From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [pmg-devel] [PATCH api 2/6] add PMG::TFAConfig module
Date: Fri, 26 Nov 2021 14:55:06 +0100 [thread overview]
Message-ID: <20211126135524.117846-3-w.bumiller@proxmox.com> (raw)
In-Reply-To: <20211126135524.117846-1-w.bumiller@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
src/Makefile | 1 +
src/PMG/TFAConfig.pm | 80 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 81 insertions(+)
create mode 100644 src/PMG/TFAConfig.pm
diff --git a/src/Makefile b/src/Makefile
index eac682b..de05aa0 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -82,6 +82,7 @@ LIBSOURCES = \
PMG/Quarantine.pm \
PMG/Report.pm \
PMG/SACustom.pm \
+ PMG/TFAConfig.pm \
PMG/RuleDB/Group.pm \
PMG/RuleDB/Rule.pm \
PMG/RuleDB/Object.pm \
diff --git a/src/PMG/TFAConfig.pm b/src/PMG/TFAConfig.pm
new file mode 100644
index 0000000..998e266
--- /dev/null
+++ b/src/PMG/TFAConfig.pm
@@ -0,0 +1,80 @@
+package PMG::TFAConfig;
+
+use strict;
+use warnings;
+
+use PVE::Tools;
+use PVE::INotify;
+use PVE::JSONSchema qw(get_standard_option);
+use PVE::Exception qw(raise);
+
+use PMG::Utils;
+use PMG::UserConfig;
+
+use base 'PMG::RS::TFA';
+
+my $inotify_file_id = 'pmg-tfa.json';
+my $config_filename = '/etc/pmg/tfa.json';
+
+sub new {
+ my ($type) = @_;
+
+ my $class = ref($type) || $type;
+
+ my $cfg = PVE::INotify::read_file($inotify_file_id);
+
+ return bless $cfg, $class;
+}
+
+sub write {
+ my ($self) = @_;
+
+ PVE::INotify::write_file($inotify_file_id, $self);
+}
+
+# This lives in `UserConfig` in order to enforce lock order.
+sub lock_config {
+ return PMG::UserConfig::lock_tfa_config(@_);
+}
+
+my sub read_tfa_conf : prototype($$) {
+ my ($filename, $fh) = @_;
+
+ my $raw;
+ if ($fh) {
+ $raw = do { local $/ = undef; <$fh> };
+ } else {
+ $raw = '{}';
+ }
+
+ my $cfg = PMG::RS::TFA->new($raw);
+
+ # Purge invalid users:
+ my $usercfg = PMG::UserConfig->new();
+ foreach my $user ($cfg->users()->@*) {
+ if (!$usercfg->lookup_user_data($user, 1)) {
+ $cfg->remove_user($user);
+ }
+ }
+
+ return $cfg;
+}
+
+my sub write_tfa_conf : prototype($$$) {
+ my ($filename, $fh, $cfg) = @_;
+
+ chmod(0600, $fh);
+
+ PVE::Tools::safe_print($filename, $fh, $cfg->SUPER::write());
+}
+
+PVE::INotify::register_file($inotify_file_id, $config_filename,
+ \&read_tfa_conf,
+ \&write_tfa_conf,
+ undef,
+ always_call_parser => 1,
+ # the parser produces a rust TfaConfig object,
+ # Clone::clone would break this
+ noclone => 1);
+
+1;
--
2.30.2
next prev parent reply other threads:[~2021-11-26 13:56 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-26 13:55 [pmg-devel] [PATCH multiple 0/7] PMG TFA support Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH api 1/6] add tfa.json and its lock methods Wolfgang Bumiller
2021-11-26 13:55 ` Wolfgang Bumiller [this message]
2021-11-26 13:55 ` [pmg-devel] [PATCH api 3/6] add TFA API Wolfgang Bumiller
2021-11-26 17:29 ` Stoiko Ivanov
2021-11-26 13:55 ` [pmg-devel] [PATCH api 4/6] add tfa config api Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH api 5/6] implement tfa authentication Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH api 6/6] provide qrcode.min.js from libjs-qrcodejs Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH gui] add TFA components Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 1/7] pve: bump perlmod to 0.9 Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 2/7] pve: update to proxmox-tfa 2.0 Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 3/7] pve: bump d/control Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 4/7] import pmg-rs Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 5/7] pmg: bump perlmod to 0.9 Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 6/7] pmg: add tfa module Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH perl-rs 7/7] pmg: bump d/control Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 1/6] tfa: fix typo in docs Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 2/6] tfa: add WebauthnConfig::digest method Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 3/6] tfa: let OriginUrl deref to its inner Url, add FromStr impl Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 4/6] tfa: make configured webauthn origin optional Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 5/6] tfa: clippy fixes Wolfgang Bumiller
2021-11-26 13:55 ` [pmg-devel] [PATCH proxmox 6/6] bump proxmox-tfa to 2.0.0-1 Wolfgang Bumiller
2021-11-26 17:34 ` [pmg-devel] [PATCH multiple 0/7] PMG TFA support Stoiko Ivanov
2021-11-28 21:17 ` [pmg-devel] applied-series: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211126135524.117846-3-w.bumiller@proxmox.com \
--to=w.bumiller@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox