public inbox for pmg-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [pmg-devel] [PATCH api 2/6] add PMG::TFAConfig module
Date: Fri, 26 Nov 2021 14:55:06 +0100	[thread overview]
Message-ID: <20211126135524.117846-3-w.bumiller@proxmox.com> (raw)
In-Reply-To: <20211126135524.117846-1-w.bumiller@proxmox.com>

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
 src/Makefile         |  1 +
 src/PMG/TFAConfig.pm | 80 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 81 insertions(+)
 create mode 100644 src/PMG/TFAConfig.pm

diff --git a/src/Makefile b/src/Makefile
index eac682b..de05aa0 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -82,6 +82,7 @@ LIBSOURCES =				\
 	PMG/Quarantine.pm		\
 	PMG/Report.pm			\
 	PMG/SACustom.pm			\
+	PMG/TFAConfig.pm		\
 	PMG/RuleDB/Group.pm		\
 	PMG/RuleDB/Rule.pm		\
 	PMG/RuleDB/Object.pm		\
diff --git a/src/PMG/TFAConfig.pm b/src/PMG/TFAConfig.pm
new file mode 100644
index 0000000..998e266
--- /dev/null
+++ b/src/PMG/TFAConfig.pm
@@ -0,0 +1,80 @@
+package PMG::TFAConfig;
+
+use strict;
+use warnings;
+
+use PVE::Tools;
+use PVE::INotify;
+use PVE::JSONSchema qw(get_standard_option);
+use PVE::Exception qw(raise);
+
+use PMG::Utils;
+use PMG::UserConfig;
+
+use base 'PMG::RS::TFA';
+
+my $inotify_file_id = 'pmg-tfa.json';
+my $config_filename = '/etc/pmg/tfa.json';
+
+sub new {
+    my ($type) = @_;
+
+    my $class = ref($type) || $type;
+
+    my $cfg = PVE::INotify::read_file($inotify_file_id);
+
+    return bless $cfg, $class;
+}
+
+sub write {
+    my ($self) = @_;
+
+    PVE::INotify::write_file($inotify_file_id, $self);
+}
+
+# This lives in `UserConfig` in order to enforce lock order.
+sub lock_config {
+    return PMG::UserConfig::lock_tfa_config(@_);
+}
+
+my sub read_tfa_conf : prototype($$) {
+    my ($filename, $fh) = @_;
+
+    my $raw;
+    if ($fh) {
+	$raw = do { local $/ = undef; <$fh> };
+    } else {
+	$raw = '{}';
+    }
+
+    my $cfg = PMG::RS::TFA->new($raw);
+
+    # Purge invalid users:
+    my $usercfg = PMG::UserConfig->new();
+    foreach my $user ($cfg->users()->@*) {
+	if (!$usercfg->lookup_user_data($user, 1)) {
+	    $cfg->remove_user($user);
+	}
+    }
+
+    return $cfg;
+}
+
+my sub write_tfa_conf : prototype($$$) {
+    my ($filename, $fh, $cfg) = @_;
+
+    chmod(0600, $fh);
+
+    PVE::Tools::safe_print($filename, $fh, $cfg->SUPER::write());
+}
+
+PVE::INotify::register_file($inotify_file_id, $config_filename,
+			    \&read_tfa_conf,
+			    \&write_tfa_conf,
+			    undef,
+			    always_call_parser => 1,
+			    # the parser produces a rust TfaConfig object,
+			    # Clone::clone would break this
+			    noclone => 1);
+
+1;
-- 
2.30.2





  parent reply	other threads:[~2021-11-26 13:56 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-26 13:55 [pmg-devel] [PATCH multiple 0/7] PMG TFA support Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH api 1/6] add tfa.json and its lock methods Wolfgang Bumiller
2021-11-26 13:55 ` Wolfgang Bumiller [this message]
2021-11-26 13:55 ` [pmg-devel] [PATCH api 3/6] add TFA API Wolfgang Bumiller
2021-11-26 17:29   ` Stoiko Ivanov
2021-11-26 13:55 ` [pmg-devel] [PATCH api 4/6] add tfa config api Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH api 5/6] implement tfa authentication Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH api 6/6] provide qrcode.min.js from libjs-qrcodejs Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH gui] add TFA components Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 1/7] pve: bump perlmod to 0.9 Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 2/7] pve: update to proxmox-tfa 2.0 Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 3/7] pve: bump d/control Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 4/7] import pmg-rs Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 5/7] pmg: bump perlmod to 0.9 Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 6/7] pmg: add tfa module Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 7/7] pmg: bump d/control Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 1/6] tfa: fix typo in docs Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 2/6] tfa: add WebauthnConfig::digest method Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 3/6] tfa: let OriginUrl deref to its inner Url, add FromStr impl Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 4/6] tfa: make configured webauthn origin optional Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 5/6] tfa: clippy fixes Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 6/6] bump proxmox-tfa to 2.0.0-1 Wolfgang Bumiller
2021-11-26 17:34 ` [pmg-devel] [PATCH multiple 0/7] PMG TFA support Stoiko Ivanov
2021-11-28 21:17 ` [pmg-devel] applied-series: " Thomas Lamprecht

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211126135524.117846-3-w.bumiller@proxmox.com \
    --to=w.bumiller@proxmox.com \
    --cc=pmg-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal