Thomas Lamprecht [Wed, 26 Jun 2019 18:25:06 +0000 (20:25 +0200)]
bump version to 6.0-2
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 26 Jun 2019 17:34:13 +0000 (19:34 +0200)]
improve CSRF compat with older PVE
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 24 Jun 2019 16:17:21 +0000 (18:17 +0200)]
bump version to 6.0-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Oguz Bektas [Wed, 19 Jun 2019 07:39:33 +0000 (09:39 +0200)]
use hmac_sha256 instead of sha1 for csrf token
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
Fabian Grünbichler [Wed, 19 Jun 2019 09:46:19 +0000 (11:46 +0200)]
ticket: add comments about auth key mtime
we cannot fully close this window, and don't need to anyway since we
apply +-300s when calculating ticket age ranges, but documenting where
mtime is used and what we expect seems like a good idea for future
readers.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Wed, 19 Jun 2019 09:46:18 +0000 (11:46 +0200)]
ticket: reorder calls when rotating
to shrink the window between the two file_set_contents calls. we don't
need the mtimes to line up exactly since we have 300s of uncertainty
anyway, but generating an RSA key could take a while ;)
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Wed, 19 Jun 2019 09:46:17 +0000 (11:46 +0200)]
ticket: properly verify exactly 5min old tickets
to fix an issue where valid tickets could be rejected 5 minutes after a
key rotation, where the minimum age is exactly 0 seconds.
thanks Dominik for triaging!
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Thomas Lamprecht [Tue, 21 May 2019 16:52:09 +0000 (18:52 +0200)]
buildsys: switch upload dist over to buster
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 21 May 2019 16:51:40 +0000 (18:51 +0200)]
bump version to 6.0-0+1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 21 May 2019 19:29:59 +0000 (21:29 +0200)]
fix #2079: activate authkey rotation every 24 hours
This activates the authkey rotation added in commits
1800a71a79c7cf49108e22781d2f34be87b1efd through
f7282aee6b2ae36b7cfc2331e33e49a818b914fd
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 21 May 2019 16:50:10 +0000 (18:50 +0200)]
buildsys: use dpkg-dev makefile helpers for pkg info
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 15 May 2019 14:22:30 +0000 (16:22 +0200)]
bump version to 5.1-10
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Fri, 3 May 2019 07:45:51 +0000 (09:45 +0200)]
add /access/user/{id}/tfa api call to get tfa types
this api call will be used to display the right kind of tfa for the gui
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Thomas Lamprecht [Tue, 30 Apr 2019 14:02:41 +0000 (14:02 +0000)]
bump version to 5.1-9
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Wolfgang Bumiller [Thu, 18 Apr 2019 08:24:48 +0000 (10:24 +0200)]
tfa: realm required TFA should lock out users without TFA
This changed with the previous TFA changes.
In the long term, the plan is to let the user get into the
half-logged-in state and open the TFA configuration window
on the UI to allow them to finish their TFA setup, but for
now we restore the previous behavior.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Mon, 15 Apr 2019 07:08:24 +0000 (09:08 +0200)]
typo fixup
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Thu, 11 Apr 2019 09:31:58 +0000 (11:31 +0200)]
store the tfa type in user.cfg
This allows some improvements to the user experience on the
web ui.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Thomas Lamprecht [Tue, 9 Apr 2019 10:48:53 +0000 (12:48 +0200)]
bump version to 5.1-8
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 9 Apr 2019 10:46:22 +0000 (12:46 +0200)]
d/control: bump version dependency to libpve-u2f-server-perl
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Tue, 9 Apr 2019 10:44:23 +0000 (12:44 +0200)]
u2f: new perl bindings encode public key for us
as it was binary data, which can contain everything, including '\0',
and this was cut off, making it impossible to login after
registration, as a borked publicKey got saved in tfa.cfg
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 8 Apr 2019 14:56:41 +0000 (16:56 +0200)]
bump version to 5.1-7
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Wolfgang Bumiller [Mon, 8 Apr 2019 11:58:27 +0000 (13:58 +0200)]
verify_ticket: allow general non-challenge tfa to be run as two step call
This allows for doing OTP TFA in two steps, first login with normal
credentials and get the half-logged-in ticket, then send the OTP
verification for full login, same as with u2f was already possible.
