From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH pve-access-control 1/4] add OpenId configuration
Date: Tue, 29 Jun 2021 10:29:58 +0200 [thread overview]
Message-ID: <1624955370.o2p184qzjg.astroid@nora.none> (raw)
In-Reply-To: <20210624081802.2090614-1-dietmar@proxmox.com>
On June 24, 2021 10:17 am, Dietmar Maurer wrote:
> ---
> src/PVE/AccessControl.pm | 2 ++
> src/PVE/Auth/Makefile | 3 +-
> src/PVE/Auth/OpenId.pm | 67 ++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 71 insertions(+), 1 deletion(-)
> create mode 100755 src/PVE/Auth/OpenId.pm
>
> diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
> index 2569a35..8efb89d 100644
> --- a/src/PVE/AccessControl.pm
> +++ b/src/PVE/AccessControl.pm
> @@ -24,6 +24,7 @@ use PVE::Auth::AD;
> use PVE::Auth::LDAP;
> use PVE::Auth::PVE;
> use PVE::Auth::PAM;
> +use PVE::Auth::OpenId;
>
> # load and initialize all plugins
>
> @@ -31,6 +32,7 @@ PVE::Auth::AD->register();
> PVE::Auth::LDAP->register();
> PVE::Auth::PVE->register();
> PVE::Auth::PAM->register();
> +PVE::Auth::OpenId->register();
> PVE::Auth::Plugin->init();
>
> # $authdir must be writable by root only!
> diff --git a/src/PVE/Auth/Makefile b/src/PVE/Auth/Makefile
> index 58ae362..be7bde3 100644
> --- a/src/PVE/Auth/Makefile
> +++ b/src/PVE/Auth/Makefile
> @@ -4,7 +4,8 @@ AUTH_SOURCES= \
> PVE.pm \
> PAM.pm \
> AD.pm \
> - LDAP.pm
> + LDAP.pm \
> + OpenId.pm
>
> .PHONY: install
> install:
> diff --git a/src/PVE/Auth/OpenId.pm b/src/PVE/Auth/OpenId.pm
> new file mode 100755
> index 0000000..8f35575
> --- /dev/null
> +++ b/src/PVE/Auth/OpenId.pm
> @@ -0,0 +1,67 @@
> +package PVE::Auth::OpenId;
> +
> +use strict;
> +use warnings;
> +
> +use PVE::Tools;
> +use PVE::Auth::Plugin;
> +use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file);
> +
> +use base qw(PVE::Auth::Plugin);
> +
> +sub type {
> + return 'openid';
> +}
> +
> +sub properties {
> + return {
> + "issuer-url" => {
> + description => "OpenID Issuer Url",
> + type => 'string',
> + maxLength => 256,
> + },
> + "client-id" => {
> + description => "OpenID Client ID",
> + type => 'string',
> + maxLength => 256,
> + },
> + "client-key" => {
> + description => "OpenID Client Key",
> + type => 'string',
> + optional => 1,
> + maxLength => 256,
> + },
> + autocreate => {
> + description => "Automatically create users if they do not exist.",
> + optional => 1,
> + type => 'boolean',
> + default => 0,
> + },
> + "user-attr" => {
> + type => 'string',
> + enum => ['subject', 'username', 'email'],
> + optional => 1,
> + },
clashes with existing 'user_attr' for LDAP..
> + };
> +}
> +
> +sub options {
> + return {
> + "issuer-url" => {},
> + "client-id" => {},
> + "client-key" => { optional => 1 },
> + autocreate => { optional => 1 },
> + "user-attr" => { optional => 1, fixed => 1 },
> + default => { optional => 1 },
> + comment => { optional => 1 },
> + };
> +}
> +
> +sub authenticate_user {
> + my ($class, $config, $realm, $username, $password) = @_;
> +
> + die "OpenID realm does not allow password verification.\n";
> +}
> +
> +
> +1;
> --
> 2.30.2
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
prev parent reply other threads:[~2021-06-29 8:30 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-24 8:17 Dietmar Maurer
2021-06-24 8:17 ` [pve-devel] [PATCH pve-manager] ui: implement OpenId login Dietmar Maurer
2021-06-29 8:13 ` Fabian Grünbichler
2021-06-29 9:15 ` Thomas Lamprecht
2021-06-29 8:28 ` Fabian Grünbichler
2021-07-02 13:13 ` [pve-devel] applied: " Thomas Lamprecht
2021-06-24 8:18 ` [pve-devel] [PATCH pve-access-control 2/4] depend on libpve-rs-perl Dietmar Maurer
2021-06-24 8:18 ` [pve-devel] [PATCH pve-access-control 3/4] api: implement openid API Dietmar Maurer
2021-06-29 8:22 ` Fabian Grünbichler
2021-06-24 8:18 ` [pve-devel] [PATCH pve-access-control 4/4] implement OpenID autocreate user feature Dietmar Maurer
2021-06-29 8:29 ` Fabian Grünbichler [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1624955370.o2p184qzjg.astroid@nora.none \
--to=f.gruenbichler@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox