partially fix #2825: authkey: rotate if it was generated in the future Can happen if the RTC is in the future during installation and first boot, when during key generation the clock is in the future and then, after the key was already generated, jumps back in time. Allow a fuzz of $auth_graceperiod, which is currently 5 minutes, as that fuzz allows some minor, not really problematic, time sync disparity in clusters. If an old authkey exists, meaning we rotated at least once, check it's time too. Only rotate if it'd not be valid for any tickets in the cluster anymore, i.e., if it difference between the current key is > $ticket_lifetime (2 hours).. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
do not modify ACLs/Groups for missing users instead of dropping ACLs and group membership for missing users, simply warn and leave it in the config for users that get removed via the api this happens explicitely this is to prevent that a 'faulty' ldapsync removes users temporarily and with it all acls that the admin created we still have a 'purge' flag for the sync where ACLs get removed explicitly for users removed from ldap also adapt the tests Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
user.cfg: skip inexisting roles when parsing ACLs we do the same for missing users, groups and tokens, and just like groups, roles with an empty privilege set are explicitly allowed so pre-generating placeholders is possible. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
API token: add REs, helpers, parsing + writing token definitions/references in user.cfg always use the full form of the token id, consisting of: USER@REALM!TOKENID token definitions are represented by their own lines prefixed with 'token', which need to come after the corresponding user definition, but before any ACLs referencing them. parsed representation in a user config hash is inside a new 'tokens' element of the corresponding user object, using the unique-per-user token id as key. only token metadata is stored inside user.cfg / accessible via the parsed user config hash. the actual token values will be stored root-readable only in a separate (shadow) file. 'comment' and 'expire' have the same semantics as for users. 'privsep' determines whether an API token gets the full privileges of the corresponding user, or just the intersection of privileges of the corresponding user and those of the API token itself. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
rpcenv: drop unused roles() it was useful for test-cases to verify the behaviour when pools where introduced, but it is not used anywhere else in the code base and those tests can also just check on permission-level. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>