access-control: add init_user_config() method

So that we can make sure root@pam exists at the product level.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2024-07-17 15:30:48 +02:00
parent 140fc0ad08
commit fee00addab
2 changed files with 11 additions and 1 deletions

View File

@ -5,6 +5,7 @@ use std::sync::OnceLock;
use anyhow::{format_err, Error};
use proxmox_auth_api::types::{Authid, Userid};
use proxmox_section_config::SectionConfigData;
static ACCESS_CONF: OnceLock<&'static dyn AccessControlConfig> = OnceLock::new();
static ACCESS_CONF_DIR: OnceLock<PathBuf> = OnceLock::new();
@ -64,6 +65,13 @@ pub trait AccessControlConfig: Send + Sync {
fn role_admin(&self) -> Option<&str> {
None
}
/// Called after the user configuration is loaded to potentially re-add fixed users, such as a
/// `root@pam` user.
fn init_user_config(&self, config: &mut SectionConfigData) -> Result<(), Error> {
let _ = config;
Ok(())
}
}
pub fn init<P: AsRef<Path>>(

View File

@ -49,7 +49,9 @@ pub fn config() -> Result<(SectionConfigData, ConfigDigest), Error> {
let content = proxmox_sys::fs::file_read_optional_string(user_config())?.unwrap_or_default();
let digest = ConfigDigest::from_slice(content.as_bytes());
let data = get_or_init_config().parse(user_config(), &content)?;
let mut data = get_or_init_config().parse(user_config(), &content)?;
access_conf().init_user_config(&mut data)?;
Ok((data, digest))
}