[pve-devel] [PATCH pve-access-control 1/4] add OpenId configuration
Fabian Grünbichler
f.gruenbichler at proxmox.com
Tue Jun 29 10:29:58 CEST 2021
On June 24, 2021 10:17 am, Dietmar Maurer wrote:
> ---
> src/PVE/AccessControl.pm | 2 ++
> src/PVE/Auth/Makefile | 3 +-
> src/PVE/Auth/OpenId.pm | 67 ++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 71 insertions(+), 1 deletion(-)
> create mode 100755 src/PVE/Auth/OpenId.pm
>
> diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
> index 2569a35..8efb89d 100644
> --- a/src/PVE/AccessControl.pm
> +++ b/src/PVE/AccessControl.pm
> @@ -24,6 +24,7 @@ use PVE::Auth::AD;
> use PVE::Auth::LDAP;
> use PVE::Auth::PVE;
> use PVE::Auth::PAM;
> +use PVE::Auth::OpenId;
>
> # load and initialize all plugins
>
> @@ -31,6 +32,7 @@ PVE::Auth::AD->register();
> PVE::Auth::LDAP->register();
> PVE::Auth::PVE->register();
> PVE::Auth::PAM->register();
> +PVE::Auth::OpenId->register();
> PVE::Auth::Plugin->init();
>
> # $authdir must be writable by root only!
> diff --git a/src/PVE/Auth/Makefile b/src/PVE/Auth/Makefile
> index 58ae362..be7bde3 100644
> --- a/src/PVE/Auth/Makefile
> +++ b/src/PVE/Auth/Makefile
> @@ -4,7 +4,8 @@ AUTH_SOURCES= \
> PVE.pm \
> PAM.pm \
> AD.pm \
> - LDAP.pm
> + LDAP.pm \
> + OpenId.pm
>
> .PHONY: install
> install:
> diff --git a/src/PVE/Auth/OpenId.pm b/src/PVE/Auth/OpenId.pm
> new file mode 100755
> index 0000000..8f35575
> --- /dev/null
> +++ b/src/PVE/Auth/OpenId.pm
> @@ -0,0 +1,67 @@
> +package PVE::Auth::OpenId;
> +
> +use strict;
> +use warnings;
> +
> +use PVE::Tools;
> +use PVE::Auth::Plugin;
> +use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file);
> +
> +use base qw(PVE::Auth::Plugin);
> +
> +sub type {
> + return 'openid';
> +}
> +
> +sub properties {
> + return {
> + "issuer-url" => {
> + description => "OpenID Issuer Url",
> + type => 'string',
> + maxLength => 256,
> + },
> + "client-id" => {
> + description => "OpenID Client ID",
> + type => 'string',
> + maxLength => 256,
> + },
> + "client-key" => {
> + description => "OpenID Client Key",
> + type => 'string',
> + optional => 1,
> + maxLength => 256,
> + },
> + autocreate => {
> + description => "Automatically create users if they do not exist.",
> + optional => 1,
> + type => 'boolean',
> + default => 0,
> + },
> + "user-attr" => {
> + type => 'string',
> + enum => ['subject', 'username', 'email'],
> + optional => 1,
> + },
clashes with existing 'user_attr' for LDAP..
> + };
> +}
> +
> +sub options {
> + return {
> + "issuer-url" => {},
> + "client-id" => {},
> + "client-key" => { optional => 1 },
> + autocreate => { optional => 1 },
> + "user-attr" => { optional => 1, fixed => 1 },
> + default => { optional => 1 },
> + comment => { optional => 1 },
> + };
> +}
> +
> +sub authenticate_user {
> + my ($class, $config, $realm, $username, $password) = @_;
> +
> + die "OpenID realm does not allow password verification.\n";
> +}
> +
> +
> +1;
> --
> 2.30.2
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
More information about the pve-devel
mailing list