]>
Commit | Line | Data |
---|---|---|
1 | 2011-08-15 Proxmox Support Team <support@proxmox.com> | |
2 | ||
3 | * PVE/AccessControl.pm (parse_user_config): fix parser for files | |
4 | without newline at eof | |
5 | (parse_shadow_passwd): fix parser for files without newline at eof | |
6 | (parse_domains): fix parser for files without newline at eof | |
7 | ||
8 | 2011-08-01 Proxmox Support Team <support@proxmox.com> | |
9 | ||
10 | * PVE/AccessControl.pm (lock_*): remove $parent in calls to | |
11 | cfs_lock_file() | |
12 | ||
13 | 2011-07-22 Proxmox Support Team <support@proxmox.com> | |
14 | ||
15 | * PVE/API2/Domains.pm (create): use lower case: s/AD/ad/ and | |
16 | s/LDAP/ldap/ | |
17 | ||
18 | * PVE/AccessControl.pm (write_domains): use lc($type) | |
19 | ||
20 | 2011-07-14 Proxmox Support Team <support@proxmox.com> | |
21 | ||
22 | * control.in (Depends): remove depend on liburi-perl (code moved | |
23 | to pve-common) | |
24 | ||
25 | 2011-07-05 Proxmox Support Team <support@proxmox.com> | |
26 | ||
27 | * PVE/API2/User.pm (create_user): add -enable parameter | |
28 | ||
29 | * PVE/API2/User.pm (update_user): use -enable instead of | |
30 | -lock/-unlock | |
31 | ||
32 | 2011-06-27 Proxmox Support Team <support@proxmox.com> | |
33 | ||
34 | * PVE/AccessControl.pm (normalize_path): allow '-' in path | |
35 | ||
36 | 2011-05-30 Proxmox Support Team <support@proxmox.com> | |
37 | ||
38 | * PVE/AccessControl.pm (assemble_csrf_prevention_token): CSRF | |
39 | token may not depend on cookie, because cookie can be updated from | |
40 | other window. | |
41 | ||
42 | 2011-03-30 Proxmox Support Team <support@proxmox.com> | |
43 | ||
44 | * PVE/API2/AccessControl.pm (create_ticket): also return user name | |
45 | ||
46 | 2011-03-24 Proxmox Support Team <support@proxmox.com> | |
47 | ||
48 | * PVE/AccessControl.pm (verify_csrf_prevention_token): add CSRF | |
49 | prevention code | |
50 | ||
51 | 2011-03-23 Proxmox Support Team <support@proxmox.com> | |
52 | ||
53 | * PVE/RPCEnvironment.pm (active_workers): simple log rotation when | |
54 | file is bigger that 50KB | |
55 | ||
56 | 2011-03-22 Proxmox Support Team <support@proxmox.com> | |
57 | ||
58 | * PVE/RPCEnvironment.pm (set_result_count): a way to set the total | |
59 | number of results - we use that for the ExtJS paging grid. | |
60 | ||
61 | 2011-03-21 Proxmox Support Team <support@proxmox.com> | |
62 | ||
63 | * PVE/RPCEnvironment.pm (active_workers): immediately move finished | |
64 | task to the index file. | |
65 | ||
66 | 2011-03-17 Proxmox Support Team <support@proxmox.com> | |
67 | ||
68 | * PVE/RPCEnvironment.pm (active_workers): update/get worker list | |
69 | ||
70 | 2011-03-16 Proxmox Support Team <support@proxmox.com> | |
71 | ||
72 | * PVE/RPCEnvironment.pm (fork_worker): add code to simulate running | |
73 | in foreground (cli). | |
74 | ||
75 | 2011-02-24 Proxmox Support Team <support@proxmox.com> | |
76 | ||
77 | * PVE/AccessControl.pm (roles): fix group permission propagation | |
78 | ||
79 | * PVE/API2/ACL.pm: cleanup API - use '-users' and '-gropus' | |
80 | instead of '-uglist' | |
81 | ||
82 | 2011-02-23 Proxmox Support Team <support@proxmox.com> | |
83 | ||
84 | * PVE/API2/AccessControl.pm (create_ticket): moved code from REST.pm | |
85 | ||
86 | 2011-02-22 Proxmox Support Team <support@proxmox.com> | |
87 | ||
88 | * PVE/AccessControl.pm: make 'domains.cfg' readable by www-data, | |
89 | add 'default' attribute. | |
90 | ||
91 | * PVE/AccessControl.pm: realm is now part of the username. | |
92 | Example: 'userid@realm' | |
93 | (valid_attributes): add 'domain, port, secure' attributes for AD. | |
94 | (parse_domains): add attribute 'secure' (replace LDAPS type), | |
95 | ||
