[pve-devel] r5363 - in pve-access-control/trunk: . PVE PVE/API2

svn-commits at proxmox.com svn-commits at proxmox.com
Wed Jan 12 12:41:51 CET 2011


Author: dietmar
Date: 2011-01-12 12:41:51 +0100 (Wed, 12 Jan 2011)
New Revision: 5363

Modified:
   pve-access-control/trunk/ChangeLog
   pve-access-control/trunk/PVE/API2/ACL.pm
   pve-access-control/trunk/PVE/API2/Group.pm
   pve-access-control/trunk/PVE/API2/Role.pm
   pve-access-control/trunk/PVE/API2/User.pm
   pve-access-control/trunk/PVE/AccessControl.pm
   pve-access-control/trunk/pveum
Log:
2011-01-12  root  <root at maui.maurer-it.com>

	* PVE/AccessControl.pm: use new PVE::Cluster class and read data
	from cluster filesystem (instead of local filesystem).



Modified: pve-access-control/trunk/ChangeLog
===================================================================
--- pve-access-control/trunk/ChangeLog	2011-01-12 08:16:31 UTC (rev 5362)
+++ pve-access-control/trunk/ChangeLog	2011-01-12 11:41:51 UTC (rev 5363)
@@ -1,3 +1,8 @@
+2011-01-12  root  <root at maui.maurer-it.com>
+
+	* PVE/AccessControl.pm: use new PVE::Cluster class and read data
+	from cluster filesystem (instead of local filesystem).
+
 2011-01-11  root  <root at maui.maurer-it.com>
 
 	* control.in (Depends): depend on new pve-cluster package

Modified: pve-access-control/trunk/PVE/API2/ACL.pm
===================================================================
--- pve-access-control/trunk/PVE/API2/ACL.pm	2011-01-12 08:16:31 UTC (rev 5362)
+++ pve-access-control/trunk/PVE/API2/ACL.pm	2011-01-12 11:41:51 UTC (rev 5363)
@@ -2,7 +2,7 @@
 
 use strict;
 use warnings;
-use PVE::INotify qw (read_file write_file);
+use PVE::Cluster qw (cfs_read_file cfs_write_file);
 use PVE::Tools qw(split_list);
 use PVE::AccessControl;
 
@@ -30,7 +30,7 @@
     
 	my $res = [];
 
-	my $usercfg = read_file("usercfg");
+	my $usercfg = cfs_read_file("user.cfg");
  
 	return $usercfg->{acl};
     }});
@@ -58,7 +58,7 @@
 	PVE::AccessControl::lock_user_config(
 	    sub {
 			
-		my $cfg = read_file("usercfg");
+		my $cfg = cfs_read_file("user.cfg");
 
 		my $propagate = $param->{propagate} ? 1 : 0;
 
@@ -98,7 +98,7 @@
 		    }
 		}
 
-		write_file("usercfg", $cfg);
+		cfs_write_file("user.cfg", $cfg);
 	    }, "ACL update failed");
 
 	return undef;

Modified: pve-access-control/trunk/PVE/API2/Group.pm
===================================================================
--- pve-access-control/trunk/PVE/API2/Group.pm	2011-01-12 08:16:31 UTC (rev 5362)
+++ pve-access-control/trunk/PVE/API2/Group.pm	2011-01-12 11:41:51 UTC (rev 5363)
@@ -2,7 +2,7 @@
 
 use strict;
 use warnings;
-use PVE::INotify qw (read_file write_file);
+use PVE::Cluster qw (cfs_read_file cfs_write_file);
 use PVE::AccessControl;
 
 use PVE::SafeSyslog;
@@ -38,7 +38,7 @@
     
 	my $res = [];
 
-	my $usercfg = read_file("usercfg");
+	my $usercfg = cfs_read_file("user.cfg");
  
 	foreach my $group (keys %{$usercfg->{groups}}) {
 	    push @$res, { id => $group };
@@ -66,7 +66,7 @@
 	PVE::AccessControl::lock_user_config(
 	    sub {
 			
-		my $usercfg = read_file("usercfg");
+		my $usercfg = cfs_read_file("user.cfg");
 
 		my $group = $param->{groupid};
 	
