use new PVE::Tools::encrypt_pw, bump version to 5.0-3

[pve-access-control.git] / PVE / Auth / Plugin.pm

diff --git a/PVE/Auth/Plugin.pm b/PVE/Auth/Plugin.pm
index f19a33cd696067562863ddbecaff23cbd6852a39..b5f474b3ffc06e71b51383c3cb3b5bd273e16e57 100755 (executable)
--- a/PVE/Auth/Plugin.pm
+++ b/PVE/Auth/Plugin.pm
@@ -108,7 +108,7 @@ sub parse_tfa_config {
 
     foreach my $kvp (split(/,/, $data)) {
 
-       if ($kvp =~ m/^type=(yubico)$/) {
+       if ($kvp =~ m/^type=(yubico|oath)$/) {
            $res->{type} = $1;
        } elsif ($kvp =~ m/^id=(\S+)$/) {
            $res->{id} = $1;
@@ -116,6 +116,10 @@ sub parse_tfa_config {
            $res->{key} = $1;
        } elsif ($kvp =~ m/^url=(\S+)$/) {
            $res->{url} = $1;
+       } elsif ($kvp =~ m/^digits=([6|7|8])$/) {
+           $res->{digits} = $1;
+       } elsif ($kvp =~ m/^step=([1-9]\d+)$/) {
+           $res->{step} = $1;
        } else {
            return undef;
        }           
@@ -126,13 +130,6 @@ sub parse_tfa_config {
     return $res;
 }
 
-sub encrypt_pw {
-    my ($pw) = @_;
-
-    my $time = substr(Digest::SHA::sha1_base64 (time), 0, 8);
-    return crypt(encode("utf8", $pw), "\$5\$$time\$");
-}
-
 my $defaultData = {
     propertyList => {
        type => { description => "Realm type." },
@@ -198,9 +195,6 @@ sub parse_config {
 sub write_config {
     my ($class, $filename, $cfg) = @_;
 
-    delete $cfg->{ids}->{pve};
-    delete $cfg->{ids}->{pam};
-
     foreach my $realm (keys %{$cfg->{ids}}) {
        my $data = $cfg->{ids}->{$realm};
        if ($data->{comment}) {