]> git.proxmox.com Git - pve-access-control.git/log
pve-access-control.git
5 years agouse a property string for tfa config
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:56 +0000 (12:21 +0200)]
use a property string for tfa config

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
5 years agou2f authentication
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:55 +0000 (12:21 +0200)]
u2f authentication

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
5 years agodelete TFA entries when deleting a user
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:54 +0000 (12:21 +0200)]
delete TFA entries when deleting a user

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
5 years agou2f api endpoints
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:53 +0000 (12:21 +0200)]
u2f api endpoints

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
5 years agodepend on libpve-u2f-server-perl
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:52 +0000 (12:21 +0200)]
depend on libpve-u2f-server-perl

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
5 years agomore general 2FA configuration via priv/tfa.cfg
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:51 +0000 (12:21 +0200)]
more general 2FA configuration via priv/tfa.cfg

Adds a priv/tfa.cfg file usable in place of user.cfg.
(Otherwise the user.cfg can potentially grow too big with
u2f keys.)

Also contains some preparation code for u2f and
user-opt-in totp.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
5 years agobuildsys: cleanup and add target to build DSC
Thomas Lamprecht [Tue, 2 Apr 2019 09:36:13 +0000 (11:36 +0200)]
buildsys: cleanup and add target to build DSC

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 years agobump version to 5.1-5
Thomas Lamprecht [Mon, 18 Mar 2019 09:43:25 +0000 (10:43 +0100)]
bump version to 5.1-5

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 years agofix vnc ticket verification without authkey lifetime
Dominik Csapak [Mon, 18 Mar 2019 09:39:56 +0000 (10:39 +0100)]
fix vnc ticket verification without authkey lifetime

since $authkey_lifetime is currently set to 0, we have to check this,
else we always fail to verify the VNC ticket

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
5 years agobump version to 5.1-4
Thomas Lamprecht [Mon, 18 Mar 2019 08:35:09 +0000 (09:35 +0100)]
bump version to 5.1-4

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 years agod/control: bump version dependency to pve-cluster
Thomas Lamprecht [Thu, 14 Mar 2019 10:17:34 +0000 (11:17 +0100)]
d/control: bump version dependency to pve-cluster

to ensure that cfs_lock_authkey is available

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 years agofixup: touch date format does not understands abbreviations
Thomas Lamprecht [Thu, 14 Mar 2019 10:14:52 +0000 (11:14 +0100)]
fixup: touch date format does not understands abbreviations

this did not worked as touch did not worked with the abbreviated 'h'
for 'hour' or 'hours'

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 years agoadd postinst script
Fabian Grünbichler [Wed, 13 Mar 2019 14:01:31 +0000 (15:01 +0100)]
add postinst script

to reset auth key age until the first rotation has happened, otherwise
all currently existing tickets get invalidated immediately once the
rotation code gets enabled.

disabled until first PVE 6.0 package release

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
5 years agofixup call to cfs_lock_authkey
Thomas Lamprecht [Thu, 14 Mar 2019 10:13:07 +0000 (11:13 +0100)]
fixup call to cfs_lock_authkey

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 years agofix #2079: add periodic auth key rotation
Fabian Grünbichler [Wed, 13 Mar 2019 14:01:30 +0000 (15:01 +0100)]
fix #2079: add periodic auth key rotation

and modify checks to accept still valid tickets generated using the
previous auth key.

the slightly complicated caching mechanism is needed for reading the key and
its modification timestamp in one go while only reading and parsing it again if
it has changed.

the +- 300 seconds fuzzing is kept for slightly out-of-sync clusters, since the
time encoded in the tickets is the result of time() on whichever node the
ticket API call got forwarded to.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
5 years agod/control: bump version dependency to pve-doc-generator
Thomas Lamprecht [Fri, 22 Feb 2019 12:31:32 +0000 (13:31 +0100)]
d/control: bump version dependency to pve-doc-generator

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 years ago1891 Add zsh command completion for pveum
Christian Ebner [Thu, 21 Feb 2019 13:25:03 +0000 (14:25 +0100)]
1891 Add zsh command completion for pveum

This generates the zsh command completion scripts for pveum.

Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
5 years agoAdd missing Build-Depends
Rhonda D'Vine [Fri, 14 Dec 2018 14:59:07 +0000 (15:59 +0100)]
Add missing Build-Depends

Also adjust debhelper dependency according to debian/compat content.

