--- src/PVE/AccessControl.pm | 2 ++ src/PVE/Auth/Makefile | 3 +- src/PVE/Auth/OpenId.pm | 67 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 71 insertions(+), 1 deletion(-) create mode 100755 src/PVE/Auth/OpenId.pm
diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm index 2569a35..8efb89d 100644 --- a/src/PVE/AccessControl.pm +++ b/src/PVE/AccessControl.pm @@ -24,6 +24,7 @@ use PVE::Auth::AD; use PVE::Auth::LDAP; use PVE::Auth::PVE; use PVE::Auth::PAM; +use PVE::Auth::OpenId; # load and initialize all plugins @@ -31,6 +32,7 @@ PVE::Auth::AD->register(); PVE::Auth::LDAP->register(); PVE::Auth::PVE->register(); PVE::Auth::PAM->register(); +PVE::Auth::OpenId->register(); PVE::Auth::Plugin->init(); # $authdir must be writable by root only! diff --git a/src/PVE/Auth/Makefile b/src/PVE/Auth/Makefile index 58ae362..be7bde3 100644 --- a/src/PVE/Auth/Makefile +++ b/src/PVE/Auth/Makefile @@ -4,7 +4,8 @@ AUTH_SOURCES= \ PVE.pm \ PAM.pm \ AD.pm \ - LDAP.pm + LDAP.pm \ + OpenId.pm .PHONY: install install: diff --git a/src/PVE/Auth/OpenId.pm b/src/PVE/Auth/OpenId.pm new file mode 100755 index 0000000..8f35575 --- /dev/null +++ b/src/PVE/Auth/OpenId.pm @@ -0,0 +1,67 @@ +package PVE::Auth::OpenId; + +use strict; +use warnings; + +use PVE::Tools; +use PVE::Auth::Plugin; +use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file); + +use base qw(PVE::Auth::Plugin); + +sub type { + return 'openid'; +} + +sub properties { + return { + "issuer-url" => { + description => "OpenID Issuer Url", + type => 'string', + maxLength => 256, + }, + "client-id" => { + description => "OpenID Client ID", + type => 'string', + maxLength => 256, + }, + "client-key" => { + description => "OpenID Client Key", + type => 'string', + optional => 1, + maxLength => 256, + }, + autocreate => { + description => "Automatically create users if they do not exist.", + optional => 1, + type => 'boolean', + default => 0, + }, + "user-attr" => { + type => 'string', + enum => ['subject', 'username', 'email'], + optional => 1, + }, + }; +} + +sub options { + return { + "issuer-url" => {}, + "client-id" => {}, + "client-key" => { optional => 1 }, + autocreate => { optional => 1 }, + "user-attr" => { optional => 1, fixed => 1 }, + default => { optional => 1 }, + comment => { optional => 1 }, + }; +} + +sub authenticate_user { + my ($class, $config, $realm, $username, $password) = @_; + + die "OpenID realm does not allow password verification.\n"; +} + + +1; -- 2.30.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel