-2011-08-15 Proxmox Support Team <support@proxmox.com>
-
- * PVE/AccessControl.pm (parse_user_config): fix parser for files
- without newline at eof
- (parse_shadow_passwd): fix parser for files without newline at eof
- (parse_domains): fix parser for files without newline at eof
-
-2011-08-01 Proxmox Support Team <support@proxmox.com>
-
- * PVE/AccessControl.pm (lock_*): remove $parent in calls to
- cfs_lock_file()
-
-2011-07-22 Proxmox Support Team <support@proxmox.com>
-
- * PVE/API2/Domains.pm (create): use lower case: s/AD/ad/ and
- s/LDAP/ldap/
-
- * PVE/AccessControl.pm (write_domains): use lc($type)
-
-2011-07-14 Proxmox Support Team <support@proxmox.com>
-
- * control.in (Depends): remove depend on liburi-perl (code moved
- to pve-common)
-
-2011-07-05 Proxmox Support Team <support@proxmox.com>
-
- * PVE/API2/User.pm (create_user): add -enable parameter
-
- * PVE/API2/User.pm (update_user): use -enable instead of
- -lock/-unlock
-
-2011-06-27 Proxmox Support Team <support@proxmox.com>
-
- * PVE/AccessControl.pm (normalize_path): allow '-' in path
-
-2011-05-30 Proxmox Support Team <support@proxmox.com>
-
- * PVE/AccessControl.pm (assemble_csrf_prevention_token): CSRF
- token may not depend on cookie, because cookie can be updated from
- other window.
-
-2011-03-30 Proxmox Support Team <support@proxmox.com>
-
- * PVE/API2/AccessControl.pm (create_ticket): also return user name
-
-2011-03-24 Proxmox Support Team <support@proxmox.com>
-
- * PVE/AccessControl.pm (verify_csrf_prevention_token): add CSRF
- prevention code
-
-2011-03-23 Proxmox Support Team <support@proxmox.com>
-
- * PVE/RPCEnvironment.pm (active_workers): simple log rotation when
- file is bigger that 50KB
-
-2011-03-22 Proxmox Support Team <support@proxmox.com>
-
- * PVE/RPCEnvironment.pm (set_result_count): a way to set the total
- number of results - we use that for the ExtJS paging grid.
-
-2011-03-21 Proxmox Support Team <support@proxmox.com>
-
- * PVE/RPCEnvironment.pm (active_workers): immediately move finished
- task to the index file.
-
-2011-03-17 Proxmox Support Team <support@proxmox.com>
-
- * PVE/RPCEnvironment.pm (active_workers): update/get worker list
-
-2011-03-16 Proxmox Support Team <support@proxmox.com>
-
- * PVE/RPCEnvironment.pm (fork_worker): add code to simulate running
- in foreground (cli).
-
-2011-02-24 Proxmox Support Team <support@proxmox.com>
-
- * PVE/AccessControl.pm (roles): fix group permission propagation
-
- * PVE/API2/ACL.pm: cleanup API - use '-users' and '-gropus'
- instead of '-uglist'
-
-2011-02-23 Proxmox Support Team <support@proxmox.com>
-
- * PVE/API2/AccessControl.pm (create_ticket): moved code from REST.pm
-
-2011-02-22 Proxmox Support Team <support@proxmox.com>
-
- * PVE/AccessControl.pm: make 'domains.cfg' readable by www-data,
- add 'default' attribute.
-
- * PVE/AccessControl.pm: realm is now part of the username.
- Example: 'userid@realm'
- (valid_attributes): add 'domain, port, secure' attributes for AD.
- (parse_domains): add attribute 'secure' (replace LDAPS type),
-
- * PVE/AccessControl.pm (parse_user_config): add firstname/lastname
- and email fields.
-
-2011-02-21 Proxmox Support Team <support@proxmox.com>
-
- * PVE/API2/Group.pm (update_group): implement modgroup (set
- comment)
-
-2011-02-18 Proxmox Support Team <support@proxmox.com>
-
- * PVE/AccessControl.pm (create_roles): try to create a predefined
- set of roles automatically.
-
-2011-02-17 Proxmox Support Team <support@proxmox.com>
-
- * PVE/API2/Domains.pm: new API to for domains.cfg
-
- * PVE/AccessControl.pm (authenticate_user_domain): added a 'domid'
- attribute to users. This references an entry in the domain
- config. This is simpler than the previous domain search
- algorithm.