Signed-off-by: Rhonda D'Vine <rhonda@proxmox.com>
5 years agobump version to 5.1-3
Thomas Lamprecht [Thu, 29 Nov 2018 12:00:18 +0000 (13:00 +0100)]
bump version to 5.1-3

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 years agoapi/ticket: move getting cluster name into an eval
Thomas Lamprecht [Mon, 26 Nov 2018 13:54:02 +0000 (14:54 +0100)]
api/ticket: move getting cluster name into an eval

to avoid a failed login if a broken corosync config is setup

Reviewed-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 years agobump version to 5.1-2
Thomas Lamprecht [Fri, 23 Nov 2018 13:24:52 +0000 (14:24 +0100)]
bump version to 5.1-2

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 years agofix #1998: correct return properties for read_role
Dominik Csapak [Fri, 23 Nov 2018 13:11:51 +0000 (14:11 +0100)]
fix #1998: correct return properties for read_role

we have each privilege as property of the return object,
so we generate it from $valid_privs

this has the advantage that all privileges are well documented
with that api call

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
6 years agobump version to 5.1-1
Thomas Lamprecht [Thu, 15 Nov 2018 09:36:16 +0000 (10:36 +0100)]
bump version to 5.1-1

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 years agofix #233: return cluster name on successful login
Thomas Lamprecht [Mon, 12 Nov 2018 16:50:14 +0000 (17:50 +0100)]
fix #233: return cluster name on successful login

If a cluster is configured then return the cluster name on successful
login - if the user has Sys.Audit privileges on the '/' path (same
as for returning cluster info, like the join info path uses)

This is more for the reason that some admins do not want to expose
this to lesser privileged (API) users. While yes, you can
theoretically launch a (DDOS resembling) attack which stresses the
corosync network if you know the cluster_name (it's still encrypted
but you can back-calculate the multicast group membership info) you
need to be able to send multicast traffic on the corosync LAN -
which can be seen as a pretty big privilege anyway.

But, for now reduce permissions - we can more easily loosen them than
tighten without causing issues anyway.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 years agoRevert "Add title and print_width fields to properties"
Dietmar Maurer [Fri, 3 Aug 2018 08:45:13 +0000 (10:45 +0200)]
Revert "Add title and print_width fields to properties"

This reverts commit bcf4eb3d4960aa2b3d1e63c482fc35b83bab2c0a.
I think those titles does not add any value.

6 years agoAdd title and print_width fields to properties
Stoiko Ivanov [Thu, 21 Jun 2018 12:31:46 +0000 (14:31 +0200)]
Add title and print_width fields to properties

Used for printing in pveum

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
6 years agorefactor API using get/register_standard_option
Stoiko Ivanov [Thu, 21 Jun 2018 12:31:45 +0000 (14:31 +0200)]
refactor API using get/register_standard_option

Pull out duplicated property definitions in the API into
register_standard_option/get_standard_option calls.
(All parameters, which are thus added to the API calls were optional).

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
6 years agoPVE::AccessControl: register userid with completion
Stoiko Ivanov [Thu, 21 Jun 2018 12:31:44 +0000 (14:31 +0200)]
PVE::AccessControl: register userid with completion

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
6 years agofix PVE::AccessControl::role_is_special
Stoiko Ivanov [Thu, 21 Jun 2018 14:18:32 +0000 (16:18 +0200)]
fix PVE::AccessControl::role_is_special

PVE::AccessControl::role_is_special now returns 0 instead of '' for false
(Schemavalidation did complain about '')

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
6 years agod/control: update pve-common version dependency
Thomas Lamprecht [Wed, 27 Jun 2018 11:30:00 +0000 (13:30 +0200)]
d/control: update pve-common version dependency

as we use the new param_mapping functionallity from PVE::CLIHandler

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 years agoreplace read_password with param_mapping
Dominik Csapak [Fri, 15 Jun 2018 13:28:47 +0000 (15:28 +0200)]
replace read_password with param_mapping

use the get_standar_mapping 'pve-password'
then we can get rid of the Term::ReadLine dependency

we use this change to only ask for the password once on
'pveum ticket'

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
6 years agofix typo in change_passsword
Dominik Csapak [Tue, 12 Jun 2018 13:06:48 +0000 (15:06 +0200)]
fix typo in change_passsword

s/passsword/password/

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 years agopveum: introduce sub-commands
Philip Abernethy [Mon, 9 Oct 2017 12:35:09 +0000 (14:35 +0200)]
pveum: introduce sub-commands

use a sub-command structure instead of abbreviated words, where useful.
Keep old commands as aliases.