@@ -75,7 +75,7 @@
 
 		$usercfg->{groups}->{$group} = {};
 
-		write_file("usercfg", $usercfg);
+		cfs_write_file("user.cfg", $usercfg);
 	    }, "create group failed");
 
 	return undef;
@@ -99,7 +99,7 @@
 
 	my $group = $param->{groupid};
 
-	my $usercfg = read_file("usercfg");
+	my $usercfg = cfs_read_file("user.cfg");
  
 	my $data = $usercfg->{groups}->{$group};
 
@@ -128,7 +128,7 @@
 	PVE::AccessControl::lock_user_config(
 	    sub {
 
-		my $usercfg = read_file("usercfg");
+		my $usercfg = cfs_read_file("user.cfg");
 
 		my $group = $param->{groupid};
 
@@ -139,7 +139,7 @@
 
 		PVE::AccessControl::delete_group_acl($group, $usercfg);
 
-		write_file("usercfg", $usercfg);
+		cfs_write_file("user.cfg", $usercfg);
 	    }, "delete group failed");
 	
 	return undef;

Modified: pve-access-control/trunk/PVE/API2/Role.pm
===================================================================
--- pve-access-control/trunk/PVE/API2/Role.pm	2011-01-12 08:16:31 UTC (rev 5362)
+++ pve-access-control/trunk/PVE/API2/Role.pm	2011-01-12 11:41:51 UTC (rev 5363)
@@ -2,7 +2,7 @@
 
 use strict;
 use warnings;
-use PVE::INotify qw (read_file write_file);
+use PVE::Cluster qw (cfs_read_file cfs_write_file);
 use PVE::AccessControl;
 
 use PVE::SafeSyslog;
@@ -38,7 +38,7 @@
     
 	my $res = [];
 
-	my $usercfg = read_file("usercfg");
+	my $usercfg = cfs_read_file("user.cfg");
  
 	foreach my $role (keys %{$usercfg->{roles}}) {
 	    push @$res, { id => $role };
@@ -67,7 +67,7 @@
 	PVE::AccessControl::lock_user_config(
 	    sub {
 			
-		my $usercfg = read_file("usercfg");
+		my $usercfg = cfs_read_file("user.cfg");
 
 		my $role = $param->{roleid};
 
@@ -78,7 +78,7 @@
 
 		PVE::AccessControl::add_role_privs($role, $usercfg, $param->{privs});
 
-		write_file("usercfg", $usercfg);
+		cfs_write_file("user.cfg", $usercfg);
 	    }, "create role failed");
 
 	return undef;
@@ -111,7 +111,7 @@
 			
 		my $role = $param->{roleid};
 
-		my $usercfg = read_file("usercfg");
+		my $usercfg = cfs_read_file("user.cfg");
 	
 		die "role '$role' does not exist\n" 
 		    if !$usercfg->{roles}->{$role};
@@ -120,7 +120,7 @@
 
 		PVE::AccessControl::add_role_privs($role, $usercfg, $param->{privs});
 
-		write_file("usercfg", $usercfg);
+		cfs_write_file("user.cfg", $usercfg);
 	    }, "update role failed");
 
 	return undef;
@@ -142,7 +142,7 @@
     code => sub {
 	my ($param) = @_;
 
-	my $usercfg = read_file("usercfg");
+	my $usercfg = cfs_read_file("user.cfg");
 
 	my $role = $param->{roleid};
 
@@ -175,7 +175,7 @@
 
 		my $role = $param->{roleid};
 
-		my $usercfg = read_file("usercfg");
+		my $usercfg = cfs_read_file("user.cfg");
 
 		die "role '$role' does not exist\n"
 		    if !$usercfg->{roles}->{$role};
@@ -184,7 +184,7 @@
 
 		# fixme: delete role from acl?
 
-		write_file("usercfg", $usercfg);
+		cfs_write_file("user.cfg", $usercfg);
 	    }, "delete role failed");
 	
 	return undef;

