]>
git.proxmox.com Git - pve-access-control.git/blob - PVE/Auth/PVE.pm
1 package PVE
::Auth
::PVE
;
8 use PVE
::Cluster
qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file);
10 use base
qw(PVE::Auth::Plugin);
12 my $shadowconfigfile = "priv/shadow.cfg";
14 cfs_register_file
($shadowconfigfile,
15 \
&parse_shadow_passwd
,
16 \
&write_shadow_config
);
18 sub parse_shadow_passwd
{
19 my ($filename, $raw) = @_;
23 return $shadow if !defined($raw);
25 while ($raw =~ /^\s*(.+?)\s*$/gm) {
28 if ($line !~ m/^\S+:\S+:$/) {
29 warn "pve shadow password: ignore invalid line $.\n";
33 my ($userid, $crypt_pass) = split (/:/, $line);
34 $shadow->{users
}->{$userid}->{shadow
} = $crypt_pass;
40 sub write_shadow_config
{
41 my ($filename, $cfg) = @_;
44 foreach my $userid (keys %{$cfg->{users
}}) {
45 my $crypt_pass = $cfg->{users
}->{$userid}->{shadow
};
46 $data .= "$userid:$crypt_pass:\n";
52 sub lock_shadow_config
{
53 my ($code, $errmsg) = @_;
55 cfs_lock_file
($shadowconfigfile, undef, $code);
58 $errmsg ?
die "$errmsg: $err" : die $err;
68 default => { optional
=> 1 },
69 comment
=> { optional
=> 1 },
70 tfa
=> { optional
=> 1 },
74 sub authenticate_user
{
75 my ($class, $config, $realm, $username, $password) = @_;
77 die "no password\n" if !$password;
79 my $shadow_cfg = cfs_read_file
($shadowconfigfile);
81 if ($shadow_cfg->{users
}->{$username}) {
82 my $encpw = crypt($password, $shadow_cfg->{users
}->{$username}->{shadow
});
83 die "invalid credentials\n" if ($encpw ne $shadow_cfg->{users
}->{$username}->{shadow
});
85 die "no password set\n";
92 my ($class, $config, $realm, $username, $password) = @_;
94 lock_shadow_config
(sub {
95 my $shadow_cfg = cfs_read_file
($shadowconfigfile);
96 my $epw = PVE
::Tools
::encrypt_pw
($password);
97 $shadow_cfg->{users
}->{$username}->{shadow
} = $epw;
98 cfs_write_file
($shadowconfigfile, $shadow_cfg);
103 my ($class, $config, $realm, $username) = @_;
105 lock_shadow_config
(sub {
106 my $shadow_cfg = cfs_read_file
($shadowconfigfile);
108 delete $shadow_cfg->{users
}->{$username};
110 cfs_write_file
($shadowconfigfile, $shadow_cfg);