-sub parse_shadow_passwd {
- my ($filename, $raw) = @_;
-
- my $shadow = {};
-
- while ($raw && $raw =~ s/^(.*?)(\n|$)//) {
- my $line = $1;
-
- next if $line =~ m/^\s*$/; # skip empty lines
-
- if ($line !~ m/^\S+:\S+:$/) {
- warn "pve shadow password: ignore invalid line $.\n";
- next;
- }
-
- my ($userid, $crypt_pass) = split (/:/, $line);
- $shadow->{users}->{$userid}->{shadow} = $crypt_pass;
- }
-
- return $shadow;
-}
-
-sub write_domains {
- my ($filename, $cfg) = @_;
-
- my $data = '';
-
- my $wrote_default;
-
- foreach my $realm (sort keys %$cfg) {
- my $entry = $cfg->{$realm};
- my $type = lc($entry->{type});
-
- next if !$type;
-
- next if ($type eq 'pam') || ($type eq 'pve');
-
- my $formats = $valid_attributes->{$type};
- next if !$formats;
-
- $data .= "$type: $realm\n";
-
- foreach my $k (sort keys %$entry) {
- next if $k eq 'type';
- my $v = $entry->{$k};
- if ($k eq 'default') {
- $data .= "\t$k\n" if $v && !$wrote_default;
- $wrote_default = 1;
- } elsif (defined($formats->{$k})) {
- if (!$formats->{$k}) {
- $data .= "\t$k\n" if $v;
- } elsif ($v =~ m/^$formats->{$k}$/) {
- $v = PVE::Tools::encode_text($v) if $k eq 'comment';
- $data .= "\t$k $v\n";
- } else {
- die "invalid value '$v' for attribute '$k'\n";
- }
- } else {
- die "invalid attribute '$k' - not supported\n";
- }
- }
-
- $data .= "\n";
- }
-
- return $data;
-}
-
-sub parse_domains {
- my ($filename, $raw) = @_;
-
- my $cfg = {};
-
- my $default;
-
- while ($raw && $raw =~ s/^(.*?)(\n|$)//) {
- my $line = $1;
-
- next if $line =~ m/^\#/; # skip comment lines
- next if $line =~ m/^\s*$/; # skip empty lines
-
- if ($line =~ m/^(\S+):\s*(\S+)\s*$/) {
- my $realm = $2;
- my $type = lc($1);
-
- my $ignore = 0;
- my $entry;
-
- my $formats = $valid_attributes->{$type};
- if (!$formats) {
- $ignore = 1;
- warn "ignoring domain '$realm' - (unsupported authentication type '$type')\n";
- } elsif (!pve_verify_realm($realm, 1)) {
- $ignore = 1;
- warn "ignoring domain '$realm' - (illegal characters)\n";
- } else {
- $entry = { type => $type };
- }
-
- while ($raw && $raw =~ s/^(.*?)(\n|$)//) {
- $line = $1;
-
- next if $line =~ m/^\#/; #skip comment lines
- last if $line =~ m/^\s*$/;
-
- next if $ignore; # skip
-
- if ($line =~ m/^\s+(default)\s*$/) {
- $default = $realm if !$default;
- } elsif ($line =~ m/^\s+(\S+)(\s+(.*\S))?\s*$/) {
- my ($k, $v) = (lc($1), $3);
- if (defined($formats->{$k})) {
- if (!$formats->{$k} && !defined($v)) {
- $entry->{$k} = 1;
- } elsif ($formats->{$k} && $v =~ m/^$formats->{$k}$/) {
- if (!defined($entry->{$k})) {
- $v = PVE::Tools::decode_text($v) if $k eq 'comment';
- $entry->{$k} = $v;
- } else {
- warn "ignoring duplicate attribute '$k $v'\n";
- }
- } else {
- warn "ignoring value '$v' for attribute '$k' - invalid format\n";
- }
- } else {
- warn "ignoring attribute '$k' - not supported\n";
- }
- } else {
- warn "ignore config line: $line\n";
- }
- }
-
- if ($entry->{server2} && !$entry->{server1}) {
- $entry->{server1} = $entry->{server2};
- delete $entry->{server2};
- }
-
- if ($ignore) {
- # do nothing
- } elsif (!$entry->{server1}) {
- warn "ignoring domain '$realm' - missing server attribute\n";
- } elsif (($entry->{type} eq "ldap") && !$entry->{user_attr}) {
- warn "ignoring domain '$realm' - missing user attribute\n";
- } elsif (($entry->{type} eq "ldap") && !$entry->{base_dn}) {
- warn "ignoring domain '$realm' - missing base_dn attribute\n";
- } elsif (($entry->{type} eq "ad") && !$entry->{domain}) {
- warn "ignoring domain '$realm' - missing domain attribute\n";
- } else {
- $cfg->{$realm} = $entry;
- }
-
- } else {
- warn "ignore config line: $line\n";
- }
- }
-
- $cfg->{$default}->{default} = 1 if $default;
-
- # add default domains
-
- $cfg->{pve} = {
- type => 'builtin',
- comment => "Proxmox VE authentication server",
- };
-
- $cfg->{pam} = {
- type => 'builtin',
- comment => "Linux PAM standard authentication",
- };
-
- return $cfg;
-}
-
-sub write_shadow_config {
- my ($filename, $cfg) = @_;
-
- my $data = '';
- foreach my $userid (keys %{$cfg->{users}}) {
- my $crypt_pass = $cfg->{users}->{$userid}->{shadow};
- $data .= "$userid:$crypt_pass:\n";
- }
-
- return $data
-}
-