package PMG::UserConfig;
-
use strict;
use warnings;
use Data::Dumper;
}
}
-our $schema = {
+my $schema = {
additionalProperties => 0,
properties => {
userid => get_standard_option('userid'),
+ username => get_standard_option('username', { optional => 1 }),
+ realm => {
+ description => "Authentication realm.",
+ type => 'string',
+ enum => ['pam', 'pmg'],
+ default => 'pmg',
+ optional => 1,
+ },
email => {
description => "Users E-Mail address.",
type => 'string', format => 'email',
optional => 1,
},
role => {
- description => "User role.",
+ description => "User role. Role 'root' is reseved for the Unix Superuser.",
type => 'string',
- enum => ['root', 'admin', 'qmanager', 'quser', 'audit'],
+ enum => ['root', 'admin', 'qmanager', 'audit'],
},
firstname => {
description => "First name.",
},
};
-our $update_schema = clone($schema);
+our $create_schema = clone($schema);
+delete $create_schema->{properties}->{username};
+delete $create_schema->{properties}->{realm};
+$create_schema->{properties}->{password} = {
+ description => "Password",
+ type => 'string',
+ maxLength => 32,
+ minLength => 5,
+ optional => 1,
+};
+
+our $update_schema = clone($create_schema);
$update_schema->{properties}->{role}->{optional} = 1;
$update_schema->{properties}->{delete} = {
type => 'string', format => 'pve-configid-list',
my ($cfg) = @_;
$cfg->{'root@pam'}->{userid} = 'root@pam';
+ $cfg->{'root@pam'}->{username} = 'root';
+ $cfg->{'root@pam'}->{realm} = 'pam';
$cfg->{'root@pam'}->{enable} = 1;
$cfg->{'root@pam'}->{expire} = 0;
$cfg->{'root@pam'}->{comment} = 'Unix Superuser';
$/x
) {
my $d = {
+ username => $+{userid},
userid => $+{userid} . '@pmg',
+ realm => 'pmg',
enable => $+{enable} || 0,
expire => $+{expire} || 0,
role => $+{role},
eval {
$verity_entry->($d);
$cfg->{$d->{userid}} = $d;
+ die "role 'root' is reserved\n"
+ if $d->{role} eq 'root' && $d->{userid} ne 'root@pmg';
};
if (my $err = $@) {
warn "$filename: $err";
eval {
$verity_entry->($d);
$cfg->{$d->{userid}} = $d;
+
+ if ($d->{userid} ne 'root@pam') {
+ die "role 'root' is reserved\n" if $d->{role} eq 'root';
+ die "unable to add users for realm '$d->{realm}'\n"
+ if $d->{realm} && $d->{realm} ne 'pmg';
+ }
};
if (my $err = $@) {
die $err;
$raw .= $line . "\n";
}
+ my $gid = getgrnam('www-data');
+ chown(0, $gid, $fh);
+ chmod(0640, $fh);
+
PVE::Tools::safe_print($filename, $fh, $raw);
}
return 1;
}
-sub set_password {
+sub set_user_password {
my ($class, $username, $password) = @_;
lock_config(sub {
my $cfg = $class->new();
my $data = $cfg->lookup_user_data($username); # user exists
- my $epw = PMG::Utils::encrypt_pw($password);
+ my $epw = PVE::Tools::encrypt_pw($password);
$data->{crypt_pass} = $epw;
$cfg->write();
});