allow users to change their totp settings

[pve-access-control.git] / PVE / Auth / PVE.pm

diff --git a/PVE/Auth/PVE.pm b/PVE/Auth/PVE.pm
index 71479979eea163f47787f9d2e96fe0d869121f55..de39d35bef9022c48d8e9ef17499cf2e1e37070f 100755 (executable)
--- a/PVE/Auth/PVE.pm
+++ b/PVE/Auth/PVE.pm
@@ -2,7 +2,9 @@ package PVE::Auth::PVE;
 
 use strict;
 use warnings;
+use Encode;
 
+use PVE::Tools;
 use PVE::Auth::Plugin;
 use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file);
 
@@ -19,6 +21,8 @@ sub parse_shadow_passwd {
 
     my $shadow = {};
 
+    return $shadow if !defined($raw);
+
     while ($raw =~ /^\s*(.+?)\s*$/gm) {
        my $line = $1;
 
@@ -76,8 +80,9 @@ sub authenticate_user {
     my $shadow_cfg = cfs_read_file($shadowconfigfile);
     
     if ($shadow_cfg->{users}->{$username}) {
-       my $encpw = crypt($password, $shadow_cfg->{users}->{$username}->{shadow});
-        die "invalid credentials\n" if ($encpw ne $shadow_cfg->{users}->{$username}->{shadow});
+       my $encpw = crypt(Encode::encode('utf8', $password),
+                         $shadow_cfg->{users}->{$username}->{shadow});
+       die "invalid credentials\n" if ($encpw ne $shadow_cfg->{users}->{$username}->{shadow});
     } else {
        die "no password set\n";
     }
@@ -90,7 +95,7 @@ sub store_password {
 
     lock_shadow_config(sub {
        my $shadow_cfg = cfs_read_file($shadowconfigfile);
-       my $epw = PVE::Auth::Plugin::encrypt_pw($password);
+       my $epw = PVE::Tools::encrypt_pw($password);
        $shadow_cfg->{users}->{$username}->{shadow} = $epw;
        cfs_write_file($shadowconfigfile, $shadow_cfg);
     });