Signed-off-by: Philip Abernethy <p.abernethy@proxmox.com>
Co-authored-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 years agobump version to 5.0-8
Wolfgang Bumiller [Thu, 18 Jan 2018 12:39:48 +0000 (13:39 +0100)]
bump version to 5.0-8

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
6 years agocompute_api_permissions: a storage has also permissions
Thomas Lamprecht [Mon, 15 Jan 2018 10:15:54 +0000 (11:15 +0100)]
compute_api_permissions: a storage has also permissions

Fixes a problem where a non root@pam system administrator does not
sees the 'Permissions' tab for a storage in our WebUI.

Fixes commit a2c18811d33d7e09765a7b0f09bba47bc9523822

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 years agofix #1612: give authenticate_user_ldap the realm on second server
Dominik Csapak [Thu, 11 Jan 2018 08:49:31 +0000 (09:49 +0100)]
fix #1612: give authenticate_user_ldap the realm on second server

this was missing and lead to 'use of unitialized value $realm...'
and a not working second server if a bindpw was defined

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 years agoproperly register pve-poolid format
Philip Abernethy [Tue, 10 Oct 2017 13:44:18 +0000 (15:44 +0200)]
properly register pve-poolid format

was erroneously registered as verify_groupname, overriding the previous
registration

7 years agobump version to 5.0-7
Fabian Grünbichler [Thu, 5 Oct 2017 09:28:36 +0000 (11:28 +0200)]
bump version to 5.0-7

7 years agobuild: reformat debian/control
Fabian Grünbichler [Wed, 4 Oct 2017 09:05:33 +0000 (11:05 +0200)]
build: reformat debian/control

using wrap-and-sort -abt

7 years agoVM.Snapshot.Rollback privilege added
Matthias Urban [Wed, 13 Sep 2017 10:30:36 +0000 (12:30 +0200)]
VM.Snapshot.Rollback privilege added

VM.Snapshot.Rollback privilege added

Signed-off-by: Matthias Urban <matthias.urban@pure-systems.com>
7 years agostyle fix
Wolfgang Bumiller [Fri, 22 Sep 2017 06:53:30 +0000 (08:53 +0200)]
style fix

7 years agoapi: check for special roles before locking the usercfg
Wolfgang Bumiller [Fri, 22 Sep 2017 06:52:31 +0000 (08:52 +0200)]
api: check for special roles before locking the usercfg

7 years agoWhitespace fixes
Philip Abernethy [Thu, 21 Sep 2017 09:09:16 +0000 (11:09 +0200)]
Whitespace fixes

Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 years agoRemove unused Dumper uses
Philip Abernethy [Thu, 21 Sep 2017 09:09:15 +0000 (11:09 +0200)]
Remove unused Dumper uses

Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 years agofix #1501: pveum: die when deleting special role
Philip Abernethy [Thu, 21 Sep 2017 09:09:14 +0000 (11:09 +0200)]
fix #1501: pveum: die when deleting special role

Die with a helpful error message instead of silently ignoring the user
when trying to delete a special role.
Also add a property to the API answer for possible later use by the
WebUI.

Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 years agofix another typo
Wolfgang Bumiller [Thu, 21 Sep 2017 08:19:27 +0000 (10:19 +0200)]
fix another typo

7 years agoapi: fix typo in 'GET ticket' description
Thomas Lamprecht [Thu, 21 Sep 2017 06:44:17 +0000 (08:44 +0200)]
api: fix typo in 'GET ticket' description

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 years agoAPI/ticket: rework coarse grained permission computation
Thomas Lamprecht [Thu, 14 Sep 2017 13:17:09 +0000 (15:17 +0200)]
API/ticket: rework coarse grained permission computation

We accessed methods from PVE::Storage here but did not define a
"use PVE::Storage". This thus only worked if modules if the
PVE::Storage module got pulled in by something else, by luck.
Simply including said use statement is not an option because
pve-storage is already dependent from pve-access-control, and we want
to avoid cyclic dependencies, especially on the perl module level.

