use PVE::Auth::LDAP;
use PVE::Auth::PVE;
use PVE::Auth::PAM;
+use PVE::Auth::OpenId;
# load and initialize all plugins
PVE::Auth::LDAP->register();
PVE::Auth::PVE->register();
PVE::Auth::PAM->register();
+PVE::Auth::OpenId->register();
PVE::Auth::Plugin->init();
# $authdir must be writable by root only!
Crypt::OpenSSL::RSA->import_random_seed();
-cfs_register_file('user.cfg',
- \&parse_user_config,
- \&write_user_config);
-cfs_register_file('priv/tfa.cfg',
- \&parse_priv_tfa_config,
- \&write_priv_tfa_config);
+cfs_register_file('user.cfg', \&parse_user_config, \&write_user_config);
+cfs_register_file('priv/tfa.cfg', \&parse_priv_tfa_config, \&write_priv_tfa_config);
sub verify_username {
PVE::Auth::Plugin::verify_username(@_);
check_user_enabled($usercfg, $username);
check_token_exist($usercfg, $username, $token);
- my $ctime = time();
-
my $user = $usercfg->{users}->{$username};
- die "account expired\n" if $user->{expire} && ($user->{expire} < $ctime);
-
my $token_info = $user->{tokens}->{$token};
+
+ my $ctime = time();
die "token expired\n" if $token_info->{expire} && ($token_info->{expire} < $ctime);
die "invalid token value!\n" if !PVE::Cluster::verify_token($tokenid, $value);
die "user '$username' is disabled\n" if !$noerr;
+ my $ctime = time();
+ my $expire = $usercfg->{users}->{$username}->{expire};
+
+ die "account expired\n" if $expire && ($expire < $ctime);
+
return undef;
}
check_user_enabled($usercfg, $username);
- my $ctime = time();
- my $expire = $usercfg->{users}->{$username}->{expire};
-
- die "account expired\n" if $expire && ($expire < $ctime);
-
my $domain_cfg = cfs_read_file('domains.cfg');
my $cfg = $domain_cfg->{ids}->{$realm};
/
|/access
|/access/groups
+ |/access/groups/[[:alnum:]\.\-\_]+
|/access/realm
+ |/access/realm/[[:alnum:]\.\-\_]+
|/nodes
|/nodes/[[:alnum:]\.\-\_]+
|/pool
|/pool/[[:alnum:]\.\-\_]+
|/sdn
+ |/sdn/zones/[[:alnum:]\.\-\_]+
+ |/sdn/vnets/[[:alnum:]\.\-\_]+
|/storage
|/storage/[[:alnum:]\.\-\_]+
|/vms
projects / pve-access-control.git / blobdiff