This allows for a nicer UI, as OTP fields can be shown on demand, and
do not need to be visible by default.
The old way of sending the OTP code immediately with the initial
credentials request still works for backward compatibility and as
some API user may prefer it.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 3 Apr 2019 11:41:20 +0000 (13:41 +0200)]
bump version to 5.1-6
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 3 Apr 2019 11:37:57 +0000 (13:37 +0200)]
d/control: bump version dependency for pve-cluster
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 3 Apr 2019 11:34:23 +0000 (13:34 +0200)]
followup: s/CUSTOM_TFA_TYPES/USER_CONTROLLED_TFA_TYPES/
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:57 +0000 (12:21 +0200)]
allow users to change their totp settings
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:56 +0000 (12:21 +0200)]
use a property string for tfa config
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:55 +0000 (12:21 +0200)]
u2f authentication
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:54 +0000 (12:21 +0200)]
delete TFA entries when deleting a user
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:53 +0000 (12:21 +0200)]
u2f api endpoints
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:52 +0000 (12:21 +0200)]
depend on libpve-u2f-server-perl
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Tue, 2 Apr 2019 10:21:51 +0000 (12:21 +0200)]
more general 2FA configuration via priv/tfa.cfg
Adds a priv/tfa.cfg file usable in place of user.cfg.
(Otherwise the user.cfg can potentially grow too big with
u2f keys.)
Also contains some preparation code for u2f and
user-opt-in totp.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Thomas Lamprecht [Tue, 2 Apr 2019 09:36:13 +0000 (11:36 +0200)]
buildsys: cleanup and add target to build DSC
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 18 Mar 2019 09:43:25 +0000 (10:43 +0100)]
bump version to 5.1-5
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Mon, 18 Mar 2019 09:39:56 +0000 (10:39 +0100)]
fix vnc ticket verification without authkey lifetime
since $authkey_lifetime is currently set to 0, we have to check this,
else we always fail to verify the VNC ticket
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Thomas Lamprecht [Mon, 18 Mar 2019 08:35:09 +0000 (09:35 +0100)]
bump version to 5.1-4
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 14 Mar 2019 10:17:34 +0000 (11:17 +0100)]
d/control: bump version dependency to pve-cluster
to ensure that cfs_lock_authkey is available
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 14 Mar 2019 10:14:52 +0000 (11:14 +0100)]
fixup: touch date format does not understands abbreviations
this did not worked as touch did not worked with the abbreviated 'h'
for 'hour' or 'hours'
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Fabian Grünbichler [Wed, 13 Mar 2019 14:01:31 +0000 (15:01 +0100)]
add postinst script
to reset auth key age until the first rotation has happened, otherwise
all currently existing tickets get invalidated immediately once the
rotation code gets enabled.
disabled until first PVE 6.0 package release
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Thomas Lamprecht [Thu, 14 Mar 2019 10:13:07 +0000 (11:13 +0100)]
fixup call to cfs_lock_authkey
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Fabian Grünbichler [Wed, 13 Mar 2019 14:01:30 +0000 (15:01 +0100)]
fix #2079: add periodic auth key rotation
and modify checks to accept still valid tickets generated using the
previous auth key.
the slightly complicated caching mechanism is needed for reading the key and
its modification timestamp in one go while only reading and parsing it again if
it has changed.
the +- 300 seconds fuzzing is kept for slightly out-of-sync clusters, since the
time encoded in the tickets is the result of time() on whichever node the
ticket API call got forwarded to.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Thomas Lamprecht [Fri, 22 Feb 2019 12:31:32 +0000 (13:31 +0100)]
d/control: bump version dependency to pve-doc-generator
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Christian Ebner [Thu, 21 Feb 2019 13:25:03 +0000 (14:25 +0100)]
1891 Add zsh command completion for pveum
This generates the zsh command completion scripts for pveum.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
Rhonda D'Vine [Fri, 14 Dec 2018 14:59:07 +0000 (15:59 +0100)]
Add missing Build-Depends
Also adjust debhelper dependency according to debian/compat content.
