diff --git a/api-viewer/apidata.js b/api-viewer/apidata.js index adf8825..6c6f7d8 100644 --- a/api-viewer/apidata.js +++ b/api-viewer/apidata.js @@ -10458,10 +10458,10 @@ var apiSchema = [ "delete" : { "description" : "A list of settings you want to delete.", "enum" : [ - "origin", + "id", "allow-subdomains", - "rp", - "id" + "origin", + "rp" ], "optional" : 1, "type" : "string" @@ -10571,6 +10571,13 @@ var apiSchema = [ "parameters" : { "additionalProperties" : 0, "properties" : { + "admin-mail-from" : { + "default" : "Proxmox Mail Gateway ", + "description" : "Text for 'From' header in admin mails and bounces.", + "optional" : 1, + "pattern" : "^\\p{PosixPrint}{1,998}$", + "type" : "string" + }, "advfilter" : { "default" : 0, "description" : "Enable advanced filters for statistic.", @@ -17248,8 +17255,16 @@ var apiSchema = [ }, "password" : { "description" : "Password", - "maxLength" : 32, - "minLength" : 5, + "maxLength" : 64, + "minLength" : 8, + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "realm" : { + "default" : "pmg", + "description" : "Authentication realm.", + "format" : "pmg-realm", "optional" : 1, "type" : "string", "typetext" : "" @@ -17409,8 +17424,16 @@ var apiSchema = [ }, "password" : { "description" : "Password", - "maxLength" : 32, - "minLength" : 5, + "maxLength" : 64, + "minLength" : 8, + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "realm" : { + "default" : "pmg", + "description" : "Authentication realm.", + "format" : "pmg-realm", "optional" : 1, "type" : "string", "typetext" : "" @@ -17872,6 +17895,477 @@ var apiSchema = [ "path" : "/access/tfa", "text" : "tfa" }, + { + "children" : [ + { + "info" : { + "DELETE" : { + "allowtoken" : 1, + "description" : "Delete an authentication server.", + "method" : "DELETE", + "name" : "delete", + "parameters" : { + "additionalProperties" : 0, + "properties" : { + "realm" : { + "description" : "Authentication domain ID", + "format" : "pmg-realm", + "maxLength" : 32, + "type" : "string", + "typetext" : "" + } + } + }, + "permissions" : { + "check" : [ + "admin" + ] + }, + "protected" : 1, + "returns" : { + "type" : "null" + } + }, + "GET" : { + "allowtoken" : 1, + "description" : "Get auth server configuration.", + "method" : "GET", + "name" : "read", + "parameters" : { + "additionalProperties" : 0, + "properties" : { + "realm" : { + "description" : "Authentication domain ID", + "format" : "pmg-realm", + "maxLength" : 32, + "type" : "string", + "typetext" : "" + } + } + }, + "permissions" : { + "check" : [ + "admin", + "qmanager", + "audit" + ] + }, + "returns" : {} + }, + "PUT" : { + "allowtoken" : 1, + "description" : "Update authentication server settings.", + "method" : "PUT", + "name" : "update", + "parameters" : { + "additionalProperties" : 0, + "properties" : { + "acr-values" : { + "description" : "Specifies the Authentication Context Class Reference values that theAuthorization Server is being requested to use for the Auth Request.", + "optional" : 1, + "pattern" : "(?^:^[a-zA-Z0-9._:-]+$)", + "type" : "string" + }, + "autocreate" : { + "default" : 0, + "description" : "Automatically create users if they do not exist.", + "optional" : 1, + "type" : "boolean", + "typetext" : "" + }, + "autocreate-role" : { + "default" : "audit", + "description" : "Automatically create users with a specific role.", + "enum" : [ + "admin", + "qmanager", + "audit", + "helpdesk" + ], + "optional" : 1, + "type" : "string" + }, + "client-id" : { + "description" : "OpenID Connect Client ID", + "maxLength" : 256, + "optional" : 1, + "pattern" : "(?^:^[a-zA-Z0-9._:-]+$)", + "type" : "string" + }, + "client-key" : { + "description" : "OpenID Connect Client Key", + "maxLength" : 256, + "optional" : 1, + "pattern" : "(?^:^[a-zA-Z0-9._:-]+$)", + "type" : "string" + }, + "comment" : { + "description" : "Description.", + "maxLength" : 4096, + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "default" : { + "description" : "Use this as default realm", + "optional" : 1, + "type" : "boolean", + "typetext" : "" + }, + "delete" : { + "description" : "A list of settings you want to delete.", + "format" : "pve-configid-list", + "maxLength" : 4096, + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "digest" : { + "description" : "Prevent changes if current configuration file has a different digest. This can be used to prevent concurrent modifications.", + "maxLength" : 64, + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "issuer-url" : { + "description" : "OpenID Connect Issuer Url", + "maxLength" : 256, + "optional" : 1, + "pattern" : "(?