96 | * PVE/AccessControl.pm (parse_user_config): add firstname/lastname | |
97 | and email fields. | |
98 | ||
99 | 2011-02-21 Proxmox Support Team <support@proxmox.com> | |
100 | ||
101 | * PVE/API2/Group.pm (update_group): implement modgroup (set | |
102 | comment) | |
103 | ||
104 | 2011-02-18 Proxmox Support Team <support@proxmox.com> | |
105 | ||
106 | * PVE/AccessControl.pm (create_roles): try to create a predefined | |
107 | set of roles automatically. | |
108 | ||
109 | 2011-02-17 Proxmox Support Team <support@proxmox.com> | |
110 | ||
111 | * PVE/API2/Domains.pm: new API to for domains.cfg | |
112 | ||
113 | * PVE/AccessControl.pm (authenticate_user_domain): added a 'domid' | |
114 | attribute to users. This references an entry in the domain | |
115 | config. This is simpler than the previous domain search | |
116 | algorithm. | |
117 | ||
118 | * PVE/API2/User.pm: save domid, name, comment and expire time for | |
119 | user entries. | |
120 | ||
121 | * PVE/AccessControl.pm (authenticate_user): check for expired | |
122 | accounts | |
123 | ||
124 | * control.in (Depends): depend on liburi-perl (we use URI::Escape | |
125 | to encode text in our config files). | |
126 | ||
127 | * PVE/AccessControl.pm (enable_user, disable_user): removed | |
128 | clumsy methods, not needed. | |
129 | ||
130 | 2011-02-16 Proxmox Support Team <support@proxmox.com> | |
131 | ||
132 | * README (privileges): Changes set of privileges. We try to be as | |
133 | simple as possible. We can refinen them in future. | |
134 | ||
135 | * PVE/ACLCache.pm: deleted - moved code into RPCEnvironment. | |
136 | ||
137 | 2011-02-15 Proxmox Support Team <support@proxmox.com> | |
138 | ||
139 | * PVE/AccessControl.pm (verify_username): restrict user names to | |
140 | 64 charachters. Add new priviledges Sys.PowerOff, Sys.Console and | |
141 | Sys.Syslog | |
142 | ||
143 | * PVE/ACLCache.pm: move code into new file. | |
144 | ||
145 | * test/perm-test1.pl: modified to use new PVE::ACLCache class. | |
146 | ||
147 | * PVE/AccessControl.pm: add new class PVE::ACLCache (speed up ACL | |
148 | checks) | |
149 | ||
150 | 2011-01-27 Proxmox Support Team <support@proxmox.com> | |
151 | ||
152 | * pveum (auth): remove auth method - we do not use it any | |
153 | longer, comment out ability to pass password via environment | |
154 | variable. | |
155 | ||
156 | * PVE/AccessControl.pm (check_permissions): new helper to check | |
157 | permissions. | |
158 | ||
159 | 2011-01-21 root <root@maui.maurer-it.com> | |
160 | ||
161 | * PVE/AccessControl.pm: register a JSONSchema standard option for | |
162 | 'userid'. | |
163 | ||
164 | * pveum: allow to pass passwords with environment variable | |
165 | PVE_PW_TICKET | |
166 | * pveum (auth): new method to verify credentials/privileges (used | |
167 | by our kvm patches and vncterm) | |
168 | ||
169 | 2011-01-12 root <root@maui.maurer-it.com> | |
170 | ||
171 | * PVE/AccessControl.pm: use new PVE::Cluster class and read data | |
172 | from cluster filesystem (instead of local filesystem). | |
173 | ||
174 | 2011-01-11 root <root@maui.maurer-it.com> | |
175 | ||
176 | * control.in (Depends): depend on new pve-cluster package | |
177 | ||
178 | * PVE/AccessControl.pm (read_pubkey, read_privkey): inotify does | |
179 | not work on the cluster filesystem, so I removed that code. Also | |
180 | moved lock files to /var/lock/pve-manager (cluster filesystem does | |
181 | not support locks - we need to do cluster wide locks later) | |
182 | ||
183 | 2010-09-14 Proxmox Support Team <support@proxmox.com> | |
184 | ||
185 | * PVE/API2/AccessControl.pm: moved from pve-manager | |
186 | ||
187 | * PVE/: create correct directory hierarchy | |
188 | ||
189 | * Makefile (install): use 'verifyapi' | |