Signed-off-by: Rhonda D'Vine <rhonda@proxmox.com>
Thomas Lamprecht [Thu, 29 Nov 2018 12:00:18 +0000 (13:00 +0100)]
bump version to 5.1-3
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 26 Nov 2018 13:54:02 +0000 (14:54 +0100)]
api/ticket: move getting cluster name into an eval
to avoid a failed login if a broken corosync config is setup
Reviewed-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Fri, 23 Nov 2018 13:24:52 +0000 (14:24 +0100)]
bump version to 5.1-2
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Fri, 23 Nov 2018 13:11:51 +0000 (14:11 +0100)]
fix #1998: correct return properties for read_role
we have each privilege as property of the return object,
so we generate it from $valid_privs
this has the advantage that all privileges are well documented
with that api call
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Thomas Lamprecht [Thu, 15 Nov 2018 09:36:16 +0000 (10:36 +0100)]
bump version to 5.1-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 12 Nov 2018 16:50:14 +0000 (17:50 +0100)]
fix #233: return cluster name on successful login
If a cluster is configured then return the cluster name on successful
login - if the user has Sys.Audit privileges on the '/' path (same
as for returning cluster info, like the join info path uses)
This is more for the reason that some admins do not want to expose
this to lesser privileged (API) users. While yes, you can
theoretically launch a (DDOS resembling) attack which stresses the
corosync network if you know the cluster_name (it's still encrypted
but you can back-calculate the multicast group membership info) you
need to be able to send multicast traffic on the corosync LAN -
which can be seen as a pretty big privilege anyway.
But, for now reduce permissions - we can more easily loosen them than
tighten without causing issues anyway.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dietmar Maurer [Fri, 3 Aug 2018 08:45:13 +0000 (10:45 +0200)]
Revert "Add title and print_width fields to properties"
This reverts commit
bcf4eb3d4960aa2b3d1e63c482fc35b83bab2c0a.
I think those titles does not add any value.
Stoiko Ivanov [Thu, 21 Jun 2018 12:31:46 +0000 (14:31 +0200)]
Add title and print_width fields to properties
Used for printing in pveum
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Stoiko Ivanov [Thu, 21 Jun 2018 12:31:45 +0000 (14:31 +0200)]
refactor API using get/register_standard_option
Pull out duplicated property definitions in the API into
register_standard_option/get_standard_option calls.
(All parameters, which are thus added to the API calls were optional).
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Stoiko Ivanov [Thu, 21 Jun 2018 12:31:44 +0000 (14:31 +0200)]
PVE::AccessControl: register userid with completion
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Stoiko Ivanov [Thu, 21 Jun 2018 14:18:32 +0000 (16:18 +0200)]
fix PVE::AccessControl::role_is_special
PVE::AccessControl::role_is_special now returns 0 instead of '' for false
(Schemavalidation did complain about '')
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Thomas Lamprecht [Wed, 27 Jun 2018 11:30:00 +0000 (13:30 +0200)]
d/control: update pve-common version dependency
as we use the new param_mapping functionallity from PVE::CLIHandler
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Fri, 15 Jun 2018 13:28:47 +0000 (15:28 +0200)]
replace read_password with param_mapping
use the get_standar_mapping 'pve-password'
then we can get rid of the Term::ReadLine dependency
we use this change to only ask for the password once on
'pveum ticket'
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Dominik Csapak [Tue, 12 Jun 2018 13:06:48 +0000 (15:06 +0200)]
fix typo in change_passsword
s/passsword/password/
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Philip Abernethy [Mon, 9 Oct 2017 12:35:09 +0000 (14:35 +0200)]
pveum: introduce sub-commands
use a sub-command structure instead of abbreviated words, where useful.
Keep old commands as aliases.
Signed-off-by: Philip Abernethy <p.abernethy@proxmox.com>
Co-authored-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Wolfgang Bumiller [Thu, 18 Jan 2018 12:39:48 +0000 (13:39 +0100)]
bump version to 5.0-8
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Thomas Lamprecht [Mon, 15 Jan 2018 10:15:54 +0000 (11:15 +0100)]
compute_api_permissions: a storage has also permissions
Fixes a problem where a non root@pam system administrator does not
sees the 'Permissions' tab for a storage in our WebUI.
