]>
git.proxmox.com Git - pve-access-control.git/blob - PVE/Auth/PVE.pm
1 package PVE
::Auth
::PVE
;
7 use PVE
::Cluster
qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file);
9 use base
qw(PVE::Auth::Plugin);
11 my $shadowconfigfile = "priv/shadow.cfg";
13 cfs_register_file
($shadowconfigfile,
14 \
&parse_shadow_passwd
,
15 \
&write_shadow_config
);
17 sub parse_shadow_passwd
{
18 my ($filename, $raw) = @_;
22 return $shadow if !defined($raw);
24 while ($raw =~ /^\s*(.+?)\s*$/gm) {
27 if ($line !~ m/^\S+:\S+:$/) {
28 warn "pve shadow password: ignore invalid line $.\n";
32 my ($userid, $crypt_pass) = split (/:/, $line);
33 $shadow->{users
}->{$userid}->{shadow
} = $crypt_pass;
39 sub write_shadow_config
{
40 my ($filename, $cfg) = @_;
43 foreach my $userid (keys %{$cfg->{users
}}) {
44 my $crypt_pass = $cfg->{users
}->{$userid}->{shadow
};
45 $data .= "$userid:$crypt_pass:\n";
51 sub lock_shadow_config
{
52 my ($code, $errmsg) = @_;
54 cfs_lock_file
($shadowconfigfile, undef, $code);
57 $errmsg ?
die "$errmsg: $err" : die $err;
67 default => { optional
=> 1 },
68 comment
=> { optional
=> 1 },
69 tfa
=> { optional
=> 1 },
73 sub authenticate_user
{
74 my ($class, $config, $realm, $username, $password) = @_;
76 die "no password\n" if !$password;
78 my $shadow_cfg = cfs_read_file
($shadowconfigfile);
80 if ($shadow_cfg->{users
}->{$username}) {
81 my $encpw = crypt($password, $shadow_cfg->{users
}->{$username}->{shadow
});
82 die "invalid credentials\n" if ($encpw ne $shadow_cfg->{users
}->{$username}->{shadow
});
84 die "no password set\n";
91 my ($class, $config, $realm, $username, $password) = @_;
93 lock_shadow_config
(sub {
94 my $shadow_cfg = cfs_read_file
($shadowconfigfile);
95 my $epw = PVE
::Auth
::Plugin
::encrypt_pw
($password);
96 $shadow_cfg->{users
}->{$username}->{shadow
} = $epw;
97 cfs_write_file
($shadowconfigfile, $shadow_cfg);
102 my ($class, $config, $realm, $username) = @_;
104 lock_shadow_config
(sub {
105 my $shadow_cfg = cfs_read_file
($shadowconfigfile);
107 delete $shadow_cfg->{users
}->{$username};
109 cfs_write_file
($shadowconfigfile, $shadow_cfg);