Modified: pve-access-control/trunk/PVE/API2/User.pm
===================================================================
--- pve-access-control/trunk/PVE/API2/User.pm	2011-01-12 08:16:31 UTC (rev 5362)
+++ pve-access-control/trunk/PVE/API2/User.pm	2011-01-12 11:41:51 UTC (rev 5363)
@@ -2,7 +2,7 @@
 
 use strict;
 use warnings;
-use PVE::INotify qw (read_file write_file);
+use PVE::Cluster qw (cfs_read_file cfs_write_file);
 use PVE::Tools qw(split_list);
 use PVE::AccessControl;
 
@@ -39,7 +39,7 @@
     
 	my $res = [];
 
-	my $usercfg = read_file("usercfg");
+	my $usercfg = cfs_read_file("user.cfg");
  
 	foreach my $user (keys %{$usercfg->{users}}) {
 	    next if $user eq 'root';
@@ -96,7 +96,7 @@
 		my ($username, undef, $domain) = 
 		    PVE::AccessControl::verify_username($param->{userid});
 	
-		my $usercfg = read_file("usercfg");
+		my $usercfg = cfs_read_file("user.cfg");
 
 		die "user '$username' already exists\n" 
 		    if $usercfg->{users}->{$username};
@@ -121,7 +121,7 @@
 		    }
 		}
 
-		write_file("usercfg", $usercfg);
+		cfs_write_file("user.cfg", $usercfg);
 	    }, "create user failed");
 
 	return undef;
@@ -145,7 +145,7 @@
 	my ($username, undef, $domain) = 
 	    PVE::AccessControl::verify_username($param->{userid});
 
-	my $usercfg = read_file("usercfg");
+	my $usercfg = cfs_read_file("user.cfg");
  
 	my $data = $usercfg->{users}->{$username};
 
@@ -190,7 +190,7 @@
 		my ($username, undef, $domain) = 
 		    PVE::AccessControl::verify_username($param->{userid});
 	
-		my $usercfg = read_file("usercfg");
+		my $usercfg = cfs_read_file("user.cfg");
 
 		die "user '$username' does not exist\n" 
 		    if !$usercfg->{users}->{$username};
@@ -224,7 +224,7 @@
 
 		PVE::AccessControl::comment_user($username, $usercfg) if $param->{comment};
 
-		write_file("usercfg", $usercfg);
+		cfs_write_file("user.cfg", $usercfg);
 	    }, "update user failed");
 	
 	return undef;
@@ -252,7 +252,7 @@
 		my ($username, undef, $domain) = 
 		    PVE::AccessControl::verify_username($param->{userid});
 
-		my $usercfg = read_file("usercfg");
+		my $usercfg = cfs_read_file("user.cfg");
 
 		die "user '$username' does not exist\n" 
 		    if !$usercfg->{users}->{$username};
@@ -263,7 +263,7 @@
 		PVE::AccessControl::delete_user_group($username, $usercfg);
 		PVE::AccessControl::delete_user_acl($username, $usercfg);
 
-		write_file("usercfg", $usercfg);
+		cfs_write_file("user.cfg", $usercfg);
 	    }, "delete user failed");
 	
 	return undef;

Modified: pve-access-control/trunk/PVE/AccessControl.pm
===================================================================
--- pve-access-control/trunk/PVE/AccessControl.pm	2011-01-12 08:16:31 UTC (rev 5362)
+++ pve-access-control/trunk/PVE/AccessControl.pm	2011-01-12 11:41:51 UTC (rev 5363)
@@ -9,7 +9,7 @@
 use Authen::PAM qw(:constants);
 use Net::LDAP;
 use PVE::Tools qw(run_command lock_file file_get_contents split_list safe_print);
-use PVE::INotify qw(register_file read_file write_file);
+use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file);
 use PVE::JSONSchema;
 