The reason the offending module was used in the first place here
stems from the way how this coarse grained permissions are
calculated.
We check all permission object paths for privileges for an user.
So we got all vmids and all storage ids and computed paths from them.
This works, but is overkill and led to this "illegal" module use.

Instead I opt to not generating all possible paths, but just check
the ones configured plus a small required static set of top level
paths - this allows to generalize handling of the special root@pam
and "normal" users.

It has to be noted that this method is in general just intended for a
coarse capability check to allow hiding a few UI elements which are
not generated by backend calls (which are already permission aware).
The real checks get done by each backend call, automatically for
simple ones and semi-automatically for complex ones.

7 years agobump version to 5.0-6
Wolfgang Bumiller [Tue, 8 Aug 2017 09:57:34 +0000 (11:57 +0200)]
bump version to 5.0-6

7 years agofix trailing whitespace
Dominik Csapak [Tue, 8 Aug 2017 09:10:15 +0000 (11:10 +0200)]
fix trailing whitespace

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
7 years agofix #1470: ad: server and client certificate support
Dominik Csapak [Tue, 8 Aug 2017 09:10:14 +0000 (11:10 +0200)]
fix #1470: ad: server and client certificate support

as with ldap we now accept
the verify, capath, cert and certkey parameters for active directory

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
7 years agoldap: server and client certificate support
Wolfgang Bumiller [Tue, 8 Aug 2017 09:10:13 +0000 (11:10 +0200)]
ldap: server and client certificate support

This adds 4 more options to the ldap authentication method:

verify: boolean
  If enabled, the server certificate must be valid

capath: path to a file or directory
  The CA to use to verify the server certificate. Used only
  if 'verify' is true.

cert: path to a certificate
  Used as client certificate when connecting to a server,
  provided 'secure' is true. Requires 'certkey' to be set.

certkey: path to the certificate's key
  Required only used when 'cert' is used.

7 years agobump version to 5.0-5
Dietmar Maurer [Thu, 22 Jun 2017 07:13:00 +0000 (09:13 +0200)]
bump version to 5.0-5

In order to test new package built with dpkg-buildpackage.

7 years agobuild: remove fakeroot from dpkg-buildpackage
Fabian Grünbichler [Mon, 12 Jun 2017 08:08:46 +0000 (10:08 +0200)]
build: remove fakeroot from dpkg-buildpackage

7 years agobuild: add substitution variable
Fabian Grünbichler [Mon, 12 Jun 2017 08:07:25 +0000 (10:07 +0200)]
build: add substitution variable

7 years agobuild: reformat b-d and depends
Fabian Grünbichler [Mon, 12 Jun 2017 08:05:09 +0000 (10:05 +0200)]
build: reformat b-d and depends

7 years agobuild: make control static
Fabian Grünbichler [Mon, 12 Jun 2017 08:02:22 +0000 (10:02 +0200)]
build: make control static

7 years agochange from dpkg-deb to dpkg-buildpackage
Thomas Lamprecht [Fri, 9 Jun 2017 15:44:29 +0000 (17:44 +0200)]
change from dpkg-deb to dpkg-buildpackage

add debian directory and move the respective files there and add
missing (rules, compat).

Add a Source section to the control.in file.

Move the verify_api check to the new "test" target, which gets
executed before the dh_auto_install target.

Cleanup the "clean" target.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 years agobump version to 5.0-4
Dietmar Maurer [Tue, 2 May 2017 09:58:54 +0000 (11:58 +0200)]
bump version to 5.0-4

7 years agoPVE/CLI/pveum.pm: call setup_default_cli_env()
Dietmar Maurer [Tue, 2 May 2017 08:39:22 +0000 (10:39 +0200)]
PVE/CLI/pveum.pm: call setup_default_cli_env()

7 years agoPVE/Auth/PVE.pm: encode uft8 password before calling crypt
Dietmar Maurer [Tue, 2 May 2017 08:37:20 +0000 (10:37 +0200)]
PVE/Auth/PVE.pm: encode uft8 password before calling crypt

7 years agocheck_api2_permissions: avoid warning about uninitialized value
Dietmar Maurer [Fri, 31 Mar 2017 15:05:52 +0000 (17:05 +0200)]
check_api2_permissions: avoid warning about uninitialized value