190 | ||
191 | * pveum: add verifyapi | |
192 | ||
193 | 2010-08-25 Proxmox Support Team <support@proxmox.com> | |
194 | ||
195 | * pveum: use new PVE::CLIHandler | |
196 | ||
197 | 2010-08-24 Proxmox Support Team <support@proxmox.com> | |
198 | ||
199 | * pveum: use new PVE::RPCEnvironment | |
200 | ||
201 | * *.pm: remove $conn parameter everywhere | |
202 | ||
203 | 2010-08-16 Proxmox Support Team <support@proxmox.com> | |
204 | ||
205 | * AccessControl.pm (lock_user_config): add call to die, remove | |
206 | @param - we do not need that here | |
207 | (lock_shadow_config): add call to die, remove @param | |
208 | ||
209 | * *.pm: remove $resp parameter everywhere. | |
210 | ||
211 | * AccessControl.pm (verify_username): add test for username | |
212 | length (at least 3 characters) | |
213 | ||
214 | 2010-08-13 Proxmox Support Team <support@proxmox.com> | |
215 | ||
216 | * User.pm: use new 'format' property in schema | |
217 | ||
218 | * ACL.pm: use new 'format' property in schema, remove redundant | |
219 | calls to verify_XXX calls. | |
220 | ||
221 | * Role.pm: use new 'format' property in schema, remove redundant | |
222 | calls to verify_XXX calls. | |
223 | ||
224 | * Group.pm: use new 'format' property in schema, remove redundant | |
225 | calls to verify_XXX calls. | |
226 | ||
227 | * AccessControl.pm (modify_acl): strict error checking - use 'die' | |
228 | instead of 'warn', moved to ACL.pm | |
229 | (verify_username): fix serious bug | |
230 | ||
231 | 2010-08-12 Proxmox Support Team <support@proxmox.com> | |
232 | ||
233 | * Group.pm: use the new RESTHandler for API methods | |
234 | ||
235 | * Role.pm: use the new RESTHandler for API methods | |
236 | ||
237 | * AccessControl.pm (add_group): moved to Group.pm | |
238 | (delete_group): moved to Group.pm | |
239 | (delete_role): moved to Role.pm | |
240 | (modify_role): moved to Role.pm | |
241 | ||
242 | * User.pm: strict error checking - use 'die' instead of 'warn' | |
243 | ||
244 | * User.pm (delete_user): raise error when user does not exist. | |
245 | ||
246 | * Group.pm (delete_group): raise error when group does not exist. | |
247 | ||
248 | * pveum: use the new | |
249 | RESTHandler (PVE::API2::User->cli_handler()). That way we have | |
250 | automatic command line argument parsing. | |
251 | ||
252 | * User.pm: use the new RESTHandler for API methods. Those methods | |
253 | are automatically exposed with the API Server (pve-manager), and | |
254 | we can use them in the command line tools. | |
255 | ||
256 | * AccessControl.pm (modify_user, delete_user): moved to User.pm | |
257 | ||
258 | 2010-08-10 Proxmox Support Team <support@proxmox.com> | |
259 | ||
260 | * control.in (Depends): depend on libpve-common-perl | |
261 | ||
262 | * AccessControl.pm: initialize Crypt::OpenSSL::RSA with | |
263 | import_random_seed(), else I get a 'Segmentation fault' when | |
264 | creating tickets ("pveum ticket <testuser>"). | |
265 | ||
266 | * AccessControl.pm: Moved utilities to new PVE::Tools | |
267 | module (pve-common), use new PVE::INotify to read/write config files. | |
268 | ||
269 | * AccessControl.pm (parse_domains): ignore case (always convert | |
270 | type to lower case), fix bug from Seth and test for 'ldaps'. | |
271 | (file_set_contents): use O_WRONLY|O_CREAT instead of 'w' - else | |
272 | perm gets ignored. | |
273 | ||
274 | 2010-08-09 Seth Lauzon <seth.lauzon@gmail.com> | |
275 | ||
276 | * AccessControl.pm (authenticate_user_ldap): changed the bind function | |
277 | for LDAP to allow for secure connection | |
278 | ||
279 | 2010-07-21 Seth Lauzon <seth.lauzon@gmail.com> | |
280 | ||
281 | * AccessControl.pm (parse_domains): require base_dn for LDAP domains | |