 use Data::Dumper; # fixme: remove
@@ -24,43 +24,27 @@
 my $authdir = "$confdir/priv";
 my $authprivkeyfn = "$authdir/authkey.key";
 my $authpubkeyfn = "$confdir/authkey.pub";
-my $userconfigfile = "user.cfg";
-my $userconfigpath = "$confdir/$userconfigfile";
-my $userconfiglock = "$lockdir/.lock-$userconfigfile";
-my $shadowconfigfile = "shadow.cfg";
-my $shadowconfigpath = "$authdir/$shadowconfigfile";
-my $shadowconfiglock = "$lockdir/.lock-$shadowconfigfile";
-my $domainconfigfile = "domains.cfg";
-my $domainconfigpath = "$authdir/$domainconfigfile";
+my $userconfiglock = "$lockdir/.lock-user.cfg";
+my $shadowconfigfile = "priv/shadow.cfg";
+my $shadowconfiglock = "$lockdir/.lock-shadow.cfg";
+my $domainconfigfile = "priv/domains.cfg";
 
 my $ticket_lifetime = 3600*2; # 2 hours
 
 Crypt::OpenSSL::RSA->import_random_seed();
 
-register_file('usercfg', $userconfigpath, 
-	      \&parse_user_config,  \&write_user_config);
+cfs_register_file('user.cfg', 
+		  \&parse_user_config,  
+		  \&write_user_config);
 
-register_file('shadowpasswd', $shadowconfigpath, 
-	      \&parse_shadow_passwd, \&write_shadow_config, undef,
-	      perm => 0600);
+cfs_register_file($shadowconfigfile, 
+		  \&parse_shadow_passwd, 
+		  \&write_shadow_config);
 
-register_file('domaincfg', $domainconfigpath, \&parse_domains);
+cfs_register_file($domainconfigfile, 
+		  \&parse_domains);
 
-sub cond_create_auth_key {
 
-    return if -f "$authprivkeyfn";
-
-    (-l "$confdir/local" ) || die "pve configuration filesystem not mounted\n";
-
-    mkdir $authdir || die "unable to create dir '$authdir' - $!\n";
- 
-    my $cmd = "openssl genrsa -out '$authprivkeyfn' 2048";
-    run_command($cmd);
-
-    $cmd = "openssl rsa -in '$authprivkeyfn' -pubout -out '$authpubkeyfn'";
-    run_command($cmd)
-}
-
 sub lock_user_config {
     my ($code, $errmsg) = @_;
 
@@ -155,7 +139,7 @@
 
     die "no password\n" if !$password;
 
-    my $shadow_cfg = read_file($shadowconfigpath);
+    my $shadow_cfg = cfs_read_file($shadowconfigfile);
     
     if ($shadow_cfg->{users}->{$username}) {
 	my $encpw = crypt($password, $shadow_cfg->{users}->{$username}->{shadow});
@@ -251,7 +235,7 @@
 
     my ($username, $password) = @_;
  
-    my $domain_cfg = read_file($domainconfigpath);
+    my $domain_cfg = cfs_read_file($domainconfigfile);
 
     my (undef, $user, $domain) = verify_username($username);
 
@@ -343,7 +327,7 @@
 
 	($username, $user, $domain) = verify_username($username);
  
-	my $usercfg = read_file($userconfigpath);
+	my $usercfg = cfs_read_file('user.cfg');
 
 	die "no such user ('$username')\n" if !user_enabled($usercfg, $username);
 
@@ -369,10 +353,10 @@
 
     my ($username) = @_;
     lock_shadow_config(sub {
-	my $shadow_cfg = read_file($shadowconfigpath);
+	my $shadow_cfg = cfs_read_file($shadowconfigfile);
 	delete ($shadow_cfg->{users}->{$username})
 	    if $shadow_cfg->{users}->{$username};
-	write_file($shadowconfigpath, $shadow_cfg);
+	cfs_write_file($shadowconfigfile, $shadow_cfg);
     });
 }
 
@@ -380,9 +364,9 @@
 
     my ($username,$password) = @_;
     lock_shadow_config(sub {
-	my $shadow_cfg = read_file($shadowconfigpath);
+	my $shadow_cfg = cfs_read_file($shadowconfigfile);
 	$shadow_cfg->{users}->{$username}->{shadow} = encrypt_pw($password);
-	write_file($shadowconfigpath, $shadow_cfg);
+	cfs_write_file($shadowconfigfile, $shadow_cfg);
     });
 }
 
@@ -616,135 +600,131 @@
 }
 
 sub parse_user_config {
-    my ($filename, $fh) = @_;
+    my ($filename, $raw) = @_;
 
     my $cfg = {};
 
     userconfig_force_defaults($cfg);
 
