]> git.proxmox.com Git - pve-access-control.git/blob - PVE/TokenConfig.pm
projects / pve-access-control.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
fix #5335: sort ACL entries in user.cfg
[pve-access-control.git] / PVE / TokenConfig.pm
1 package PVE::TokenConfig;
2
3 use strict;
4 use warnings;
5
6 use UUID;
7
8 use PVE::AccessControl;
9 use PVE::Cluster;
10
11 my $parse_token_cfg = sub {
12 my ($filename, $raw) = @_;
13
14 my $parsed = {};
15 my @lines = split(/\n/, $raw);
16
17 foreach my $line (@lines) {
18 next if $line =~ m/^\s*$/;
19
20 if ($line =~ m/^(\S+) (\S+)$/) {
21 if (PVE::AccessControl::pve_verify_tokenid($1, 1)) {
22 $parsed->{$1} = $2;
23 next;
24 }
25 }
26
27 warn "skipping invalid token.cfg entry\n";
28 }
29
30 return $parsed;
31 };
32
33 my $write_token_cfg = sub {
34 my ($filename, $data) = @_;
35
36 my $raw = '';
37 foreach my $tokenid (sort keys %$data) {
38 $raw .= "$tokenid $data->{$tokenid}\n";
39 }
40
41 return $raw;
42 };
43
44 PVE::Cluster::cfs_register_file('priv/token.cfg', $parse_token_cfg, $write_token_cfg);
45
46 sub generate_token {
47 my ($tokenid) = @_;
48
49 PVE::AccessControl::pve_verify_tokenid($tokenid);
50
51 my $token_value = PVE::Cluster::cfs_lock_file('priv/token.cfg', 10, sub {
52 my $uuid = UUID::uuid();
53 my $token_cfg = PVE::Cluster::cfs_read_file('priv/token.cfg');
54
55 $token_cfg->{$tokenid} = $uuid;
56
57 PVE::Cluster::cfs_write_file('priv/token.cfg', $token_cfg);
58
59 return $uuid;
60 });
61
62 die "$@\n" if defined($@);
63
64 return $token_value;
65 }
66
67 sub delete_token {
68 my ($tokenid) = @_;
69
70 PVE::Cluster::cfs_lock_file('priv/token.cfg', 10, sub {
71 my $token_cfg = PVE::Cluster::cfs_read_file('priv/token.cfg');
72
73 delete $token_cfg->{$tokenid};
74
75 PVE::Cluster::cfs_write_file('priv/token.cfg', $token_cfg);
76 });
77
78 die "$@\n" if defined($@);
79 }
Access control framework