[pve-access-control.git] / src / PVE / TokenConfig.pm

package PVE::TokenConfig;

use strict;
use warnings;

use UUID;

use PVE::AccessControl;
use PVE::Cluster;

my $parse_token_cfg = sub {
    my ($filename, $raw) = @_;

    my $parsed = {};
    return $parsed if !defined($raw);

    my @lines = split(/\n/, $raw);
    foreach my $line (@lines) {
	next if $line =~ m/^\s*$/;

	if ($line =~ m/^(\S+) (\S+)$/) {
	    if (PVE::AccessControl::pve_verify_tokenid($1, 1)) {
		$parsed->{$1} = $2;
		next;
	    }
	}

	warn "skipping invalid token.cfg entry\n";
    }

    return $parsed;
};

my $write_token_cfg = sub {
    my ($filename, $data) = @_;

    my $raw = '';
    foreach my $tokenid (sort keys %$data) {
	$raw .= "$tokenid $data->{$tokenid}\n";
    }

    return $raw;
};

PVE::Cluster::cfs_register_file('priv/token.cfg', $parse_token_cfg, $write_token_cfg);

sub generate_token {
    my ($tokenid) = @_;

    PVE::AccessControl::pve_verify_tokenid($tokenid);

    my $token_value = PVE::Cluster::cfs_lock_file('priv/token.cfg', 10, sub {
	my $uuid = UUID::uuid();
	my $token_cfg = PVE::Cluster::cfs_read_file('priv/token.cfg');

	$token_cfg->{$tokenid} = $uuid;

	PVE::Cluster::cfs_write_file('priv/token.cfg', $token_cfg);

	return $uuid;
    });

    die "$@\n" if defined($@);

    return $token_value;
}

sub delete_token {
    my ($tokenid) = @_;

    PVE::Cluster::cfs_lock_file('priv/token.cfg', 10, sub {
	my $token_cfg = PVE::Cluster::cfs_read_file('priv/token.cfg');

	delete $token_cfg->{$tokenid};

	PVE::Cluster::cfs_write_file('priv/token.cfg', $token_cfg);
    });

    die "$@\n" if defined($@);
}
Commit	Line	Data
3a540a69 FG	1	package PVE::TokenConfig;
	2
	3	use strict;
	4	use warnings;
	5
	6	use UUID;
	7
	8	use PVE::AccessControl;
	9	use PVE::Cluster;
	10
	11	my $parse_token_cfg = sub {
	12	my ($filename, $raw) = @_;
	13
	14	my $parsed = {};
856c101e	15	return $parsed if !defined($raw);
3a540a69	16
856c101e	17	my @lines = split(/\n/, $raw);
3a540a69 FG	18	foreach my $line (@lines) {
	19	next if $line =~ m/^\s*$/;
	20
	21	if ($line =~ m/^(\S+) (\S+)$/) {
	22	if (PVE::AccessControl::pve_verify_tokenid($1, 1)) {
	23	$parsed->{$1} = $2;
	24	next;
	25	}
	26	}
	27
	28	warn "skipping invalid token.cfg entry\n";
	29	}
	30
	31	return $parsed;
	32	};
	33
	34	my $write_token_cfg = sub {
	35	my ($filename, $data) = @_;
	36
	37	my $raw = '';
	38	foreach my $tokenid (sort keys %$data) {
	39	$raw .= "$tokenid $data->{$tokenid}\n";
	40	}
	41
	42	return $raw;
	43	};
	44
	45	PVE::Cluster::cfs_register_file('priv/token.cfg', $parse_token_cfg, $write_token_cfg);
	46
	47	sub generate_token {
	48	my ($tokenid) = @_;
	49
	50	PVE::AccessControl::pve_verify_tokenid($tokenid);
	51
	52	my $token_value = PVE::Cluster::cfs_lock_file('priv/token.cfg', 10, sub {
	53	my $uuid = UUID::uuid();
	54	my $token_cfg = PVE::Cluster::cfs_read_file('priv/token.cfg');
	55
	56	$token_cfg->{$tokenid} = $uuid;
	57
	58	PVE::Cluster::cfs_write_file('priv/token.cfg', $token_cfg);
	59
	60	return $uuid;
	61	});
	62
	63	die "$@\n" if defined($@);
	64
	65	return $token_value;
	66	}
	67
	68	sub delete_token {
	69	my ($tokenid) = @_;
	70
	71	PVE::Cluster::cfs_lock_file('priv/token.cfg', 10, sub {
	72	my $token_cfg = PVE::Cluster::cfs_read_file('priv/token.cfg');
	73
	74	delete $token_cfg->{$tokenid};
	75
	76	PVE::Cluster::cfs_write_file('priv/token.cfg', $token_cfg);
	77	});
	78
	79	die "$@\n" if defined($@);
	80	}