-    die "MODE: '$/'" if !$/;
+    $raw = "" if !defined($raw);
+    while ($raw =~ s/^(.*)\n//) {
+	my $line = $1;
 
-    if ($fh) {
-	while (defined (my $line = <$fh>)) {
-	    chomp $line;
+	next if $line =~ m/^\s*$/; # skip empty lines
 
-	    next if $line =~ m/^\s*$/; # skip empty lines
+	my @data;
 
-	    my @data;
+	foreach my $d (split (/:/, $line)) {
+	    $d =~ s/^\s+//; 
+	    $d =~ s/\s+$//;
+	    push @data, $d
+	}
 
-	    foreach my $d (split (/:/, $line)) {
-		$d =~ s/^\s+//; 
-		$d =~ s/\s+$//;
-		push @data, $d
-	    }
+	my $et = shift @data;
 
-	    my $et = shift @data;
+	if ($et eq 'user') {
+	    my ($user, $enabled) = @data;
 
-	    if ($et eq 'user') {
-		my ($user, $enabled) = @data;
-
-		if (!verify_username($user, 1)) {
-		    warn "user config - ignore user '$user' - invalid characters in user name\n";
-		    next;
-		}
+	    if (!verify_username($user, 1)) {
+		warn "user config - ignore user '$user' - invalid characters in user name\n";
+		next;
+	    }
 	    
-		$enabled = $enabled ? 1 : 0;
+	    $enabled = $enabled ? 1 : 0;
 
-		#if (!verify_groupname ($group, 1)) {
-		#    warn "user config - ignore user '$user' - invalid characters in group name\n";
-		#    next;
-		#}
+	    #if (!verify_groupname ($group, 1)) {
+	    #    warn "user config - ignore user '$user' - invalid characters in group name\n";
+	    #    next;
+	    #}
 
+	    $cfg->{users}->{$user} = {
+		enabled => $enabled,
+		# group => $group,
+	    };
 
-		$cfg->{users}->{$user} = {
-		    enabled => $enabled,
-		    # group => $group,
-		};
+	    #$cfg->{users}->{$user}->{groups}->{$group} = 1;
+	    #$cfg->{groups}->{$group}->{$user} = 1;
 
-		#$cfg->{users}->{$user}->{groups}->{$group} = 1;
-		#$cfg->{groups}->{$group}->{$user} = 1;
+	} elsif ($et eq 'group') {
+	    my ($group, $userlist) = @data;
 
-	    } elsif ($et eq 'group') {
-		my ($group, $userlist) = @data;
+	    if (!verify_groupname($group, 1)) {
+		warn "user config - ignore group '$group' - invalid characters in group name\n";
+		next;
+	    }
 
-		if (!verify_groupname($group, 1)) {
-		    warn "user config - ignore group '$group' - invalid characters in group name\n";
+	    # make sure to add the group (even if there are no members)
+	    $cfg->{groups}->{$group} = {} if !$cfg->{groups}->{$group};
+
+	    foreach my $user (split_list($userlist)) {
+
+		if (!verify_username($user, 1)) {
+		    warn "user config - ignore invalid group member '$user'\n";
 		    next;
 		}
 
-		# make sure to add the group (even if there are no members)
-		$cfg->{groups}->{$group} = {} if !$cfg->{groups}->{$group};
-
-		foreach my $user (split_list($userlist)) {
-
-		    if (!verify_username($user, 1)) {
-			warn "user config - ignore invalid group member '$user'\n";
-			next;
-		    }
-
-		    if ($cfg->{users}->{$user}) { # user exists 
-			$cfg->{users}->{$user}->{groups}->{$group} = 1;
-			$cfg->{groups}->{$group}->{$user} = 1;
-		    } else {
-			warn "user config - ignore invalid group member '$user'\n";
-		    }
+		if ($cfg->{users}->{$user}) { # user exists 
+		    $cfg->{users}->{$user}->{groups}->{$group} = 1;
+		    $cfg->{groups}->{$group}->{$user} = 1;
+		} else {
+		    warn "user config - ignore invalid group member '$user'\n";
 		}
+	    }
 
