pve-access-control.git
11 days agorefactor acl transformation code master
Fabian Grünbichler [Thu, 21 Nov 2019 14:43:25 +0000 (15:43 +0100)]
refactor acl transformation code

pull it into helper sub, since we need this one more time for token ACL
members.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
11 days agoauth: pull username REs into variables
Fabian Grünbichler [Thu, 21 Nov 2019 14:43:24 +0000 (15:43 +0100)]
auth: pull username REs into variables

for reusage in API token ID format/verification

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
11 days agorpcenv: drop unused roles()
Fabian Grünbichler [Thu, 21 Nov 2019 14:43:23 +0000 (15:43 +0100)]
rpcenv: drop unused roles()

it was useful for test-cases to verify the behaviour when pools where
introduced, but it is not used anywhere else in the code base and those
tests can also just check on permission-level.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
6 weeks agogrammar fix: s/does not exists/does not exist/g
Thomas Lamprecht [Fri, 13 Dec 2019 11:01:22 +0000 (12:01 +0100)]
grammar fix: s/does not exists/does not exist/g

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
8 weeks agobump version to 6.0-5
Thomas Lamprecht [Tue, 26 Nov 2019 16:56:42 +0000 (17:56 +0100)]
bump version to 6.0-5

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
8 weeks agoadd SDN.Allocate && SDN.Audit privileges
Alexandre Derumier [Tue, 26 Nov 2019 09:01:09 +0000 (10:01 +0100)]
add SDN.Allocate && SDN.Audit privileges

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2 months agoaccess-control: remove check_permissions/permission
Fabian Grünbichler [Thu, 21 Nov 2019 14:43:22 +0000 (15:43 +0100)]
access-control: remove check_permissions/permission

they have been handled by PVE::RPCEnvironment for quite some time
already, and the versions there are the complete ones that should be
actually used.

manager switched over their last use not long ago, in 6.0-9, so
record a Breaks to that version.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agopveum: add list commands
Fabian Grünbichler [Thu, 21 Nov 2019 14:43:21 +0000 (15:43 +0100)]
pveum: add list commands

we already have the API paths, and they make sense to get an overview
over user.cfg contents.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agouser.cfg: sort group and pool members, role privs
Fabian Grünbichler [Thu, 21 Nov 2019 14:43:20 +0000 (15:43 +0100)]
user.cfg: sort group and pool members, role privs

makes no functional difference, but keeps the output/written config more
stable.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agouser.cfg: ensure propagate flag is 1/0 when parsing
Fabian Grünbichler [Thu, 21 Nov 2019 14:43:19 +0000 (15:43 +0100)]
user.cfg: ensure propagate flag is 1/0 when parsing

otherwise this might end up as (arbitrary) string somewhere..

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agobump version to 6.0-4
Fabian Grünbichler [Mon, 11 Nov 2019 10:28:11 +0000 (11:28 +0100)]
bump version to 6.0-4

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agod/control: (build-)depend on libpve-cluster-perl
Fabian Grünbichler [Mon, 11 Nov 2019 10:28:10 +0000 (11:28 +0100)]
d/control: (build-)depend on libpve-cluster-perl

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agouse already parsed u2f property string
Fabian Grünbichler [Mon, 11 Nov 2019 10:28:09 +0000 (11:28 +0100)]
use already parsed u2f property string

since libpve-cluster-perl 6.0-8 this happens automatically when parsing
the datacenter.cfg, just like the other property strings stored there.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agouse PVE::DataCenterConfig
Fabian Grünbichler [Mon, 11 Nov 2019 10:28:08 +0000 (11:28 +0100)]
use PVE::DataCenterConfig

since we read datacenter.cfg, and parse the u2f property string using a
format defined in PVE::DataCenterConfig.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agoAPI: fix calls to raise_param_exc
Fabian Grünbichler [Thu, 14 Nov 2019 10:00:59 +0000 (11:00 +0100)]
API: fix calls to raise_param_exc

the parameter needs to be a hash reference, not a hash.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agod/control: correctly set Architecture field
Fabian Grünbichler [Wed, 6 Nov 2019 12:36:31 +0000 (13:36 +0100)]
d/control: correctly set Architecture field

this packge only contains perl modules and scripts, shell completions
and documentation - no architecture-specific stuff whatsoever.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agoticket: use clinfo to get cluster name
Fabian Grünbichler [Wed, 6 Nov 2019 12:36:28 +0000 (13:36 +0100)]
ticket: use clinfo to get cluster name

instead of parsing corosync.conf, and avoid coupling the access-control
API with PVE::Corosync. if corosync.conf and pmxcfs don't agree on how
the cluster is called, there is a bigger issue anyway..

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agopveum: don't unconditionally create auth key
Fabian Grünbichler [Wed, 6 Nov 2019 12:36:27 +0000 (13:36 +0100)]
pveum: don't unconditionally create auth key

anything that uses it should already generate it anyway.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agopveum: cleanup outdated use statements
Fabian Grünbichler [Wed, 6 Nov 2019 12:36:26 +0000 (13:36 +0100)]
pveum: cleanup outdated use statements

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agod/control: remove outdated dependencies
Fabian Grünbichler [Wed, 6 Nov 2019 12:36:25 +0000 (13:36 +0100)]
d/control: remove outdated dependencies

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agobuild: leave man page compression to dh_docs
Fabian Grünbichler [Wed, 6 Nov 2019 12:36:24 +0000 (13:36 +0100)]
build: leave man page compression to dh_docs

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agobuild: use dh_missing
Fabian Grünbichler [Wed, 6 Nov 2019 12:36:23 +0000 (13:36 +0100)]
build: use dh_missing

to fail the build if files are installed, but not shipped in any
package.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agobuild: bump compat to 10
Fabian Grünbichler [Wed, 6 Nov 2019 12:36:22 +0000 (13:36 +0100)]
build: bump compat to 10

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2 months agoldaps: support TLS 1.3 as SSL version
Thomas Lamprecht [Wed, 6 Nov 2019 19:23:21 +0000 (20:23 +0100)]
ldaps: support TLS 1.3 as SSL version

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agoldap auth: add sslversion option
Alexandre Derumier [Mon, 4 Nov 2019 09:18:05 +0000 (10:18 +0100)]
ldap auth: add sslversion option

default to tls1.2

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2 months agobump version to 6.0-3
Thomas Lamprecht [Tue, 29 Oct 2019 07:55:09 +0000 (08:55 +0100)]
bump version to 6.0-3

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agod/control: bump versioned dependency on pve-common
Thomas Lamprecht [Tue, 29 Oct 2019 07:25:29 +0000 (08:25 +0100)]
d/control: bump versioned dependency on pve-common

to ensure the new 'pve-tfa-secret' format is available

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agoapi: tfa: use the new 'pve-tfa-secret' format
Wolfgang Bumiller [Mon, 28 Oct 2019 11:20:39 +0000 (12:20 +0100)]
api: tfa: use the new 'pve-tfa-secret' format

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
3 months agouser.cfg: sort ACL members
Fabian Grünbichler [Thu, 17 Oct 2019 13:13:58 +0000 (15:13 +0200)]
user.cfg: sort ACL members

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
3 months agouser.cfg: sort entries alphabetically in each section
Fabian Grünbichler [Thu, 17 Oct 2019 13:13:57 +0000 (15:13 +0200)]
user.cfg: sort entries alphabetically in each section

it's not required for dependencies (since those are only ever between
sections, and not within), but makes for easier diffing.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
3 months agoadd missing 'use PVE::Auth::Plugin'
Fabian Grünbichler [Thu, 17 Oct 2019 13:13:56 +0000 (15:13 +0200)]
add missing 'use PVE::Auth::Plugin'

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
3 months agoparse_user_cfg: correctly parse group names in ACLs
Fabian Grünbichler [Thu, 3 Oct 2019 08:33:28 +0000 (10:33 +0200)]
parse_user_cfg: correctly parse group names in ACLs

usernames are allowed to start with '@', so adding a user '@test@pve'
and adding it to an ACL should work, instead of ignoring that part of
the ACL entry.

So use verify_groupname to additionally enforce that the group name we
extracted does not include an additional @, as then it cannot be a
group.

note: there is no potential for user and group to be confused, since a
username must end with '@REALM', and a group reference in an ACL can
only contain one '@' (as first character).