-
- * PVE/API2/User.pm: save domid, name, comment and expire time for
- user entries.
-
- * PVE/AccessControl.pm (authenticate_user): check for expired
- accounts
-
- * control.in (Depends): depend on liburi-perl (we use URI::Escape
- to encode text in our config files).
-
- * PVE/AccessControl.pm (enable_user, disable_user): removed
- clumsy methods, not needed.
-
-2011-02-16 Proxmox Support Team <support@proxmox.com>
-
- * README (privileges): Changes set of privileges. We try to be as
- simple as possible. We can refinen them in future.
-
- * PVE/ACLCache.pm: deleted - moved code into RPCEnvironment.
-
-2011-02-15 Proxmox Support Team <support@proxmox.com>
-
- * PVE/AccessControl.pm (verify_username): restrict user names to
- 64 charachters. Add new priviledges Sys.PowerOff, Sys.Console and
- Sys.Syslog
-
- * PVE/ACLCache.pm: move code into new file.
-
- * test/perm-test1.pl: modified to use new PVE::ACLCache class.
-
- * PVE/AccessControl.pm: add new class PVE::ACLCache (speed up ACL
- checks)
-
-2011-01-27 Proxmox Support Team <support@proxmox.com>
-
- * pveum (auth): remove auth method - we do not use it any
- longer, comment out ability to pass password via environment
- variable.
-
- * PVE/AccessControl.pm (check_permissions): new helper to check
- permissions.
-
-2011-01-21 root <root@maui.maurer-it.com>
-
- * PVE/AccessControl.pm: register a JSONSchema standard option for
- 'userid'.
-
- * pveum: allow to pass passwords with environment variable
- PVE_PW_TICKET
- * pveum (auth): new method to verify credentials/privileges (used
- by our kvm patches and vncterm)
-
-2011-01-12 root <root@maui.maurer-it.com>
-
- * PVE/AccessControl.pm: use new PVE::Cluster class and read data
- from cluster filesystem (instead of local filesystem).
-
-2011-01-11 root <root@maui.maurer-it.com>
-
- * control.in (Depends): depend on new pve-cluster package
-
- * PVE/AccessControl.pm (read_pubkey, read_privkey): inotify does
- not work on the cluster filesystem, so I removed that code. Also
- moved lock files to /var/lock/pve-manager (cluster filesystem does
- not support locks - we need to do cluster wide locks later)
-
-2010-09-14 Proxmox Support Team <support@proxmox.com>
-
- * PVE/API2/AccessControl.pm: moved from pve-manager
-
- * PVE/: create correct directory hierarchy
-
- * Makefile (install): use 'verifyapi'
-
- * pveum: add verifyapi
-
-2010-08-25 Proxmox Support Team <support@proxmox.com>
-
- * pveum: use new PVE::CLIHandler
-
-2010-08-24 Proxmox Support Team <support@proxmox.com>
-
- * pveum: use new PVE::RPCEnvironment
-
- * *.pm: remove $conn parameter everywhere
-
-2010-08-16 Proxmox Support Team <support@proxmox.com>
-
- * AccessControl.pm (lock_user_config): add call to die, remove
- @param - we do not need that here
- (lock_shadow_config): add call to die, remove @param
-
- * *.pm: remove $resp parameter everywhere.
-
- * AccessControl.pm (verify_username): add test for username
- length (at least 3 characters)
-
-2010-08-13 Proxmox Support Team <support@proxmox.com>
-
- * User.pm: use new 'format' property in schema
-
- * ACL.pm: use new 'format' property in schema, remove redundant
- calls to verify_XXX calls.
-
- * Role.pm: use new 'format' property in schema, remove redundant
- calls to verify_XXX calls.
-
- * Group.pm: use new 'format' property in schema, remove redundant
- calls to verify_XXX calls.
-
- * AccessControl.pm (modify_acl): strict error checking - use 'die'
- instead of 'warn', moved to ACL.pm
- (verify_username): fix serious bug
-
-2010-08-12 Proxmox Support Team <support@proxmox.com>
-
- * Group.pm: use the new RESTHandler for API methods
-
- * Role.pm: use the new RESTHandler for API methods
-
- * AccessControl.pm (add_group): moved to Group.pm
- (delete_group): moved to Group.pm
- (delete_role): moved to Role.pm
- (modify_role): moved to Role.pm
-
- * User.pm: strict error checking - use 'die' instead of 'warn'
-
- * User.pm (delete_user): raise error when user does not exist.
-
- * Group.pm (delete_group): raise error when group does not exist.
-
- * pveum: use the new
- RESTHandler (PVE::API2::User->cli_handler()). That way we have
- automatic command line argument parsing.
-
- * User.pm: use the new RESTHandler for API methods. Those methods
- are automatically exposed with the API Server (pve-manager), and
- we can use them in the command line tools.
-
- * AccessControl.pm (modify_user, delete_user): moved to User.pm
-
-2010-08-10 Proxmox Support Team <support@proxmox.com>
-
- * control.in (Depends): depend on libpve-common-perl
-
- * AccessControl.pm: initialize Crypt::OpenSSL::RSA with
- import_random_seed(), else I get a 'Segmentation fault' when
- creating tickets ("pveum ticket <testuser>").
-
- * AccessControl.pm: Moved utilities to new PVE::Tools
- module (pve-common), use new PVE::INotify to read/write config files.
-
- * AccessControl.pm (parse_domains): ignore case (always convert
- type to lower case), fix bug from Seth and test for 'ldaps'.
- (file_set_contents): use O_WRONLY|O_CREAT instead of 'w' - else
- perm gets ignored.
-
-2010-08-09 Seth Lauzon <seth.lauzon@gmail.com>
-
- * AccessControl.pm (authenticate_user_ldap): changed the bind function
- for LDAP to allow for secure connection
-
-2010-07-21 Seth Lauzon <seth.lauzon@gmail.com>
-
- * AccessControl.pm (parse_domains): require base_dn for LDAP domains
- (valid_attributes): renamed from valid_params to maintain conformity
-
-2010-07-19 Proxmox Support Team <support@proxmox.com>
-
- * AccessControl.pm (authenticate_user_domain): always add timeout
- after failed auth
- (file_set_contents): correctly emit exception if print/close fails
-
-2010-07-19 Seth Lauzon <seth.lauzon@gmail.com>
-
- * AccessControl.pm: fixed timeout for ldap/AD errors and reduced to two seconds
-
- * AccessControl.pm: modified LDAP authentication to a two step bind method
-
-2010-07-16 Proxmox Support Team <support@proxmox.com>
-
- * AccessControl.pm (authenticate_user_domain): catch special
- case ($domain eq '')
- (parse_domains): fix various bugs, allow spaces between domains,
- skip duplicate parameters
-
-2010-07-16 Seth Lauzon <seth.lauzon@gmail.com>
-
- * AccessControl.pm (parse_domains): borrowed code from Storage.pm to make it
- less fragile to syntax errors in the domains.cfg file
-
- * AccessControl.pm: implemented LDAP authentication
-
- * AccessControl.pm: added four second timeout on authentication failure for
- user_authentication_ldap and user_authentication_ad
-
-2010-07-14 Proxmox Support Team <support@proxmox.com>
-
- * AccessControl.pm (ldap_bind): rename to authenticate_user_ad (AD
- only)
- (load_domains_config): return a reference to an array (not the
- array itself)
- (parse_config): return a reference to an array (not the array
- itself)
- (authenticate_user_domain): restructure code - this is no the
- centralized interface for authenticationn
- (authenticate_user_domain): add 'shadow' and 'PAM' default entries
- if there is no configuration for them in domain.cfg
- (authenticate_user_shadow): renamed from authenticate_user_pve
-
- * control.in (Depends): add libnet-ldap-perl
-
-2010-07-14 Seth Lauzon <seth.lauzon@gmail.com>A
-
- * AccessControl.pm: implemented Active Directory authentication
-
-2010-07-09 Seth Lauzon <seth.lauzon@gmail.com>
-
- * AccessControl.pm (modify_acl): check if role exists
-
-2010-07-08 Proxmox Support Team <support@proxmox.com>
-
- * pveum (print_usage): improve usage text.
-
-2010-07-08 Seth Lauzon <seth.lauzon@gmail.com>
-
- * AccessControl.pm: modify/delete ACL functionality
-
- * pveum (aclmod): Add/Modify ACL
- (acldel): Delete ACL
-
-2010-07-07 Proxmox Support Team <support@proxmox.com>
-
- * AccessControl.pm: implemented shadowauthentication (add/modify/delete/verify)
- with file locking (Seth)
- (encrypt_pw): use SHA256 to crypt passwords
- (save_shadow_config): change mode to 0600, store to /etc/pve/auth/shadow.cfg
- (parse_shadow): simplify code - there is no need to trim strings. Instead check for
- correct format.
-
- * test/auth-test.pl: program for testing authentication methods (Seth)
-
- * pveum (read_password): added confirm password
-
-2010-07-05 Proxmox Support Team <support@proxmox.com>
-
- * AccessControl.pm (modify_user): remove call to change_password()
- - not neccessary at all (Seth)
- * AccessControl.pm: cleanup - remove space in function calls(Seth)
-
-2010-07-02 Proxmox Support Team <support@proxmox.com>
-
- * AccessControl.pm (lock_user_config): renamed from lock_config,
- because we will have more then one config file (auth.conf, shadow
- password, ...)
- (modify_user): check for exceptions after lock_user_config()
- (delete_user): check for exceptions after lock_user_config(),
- raise invalid characters exception
- (delete_group): check for exceptions after lock_user_config(),
- raise invalid characters exception
- (modify_role): check for exceptions after lock_user_config()
- (delete_role): check for exceptions after lock_user_config(),
- raise invalid characters exception
- (verify_username): add $noerr parameter, raise exeption if
- user name contain invalid characters and $noerr is not set
- (verify_groupname): add $noerr parameter, raise exeption if
- group name contain invalid characters and $noerr is not set
- (verify_rolename): add $noerr parameter, raise exeption if
- role name contain invalid characters and $noerr is not set
-
-2010-07-01 Proxmox Support Team <support@proxmox.com>
-
- * AccessControl.pm: implemented file locking functionality for all
- processes that make modifications to configuration file (Seth) -
- code for lock_file() was copied from QemuServer.pm.
-
-2010-06-29 Proxmox Support Team <support@proxmox.com>
-
- * pveum: new roleadd/rolemod/roledel (Seth)
-
- * AccessControl.pm (modify_role): create role and modify privileges (Seth)
-
- * AccessControl.pm (delete_role): delete role functionality (Seth)
-
-2010-06-28 Proxmox Support Team <support@proxmox.com>
-
- * pveum: new groupadd/groupdel (patch from Seth)
-
- * AccessControl.pm (add_user): moved functionality to modify_user and
- removed subroutine (Seth)
-
- * pveum: useradd command no longer requires a password and now uses
- modify_user (Seth)
-
-2010-06-25 Proxmox Support Team <support@proxmox.com>
-
- * AccessControl.pm (modify_user): include patch from Seth
-
-2010-06-24 Proxmox Support Team <support@proxmox.com>
-
- * test/perm-test1.pl (check_permission): a first regression test
-
- * test/user.cfg.ex1: add another example - for use by regression
- tests
-
- * test/dump-perm.pl: print permission as nice list, add ability to
- specify usr.cfg file
-
-2010-06-23 Proxmox Support Team <support@proxmox.com>
-
- * pveum: implement some simple functions (add user, create ticket)
-
- * pveum-pl: rename to pveum
-
- * pveum.c: remove suexec code - we will use a daemon instead
-
- * pvesh: removed (dead code)
-
- * test/dump-perm.pl: simple script to dump permissions
-
- * test/: created new directory for test skripts
-
- * test/dump-users.pl: simple script to dump user table
-
-2010-06-22 Proxmox Support Team <support@proxmox.com>
-
- * AccessControl.pm (add_user): Updated "valid_privs" with new
- permissions from readme (Seth)
-
-2010-06-21 Proxmox Support Team <support@proxmox.com>
-
- * copyright: change license to AGPL
-
-2010-03-17 Proxmox Support Team <support@proxmox.com>
-
- * pveum-pl: move all priviledged function to this file.
-
-2009-07-09 Proxmox Support Team <support@proxmox.com>
-
- * pveum: added dummy binary
-
projects / pve-access-control.git / commitdiff