-	    } elsif ($et eq 'role') {
-		my ($role, $privlist) = @data;
+	} elsif ($et eq 'role') {
+	    my ($role, $privlist) = @data;
 		
-		if (!verify_rolename($role, 1)) {
-		    warn "user config - ignore role '$role' - invalid characters in role name\n";
-		    next;
-		}
+	    if (!verify_rolename($role, 1)) {
+		warn "user config - ignore role '$role' - invalid characters in role name\n";
+		next;
+	    }
 
-		# make sure to add the role (even if there are no privileges)
-		$cfg->{roles}->{$role} = {} if !$cfg->{roles}->{$role};
+	    # make sure to add the role (even if there are no privileges)
+	    $cfg->{roles}->{$role} = {} if !$cfg->{roles}->{$role};
 
-		foreach my $priv (split_list($privlist)) {
-		    if (defined ($valid_privs->{$priv})) {
-			$cfg->{roles}->{$role}->{$priv} = 1;
-		    } else {
-			warn "user config - ignore invalid priviledge '$priv'\n";
-		    } 
-		}
+	    foreach my $priv (split_list($privlist)) {
+		if (defined ($valid_privs->{$priv})) {
+		    $cfg->{roles}->{$role}->{$priv} = 1;
+		} else {
+		    warn "user config - ignore invalid priviledge '$priv'\n";
+		} 
+	    }
+	    
+	} elsif ($et eq 'acl') {
+	    my ($propagate, $pathtxt, $uglist, $rolelist) = @data;
 
-	    } elsif ($et eq 'acl') {
-		my ($propagate, $pathtxt, $uglist, $rolelist) = @data;
-
-		if (my $path = normalize_path($pathtxt)) {
-		    foreach my $role (split_list($rolelist)) {
+	    if (my $path = normalize_path($pathtxt)) {
+		foreach my $role (split_list($rolelist)) {
 			
-			if (!verify_rolename($role, 1)) {
-			    warn "user config - ignore invalid role name '$role' in acl\n";
-			    next;
-			}
+		    if (!verify_rolename($role, 1)) {
+			warn "user config - ignore invalid role name '$role' in acl\n";
+			next;
+		    }
 
-			foreach my $ug (split_list($uglist)) {
-			    if ($ug =~ m/^@(\w+)$/) {
-				my $group = $1;
-				if ($cfg->{groups}->{$group}) { # group exists 
-				    $cfg->{acl}->{$path}->{groups}->{$group}->{$role} = $propagate;
-				} else {
-				    warn "user config - ignore invalid acl group '$group'\n";
-				}
-			    } elsif (verify_username($ug, 1)) {
-				if ($cfg->{users}->{$ug}) { # user exists 
-				    $cfg->{acl}->{$path}->{users}->{$ug}->{$role} = $propagate;
-				} else {
-				    warn "user config - ignore invalid acl member '$ug'\n";
-				}
+		    foreach my $ug (split_list($uglist)) {
+			if ($ug =~ m/^@(\w+)$/) {
+			    my $group = $1;
+			    if ($cfg->{groups}->{$group}) { # group exists 
+				$cfg->{acl}->{$path}->{groups}->{$group}->{$role} = $propagate;
 			    } else {
-				warn "user config - invalid user/group '$ug' in acl\n";
+				warn "user config - ignore invalid acl group '$group'\n";
 			    }
+			} elsif (verify_username($ug, 1)) {
+			    if ($cfg->{users}->{$ug}) { # user exists 
+				$cfg->{acl}->{$path}->{users}->{$ug}->{$role} = $propagate;
+			    } else {
+				warn "user config - ignore invalid acl member '$ug'\n";
+			    }
+			} else {
+			    warn "user config - invalid user/group '$ug' in acl\n";
 			}
 		    }
-		} else {
-		    warn "user config - ignore invalid path in acl '$pathtxt'\n";
 		}
 	    } else {
-		warn "user config - ignore config line: $line\n";
+		warn "user config - ignore invalid path in acl '$pathtxt'\n";
 	    }
+	} else {
+	    warn "user config - ignore config line: $line\n";
 	}
     }
 