Fixes commit
a2c18811d33d7e09765a7b0f09bba47bc9523822
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Thu, 11 Jan 2018 08:49:31 +0000 (09:49 +0100)]
fix #1612: give authenticate_user_ldap the realm on second server
this was missing and lead to 'use of unitialized value $realm...'
and a not working second server if a bindpw was defined
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Philip Abernethy [Tue, 10 Oct 2017 13:44:18 +0000 (15:44 +0200)]
properly register pve-poolid format
was erroneously registered as verify_groupname, overriding the previous
registration
Fabian Grünbichler [Thu, 5 Oct 2017 09:28:36 +0000 (11:28 +0200)]
bump version to 5.0-7
Fabian Grünbichler [Wed, 4 Oct 2017 09:05:33 +0000 (11:05 +0200)]
build: reformat debian/control
using wrap-and-sort -abt
Matthias Urban [Wed, 13 Sep 2017 10:30:36 +0000 (12:30 +0200)]
VM.Snapshot.Rollback privilege added
VM.Snapshot.Rollback privilege added
Signed-off-by: Matthias Urban <matthias.urban@pure-systems.com>
Wolfgang Bumiller [Fri, 22 Sep 2017 06:53:30 +0000 (08:53 +0200)]
style fix
Wolfgang Bumiller [Fri, 22 Sep 2017 06:52:31 +0000 (08:52 +0200)]
api: check for special roles before locking the usercfg
Philip Abernethy [Thu, 21 Sep 2017 09:09:16 +0000 (11:09 +0200)]
Whitespace fixes
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Philip Abernethy [Thu, 21 Sep 2017 09:09:15 +0000 (11:09 +0200)]
Remove unused Dumper uses
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Philip Abernethy [Thu, 21 Sep 2017 09:09:14 +0000 (11:09 +0200)]
fix #1501: pveum: die when deleting special role
Die with a helpful error message instead of silently ignoring the user
when trying to delete a special role.
Also add a property to the API answer for possible later use by the
WebUI.
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Wolfgang Bumiller [Thu, 21 Sep 2017 08:19:27 +0000 (10:19 +0200)]
fix another typo
Thomas Lamprecht [Thu, 21 Sep 2017 06:44:17 +0000 (08:44 +0200)]
api: fix typo in 'GET ticket' description
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 14 Sep 2017 13:17:09 +0000 (15:17 +0200)]
API/ticket: rework coarse grained permission computation
We accessed methods from PVE::Storage here but did not define a
"use PVE::Storage". This thus only worked if modules if the
PVE::Storage module got pulled in by something else, by luck.
Simply including said use statement is not an option because
pve-storage is already dependent from pve-access-control, and we want
to avoid cyclic dependencies, especially on the perl module level.
The reason the offending module was used in the first place here
stems from the way how this coarse grained permissions are
calculated.
We check all permission object paths for privileges for an user.
So we got all vmids and all storage ids and computed paths from them.
This works, but is overkill and led to this "illegal" module use.
Instead I opt to not generating all possible paths, but just check
the ones configured plus a small required static set of top level
paths - this allows to generalize handling of the special root@pam
and "normal" users.
It has to be noted that this method is in general just intended for a
coarse capability check to allow hiding a few UI elements which are
not generated by backend calls (which are already permission aware).
The real checks get done by each backend call, automatically for
simple ones and semi-automatically for complex ones.
Wolfgang Bumiller [Tue, 8 Aug 2017 09:57:34 +0000 (11:57 +0200)]
bump version to 5.0-6
Dominik Csapak [Tue, 8 Aug 2017 09:10:15 +0000 (11:10 +0200)]
fix trailing whitespace
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Dominik Csapak [Tue, 8 Aug 2017 09:10:14 +0000 (11:10 +0200)]
fix #1470: ad: server and client certificate support
as with ldap we now accept
the verify, capath, cert and certkey parameters for active directory
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Wolfgang Bumiller [Tue, 8 Aug 2017 09:10:13 +0000 (11:10 +0200)]
ldap: server and client certificate support
This adds 4 more options to the ldap authentication method:
verify: boolean
If enabled, the server certificate must be valid
capath: path to a file or directory
The CA to use to verify the server certificate. Used only
if 'verify' is true.
cert: path to a certificate
Used as client certificate when connecting to a server,
provided 'secure' is true. Requires 'certkey' to be set.
certkey: path to the certificate's key
Required only used when 'cert' is used.
