mirror of
https://git.proxmox.com/git/pve-access-control
synced 2025-10-04 11:58:55 +00:00
API token: add (shadow) TokenConfig
with the format: <full token ID> <token value/UUID> it is just used for token value generation/deletion via the User API, token value verification will happen over pmxcfs/ipcc. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler
Thomas Lamprecht
parent
571e9d062e
commit
3a540a697f
@ -5,5 +5,6 @@ install:
|
||||
make -C Auth install
|
||||
install -D -m 0644 AccessControl.pm ${DESTDIR}${PERLDIR}/PVE/AccessControl.pm
|
||||
install -D -m 0644 RPCEnvironment.pm ${DESTDIR}${PERLDIR}/PVE/RPCEnvironment.pm
|
||||
install -D -m 0644 TokenConfig.pm ${DESTDIR}${PERLDIR}/PVE/TokenConfig.pm
|
||||
make -C API2 install
|
||||
make -C CLI install
|
||||
|
||||
79
PVE/TokenConfig.pm
Normal file
79
PVE/TokenConfig.pm
Normal file
@ -0,0 +1,79 @@
|
||||
package PVE::TokenConfig;
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
use UUID;
|
||||
|
||||
use PVE::AccessControl;
|
||||
use PVE::Cluster;
|
||||
|
||||
my $parse_token_cfg = sub {
|
||||
my ($filename, $raw) = @_;
|
||||
|
||||
my $parsed = {};
|
||||
my @lines = split(/\n/, $raw);
|
||||
|
||||
foreach my $line (@lines) {
|
||||
next if $line =~ m/^\s*$/;
|
||||
|
||||
if ($line =~ m/^(\S+) (\S+)$/) {
|
||||
if (PVE::AccessControl::pve_verify_tokenid($1, 1)) {
|
||||
$parsed->{$1} = $2;
|
||||
next;
|
||||
}
|
||||
}
|
||||
|
||||
warn "skipping invalid token.cfg entry\n";
|
||||
}
|
||||
|
||||
return $parsed;
|
||||
};
|
||||
|
||||
my $write_token_cfg = sub {
|
||||
my ($filename, $data) = @_;
|
||||
|
||||
my $raw = '';
|
||||
foreach my $tokenid (sort keys %$data) {
|
||||
$raw .= "$tokenid $data->{$tokenid}\n";
|
||||
}
|
||||
|
||||
return $raw;
|
||||
};
|
||||
|
||||
PVE::Cluster::cfs_register_file('priv/token.cfg', $parse_token_cfg, $write_token_cfg);
|
||||
|
||||
sub generate_token {
|
||||
my ($tokenid) = @_;
|
||||
|
||||
PVE::AccessControl::pve_verify_tokenid($tokenid);
|
||||
|
||||
my $token_value = PVE::Cluster::cfs_lock_file('priv/token.cfg', 10, sub {
|
||||
my $uuid = UUID::uuid();
|
||||
my $token_cfg = PVE::Cluster::cfs_read_file('priv/token.cfg');
|
||||
|
||||
$token_cfg->{$tokenid} = $uuid;
|
||||
|
||||
PVE::Cluster::cfs_write_file('priv/token.cfg', $token_cfg);
|
||||
|
||||
return $uuid;
|
||||
});
|
||||
|
||||
die "$@\n" if defined($@);
|
||||
|
||||
return $token_value;
|
||||
}
|
||||
|
||||
sub delete_token {
|
||||
my ($tokenid) = @_;
|
||||
|
||||
PVE::Cluster::cfs_lock_file('priv/token.cfg', 10, sub {
|
||||
my $token_cfg = PVE::Cluster::cfs_read_file('priv/token.cfg');
|
||||
|
||||
delete $token_cfg->{$tokenid};
|
||||
|
||||
PVE::Cluster::cfs_write_file('priv/token.cfg', $token_cfg);
|
||||
});
|
||||
|
||||
die "$@\n" if defined($@);
|
||||
}
|
||||
1
debian/control
vendored
1
debian/control
vendored
@ -27,6 +27,7 @@ Depends: libauthen-pam-perl,
|
||||
libpve-common-perl (>= 6.0-6),
|
||||
libpve-cluster-perl,
|
||||
libpve-u2f-server-perl (>= 1.0-2),
|
||||
libuuid-perl,
|
||||
perl (>= 5.6.0-16),
|
||||
pve-cluster (>= 5.0-35),
|
||||
${misc:Depends},
|
||||
|
||||
Loading…
Reference in New Issue
Block a user