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
6 months agobump version to 6.0-2
Thomas Lamprecht [Wed, 26 Jun 2019 18:25:06 +0000 (20:25 +0200)]
bump version to 6.0-2

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 months agoimprove CSRF compat with older PVE
Thomas Lamprecht [Wed, 26 Jun 2019 17:34:13 +0000 (19:34 +0200)]
improve CSRF compat with older PVE

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 months agobump version to 6.0-1
Thomas Lamprecht [Mon, 24 Jun 2019 16:17:21 +0000 (18:17 +0200)]
bump version to 6.0-1

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 months agouse hmac_sha256 instead of sha1 for csrf token
Oguz Bektas [Wed, 19 Jun 2019 07:39:33 +0000 (09:39 +0200)]
use hmac_sha256 instead of sha1 for csrf token

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
7 months agoticket: add comments about auth key mtime
Fabian Grünbichler [Wed, 19 Jun 2019 09:46:19 +0000 (11:46 +0200)]
ticket: add comments about auth key mtime

we cannot fully close this window, and don't need to anyway since we
apply +-300s when calculating ticket age ranges, but documenting where
mtime is used and what we expect seems like a good idea for future
readers.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
7 months agoticket: reorder calls when rotating
Fabian Grünbichler [Wed, 19 Jun 2019 09:46:18 +0000 (11:46 +0200)]
ticket: reorder calls when rotating

to shrink the window between the two file_set_contents calls. we don't
need the mtimes to line up exactly since we have 300s of uncertainty
anyway, but generating an RSA key could take a while ;)

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
7 months agoticket: properly verify exactly 5min old tickets
Fabian Grünbichler [Wed, 19 Jun 2019 09:46:17 +0000 (11:46 +0200)]
ticket: properly verify exactly 5min old tickets

to fix an issue where valid tickets could be rejected 5 minutes after a
key rotation, where the minimum age is exactly 0 seconds.

thanks Dominik for triaging!

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
8 months agobuildsys: switch upload dist over to buster
Thomas Lamprecht [Tue, 21 May 2019 16:52:09 +0000 (18:52 +0200)]
buildsys: switch upload dist over to buster

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
8 months agobump version to 6.0-0+1
Thomas Lamprecht [Tue, 21 May 2019 16:51:40 +0000 (18:51 +0200)]
bump version to 6.0-0+1

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
8 months agofix #2079: activate authkey rotation every 24 hours
Thomas Lamprecht [Tue, 21 May 2019 19:29:59 +0000 (21:29 +0200)]
fix #2079: activate authkey rotation every 24 hours

This activates the authkey rotation added in commits
1800a71a79c7cf49108e22781d2f34be87b1efd through
f7282aee6b2ae36b7cfc2331e33e49a818b914fd

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
8 months agobuildsys: use dpkg-dev makefile helpers for pkg info
Thomas Lamprecht [Tue, 21 May 2019 16:50:10 +0000 (18:50 +0200)]
buildsys: use dpkg-dev makefile helpers for pkg info

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
8 months agobump version to 5.1-10
Thomas Lamprecht [Wed, 15 May 2019 14:22:30 +0000 (16:22 +0200)]
bump version to 5.1-10

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
8 months agoadd /access/user/{id}/tfa api call to get tfa types
Dominik Csapak [Fri, 3 May 2019 07:45:51 +0000 (09:45 +0200)]
add /access/user/{id}/tfa api call to get tfa types

this api call will be used to display the right kind of tfa for the gui

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
8 months agobump version to 5.1-9
Thomas Lamprecht [Tue, 30 Apr 2019 14:02:41 +0000 (14:02 +0000)]
bump version to 5.1-9

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
9 months agotfa: realm required TFA should lock out users without TFA
Wolfgang Bumiller [Thu, 18 Apr 2019 08:24:48 +0000 (10:24 +0200)]
tfa: realm required TFA should lock out users without TFA

This changed with the previous TFA changes.

In the long term, the plan is to let the user get into the
half-logged-in state and open the TFA configuration window
on the UI to allow them to finish their TFA setup, but for
now we restore the previous behavior.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
9 months agotypo fixup
Wolfgang Bumiller [Mon, 15 Apr 2019 07:08:24 +0000 (09:08 +0200)]
typo fixup

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
9 months agostore the tfa type in user.cfg
Wolfgang Bumiller [Thu, 11 Apr 2019 09:31:58 +0000 (11:31 +0200)]
store the tfa type in user.cfg

This allows some improvements to the user experience on the
web ui.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
9 months agobump version to 5.1-8
Thomas Lamprecht [Tue, 9 Apr 2019 10:48:53 +0000 (12:48 +0200)]
bump version to 5.1-8

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
9 months agod/control: bump version dependency to libpve-u2f-server-perl
Thomas Lamprecht [Tue, 9 Apr 2019 10:46:22 +0000 (12:46 +0200)]
d/control: bump version dependency to libpve-u2f-server-perl

