Thomas Lamprecht [Thu, 12 Mar 2020 14:21:55 +0000 (15:21 +0100)]
inotify: fix compatibillity with address + netmask separate passed
fixes commit 78c6656c9aba1d57786f916717c2622a3059fb6 which dropped
writing out the netmask but missed to add compat code for the case
where the caller did not suplly a address in CIDR format already.
Check if an address ends with /\d+, if not see if a netmask is
available and add that similar how it gets handled on read.
If ifupdown2 is installed we really want to have it synced with this
version, also with OVS (ifupdown2 handles that break) - this is part
of the version barrier.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Thu, 20 Feb 2020 15:20:00 +0000 (16:20 +0100)]
add LDAP Wrapper code
This will be used for PMG and PVE LDAP Authentication & Sync.
The code is largely copied/inspired by the already existing LDAP code in
PVEs AccessControl and PMGs LDAPCache
Thomas Lamprecht [Fri, 21 Feb 2020 12:49:18 +0000 (13:49 +0100)]
get_ip_from_hostname: check all address we get from getaddrinfo_all for non-local IP
This was limited without reason to checking only the first IP we get
returned from getaddrinfo_all, but we can have multiple IPs for a
hostname, and possible one of them is local but another not, so check
all and only die if no non-local address at all got found.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Christian Ebner [Thu, 20 Feb 2020 15:33:07 +0000 (16:33 +0100)]
zsh-completion: Add missing flag to compadd
This fixes an issue with zsh completion where certain words were not added to the
list of matches, but incorrectly interpreted as flags or options.
By passing the "--" flag, compadd is notified that all following arguments should
be considered for completion and not interpreted as flags or options for compadd.
Details can be found in the compadd documentation:
http://zsh.sourceforge.net/Doc/Release/Completion-Widgets.html#Completion-Builtin-Commands
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
Signed-off-by: Wolfgang Link <w.link@proxmox.com>
[ Thomas: Add ACME tag and reference GET-as-POST[1] ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 13 Jan 2020 16:25:10 +0000 (17:25 +0100)]
certs: generate_csr: allow to set CN explicit
Else, when used with ACME, the SAN is always sorted so we always get
the Subject Alternative Name sorting alphabetically first, which
doesn't necessarily has to be the "primary" domain. While this is
rather cosmetically (all SANs are equal) it could still result it
flapping CN when SANs and thus possibly the order changes, e.g., in
our CDN mirror pool. It also doesn't costs anything to allow control
over this, so why not..
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
INotify: remove allow-hotplug from /etc/network/interfaces
for user installing proxmox on top of debian,
debian install by default the first nic with allow-hotplug.
This is conflicting with "auto ...", but worst with ovs "allow-ovs ...".
User have reported race with ovs, where ovs vmbr was up before the nic.
https://forum.proxmox.com/threads/no-network-on-server-unless-i-ifdown-ifup-vmbr0.62733/
Dominik Csapak [Tue, 12 Nov 2019 12:56:20 +0000 (13:56 +0100)]
fix Tools::df for big storage usage values
if the size/avail of a mount is bigger than a certain amount,
json_encode writes the number in scientific format, which was not
matched by our \d+ regex.
This then resulted in 'undef' values for the result hash and
subsequently led to errors and warnings.
Extend the regex to also match scientific formatted numbers,
perl can then use them as is, no need for any conversion.
Dominik Csapak [Thu, 3 Oct 2019 11:50:07 +0000 (13:50 +0200)]
JSONSchema: add pve-tag format
this will be used for vm/ct tag-lists, so that (config) management systems
or similar add additional information that does not reside in the
description
putting it here, since we want to eventually have it also for
nodes,storages,etc.
Thomas Lamprecht [Tue, 29 Oct 2019 06:28:52 +0000 (07:28 +0100)]
d/control: record breaks of pve-container (<< 3.0-9)
As we drop the arch translation part used by pve-container packages
in version 3.0-8 or older we need to break them, to avoid broken
newly created containers.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
JSONSchema: add TFA-secret format; support longer secrets
The old format used 16 base32 chars or 40 hex digits. Since they have
a common subset it's hard to distinguish them without the our
previous length constraints, so prefix a 'v2-' of the format to
support arbitrary lengths properly.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
add postinst hook to fix /etc/aliases whitespace error
This was wrongly shipped by our ISO since quite a bit (AFAICT, at
least 4.x), so fix it up in a versioned postinst snippet.
Do so by usind sed with the following pattern:
# sed -E -i -e 's/^www:(\w)/www: \1/' /etc/aliases
proposed by Musee Ullah[0]. It even catches a bit more than exactly
our misstep, may help if one copied this line, or added some other
addresses to this specific aliases entry.
Do this here, in pve-common, as it makes it sligthly simpler to roll
the change out to both, PVE and PMG.
Fabian Ebner [Wed, 28 Aug 2019 09:22:38 +0000 (11:22 +0200)]
Fix 2339: Handle multiple blank lines correctly in SectionConfig
It turns out that the line number counting was also broken (even on
files without multiple blanks), since the body of the while inside
the nextline subroutine would not be executed for a blank.
I guess the subroutine was intended to skip comments and blanks, but
since we use blanks to recognize the end of a section, I changed it
to only skip comments.
and constant AT_EMPTY_PATH for chowning a directory/file opened via
openat(2), for example when walking/creating a directory tree without
following symlinks.
CLIHandler: consider valid prefixes for completion
With the change introduced in 57c0d0c69c687f2dff876aa81369622d0ae0a841
completion of partial commands stopped working (e.g. typing qm res<TAB><TAB>
yields nothing instead of 'reset resize resume rescan')
By returning undef as 'ref' 'print_bash_completion' has no reference of the
available (sub) commands anymore.
By checking if the current argument is a valid prefix of a possible command,
and conditionally not setting the 'ref' hash to undef, the functionality is
restored.