From 63358f40b36266a1d9df2fbb8477935d16b5f1c5 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Thu, 30 Mar 2017 17:54:38 +0200
Subject: [PATCH] use new PVE::Tools::encrypt_pw, bump version to 5.0-3

---
 Makefile           |  2 +-
 PVE/Auth/PAM.pm    |  2 +-
 PVE/Auth/PVE.pm    |  3 ++-
 PVE/Auth/Plugin.pm | 14 --------------
 changelog.Debian   |  8 ++++++++
 5 files changed, 12 insertions(+), 17 deletions(-)

diff --git a/Makefile b/Makefile
index f4e87fc..b0045bd 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
 VERSION=5.0
 PACKAGE=libpve-access-control
-PKGREL=2
+PKGREL=3
 
 DESTDIR=
 PREFIX=/usr
diff --git a/PVE/Auth/PAM.pm b/PVE/Auth/PAM.pm
index d845978..42feba8 100755
--- a/PVE/Auth/PAM.pm
+++ b/PVE/Auth/PAM.pm
@@ -66,7 +66,7 @@ sub store_password {
 
     my $cmd = ['usermod'];
 
-    my $epw = PVE::Auth::Plugin::encrypt_pw($password);
+    my $epw = PVE::Tools::encrypt_pw($password);
 
     push @$cmd, '-p', $epw, $username;
 
diff --git a/PVE/Auth/PVE.pm b/PVE/Auth/PVE.pm
index 8714a6b..6065df0 100755
--- a/PVE/Auth/PVE.pm
+++ b/PVE/Auth/PVE.pm
@@ -3,6 +3,7 @@ package PVE::Auth::PVE;
 use strict;
 use warnings;
 
+use PVE::Tools;
 use PVE::Auth::Plugin;
 use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file);
 
@@ -92,7 +93,7 @@ sub store_password {
 
     lock_shadow_config(sub {
 	my $shadow_cfg = cfs_read_file($shadowconfigfile);
-	my $epw = PVE::Auth::Plugin::encrypt_pw($password);
+	my $epw = PVE::Tools::encrypt_pw($password);
 	$shadow_cfg->{users}->{$username}->{shadow} = $epw;
 	cfs_write_file($shadowconfigfile, $shadow_cfg);
     });
diff --git a/PVE/Auth/Plugin.pm b/PVE/Auth/Plugin.pm
index 3356f69..b5f474b 100755
--- a/PVE/Auth/Plugin.pm
+++ b/PVE/Auth/Plugin.pm
@@ -130,20 +130,6 @@ sub parse_tfa_config {
     return $res;
 }
 
-my $salt_starter = time();
-
-sub encrypt_pw {
-    my ($pw) = @_;
-
-    $salt_starter++;
-    my $salt = substr(Digest::SHA::sha1_base64(time() + $salt_starter + $$), 0, 8);
-
-    # crypt does not want '+' in salt (see 'man crypt')
-    $salt =~ s/\+/X/g;
-
-    return crypt(encode("utf8", $pw), "\$5\$$salt\$");
-}
-
 my $defaultData = {
     propertyList => {
 	type => { description => "Realm type." },
diff --git a/changelog.Debian b/changelog.Debian
index 4372f65..6c1455c 100644
--- a/changelog.Debian
+++ b/changelog.Debian
@@ -1,3 +1,11 @@
+libpve-access-control (5.0-3) unstable; urgency=medium
+
+  * use new PVE::OTP class from pve-common
+
+  * use new PVE::Tools::encrypt_pw from pve-common
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 30 Mar 2017 17:45:55 +0200
+
 libpve-access-control (5.0-2) unstable; urgency=medium
 
   * encrypt_pw: avoid '+' for crypt salt
-- 
2.39.2