]>
git.proxmox.com Git - pve-access-control.git/blob - PVE/Auth/PVE.pm
7f771fafde56c74e4241ce73f99dcdd1e5177f0f
1 package PVE
::Auth
::PVE
;
5 use PVE
::Cluster
qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file);
7 use base
qw(PVE::Auth::Plugin);
9 my $shadowconfigfile = "priv/shadow.cfg";
11 cfs_register_file
($shadowconfigfile,
12 \
&parse_shadow_passwd
,
13 \
&write_shadow_config
);
15 sub parse_shadow_passwd
{
16 my ($filename, $raw) = @_;
20 while ($raw && $raw =~ s/^(.*?)(\n|$)//) {
23 next if $line =~ m/^\s*$/; # skip empty lines
25 if ($line !~ m/^\S+:\S+:$/) {
26 warn "pve shadow password: ignore invalid line $.\n";
30 my ($userid, $crypt_pass) = split (/:/, $line);
31 $shadow->{users
}->{$userid}->{shadow
} = $crypt_pass;
37 sub write_shadow_config
{
38 my ($filename, $cfg) = @_;
41 foreach my $userid (keys %{$cfg->{users
}}) {
42 my $crypt_pass = $cfg->{users
}->{$userid}->{shadow
};
43 $data .= "$userid:$crypt_pass:\n";
49 sub lock_shadow_config
{
50 my ($code, $errmsg) = @_;
52 cfs_lock_file
($shadowconfigfile, undef, $code);
55 $errmsg ?
die "$errmsg: $err" : die $err;
65 default => { optional
=> 1 },
66 comment
=> { optional
=> 1 },
70 sub authenticate_user
{
71 my ($class, $config, $realm, $username, $password) = @_;
73 die "no password\n" if !$password;
75 my $shadow_cfg = cfs_read_file
($shadowconfigfile);
77 if ($shadow_cfg->{users
}->{$username}) {
78 my $encpw = crypt($password, $shadow_cfg->{users
}->{$username}->{shadow
});
79 die "invalid credentials\n" if ($encpw ne $shadow_cfg->{users
}->{$username}->{shadow
});
81 die "no password set\n";
88 my ($class, $config, $realm, $username, $password) = @_;
90 lock_shadow_config
(sub {
91 my $shadow_cfg = cfs_read_file
($shadowconfigfile);
92 my $epw = PVE
::Auth
::Plugin
::encrypt_pw
($password);
93 $shadow_cfg->{users
}->{$username}->{shadow
} = $epw;
94 cfs_write_file
($shadowconfigfile, $shadow_cfg);
99 my ($class, $config, $realm, $username) = @_;
101 lock_shadow_config
(sub {
102 my $shadow_cfg = cfs_read_file
($shadowconfigfile);
104 delete $shadow_cfg->{users
}->{$username};
106 cfs_write_file
($shadowconfigfile, $shadow_cfg);