^:^(https?)://([a-zA-Z0-9.-]+)(:[0-9]{1,5})?(/[^\\s]*)?$)", + "type" : "string" + }, + "prompt" : { + "description" : "Specifies whether the Authorization Server prompts the End-User for reauthentication and consent.", + "optional" : 1, + "pattern" : "(?:none|login|consent|select_account|\\S+)", + "type" : "string" + }, + "realm" : { + "description" : "Authentication domain ID", + "format" : "pmg-realm", + "maxLength" : 32, + "type" : "string", + "typetext" : "" + }, + "scopes" : { + "default" : "email profile", + "description" : "Specifies the scopes (user details) that should be authorized and returned, for example 'email' or 'profile'.", + "optional" : 1, + "pattern" : "(?^:^[a-zA-Z0-9._:-]+$)", + "type" : "string" + } + }, + "type" : "object" + }, + "permissions" : { + "check" : [ + "admin" + ] + }, + "protected" : 1, + "returns" : { + "type" : "null" + } + } + }, + "leaf" : 1, + "path" : "/access/auth-realm/{realm}", + "text" : "{realm}" + } + ], + "info" : { + "GET" : { + "allowtoken" : 1, + "description" : "Authentication realm index.", + "method" : "GET", + "name" : "index", + "parameters" : { + "additionalProperties" : 0 + }, + "permissions" : { + "description" : "Anyone can access that, because we need that list for the login box (before the user is authenticated).", + "user" : "world" + }, + "returns" : { + "items" : { + "properties" : { + "comment" : { + "description" : "A comment. The GUI use this text when you select a authentication realm on the login window.", + "optional" : 1, + "type" : "string" + }, + "realm" : { + "type" : "string" + }, + "type" : { + "type" : "string" + } + }, + "type" : "object" + }, + "links" : [ + { + "href" : "{realm}", + "rel" : "child" + } + ], + "type" : "array" + } + }, + "POST" : { + "allowtoken" : 1, + "description" : "Add an authentication server.", + "method" : "POST", + "name" : "create", + "parameters" : { + "additionalProperties" : 0, + "properties" : { + "acr-values" : { + "description" : "Specifies the Authentication Context Class Reference values that theAuthorization Server is being requested to use for the Auth Request.", + "optional" : 1, + "pattern" : "(?^:^[a-zA-Z0-9._:-]+$)", + "type" : "string" + }, + "autocreate" : { + "default" : 0, + "description" : "Automatically create users if they do not exist.", + "optional" : 1, + "type" : "boolean", + "typetext" : "" + }, + "autocreate-role" : { + "default" : "audit", + "description" : "Automatically create users with a specific role.", + "enum" : [ + "admin", + "qmanager", + "audit", + "helpdesk" + ], + "optional" : 1, + "type" : "string" + }, + "client-id" : { + "description" : "OpenID Connect Client ID", + "maxLength" : 256, + "optional" : 1, + "pattern" : "(?^:^[a-zA-Z0-9._:-]+$)", + "type" : "string" + }, + "client-key" : { + "description" : "OpenID Connect Client Key", + "maxLength" : 256, + "optional" : 1, + "pattern" : "(?^:^[a-zA-Z0-9._:-]+$)", + "type" : "string" + }, + "comment" : { + "description" : "Description.", + "maxLength" : 4096, + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "default" : { + "description" : "Use this as default realm", + "optional" : 1, + "type" : "boolean", + "typetext" : "" + }, + "issuer-url" : { + "description" : "OpenID Connect Issuer Url", + "maxLength" : 256, + "optional" : 1, + "pattern" : "(?^:^(https?)://([a-zA-Z0-9.-]+)(:[0-9]{1,5})?(/[^\\s]*)?$)", + "type" : "string" + }, + "prompt" : { + "description" : "Specifies whether the Authorization Server prompts the End-User for reauthentication and consent.", + "optional" : 1, + "pattern" : "(?:none|login|consent|select_account|\\S+)", + "type" : "string" + }, + "realm" : { + "description" : "Authentication domain ID", + "format" : "pmg-realm", + "maxLength" : 32, + "type" : "string", + "typetext" : "" + }, + "scopes" : { + "default" : "email profile", + "description" : "Specifies the scopes (user details) that should be authorized and returned, for example 'email' or 'profile'.", + "optional" : 1, + "pattern" : "(?^:^[a-zA-Z0-9._:-]+$)", + "type" : "string" + }, + "type" : { + "description" : "Realm type.", + "enum" : [ + "oidc", + "pam", + "pmg" + ], + "type" : "string" + }, + "username-claim" : { + "default" : "sub", + "description" : "OpenID Connect claim used to generate the unique username.", + "optional" : 1, + "pattern" : "(?