7 years agouse new PVE::Tools::encrypt_pw, bump version to 5.0-3
Dietmar Maurer [Thu, 30 Mar 2017 15:54:38 +0000 (17:54 +0200)]
use new PVE::Tools::encrypt_pw, bump version to 5.0-3

7 years agouse new PVE::OTP class from pve-common
Dietmar Maurer [Thu, 30 Mar 2017 15:44:54 +0000 (17:44 +0200)]
use new PVE::OTP class from pve-common

7 years agobump version to 5.0-2
Dietmar Maurer [Thu, 30 Mar 2017 06:54:30 +0000 (08:54 +0200)]
bump version to 5.0-2

7 years agoencrypt_pw: avoid '+' for crypt salt
Dietmar Maurer [Thu, 30 Mar 2017 06:53:12 +0000 (08:53 +0200)]
encrypt_pw: avoid '+' for crypt salt

And make salt less predictable.

7 years agobump release to 5.0
Fabian Grünbichler [Mon, 6 Mar 2017 12:42:40 +0000 (13:42 +0100)]
bump release to 5.0

7 years agobuildsys: update make upload target for stretch
Fabian Grünbichler [Mon, 13 Mar 2017 10:25:23 +0000 (11:25 +0100)]
buildsys: update make upload target for stretch

7 years agobuildsys: use fakeroot for dpkg-deb
Wolfgang Bumiller [Mon, 6 Feb 2017 10:47:37 +0000 (11:47 +0100)]
buildsys: use fakeroot for dpkg-deb

7 years agobuildsys: use gzip -n to disable timestamps
Wolfgang Bumiller [Mon, 6 Feb 2017 10:47:18 +0000 (11:47 +0100)]
buildsys: use gzip -n to disable timestamps

7 years agobuildsys: make job safety
Wolfgang Bumiller [Mon, 6 Feb 2017 10:46:12 +0000 (11:46 +0100)]
buildsys: make job safety

7 years agobump version to 4.0-23
Dietmar Maurer [Thu, 19 Jan 2017 12:42:26 +0000 (13:42 +0100)]
bump version to 4.0-23

7 years agoremove old test.pl code (does not work anyways).
Dietmar Maurer [Thu, 19 Jan 2017 12:41:12 +0000 (13:41 +0100)]
remove old test.pl code (does not work anyways).

7 years agouse new PVE::Ticket class
Dietmar Maurer [Thu, 19 Jan 2017 12:40:25 +0000 (13:40 +0100)]
use new PVE::Ticket class

7 years agobump version to 4.0-22
Dietmar Maurer [Thu, 19 Jan 2017 08:12:34 +0000 (09:12 +0100)]
bump version to 4.0-22

7 years agoRPCEnvironment: removed check_volume_access() to avoid cyclic dependency
Dietmar Maurer [Wed, 18 Jan 2017 16:35:50 +0000 (17:35 +0100)]
RPCEnvironment: removed check_volume_access() to avoid cyclic dependency

moved to PVE::Storage

7 years agoPVE::PCEnvironment: use new PVE::RESTEnvironment as base class
Dietmar Maurer [Wed, 18 Jan 2017 12:25:51 +0000 (13:25 +0100)]
PVE::PCEnvironment: use new PVE::RESTEnvironment as base class

7 years agobump versuion to 4.0-21
Dietmar Maurer [Thu, 12 Jan 2017 12:56:28 +0000 (13:56 +0100)]
bump versuion to 4.0-21

7 years agosetup_default_cli_env: expect $class as first parameter
Dietmar Maurer [Thu, 12 Jan 2017 12:53:18 +0000 (13:53 +0100)]
setup_default_cli_env: expect $class as first parameter

7 years agobump version to 4.0-20
Dietmar Maurer [Wed, 11 Jan 2017 11:41:16 +0000 (12:41 +0100)]
bump version to 4.0-20

7 years agoPVE/RPCEnvironment.pm: new function setup_default_cli_env
Dietmar Maurer [Wed, 11 Jan 2017 11:12:11 +0000 (12:12 +0100)]
PVE/RPCEnvironment.pm: new function setup_default_cli_env

Convenience function for command line tools.

