X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=blobdiff_plain;f=PVE%2FAuth%2FPlugin.pm;h=d5d2c06971357b57bd15937f4a641608efbfe958;hp=f19a33cd696067562863ddbecaff23cbd6852a39;hb=af5d7da7f10abf98a83a74c2a498c24a75aeeed0;hpb=96f8ebd62506bc7126d58400004101ef6a13ca71 diff --git a/PVE/Auth/Plugin.pm b/PVE/Auth/Plugin.pm index f19a33c..d5d2c06 100755 --- a/PVE/Auth/Plugin.pm +++ b/PVE/Auth/Plugin.pm @@ -9,13 +9,11 @@ use PVE::SectionConfig; use PVE::JSONSchema qw(get_standard_option); use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_lock_file); -use Data::Dumper; - use base qw(PVE::SectionConfig); my $domainconfigfile = "domains.cfg"; -cfs_register_file($domainconfigfile, +cfs_register_file($domainconfigfile, sub { __PACKAGE__->parse_config(@_); }, sub { __PACKAGE__->write_config(@_); }); @@ -34,10 +32,10 @@ my $realm_regex = qr/[A-Za-z][A-Za-z0-9\.\-_]+/; PVE::JSONSchema::register_format('pve-realm', \&pve_verify_realm); sub pve_verify_realm { my ($realm, $noerr) = @_; - + if ($realm !~ m/^${realm_regex}$/) { return undef if $noerr; - die "value does not look like a valid realm\n"; + die "value does not look like a valid realm\n"; } return $realm; } @@ -64,10 +62,10 @@ sub verify_username { } # we only allow a limited set of characters - # colon is not allowed, because we store usernames in + # colon is not allowed, because we store usernames in # colon separated lists)! # slash is not allowed because it is used as pve API delimiter - # also see "man useradd" + # also see "man useradd" if ($username =~ m!^([^\s:/]+)\@(${realm_regex})$!) { return wantarray ? ($username, $1, $2) : $username; } @@ -108,7 +106,7 @@ sub parse_tfa_config { foreach my $kvp (split(/,/, $data)) { - if ($kvp =~ m/^type=(yubico)$/) { + if ($kvp =~ m/^type=(yubico|oath)$/) { $res->{type} = $1; } elsif ($kvp =~ m/^id=(\S+)$/) { $res->{id} = $1; @@ -116,9 +114,13 @@ sub parse_tfa_config { $res->{key} = $1; } elsif ($kvp =~ m/^url=(\S+)$/) { $res->{url} = $1; + } elsif ($kvp =~ m/^digits=([6|7|8])$/) { + $res->{digits} = $1; + } elsif ($kvp =~ m/^step=([1-9]\d+)$/) { + $res->{step} = $1; } else { return undef; - } + } } return undef if !$res->{type}; @@ -126,13 +128,6 @@ sub parse_tfa_config { return $res; } -sub encrypt_pw { - my ($pw) = @_; - - my $time = substr(Digest::SHA::sha1_base64 (time), 0, 8); - return crypt(encode("utf8", $pw), "\$5\$$time\$"); -} - my $defaultData = { propertyList => { type => { description => "Realm type." }, @@ -198,16 +193,13 @@ sub parse_config { sub write_config { my ($class, $filename, $cfg) = @_; - delete $cfg->{ids}->{pve}; - delete $cfg->{ids}->{pam}; - foreach my $realm (keys %{$cfg->{ids}}) { my $data = $cfg->{ids}->{$realm}; if ($data->{comment}) { $data->{comment} = PVE::Tools::encode_text($data->{comment}); } } - + $class->SUPER::write_config($filename, $cfg); }