^:^[a-zA-Z0-9._:-]+$)", + "type" : "string" + } + }, + "type" : "object" + }, + "permissions" : { + "check" : [ + "admin" + ] + }, + "protected" : 1, + "returns" : { + "type" : "null" + } + } + }, + "leaf" : 0, + "path" : "/access/auth-realm", + "text" : "auth-realm" + }, + { + "children" : [ + { + "info" : { + "POST" : { + "allowtoken" : 1, + "description" : "Get the OpenId Connect Authorization Url for the specified realm.", + "method" : "POST", + "name" : "auth_url", + "parameters" : { + "additionalProperties" : 0, + "properties" : { + "realm" : { + "description" : "Authentication domain ID", + "maxLength" : 32, + "pattern" : "(?^:[A-Za-z][A-Za-z0-9\\.\\-_]+)", + "type" : "string" + }, + "redirect-url" : { + "description" : "Redirection Url. The client should set this to the used server url (location.origin).", + "maxLength" : 255, + "type" : "string", + "typetext" : "" + } + } + }, + "permissions" : { + "user" : "world" + }, + "protected" : 1, + "returns" : { + "description" : "Redirection URL.", + "type" : "string" + } + } + }, + "leaf" : 1, + "path" : "/access/oidc/auth-url", + "text" : "auth-url" + }, + { + "info" : { + "POST" : { + "allowtoken" : 1, + "description" : " Verify OpenID Connect authorization code and create a ticket.", + "method" : "POST", + "name" : "login", + "parameters" : { + "additionalProperties" : 0, + "properties" : { + "code" : { + "description" : "OpenId Connect authorization code.", + "maxLength" : 4096, + "type" : "string", + "typetext" : "" + }, + "redirect-url" : { + "description" : "Redirection Url. The client should set this to the used server url (location.origin).", + "maxLength" : 255, + "type" : "string", + "typetext" : "" + }, + "state" : { + "description" : "OpenId Connect state.", + "maxLength" : 1024, + "type" : "string", + "typetext" : "" + } + } + }, + "permissions" : { + "user" : "world" + }, + "protected" : 1, + "returns" : { + "properties" : { + "CSRFPreventionToken" : { + "type" : "string" + }, + "role" : { + "optional" : 1, + "type" : "string" + }, + "ticket" : { + "type" : "string" + }, + "username" : { + "type" : "string" + } + } + } + } + }, + "leaf" : 1, + "path" : "/access/oidc/login", + "text" : "login" + } + ], + "info" : { + "GET" : { + "allowtoken" : 1, + "description" : "Directory index.", + "method" : "GET", + "name" : "index", + "parameters" : { + "additionalProperties" : 0 + }, + "permissions" : { + "user" : "all" + }, + "returns" : { + "items" : { + "properties" : { + "subdir" : { + "type" : "string" + } + }, + "type" : "object" + }, + "links" : [ + { + "href" : "{subdir}", + "rel" : "child" + } + ], + "type" : "array" + } + } + }, + "leaf" : 0, + "path" : "/access/oidc", + "text" : "oidc" + }, { "info" : { "GET" : { @@ -17917,14 +18411,11 @@ var apiSchema = [ }, "realm" : { "description" : "You can optionally pass the realm using this parameter. Normally the realm is simply added to the username @.", - "enum" : [ - "pam", - "pmg", - "quarantine" - ], + "format" : "pmg-realm", "maxLength" : 32, "optional" : 1, - "type" : "string" + "type" : "string", + "typetext" : "" }, "tfa-challenge" : { "description" : "The signed TFA challenge string the user wants to respond to.", @@ -17984,7 +18475,7 @@ var apiSchema = [ "password" : { "description" : "The new password.", "maxLength" : 64, - "minLength" : 5, + "minLength" : 8, "type" : "string", "typetext" : "" }, @@ -18310,8 +18801,8 @@ var apiSchema = [ "description" : "Query this type of quarantine for users.", "enum" : [ "spam", - "virus", - "attachment" + "attachment", + "virus" ], "optional" : 1, "type" : "string" diff --git a/pmg.admin-conf-opts.adoc b/pmg.admin-conf-opts.adoc index a0beb10..5ff8618 100644 --- a/pmg.admin-conf-opts.adoc +++ b/pmg.admin-conf-opts.adoc @@ -1,3 +1,7 @@ +`admin-mail-from`: `^\p{PosixPrint}{1,998}$` ('default =' `Proxmox Mail Gateway `):: + +Text for 'From' header in admin mails and bounces. + `advfilter`: `` ('default =' `0`):: Enable advanced filters for statistic. diff --git a/pmg.conf.5-opts.adoc b/pmg.conf.5-opts.adoc index 07e3ae9..292290c 100644 --- a/pmg.conf.5-opts.adoc +++ b/pmg.conf.5-opts.adoc @@ -1,5 +1,9 @@ .Section 'admin' +`admin-mail-from`: `^\p{PosixPrint}{1,998}$` ('default =' `Proxmox Mail Gateway `):: + +Text for 'From' header in admin mails and bounces. + `advfilter`: `` ('default =' `0`):: Enable advanced filters for statistic. diff --git a/user.conf.5-opts.adoc b/user.conf.5-opts.adoc index 284e1fe..275625f 100644 --- a/user.conf.5-opts.adoc +++ b/user.conf.5-opts.adoc @@ -34,6 +34,10 @@ Last name. Password +`realm`: `` ('default =' `pmg`):: + +Authentication realm. + `role`: `` :: User role. Role 'root' is reserved for the Unix Superuser.