[pve-devel] [PATCH pve-access-control v2 2/5] add OpenId configuration

Tue, 29 Jun 2021 23:10:25 -0700 

---
 src/PVE/AccessControl.pm |  2 ++
 src/PVE/Auth/Makefile    |  3 +-
 src/PVE/Auth/OpenId.pm   | 68 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 72 insertions(+), 1 deletion(-)
 create mode 100755 src/PVE/Auth/OpenId.pm

diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index 8628678..3d8d01c 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -24,6 +24,7 @@ use PVE::Auth::AD;
 use PVE::Auth::LDAP;
 use PVE::Auth::PVE;
 use PVE::Auth::PAM;
+use PVE::Auth::OpenId;
 
 # load and initialize all plugins
 
@@ -31,6 +32,7 @@ PVE::Auth::AD->register();
 PVE::Auth::LDAP->register();
 PVE::Auth::PVE->register();
 PVE::Auth::PAM->register();
+PVE::Auth::OpenId->register();
 PVE::Auth::Plugin->init();
 
 # $authdir must be writable by root only!
diff --git a/src/PVE/Auth/Makefile b/src/PVE/Auth/Makefile
index 58ae362..be7bde3 100644
--- a/src/PVE/Auth/Makefile
+++ b/src/PVE/Auth/Makefile
@@ -4,7 +4,8 @@ AUTH_SOURCES=                   \
        PVE.pm                  \
        PAM.pm                  \
        AD.pm                   \
-       LDAP.pm
+       LDAP.pm                 \
+       OpenId.pm
 
 .PHONY: install
 install:
diff --git a/src/PVE/Auth/OpenId.pm b/src/PVE/Auth/OpenId.pm
new file mode 100755
index 0000000..515d2f4
--- /dev/null
+++ b/src/PVE/Auth/OpenId.pm
@@ -0,0 +1,68 @@
+package PVE::Auth::OpenId;
+
+use strict;
+use warnings;
+
+use PVE::Tools;
+use PVE::Auth::Plugin;
+use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_write_file 
cfs_lock_file);
+
+use base qw(PVE::Auth::Plugin);
+
+sub type {
+    return 'openid';
+}
+
+sub properties {
+    return {
+       "issuer-url" => {
+           description => "OpenID Issuer Url",
+           type => 'string',
+           maxLength => 256,
+       },
+       "client-id" => {
+            description => "OpenID Client ID",
+            type => 'string',
+           maxLength => 256,
+       },
+       "client-key" => {
+           description => "OpenID Client Key",
+           type => 'string',
+           optional => 1,
+           maxLength => 256,
+       },
+       autocreate => {
+          description => "Automatically create users if they do not exist.",
+          optional => 1,
+          type => 'boolean',
+          default => 0,
+       },
+       "username-claim" => {
+          description => "OpenID claim used to generate the unique username.",
+          type => 'string',
+          enum => ['subject', 'username', 'email'],
+          optional => 1,
+       },
+   };
+}
+
+sub options {
+    return {
+       "issuer-url" => {},
+        "client-id" => {},
+        "client-key" => { optional => 1 },
+        autocreate => { optional => 1 },
+        "username-claim" => { optional => 1, fixed => 1 },
+        default => { optional => 1 },
+        comment => { optional => 1 },
+    };
+}
+
+sub authenticate_user {
+    my ($class, $config, $realm, $username, $password) = @_;
+
+    die "OpenID realm does not allow password verification.\n";
+}
+
+
+1;
-- 
2.30.2


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to