100644
--- a/src/PMG/AccessControl.pm
+++ b/src/PMG/AccessControl.pm
@@ -66,7 +66,7 @@ sub authenticate_user : prototype($$$) {
 	}
 	die "ldap login failed\n";
     } elsif ($realm =~ m!(${realm_regex})!) {
-	my $realm_cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_cfg_id());
+	my $realm_cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_conf_id());
 	my $cfg = $realm_cfg->{ids}->{$realm};
 	my $plugin = PMG::Auth::Plugin->lookup($cfg->{type});
 	$plugin->authenticate_user($cfg, $realm, $ruid, $password);
@@ -111,7 +111,7 @@ sub set_user_password {
     } elsif ($realm eq 'pmg') {
 	PMG::UserConfig->set_user_password($username, $password);
     } elsif ($realm =~ m!(${realm_regex})!) {
-	my $realm_cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_cfg_id());
+	my $realm_cfg = PVE::INotify::read_file(PMG::Auth::Plugin->realm_conf_id());
 	my $cfg = $realm_cfg->{ids}->{$realm};
 	my $plugin = PMG::Auth::Plugin->lookup($cfg->{type});
 	$plugin->store_password($cfg, $realm, $username, $password);
diff --git a/src/PMG/Auth/Plugin.pm b/src/PMG/Auth/Plugin.pm
index f6792ac..1a9f68a 100755
--- a/src/PMG/Auth/Plugin.pm
+++ b/src/PMG/Auth/Plugin.pm
@@ -13,11 +13,12 @@ use PVE::Tools;
 
 use base qw(PVE::SectionConfig);
 
-my $realm_cfg_id = "realms.cfg";
+my $realm_conf_id = "realms.conf";
+my $realm_conf_filename = "/etc/pmg/$realm_conf_id";
 my $lockfile = "/var/lock/pmg-realms.lck";
 
-sub realm_cfg_id {
-    return $realm_cfg_id;
+sub realm_conf_id {
+    return $realm_conf_id;
 }
 
 sub read_realms_conf {
@@ -38,8 +39,8 @@ sub write_realms_conf {
 }
 
 PVE::INotify::register_file(
-    $realm_cfg_id,
-    "/etc/pmg/realms.cfg",
+    $realm_conf_id,
+    $realm_conf_filename,
     \&read_realms_conf,
     \&write_realms_conf,
     undef,
-- 
2.39.5

More information about the pmg-devel mailing list