]>
git.proxmox.com Git - pve-access-control.git/blob - PVE/Auth/PVE.pm
1 package PVE
::Auth
::PVE
;
9 use PVE
::Cluster
qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file);
11 use base
qw(PVE::Auth::Plugin);
13 my $shadowconfigfile = "priv/shadow.cfg";
15 cfs_register_file
($shadowconfigfile,
16 \
&parse_shadow_passwd
,
17 \
&write_shadow_config
);
19 sub parse_shadow_passwd
{
20 my ($filename, $raw) = @_;
24 return $shadow if !defined($raw);
26 while ($raw =~ /^\s*(.+?)\s*$/gm) {
29 if ($line !~ m/^\S+:\S+:$/) {
30 warn "pve shadow password: ignore invalid line $.\n";
34 my ($userid, $crypt_pass) = split (/:/, $line);
35 $shadow->{users
}->{$userid}->{shadow
} = $crypt_pass;
41 sub write_shadow_config
{
42 my ($filename, $cfg) = @_;
45 foreach my $userid (keys %{$cfg->{users
}}) {
46 my $crypt_pass = $cfg->{users
}->{$userid}->{shadow
};
47 $data .= "$userid:$crypt_pass:\n";
53 sub lock_shadow_config
{
54 my ($code, $errmsg) = @_;
56 cfs_lock_file
($shadowconfigfile, undef, $code);
59 $errmsg ?
die "$errmsg: $err" : die $err;
69 default => { optional
=> 1 },
70 comment
=> { optional
=> 1 },
71 tfa
=> { optional
=> 1 },
75 sub authenticate_user
{
76 my ($class, $config, $realm, $username, $password) = @_;
78 die "no password\n" if !$password;
80 my $shadow_cfg = cfs_read_file
($shadowconfigfile);
82 if ($shadow_cfg->{users
}->{$username}) {
83 my $encpw = crypt(Encode
::encode
('utf8', $password),
84 $shadow_cfg->{users
}->{$username}->{shadow
});
85 die "invalid credentials\n" if ($encpw ne $shadow_cfg->{users
}->{$username}->{shadow
});
87 die "no password set\n";
94 my ($class, $config, $realm, $username, $password) = @_;
96 lock_shadow_config
(sub {
97 my $shadow_cfg = cfs_read_file
($shadowconfigfile);
98 my $epw = PVE
::Tools
::encrypt_pw
($password);
99 $shadow_cfg->{users
}->{$username}->{shadow
} = $epw;
100 cfs_write_file
($shadowconfigfile, $shadow_cfg);
105 my ($class, $config, $realm, $username) = @_;
107 lock_shadow_config
(sub {
108 my $shadow_cfg = cfs_read_file
($shadowconfigfile);
110 delete $shadow_cfg->{users
}->{$username};
112 cfs_write_file
($shadowconfigfile, $shadow_cfg);