]>
git.proxmox.com Git - pve-access-control.git/blob - PVE/Auth/PVE.pm
1 package PVE
::Auth
::PVE
;
7 use PVE
::Cluster
qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file);
9 use base
qw(PVE::Auth::Plugin);
11 my $shadowconfigfile = "priv/shadow.cfg";
13 cfs_register_file
($shadowconfigfile,
14 \
&parse_shadow_passwd
,
15 \
&write_shadow_config
);
17 sub parse_shadow_passwd
{
18 my ($filename, $raw) = @_;
22 while ($raw && $raw =~ s/^(.*?)(\n|$)//) {
25 next if $line =~ m/^\s*$/; # skip empty lines
27 if ($line !~ m/^\S+:\S+:$/) {
28 warn "pve shadow password: ignore invalid line $.\n";
32 my ($userid, $crypt_pass) = split (/:/, $line);
33 $shadow->{users
}->{$userid}->{shadow
} = $crypt_pass;
39 sub write_shadow_config
{
40 my ($filename, $cfg) = @_;
43 foreach my $userid (keys %{$cfg->{users
}}) {
44 my $crypt_pass = $cfg->{users
}->{$userid}->{shadow
};
45 $data .= "$userid:$crypt_pass:\n";
51 sub lock_shadow_config
{
52 my ($code, $errmsg) = @_;
54 cfs_lock_file
($shadowconfigfile, undef, $code);
57 $errmsg ?
die "$errmsg: $err" : die $err;
67 default => { optional
=> 1 },
68 comment
=> { optional
=> 1 },
72 sub authenticate_user
{
73 my ($class, $config, $realm, $username, $password) = @_;
75 die "no password\n" if !$password;
77 my $shadow_cfg = cfs_read_file
($shadowconfigfile);
79 if ($shadow_cfg->{users
}->{$username}) {
80 my $encpw = crypt($password, $shadow_cfg->{users
}->{$username}->{shadow
});
81 die "invalid credentials\n" if ($encpw ne $shadow_cfg->{users
}->{$username}->{shadow
});
83 die "no password set\n";
90 my ($class, $config, $realm, $username, $password) = @_;
92 lock_shadow_config
(sub {
93 my $shadow_cfg = cfs_read_file
($shadowconfigfile);
94 my $epw = PVE
::Auth
::Plugin
::encrypt_pw
($password);
95 $shadow_cfg->{users
}->{$username}->{shadow
} = $epw;
96 cfs_write_file
($shadowconfigfile, $shadow_cfg);
101 my ($class, $config, $realm, $username) = @_;
103 lock_shadow_config
(sub {
104 my $shadow_cfg = cfs_read_file
($shadowconfigfile);
106 delete $shadow_cfg->{users
}->{$username};
108 cfs_write_file
($shadowconfigfile, $shadow_cfg);