282 | (valid_attributes): renamed from valid_params to maintain conformity | |
283 | ||
284 | 2010-07-19 Proxmox Support Team <support@proxmox.com> | |
285 | ||
286 | * AccessControl.pm (authenticate_user_domain): always add timeout | |
287 | after failed auth | |
288 | (file_set_contents): correctly emit exception if print/close fails | |
289 | ||
290 | 2010-07-19 Seth Lauzon <seth.lauzon@gmail.com> | |
291 | ||
292 | * AccessControl.pm: fixed timeout for ldap/AD errors and reduced to two seconds | |
293 | ||
294 | * AccessControl.pm: modified LDAP authentication to a two step bind method | |
295 | ||
296 | 2010-07-16 Proxmox Support Team <support@proxmox.com> | |
297 | ||
298 | * AccessControl.pm (authenticate_user_domain): catch special | |
299 | case ($domain eq '') | |
300 | (parse_domains): fix various bugs, allow spaces between domains, | |
301 | skip duplicate parameters | |
302 | ||
303 | 2010-07-16 Seth Lauzon <seth.lauzon@gmail.com> | |
304 | ||
305 | * AccessControl.pm (parse_domains): borrowed code from Storage.pm to make it | |
306 | less fragile to syntax errors in the domains.cfg file | |
307 | ||
308 | * AccessControl.pm: implemented LDAP authentication | |
309 | ||
310 | * AccessControl.pm: added four second timeout on authentication failure for | |
311 | user_authentication_ldap and user_authentication_ad | |
312 | ||
313 | 2010-07-14 Proxmox Support Team <support@proxmox.com> | |
314 | ||
315 | * AccessControl.pm (ldap_bind): rename to authenticate_user_ad (AD | |
316 | only) | |
317 | (load_domains_config): return a reference to an array (not the | |
318 | array itself) | |
319 | (parse_config): return a reference to an array (not the array | |
320 | itself) | |
321 | (authenticate_user_domain): restructure code - this is no the | |
322 | centralized interface for authenticationn | |
323 | (authenticate_user_domain): add 'shadow' and 'PAM' default entries | |
324 | if there is no configuration for them in domain.cfg | |
325 | (authenticate_user_shadow): renamed from authenticate_user_pve | |
326 | ||
327 | * control.in (Depends): add libnet-ldap-perl | |
328 | ||
329 | 2010-07-14 Seth Lauzon <seth.lauzon@gmail.com>A | |
330 | ||
331 | * AccessControl.pm: implemented Active Directory authentication | |
332 | ||
333 | 2010-07-09 Seth Lauzon <seth.lauzon@gmail.com> | |
334 | ||
335 | * AccessControl.pm (modify_acl): check if role exists | |
336 | ||
337 | 2010-07-08 Proxmox Support Team <support@proxmox.com> | |
338 | ||
339 | * pveum (print_usage): improve usage text. | |
340 | ||
341 | 2010-07-08 Seth Lauzon <seth.lauzon@gmail.com> | |
342 | ||
343 | * AccessControl.pm: modify/delete ACL functionality | |
344 | ||
345 | * pveum (aclmod): Add/Modify ACL | |
346 | (acldel): Delete ACL | |
347 | ||
348 | 2010-07-07 Proxmox Support Team <support@proxmox.com> | |
349 | ||
350 | * AccessControl.pm: implemented shadowauthentication (add/modify/delete/verify) | |
351 | with file locking (Seth) | |
352 | (encrypt_pw): use SHA256 to crypt passwords | |
353 | (save_shadow_config): change mode to 0600, store to /etc/pve/auth/shadow.cfg | |
354 | (parse_shadow): simplify code - there is no need to trim strings. Instead check for | |
355 | correct format. | |
356 | ||
357 | * test/auth-test.pl: program for testing authentication methods (Seth) | |
358 | ||
359 | * pveum (read_password): added confirm password | |
360 | ||
361 | 2010-07-05 Proxmox Support Team <support@proxmox.com> | |
362 | ||
363 | * AccessControl.pm (modify_user): remove call to change_password() | |
364 | - not neccessary at all (Seth) | |
365 | * AccessControl.pm: cleanup - remove space in function calls(Seth) | |
366 | ||
367 | 2010-07-02 Proxmox Support Team <support@proxmox.com> | |
368 | ||
