X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=blobdiff_plain;f=PVE%2FAuth%2FPlugin.pm;h=3356f691c55d1b5ff8bc3e1b5c5a54e63ac57a8e;hp=13083406a1c66f66be22473f670e3e525178f570;hb=54028297ea98e9f17ffaefeb2fa22723ed0bceb0;hpb=1abc2c0aeea26040cda69d40e43a7791f77e400c

diff --git a/PVE/Auth/Plugin.pm b/PVE/Auth/Plugin.pm
index 1308340..3356f69 100755
--- a/PVE/Auth/Plugin.pm
+++ b/PVE/Auth/Plugin.pm
@@ -116,6 +116,10 @@ sub parse_tfa_config {
 	    $res->{key} = $1;
 	} elsif ($kvp =~ m/^url=(\S+)$/) {
 	    $res->{url} = $1;
+	} elsif ($kvp =~ m/^digits=([6|7|8])$/) {
+	    $res->{digits} = $1;
+	} elsif ($kvp =~ m/^step=([1-9]\d+)$/) {
+	    $res->{step} = $1;
 	} else {
 	    return undef;
 	}	    
@@ -126,11 +130,18 @@ sub parse_tfa_config {
     return $res;
 }
 
+my $salt_starter = time();
+
 sub encrypt_pw {
     my ($pw) = @_;
 
-    my $time = substr(Digest::SHA::sha1_base64 (time), 0, 8);
-    return crypt(encode("utf8", $pw), "\$5\$$time\$");
+    $salt_starter++;
+    my $salt = substr(Digest::SHA::sha1_base64(time() + $salt_starter + $$), 0, 8);
+
+    # crypt does not want '+' in salt (see 'man crypt')
+    $salt =~ s/\+/X/g;
+
+    return crypt(encode("utf8", $pw), "\$5\$$salt\$");
 }
 
 my $defaultData = {
@@ -198,9 +209,6 @@ sub parse_config {
 sub write_config {
     my ($class, $filename, $cfg) = @_;
 
-    delete $cfg->{ids}->{pve};
-    delete $cfg->{ids}->{pam};
-
     foreach my $realm (keys %{$cfg->{ids}}) {
 	my $data = $cfg->{ids}->{$realm};
 	if ($data->{comment}) {