@@ -754,42 +734,40 @@
 }
 
 sub parse_shadow_passwd {
-    my ($filename, $fh) = @_;
+    my ($filename, $raw) = @_;
 
     my $shadow = {};
 
-    die "MODE: '$/'" if !$/;
+    $raw = "" if !defined($raw);
 
-    if ($fh) {
-	while (defined (my $line = <$fh>)) {
-	    chomp $line;
+    while ($raw =~ s/^(.*)\n//) {
+	my $line = $1;
 
-	    next if $line =~ m/^\s*$/; # skip empty lines
+	next if $line =~ m/^\s*$/; # skip empty lines
 
-	    if ($line !~ m/^\S+:\S+:$/) {
-		warn "pve shadow password: ignore invalid line $.\n";
-		next;
-	    }
+	if ($line !~ m/^\S+:\S+:$/) {
+	    warn "pve shadow password: ignore invalid line $.\n";
+	    next;
+	}
 
-	    my ($username,$crypt_pass) = split (/:/, $line);
-	    $shadow->{users}->{$username}->{shadow} = $crypt_pass;
-        }
+	my ($username,$crypt_pass) = split (/:/, $line);
+	$shadow->{users}->{$username}->{shadow} = $crypt_pass;
     }
 
     return $shadow;
 }
 
 sub parse_domains {
-    my ($filename, $fh) = @_;
+    my ($filename, $raw) = @_;
 
     my $connlist = [];
     my $ad;
 
-    die "MODE: '$/'" if !$/;
+    $raw = "" if !defined($raw);
 
-    while ($fh && defined (my $line = <$fh>)) {
-	chomp $line;
-
+    while ($raw =~ s/^(.*)\n//) {
+	my $line = $1;
+ 
 	next if $line =~ m/^\#/; # skip comment lines
 	next if $line =~ m/^\s*$/; # skip empty lines
 
@@ -813,7 +791,9 @@
 		}
 	    }
 
-	    while (defined ($line = <$fh>)) {
+	    while ($raw =~ s/^(.*)\n//) {
+		$line = $1;
+
 		next if $line =~ m/^\#/; #skip comment lines
 		last if $line =~ m/^\s*$/;
 		    
@@ -868,7 +848,7 @@
 }
 
 sub write_shadow_config {
-    my ($filename, $fh, $cfg) = @_;
+    my ($filename, $cfg) = @_;
 
     my $data = '';
     foreach my $user (keys %{$cfg->{users}}) {
@@ -876,13 +856,11 @@
 	$data .= "$user:$crypt_pass:\n";
     }
 
-    safe_print($filename, $fh, $data);
-
-    return $cfg;
+    return $data
 }
 
 sub write_user_config {
-    my ($filename, $fh, $cfg) = @_;
+    my ($filename, $cfg) = @_;
 
     my $data = '';
 
@@ -966,10 +944,8 @@
 	    $data .= "acl:1:$path:$uglist:$rolelist:\n";
 	}
     }
-    
-    safe_print($filename, $fh, $data);
 
-    return $cfg;
+    return $data;
 }
 
 sub roles {

Modified: pve-access-control/trunk/pveum
===================================================================
--- pve-access-control/trunk/pveum	2011-01-12 08:16:31 UTC (rev 5362)
+++ pve-access-control/trunk/pveum	2011-01-12 11:41:51 UTC (rev 5363)
@@ -3,6 +3,7 @@
 use strict;
 use Getopt::Long;
 use PVE::Tools qw(run_command);
+use PVE::Cluster;
 use PVE::AccessControl;
 use File::Path qw(make_path remove_tree);
 use Term::ReadLine;
@@ -26,6 +27,7 @@
 die "please run as root\n" if $> != 0;
 
 PVE::INotify::inotify_init();
+PVE::Cluster::cfs_update();
 
 my $rpcenv = PVE::RPCEnvironment->init('cli');
 
@@ -34,7 +36,7 @@
 $rpcenv->set_user('root'); 
 
 # autmatically generate the private key if it does not already exists
-PVE::AccessControl::cond_create_auth_key();
+PVE::Cluster::gen_auth_key();
 
 my $read_password = sub {
 



More information about the pve-devel mailing list