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
9 months agou2f: new perl bindings encode public key for us
Thomas Lamprecht [Tue, 9 Apr 2019 10:44:23 +0000 (12:44 +0200)]
u2f: new perl bindings encode public key for us

as it was binary data, which can contain everything, including '\0',
and this was cut off, making it impossible to login after
registration, as a borked publicKey got saved in tfa.cfg

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
9 months agobump version to 5.1-7
Thomas Lamprecht [Mon, 8 Apr 2019 14:56:41 +0000 (16:56 +0200)]
bump version to 5.1-7

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
9 months agoverify_ticket: allow general non-challenge tfa to be run as two step call
Wolfgang Bumiller [Mon, 8 Apr 2019 11:58:27 +0000 (13:58 +0200)]
verify_ticket: allow general non-challenge tfa to be run as two step call

This allows for doing OTP TFA in two steps, first login with normal
credentials and get the half-logged-in ticket, then send the OTP
verification for full login, same as with u2f was already possible.

This allows for a nicer UI, as OTP fields can be shown on demand, and
do not need to be visible by default.

The old way of sending the OTP code immediately with the initial
credentials request still works for backward compatibility and as
some API user may prefer it.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
9 months agobump version to 5.1-6
Thomas Lamprecht [Wed, 3 Apr 2019 11:41:20 +0000 (13:41 +0200)]
bump version to 5.1-6

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
9 months agod/control: bump version dependency for pve-cluster
Thomas Lamprecht [Wed, 3 Apr 2019 11:37:57 +0000 (13:37 +0200)]
d/control: bump version dependency for pve-cluster

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
9 months agofollowup: s/CUSTOM_TFA_TYPES/USER_CONTROLLED_TFA_TYPES/
Thomas Lamprecht [Wed, 3 Apr 2019 11:34:23 +0000 (13:34 +0200)]
followup: s/CUSTOM_TFA_TYPES/USER_CONTROLLED_TFA_TYPES/

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
9 months agoallow users to change their totp settings
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:57 +0000 (12:21 +0200)]
allow users to change their totp settings

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
9 months agouse a property string for tfa config
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:56 +0000 (12:21 +0200)]
use a property string for tfa config

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
9 months agou2f authentication
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:55 +0000 (12:21 +0200)]
u2f authentication

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
9 months agodelete TFA entries when deleting a user
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:54 +0000 (12:21 +0200)]
delete TFA entries when deleting a user

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
9 months agou2f api endpoints
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:53 +0000 (12:21 +0200)]
u2f api endpoints

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
9 months agodepend on libpve-u2f-server-perl
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:52 +0000 (12:21 +0200)]
depend on libpve-u2f-server-perl

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
9 months agomore general 2FA configuration via priv/tfa.cfg
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:51 +0000 (12:21 +0200)]
more general 2FA configuration via priv/tfa.cfg

Adds a priv/tfa.cfg file usable in place of user.cfg.
(Otherwise the user.cfg can potentially grow too big with
u2f keys.)

Also contains some preparation code for u2f and
user-opt-in totp.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
9 months agobuildsys: cleanup and add target to build DSC
Thomas Lamprecht [Tue, 2 Apr 2019 09:36:13 +0000 (11:36 +0200)]
buildsys: cleanup and add target to build DSC

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
10 months agobump version to 5.1-5
Thomas Lamprecht [Mon, 18 Mar 2019 09:43:25 +0000 (10:43 +0100)]
bump version to 5.1-5

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
10 months agofix vnc ticket verification without authkey lifetime
Dominik Csapak [Mon, 18 Mar 2019 09:39:56 +0000 (10:39 +0100)]
fix vnc ticket verification without authkey lifetime

since $authkey_lifetime is currently set to 0, we have to check this,
else we always fail to verify the VNC ticket

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
10 months agobump version to 5.1-4
Thomas Lamprecht [Mon, 18 Mar 2019 08:35:09 +0000 (09:35 +0100)]
bump version to 5.1-4

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
10 months agod/control: bump version dependency to pve-cluster
Thomas Lamprecht [Thu, 14 Mar 2019 10:17:34 +0000 (11:17 +0100)]
d/control: bump version dependency to pve-cluster

to ensure that cfs_lock_authkey is available

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
10 months agofixup: touch date format does not understands abbreviations
Thomas Lamprecht [Thu, 14 Mar 2019 10:14:52 +0000 (11:14 +0100)]
fixup: touch date format does not understands abbreviations

this did not worked as touch did not worked with the abbreviated 'h'
for 'hour' or 'hours'

