From fee00addab1c46ad815277539d46f0d0ec257d53 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Wed, 17 Jul 2024 15:30:48 +0200 Subject: [PATCH] access-control: add init_user_config() method So that we can make sure root@pam exists at the product level. Signed-off-by: Wolfgang Bumiller --- proxmox-access-control/src/init.rs | 8 ++++++++ proxmox-access-control/src/user.rs | 4 +++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/proxmox-access-control/src/init.rs b/proxmox-access-control/src/init.rs index 3a5ce55b..b0cf1a3e 100644 --- a/proxmox-access-control/src/init.rs +++ b/proxmox-access-control/src/init.rs @@ -5,6 +5,7 @@ use std::sync::OnceLock; use anyhow::{format_err, Error}; use proxmox_auth_api::types::{Authid, Userid}; +use proxmox_section_config::SectionConfigData; static ACCESS_CONF: OnceLock<&'static dyn AccessControlConfig> = OnceLock::new(); static ACCESS_CONF_DIR: OnceLock = OnceLock::new(); @@ -64,6 +65,13 @@ pub trait AccessControlConfig: Send + Sync { fn role_admin(&self) -> Option<&str> { None } + + /// Called after the user configuration is loaded to potentially re-add fixed users, such as a + /// `root@pam` user. + fn init_user_config(&self, config: &mut SectionConfigData) -> Result<(), Error> { + let _ = config; + Ok(()) + } } pub fn init>( diff --git a/proxmox-access-control/src/user.rs b/proxmox-access-control/src/user.rs index c28176dd..95b70f25 100644 --- a/proxmox-access-control/src/user.rs +++ b/proxmox-access-control/src/user.rs @@ -49,7 +49,9 @@ pub fn config() -> Result<(SectionConfigData, ConfigDigest), Error> { let content = proxmox_sys::fs::file_read_optional_string(user_config())?.unwrap_or_default(); let digest = ConfigDigest::from_slice(content.as_bytes()); - let data = get_or_init_config().parse(user_config(), &content)?; + let mut data = get_or_init_config().parse(user_config(), &content)?; + + access_conf().init_user_config(&mut data)?; Ok((data, digest)) }