git.proxmox.com Git - pve-access-control.git/commit

author	Fabian Grünbichler <f.gruenbichler@proxmox.com>
	Tue, 21 Jan 2020 12:54:02 +0000 (13:54 +0100)
committer	Thomas Lamprecht <t.lamprecht@proxmox.com>
	Tue, 28 Jan 2020 19:59:36 +0000 (20:59 +0100)
commit	28e3dc05e21e735a252657b62153eb0e81c23733
tree	13b0e6af01a0edc19b6543add1f096e76aac02fe	tree
parent	483338817799e7e6a0c74a37ec603fbf02cc1db1	commit \| diff

API token: add REs, helpers, parsing + writing

token definitions/references in user.cfg always use the full form of the
token id, consisting of:

USER@REALM!TOKENID

token definitions are represented by their own lines prefixed with
'token', which need to come after the corresponding user definition, but
before any ACLs referencing them.

parsed representation in a user config hash is inside a new 'tokens'
element of the corresponding user object, using the unique-per-user
token id as key.

only token metadata is stored inside user.cfg / accessible via the
parsed user config hash. the actual token values will be stored
root-readable only in a separate (shadow) file.

'comment' and 'expire' have the same semantics as for users.

'privsep' determines whether an API token gets the full privileges of
the corresponding user, or just the intersection of privileges of the
corresponding user and those of the API token itself.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>