369 | * AccessControl.pm (lock_user_config): renamed from lock_config, | |
370 | because we will have more then one config file (auth.conf, shadow | |
371 | password, ...) | |
372 | (modify_user): check for exceptions after lock_user_config() | |
373 | (delete_user): check for exceptions after lock_user_config(), | |
374 | raise invalid characters exception | |
375 | (delete_group): check for exceptions after lock_user_config(), | |
376 | raise invalid characters exception | |
377 | (modify_role): check for exceptions after lock_user_config() | |
378 | (delete_role): check for exceptions after lock_user_config(), | |
379 | raise invalid characters exception | |
380 | (verify_username): add $noerr parameter, raise exeption if | |
381 | user name contain invalid characters and $noerr is not set | |
382 | (verify_groupname): add $noerr parameter, raise exeption if | |
383 | group name contain invalid characters and $noerr is not set | |
384 | (verify_rolename): add $noerr parameter, raise exeption if | |
385 | role name contain invalid characters and $noerr is not set | |
386 | ||
387 | 2010-07-01 Proxmox Support Team <support@proxmox.com> | |
388 | ||
389 | * AccessControl.pm: implemented file locking functionality for all | |
390 | processes that make modifications to configuration file (Seth) - | |
391 | code for lock_file() was copied from QemuServer.pm. | |
392 | ||
393 | 2010-06-29 Proxmox Support Team <support@proxmox.com> | |
394 | ||
395 | * pveum: new roleadd/rolemod/roledel (Seth) | |
396 | ||
397 | * AccessControl.pm (modify_role): create role and modify privileges (Seth) | |
398 | ||
399 | * AccessControl.pm (delete_role): delete role functionality (Seth) | |
400 | ||
401 | 2010-06-28 Proxmox Support Team <support@proxmox.com> | |
402 | ||
403 | * pveum: new groupadd/groupdel (patch from Seth) | |
404 | ||
405 | * AccessControl.pm (add_user): moved functionality to modify_user and | |
406 | removed subroutine (Seth) | |
407 | ||
408 | * pveum: useradd command no longer requires a password and now uses | |
409 | modify_user (Seth) | |
410 | ||
411 | 2010-06-25 Proxmox Support Team <support@proxmox.com> | |
412 | ||
413 | * AccessControl.pm (modify_user): include patch from Seth | |
414 | ||
415 | 2010-06-24 Proxmox Support Team <support@proxmox.com> | |
416 | ||
417 | * test/perm-test1.pl (check_permission): a first regression test | |
418 | ||
419 | * test/user.cfg.ex1: add another example - for use by regression | |
420 | tests | |
421 | ||
422 | * test/dump-perm.pl: print permission as nice list, add ability to | |
423 | specify usr.cfg file | |
424 | ||
425 | 2010-06-23 Proxmox Support Team <support@proxmox.com> | |
426 | ||
427 | * pveum: implement some simple functions (add user, create ticket) | |
428 | ||
429 | * pveum-pl: rename to pveum | |
430 | ||
431 | * pveum.c: remove suexec code - we will use a daemon instead | |
432 | ||
433 | * pvesh: removed (dead code) | |
434 | ||
435 | * test/dump-perm.pl: simple script to dump permissions | |
436 | ||
437 | * test/: created new directory for test skripts | |
438 | ||
439 | * test/dump-users.pl: simple script to dump user table | |
440 | ||
441 | 2010-06-22 Proxmox Support Team <support@proxmox.com> | |
442 | ||
443 | * AccessControl.pm (add_user): Updated "valid_privs" with new | |
444 | permissions from readme (Seth) | |
445 | ||
446 | 2010-06-21 Proxmox Support Team <support@proxmox.com> | |
447 | ||
448 | * copyright: change license to AGPL | |
449 | ||
450 | 2010-03-17 Proxmox Support Team <support@proxmox.com> | |
451 | ||
452 | * pveum-pl: move all priviledged function to this file. | |
453 | ||
454 | 2009-07-09 Proxmox Support Team <support@proxmox.com> | |
455 | ||
456 | * pveum: added dummy binary | |
457 |