proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-06-11 08:38:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1abc2c0aee
pve-access-control/PVE/Auth/PAM.pm
Dietmar Maurer 96f8ebd625 add basic support for two factor auth
2014-06-23 11:42:44 +02:00

77 lines
1.4 KiB
Perl
Executable File
Raw Blame History

package PVE::Auth::PAM;
use strict;
use warnings;
use PVE::Tools qw(run_command);
use PVE::Auth::Plugin;
use Authen::PAM qw(:constants);
use base qw(PVE::Auth::Plugin);
sub type {
return 'pam';
}
sub options {
return {
default => { optional => 1 },
comment => { optional => 1 },
tfa => { optional => 1 },
};
}
sub authenticate_user {
my ($class, $config, $realm, $username, $password) = @_;
# user (www-data) need to be able to read /etc/passwd /etc/shadow
die "no password\n" if !$password;
my $pamh = new Authen::PAM('common-auth', $username, sub {
my @res;
while(@_) {
my $msg_type = shift;
my $msg = shift;
push @res, (0, $password);
}
push @res, 0;
return @res;
});
if (!ref ($pamh)) {
my $err = $pamh->pam_strerror($pamh);
die "error during PAM init: $err";
}
my $res;
if (($res = $pamh->pam_authenticate(0)) != PAM_SUCCESS) {
my $err = $pamh->pam_strerror($res);
die "$err\n";
}
if (($res = $pamh->pam_acct_mgmt (0)) != PAM_SUCCESS) {
my $err = $pamh->pam_strerror($res);
die "$err\n";
}
$pamh = 0; # call destructor
return 1;
}
sub store_password {
my ($class, $config, $realm, $username, $password) = @_;
my $cmd = ['usermod'];
my $epw = PVE::Auth::Plugin::encrypt_pw($password);
push @$cmd, '-p', $epw, $username;
run_command($cmd, errmsg => 'change password failed');
}
1;
Reference in New Issue View Git Blame Copy Permalink