Proxmox/pve-common
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-common.git synced 2025-03-08 08:58:43 +03:00
Code Releases Activity

JSONSchema: add TFA-secret format; support longer secrets

Browse Source 
The old format used 16 base32 chars or 40 hex digits. Since they have
a common subset it's hard to distinguish them without the our
previous length constraints, so prefix a 'v2-' of the format to
support arbitrary lengths properly.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2019-10-28 12:20:40 +01:00 committed by Thomas Lamprecht
parent 4074d3722c
commit 6e2343254e
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/PVE/JSONSchema.pm
View File

@ -530,6 +530,25 @@ PVE::JSONSchema::register_standard_option('pve-startup-order', {
typetext => '[[order=]\d+] [,up=\d+] [,down=\d+] ',
});
register_format('pve-tfa-secret', \&pve_verify_tfa_secret);
sub pve_verify_tfa_secret {
my ($key, $noerr) = @_;
# The old format used 16 base32 chars or 40 hex digits. Since they have a common subset it's
# hard to distinguish them without the our previous length constraints, so add a 'v2' of the
# format to support arbitrary lengths properly:
if ($key =~ /^v2-0x[0-9a-fA-F]{16,128}$/ || # hex
$key =~ /^v2-[A-Z2-7=]{16,128}$/ || # base32
$key =~ /^(?:[A-Z2-7=]{16}|[A-Fa-f0-9]{40})$/) # and the old pattern copy&pasted
{
return $key;
}
return undef if $noerr;
die "unable to decode TFA secret\n";
}
sub check_format {
my ($format, $value, $path) = @_;