Dietmar Maurer [Thu, 22 Jun 2017 07:13:00 +0000 (09:13 +0200)]
bump version to 5.0-5
In order to test new package built with dpkg-buildpackage.
Fabian Grünbichler [Mon, 12 Jun 2017 08:08:46 +0000 (10:08 +0200)]
build: remove fakeroot from dpkg-buildpackage
Fabian Grünbichler [Mon, 12 Jun 2017 08:07:25 +0000 (10:07 +0200)]
build: add substitution variable
Fabian Grünbichler [Mon, 12 Jun 2017 08:05:09 +0000 (10:05 +0200)]
build: reformat b-d and depends
Fabian Grünbichler [Mon, 12 Jun 2017 08:02:22 +0000 (10:02 +0200)]
build: make control static
Thomas Lamprecht [Fri, 9 Jun 2017 15:44:29 +0000 (17:44 +0200)]
change from dpkg-deb to dpkg-buildpackage
add debian directory and move the respective files there and add
missing (rules, compat).
Add a Source section to the control.in file.
Move the verify_api check to the new "test" target, which gets
executed before the dh_auto_install target.
Cleanup the "clean" target.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dietmar Maurer [Tue, 2 May 2017 09:58:54 +0000 (11:58 +0200)]
bump version to 5.0-4
Dietmar Maurer [Tue, 2 May 2017 08:39:22 +0000 (10:39 +0200)]
PVE/CLI/pveum.pm: call setup_default_cli_env()
Dietmar Maurer [Tue, 2 May 2017 08:37:20 +0000 (10:37 +0200)]
PVE/Auth/PVE.pm: encode uft8 password before calling crypt
Dietmar Maurer [Fri, 31 Mar 2017 15:05:52 +0000 (17:05 +0200)]
check_api2_permissions: avoid warning about uninitialized value
Dietmar Maurer [Thu, 30 Mar 2017 15:54:38 +0000 (17:54 +0200)]
use new PVE::Tools::encrypt_pw, bump version to 5.0-3
Dietmar Maurer [Thu, 30 Mar 2017 15:44:54 +0000 (17:44 +0200)]
use new PVE::OTP class from pve-common
Dietmar Maurer [Thu, 30 Mar 2017 06:54:30 +0000 (08:54 +0200)]
bump version to 5.0-2
Dietmar Maurer [Thu, 30 Mar 2017 06:53:12 +0000 (08:53 +0200)]
encrypt_pw: avoid '+' for crypt salt
And make salt less predictable.
Fabian Grünbichler [Mon, 6 Mar 2017 12:42:40 +0000 (13:42 +0100)]
bump release to 5.0
Fabian Grünbichler [Mon, 13 Mar 2017 10:25:23 +0000 (11:25 +0100)]
buildsys: update make upload target for stretch
Wolfgang Bumiller [Mon, 6 Feb 2017 10:47:37 +0000 (11:47 +0100)]
buildsys: use fakeroot for dpkg-deb
Wolfgang Bumiller [Mon, 6 Feb 2017 10:47:18 +0000 (11:47 +0100)]
buildsys: use gzip -n to disable timestamps
Wolfgang Bumiller [Mon, 6 Feb 2017 10:46:12 +0000 (11:46 +0100)]
buildsys: make job safety
Dietmar Maurer [Thu, 19 Jan 2017 12:42:26 +0000 (13:42 +0100)]
bump version to 4.0-23
Dietmar Maurer [Thu, 19 Jan 2017 12:41:12 +0000 (13:41 +0100)]
remove old test.pl code (does not work anyways).
Dietmar Maurer [Thu, 19 Jan 2017 12:40:25 +0000 (13:40 +0100)]
use new PVE::Ticket class
projects / pve-access-control.git / log