X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=PVE%2FAuth%2FPVE.pm;h=de39d35bef9022c48d8e9ef17499cf2e1e37070f;hb=3641833bc0c3a231889ab899c3d8dfdb117847cc;hp=5f60cf36c134931b73e7981559d37125bdd5290b;hpb=7c410d63017604c5889ceb1ee00f7993b3b7c130;p=pve-access-control.git diff --git a/PVE/Auth/PVE.pm b/PVE/Auth/PVE.pm index 5f60cf3..de39d35 100755 --- a/PVE/Auth/PVE.pm +++ b/PVE/Auth/PVE.pm @@ -2,7 +2,9 @@ package PVE::Auth::PVE; use strict; use warnings; +use Encode; +use PVE::Tools; use PVE::Auth::Plugin; use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file); @@ -19,10 +21,10 @@ sub parse_shadow_passwd { my $shadow = {}; - while ($raw && $raw =~ s/^(.*?)(\n|$)//) { - my $line = $1; + return $shadow if !defined($raw); - next if $line =~ m/^\s*$/; # skip empty lines + while ($raw =~ /^\s*(.+?)\s*$/gm) { + my $line = $1; if ($line !~ m/^\S+:\S+:$/) { warn "pve shadow password: ignore invalid line $.\n"; @@ -62,10 +64,11 @@ sub type { return 'pve'; } -sub defaults { +sub options { return { default => { optional => 1 }, comment => { optional => 1 }, + tfa => { optional => 1 }, }; } @@ -77,8 +80,9 @@ sub authenticate_user { my $shadow_cfg = cfs_read_file($shadowconfigfile); if ($shadow_cfg->{users}->{$username}) { - my $encpw = crypt($password, $shadow_cfg->{users}->{$username}->{shadow}); - die "invalid credentials\n" if ($encpw ne $shadow_cfg->{users}->{$username}->{shadow}); + my $encpw = crypt(Encode::encode('utf8', $password), + $shadow_cfg->{users}->{$username}->{shadow}); + die "invalid credentials\n" if ($encpw ne $shadow_cfg->{users}->{$username}->{shadow}); } else { die "no password set\n"; } @@ -91,7 +95,7 @@ sub store_password { lock_shadow_config(sub { my $shadow_cfg = cfs_read_file($shadowconfigfile); - my $epw = PVE::Auth::Plugin::encrypt_pw($password); + my $epw = PVE::Tools::encrypt_pw($password); $shadow_cfg->{users}->{$username}->{shadow} = $epw; cfs_write_file($shadowconfigfile, $shadow_cfg); });