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
10 months agoadd postinst script
Fabian Grünbichler [Wed, 13 Mar 2019 14:01:31 +0000 (15:01 +0100)]
add postinst script

to reset auth key age until the first rotation has happened, otherwise
all currently existing tickets get invalidated immediately once the
rotation code gets enabled.

disabled until first PVE 6.0 package release

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
10 months agofixup call to cfs_lock_authkey
Thomas Lamprecht [Thu, 14 Mar 2019 10:13:07 +0000 (11:13 +0100)]
fixup call to cfs_lock_authkey

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
10 months agofix #2079: add periodic auth key rotation
Fabian Grünbichler [Wed, 13 Mar 2019 14:01:30 +0000 (15:01 +0100)]
fix #2079: add periodic auth key rotation

and modify checks to accept still valid tickets generated using the
previous auth key.

the slightly complicated caching mechanism is needed for reading the key and
its modification timestamp in one go while only reading and parsing it again if
it has changed.

the +- 300 seconds fuzzing is kept for slightly out-of-sync clusters, since the
time encoded in the tickets is the result of time() on whichever node the
ticket API call got forwarded to.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
11 months agod/control: bump version dependency to pve-doc-generator
Thomas Lamprecht [Fri, 22 Feb 2019 12:31:32 +0000 (13:31 +0100)]
d/control: bump version dependency to pve-doc-generator

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
11 months ago1891 Add zsh command completion for pveum
Christian Ebner [Thu, 21 Feb 2019 13:25:03 +0000 (14:25 +0100)]
1891 Add zsh command completion for pveum

This generates the zsh command completion scripts for pveum.

Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
13 months agoAdd missing Build-Depends
Rhonda D'Vine [Fri, 14 Dec 2018 14:59:07 +0000 (15:59 +0100)]
Add missing Build-Depends

Also adjust debhelper dependency according to debian/compat content.

Signed-off-by: Rhonda D'Vine <rhonda@proxmox.com>
13 months agobump version to 5.1-3
Thomas Lamprecht [Thu, 29 Nov 2018 12:00:18 +0000 (13:00 +0100)]
bump version to 5.1-3

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
13 months agoapi/ticket: move getting cluster name into an eval
Thomas Lamprecht [Mon, 26 Nov 2018 13:54:02 +0000 (14:54 +0100)]
api/ticket: move getting cluster name into an eval

to avoid a failed login if a broken corosync config is setup

Reviewed-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
14 months agobump version to 5.1-2
Thomas Lamprecht [Fri, 23 Nov 2018 13:24:52 +0000 (14:24 +0100)]
bump version to 5.1-2

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
14 months agofix #1998: correct return properties for read_role
Dominik Csapak [Fri, 23 Nov 2018 13:11:51 +0000 (14:11 +0100)]
fix #1998: correct return properties for read_role

we have each privilege as property of the return object,
so we generate it from $valid_privs

this has the advantage that all privileges are well documented
with that api call

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
14 months agobump version to 5.1-1
Thomas Lamprecht [Thu, 15 Nov 2018 09:36:16 +0000 (10:36 +0100)]
bump version to 5.1-1

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
14 months agofix #233: return cluster name on successful login
Thomas Lamprecht [Mon, 12 Nov 2018 16:50:14 +0000 (17:50 +0100)]
fix #233: return cluster name on successful login

If a cluster is configured then return the cluster name on successful
login - if the user has Sys.Audit privileges on the '/' path (same
as for returning cluster info, like the join info path uses)

This is more for the reason that some admins do not want to expose
this to lesser privileged (API) users. While yes, you can
theoretically launch a (DDOS resembling) attack which stresses the
corosync network if you know the cluster_name (it's still encrypted
but you can back-calculate the multicast group membership info) you
need to be able to send multicast traffic on the corosync LAN -
which can be seen as a pretty big privilege anyway.

But, for now reduce permissions - we can more easily loosen them than
tighten without causing issues anyway.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
17 months agoRevert "Add title and print_width fields to properties"
Dietmar Maurer [Fri, 3 Aug 2018 08:45:13 +0000 (10:45 +0200)]
Revert "Add title and print_width fields to properties"

This reverts commit bcf4eb3d4960aa2b3d1e63c482fc35b83bab2c0a.
I think those titles does not add any value.

