proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-10-04 14:18:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

API token: add (shadow) TokenConfig

Browse Source 
with the format:

<full token ID> <token value/UUID>

it is just used for token value generation/deletion via the User API,
token value verification will happen over pmxcfs/ipcc.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2020-01-21 13:54:04 +01:00 committed by Thomas Lamprecht
parent 571e9d062e
commit 3a540a697f
3 changed files with 81 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
PVE/Makefile
View File

@ -5,5 +5,6 @@ install:
make -C Auth install make -C Auth install
install -D -m 0644 AccessControl.pm ${DESTDIR}${PERLDIR}/PVE/AccessControl.pm install -D -m 0644 AccessControl.pm ${DESTDIR}${PERLDIR}/PVE/AccessControl.pm
install -D -m 0644 RPCEnvironment.pm ${DESTDIR}${PERLDIR}/PVE/RPCEnvironment.pm install -D -m 0644 RPCEnvironment.pm ${DESTDIR}${PERLDIR}/PVE/RPCEnvironment.pm
install -D -m 0644 TokenConfig.pm ${DESTDIR}${PERLDIR}/PVE/TokenConfig.pm
make -C API2 install make -C API2 install
make -C CLI install make -C CLI install

79
PVE/TokenConfig.pm Normal file
View File

@ -0,0 +1,79 @@
package PVE::TokenConfig;
use strict;
use warnings;
use UUID;
use PVE::AccessControl;
use PVE::Cluster;
my $parse_token_cfg = sub {
my ($filename, $raw) = @_;
my $parsed = {};
my @lines = split(/\n/, $raw);
foreach my $line (@lines) {
next if $line =~ m/^\s*$/;
if ($line =~ m/^(\S+) (\S+)$/) {
if (PVE::AccessControl::pve_verify_tokenid($1, 1)) {
$parsed->{$1} = $2;
next;
}
}
warn "skipping invalid token.cfg entry\n";
}
return $parsed;
};
my $write_token_cfg = sub {
my ($filename, $data) = @_;
my $raw = '';
foreach my $tokenid (sort keys %$data) {
$raw .= "$tokenid $data->{$tokenid}\n";
}
return $raw;
};
PVE::Cluster::cfs_register_file('priv/token.cfg', $parse_token_cfg, $write_token_cfg);
sub generate_token {
my ($tokenid) = @_;
PVE::AccessControl::pve_verify_tokenid($tokenid);
my $token_value = PVE::Cluster::cfs_lock_file('priv/token.cfg', 10, sub {
my $uuid = UUID::uuid();
my $token_cfg = PVE::Cluster::cfs_read_file('priv/token.cfg');
$token_cfg->{$tokenid} = $uuid;
PVE::Cluster::cfs_write_file('priv/token.cfg', $token_cfg);
return $uuid;
});
die "$@\n" if defined($@);
return $token_value;
}
sub delete_token {
my ($tokenid) = @_;
PVE::Cluster::cfs_lock_file('priv/token.cfg', 10, sub {
my $token_cfg = PVE::Cluster::cfs_read_file('priv/token.cfg');
delete $token_cfg->{$tokenid};
PVE::Cluster::cfs_write_file('priv/token.cfg', $token_cfg);
});
die "$@\n" if defined($@);
}

1
debian/control vendored
View File

@ -27,6 +27,7 @@ Depends: libauthen-pam-perl,
libpve-common-perl (>= 6.0-6), libpve-common-perl (>= 6.0-6),
libpve-cluster-perl, libpve-cluster-perl,
libpve-u2f-server-perl (>= 1.0-2), libpve-u2f-server-perl (>= 1.0-2),
libuuid-perl,
perl (>= 5.6.0-16), perl (>= 5.6.0-16),
pve-cluster (>= 5.0-35), pve-cluster (>= 5.0-35),
${misc:Depends}, ${misc:Depends},