]>
Commit | Line | Data |
---|---|---|
3dd4f162 WB |
1 | package PMG::TFAConfig; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use PVE::Tools; | |
7 | use PVE::INotify; | |
8 | use PVE::JSONSchema qw(get_standard_option); | |
9 | use PVE::Exception qw(raise); | |
10 | ||
11 | use PMG::Utils; | |
12 | use PMG::UserConfig; | |
13 | ||
14 | use base 'PMG::RS::TFA'; | |
15 | ||
16 | my $inotify_file_id = 'pmg-tfa.json'; | |
17 | my $config_filename = '/etc/pmg/tfa.json'; | |
18 | ||
19 | sub new { | |
20 | my ($type) = @_; | |
21 | ||
22 | my $class = ref($type) || $type; | |
23 | ||
24 | my $cfg = PVE::INotify::read_file($inotify_file_id); | |
25 | ||
26 | return bless $cfg, $class; | |
27 | } | |
28 | ||
29 | sub write { | |
30 | my ($self) = @_; | |
31 | ||
32 | PVE::INotify::write_file($inotify_file_id, $self); | |
33 | } | |
34 | ||
35 | # This lives in `UserConfig` in order to enforce lock order. | |
36 | sub lock_config { | |
37 | return PMG::UserConfig::lock_tfa_config(@_); | |
38 | } | |
39 | ||
40 | my sub read_tfa_conf : prototype($$) { | |
41 | my ($filename, $fh) = @_; | |
42 | ||
43 | my $raw; | |
44 | if ($fh) { | |
45 | $raw = do { local $/ = undef; <$fh> }; | |
46 | } else { | |
47 | $raw = '{}'; | |
48 | } | |
49 | ||
50 | my $cfg = PMG::RS::TFA->new($raw); | |
51 | ||
52 | # Purge invalid users: | |
53 | my $usercfg = PMG::UserConfig->new(); | |
54 | foreach my $user ($cfg->users()->@*) { | |
55 | if (!$usercfg->lookup_user_data($user, 1)) { | |
56 | $cfg->remove_user($user); | |
57 | } | |
58 | } | |
59 | ||
60 | return $cfg; | |
61 | } | |
62 | ||
63 | my sub write_tfa_conf : prototype($$$) { | |
64 | my ($filename, $fh, $cfg) = @_; | |
65 | ||
66 | chmod(0600, $fh); | |
67 | ||
68 | PVE::Tools::safe_print($filename, $fh, $cfg->SUPER::write()); | |
69 | } | |
70 | ||
03f4cf8f TL |
71 | PVE::INotify::register_file( |
72 | $inotify_file_id, | |
73 | $config_filename, | |
74 | \&read_tfa_conf, | |
75 | \&write_tfa_conf, | |
76 | undef, | |
77 | always_call_parser => 1, | |
78 | # the parser produces a rust TfaConfig object, Clone::clone would break this | |
79 | noclone => 1, | |
80 | ); | |
3dd4f162 WB |
81 | |
82 | 1; |