18 months agoAdd title and print_width fields to properties
Stoiko Ivanov [Thu, 21 Jun 2018 12:31:46 +0000 (14:31 +0200)]
Add title and print_width fields to properties

Used for printing in pveum

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
18 months agorefactor API using get/register_standard_option
Stoiko Ivanov [Thu, 21 Jun 2018 12:31:45 +0000 (14:31 +0200)]
refactor API using get/register_standard_option

Pull out duplicated property definitions in the API into
register_standard_option/get_standard_option calls.
(All parameters, which are thus added to the API calls were optional).

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
18 months agoPVE::AccessControl: register userid with completion
Stoiko Ivanov [Thu, 21 Jun 2018 12:31:44 +0000 (14:31 +0200)]
PVE::AccessControl: register userid with completion

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
18 months agofix PVE::AccessControl::role_is_special
Stoiko Ivanov [Thu, 21 Jun 2018 14:18:32 +0000 (16:18 +0200)]
fix PVE::AccessControl::role_is_special

PVE::AccessControl::role_is_special now returns 0 instead of '' for false
(Schemavalidation did complain about '')

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
18 months agod/control: update pve-common version dependency
Thomas Lamprecht [Wed, 27 Jun 2018 11:30:00 +0000 (13:30 +0200)]
d/control: update pve-common version dependency

as we use the new param_mapping functionallity from PVE::CLIHandler

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
18 months agoreplace read_password with param_mapping
Dominik Csapak [Fri, 15 Jun 2018 13:28:47 +0000 (15:28 +0200)]
replace read_password with param_mapping

use the get_standar_mapping 'pve-password'
then we can get rid of the Term::ReadLine dependency

we use this change to only ask for the password once on
'pveum ticket'

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
19 months agofix typo in change_passsword
Dominik Csapak [Tue, 12 Jun 2018 13:06:48 +0000 (15:06 +0200)]
fix typo in change_passsword

s/passsword/password/

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
19 months agopveum: introduce sub-commands
Philip Abernethy [Mon, 9 Oct 2017 12:35:09 +0000 (14:35 +0200)]
pveum: introduce sub-commands

use a sub-command structure instead of abbreviated words, where useful.
Keep old commands as aliases.

Signed-off-by: Philip Abernethy <p.abernethy@proxmox.com>
Co-authored-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agobump version to 5.0-8
Wolfgang Bumiller [Thu, 18 Jan 2018 12:39:48 +0000 (13:39 +0100)]
bump version to 5.0-8

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2 years agocompute_api_permissions: a storage has also permissions
Thomas Lamprecht [Mon, 15 Jan 2018 10:15:54 +0000 (11:15 +0100)]
compute_api_permissions: a storage has also permissions

Fixes a problem where a non root@pam system administrator does not
sees the 'Permissions' tab for a storage in our WebUI.

Fixes commit a2c18811d33d7e09765a7b0f09bba47bc9523822

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agofix #1612: give authenticate_user_ldap the realm on second server
Dominik Csapak [Thu, 11 Jan 2018 08:49:31 +0000 (09:49 +0100)]
fix #1612: give authenticate_user_ldap the realm on second server

this was missing and lead to 'use of unitialized value $realm...'
and a not working second server if a bindpw was defined

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agoproperly register pve-poolid format
Philip Abernethy [Tue, 10 Oct 2017 13:44:18 +0000 (15:44 +0200)]
properly register pve-poolid format

was erroneously registered as verify_groupname, overriding the previous
registration

2 years agobump version to 5.0-7
Fabian Grünbichler [Thu, 5 Oct 2017 09:28:36 +0000 (11:28 +0200)]
bump version to 5.0-7

2 years agobuild: reformat debian/control
Fabian Grünbichler [Wed, 4 Oct 2017 09:05:33 +0000 (11:05 +0200)]
build: reformat debian/control

using wrap-and-sort -abt

2 years agoVM.Snapshot.Rollback privilege added
Matthias Urban [Wed, 13 Sep 2017 10:30:36 +0000 (12:30 +0200)]
VM.Snapshot.Rollback privilege added

VM.Snapshot.Rollback privilege added

Signed-off-by: Matthias Urban <matthias.urban@pure-systems.com>
2 years agostyle fix
Wolfgang Bumiller [Fri, 22 Sep 2017 06:53:30 +0000 (08:53 +0200)]
style fix

2 years agoapi: check for special roles before locking the usercfg
Wolfgang Bumiller [Fri, 22 Sep 2017 06:52:31 +0000 (08:52 +0200)]
api: check for special roles before locking the usercfg