7 years agoPVE/API2/Domains.pm: fix property description
Dietmar Maurer [Wed, 11 Jan 2017 11:11:01 +0000 (12:11 +0100)]
PVE/API2/Domains.pm: fix property description

8 years agouse new repoman for upload target
Dietmar Maurer [Fri, 5 Aug 2016 11:10:17 +0000 (13:10 +0200)]
use new repoman for upload target

8 years agobump version to 4.0-19
Dietmar Maurer [Fri, 5 Aug 2016 11:09:27 +0000 (13:09 +0200)]
bump version to 4.0-19

8 years agoClose #833: ldap: non-anonymous bind support
Wolfgang Bumiller [Mon, 25 Jul 2016 13:56:03 +0000 (15:56 +0200)]
Close #833: ldap: non-anonymous bind support

The password will be read from /etc/pve/priv/ldap/$realm.pw

8 years agodon't import 'RFC' from MIME::Base32
Wolfgang Bumiller [Mon, 25 Jul 2016 06:33:29 +0000 (08:33 +0200)]
don't import 'RFC' from MIME::Base32

call encode_rfc3548 explicitly instead as newer versions of
the base32 package will drop this import scheme (stretch)

8 years agobump version to 4.0-18
Wolfgang Bumiller [Thu, 21 Jul 2016 06:44:25 +0000 (08:44 +0200)]
bump version to 4.0-18

8 years agofix #1062: use correct length for base32 keys
Dominik Csapak [Wed, 20 Jul 2016 11:31:33 +0000 (13:31 +0200)]
fix #1062: use correct length for base32 keys

we wrongly assumed the keys to be 32 chars long,
instead of 16

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
8 years agobump version to 4.0-17
Wolfgang Bumiller [Mon, 11 Jul 2016 10:04:39 +0000 (12:04 +0200)]
bump version to 4.0-17

8 years agodrop oathtool dependency
Wolfgang Bumiller [Fri, 1 Jul 2016 08:15:28 +0000 (10:15 +0200)]
drop oathtool dependency

Generate hotp/totp in perl directly, also support keys in
hex notation (this is how eg. the
yubikey-personalization-gui displays them, but without the
whitespaces).

8 years agodrop libdigest-hmac-perl dependency
Wolfgang Bumiller [Fri, 1 Jul 2016 08:15:27 +0000 (10:15 +0200)]
drop libdigest-hmac-perl dependency

Its functionality is provided by perl core's Digest::SHA
module now.

8 years agoremove unused inline docs
Dietmar Maurer [Fri, 8 Apr 2016 05:08:23 +0000 (07:08 +0200)]
remove unused inline docs

8 years agouse pve-doc-generator, bump version to 4.0-16
Dietmar Maurer [Fri, 8 Apr 2016 05:06:27 +0000 (07:06 +0200)]
use pve-doc-generator, bump version to 4.0-16

8 years agobump version to 4.0-15
Dietmar Maurer [Fri, 1 Apr 2016 05:11:24 +0000 (07:11 +0200)]
bump version to 4.0-15

8 years agoFix uninitialized warning
Fabian Grünbichler [Wed, 30 Mar 2016 10:09:12 +0000 (12:09 +0200)]
Fix uninitialized warning

when shadow.cfg does not exist, parsing should return an
empty hash instead of displaying a warning

8 years agobump version to 4.0-14
Dietmar Maurer [Tue, 15 Mar 2016 15:47:51 +0000 (16:47 +0100)]
bump version to 4.0-14

8 years agoAdd is_worker to RPCEnvironment
Fabian Grünbichler [Tue, 15 Mar 2016 12:58:44 +0000 (13:58 +0100)]
Add is_worker to RPCEnvironment

after forking the actual worker process, the child/worker
sets a flag that can be checked later on by methods called
in the worker.

used in the ZFS storage plugins in pve-storage to decide on
a short or long default timeout for ZFS operations.

8 years agobump version to 4.0-13
Dietmar Maurer [Mon, 14 Mar 2016 10:39:43 +0000 (11:39 +0100)]
bump version to 4.0-13

8 years agofix typos and grammar
Fabian Grünbichler [Mon, 14 Mar 2016 10:25:03 +0000 (11:25 +0100)]
fix typos and grammar

8 years agofix #916: allow HTTPS to access custom yubico url
Fabian Grünbichler [Mon, 14 Mar 2016 10:25:02 +0000 (11:25 +0100)]
fix #916: allow HTTPS to access custom yubico url

remove the limit to HTTP only, since it would only apply for
custom yubico validation server urls anyway.