pve-access-control.git
2 years agofix #1470: ad: server and client certificate support
Dominik Csapak [Tue, 8 Aug 2017 09:10:14 +0000 (11:10 +0200)]
fix #1470: ad: server and client certificate support

as with ldap we now accept
the verify, capath, cert and certkey parameters for active directory

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 years agoldap: server and client certificate support
Wolfgang Bumiller [Tue, 8 Aug 2017 09:10:13 +0000 (11:10 +0200)]
ldap: server and client certificate support

This adds 4 more options to the ldap authentication method:

verify: boolean
  If enabled, the server certificate must be valid

capath: path to a file or directory
  The CA to use to verify the server certificate. Used only
  if 'verify' is true.

cert: path to a certificate
  Used as client certificate when connecting to a server,
  provided 'secure' is true. Requires 'certkey' to be set.

certkey: path to the certificate's key
  Required only used when 'cert' is used.

2 years agobump version to 5.0-5
Dietmar Maurer [Thu, 22 Jun 2017 07:13:00 +0000 (09:13 +0200)]
bump version to 5.0-5

In order to test new package built with dpkg-buildpackage.

2 years agobuild: remove fakeroot from dpkg-buildpackage
Fabian Grünbichler [Mon, 12 Jun 2017 08:08:46 +0000 (10:08 +0200)]
build: remove fakeroot from dpkg-buildpackage

2 years agobuild: add substitution variable
Fabian Grünbichler [Mon, 12 Jun 2017 08:07:25 +0000 (10:07 +0200)]
build: add substitution variable

2 years agobuild: reformat b-d and depends
Fabian Grünbichler [Mon, 12 Jun 2017 08:05:09 +0000 (10:05 +0200)]
build: reformat b-d and depends

2 years agobuild: make control static
Fabian Grünbichler [Mon, 12 Jun 2017 08:02:22 +0000 (10:02 +0200)]
build: make control static

2 years agochange from dpkg-deb to dpkg-buildpackage
Thomas Lamprecht [Fri, 9 Jun 2017 15:44:29 +0000 (17:44 +0200)]
change from dpkg-deb to dpkg-buildpackage

add debian directory and move the respective files there and add
missing (rules, compat).

Add a Source section to the control.in file.

Move the verify_api check to the new "test" target, which gets
executed before the dh_auto_install target.

Cleanup the "clean" target.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 years agobump version to 5.0-4
Dietmar Maurer [Tue, 2 May 2017 09:58:54 +0000 (11:58 +0200)]
bump version to 5.0-4

2 years agoPVE/CLI/pveum.pm: call setup_default_cli_env()
Dietmar Maurer [Tue, 2 May 2017 08:39:22 +0000 (10:39 +0200)]
PVE/CLI/pveum.pm: call setup_default_cli_env()

2 years agoPVE/Auth/PVE.pm: encode uft8 password before calling crypt
Dietmar Maurer [Tue, 2 May 2017 08:37:20 +0000 (10:37 +0200)]
PVE/Auth/PVE.pm: encode uft8 password before calling crypt

2 years agocheck_api2_permissions: avoid warning about uninitialized value
Dietmar Maurer [Fri, 31 Mar 2017 15:05:52 +0000 (17:05 +0200)]
check_api2_permissions: avoid warning about uninitialized value

2 years agouse new PVE::Tools::encrypt_pw, bump version to 5.0-3
Dietmar Maurer [Thu, 30 Mar 2017 15:54:38 +0000 (17:54 +0200)]
use new PVE::Tools::encrypt_pw, bump version to 5.0-3

2 years agouse new PVE::OTP class from pve-common
Dietmar Maurer [Thu, 30 Mar 2017 15:44:54 +0000 (17:44 +0200)]
use new PVE::OTP class from pve-common

2 years agobump version to 5.0-2
Dietmar Maurer [Thu, 30 Mar 2017 06:54:30 +0000 (08:54 +0200)]
bump version to 5.0-2

2 years agoencrypt_pw: avoid '+' for crypt salt
Dietmar Maurer [Thu, 30 Mar 2017 06:53:12 +0000 (08:53 +0200)]
encrypt_pw: avoid '+' for crypt salt

And make salt less predictable.

2 years agobump release to 5.0
Fabian Grünbichler [Mon, 6 Mar 2017 12:42:40 +0000 (13:42 +0100)]
bump release to 5.0

2 years agobuildsys: update make upload target for stretch
Fabian Grünbichler [Mon, 13 Mar 2017 10:25:23 +0000 (11:25 +0100)]
buildsys: update make upload target for stretch

2 years agobuildsys: use fakeroot for dpkg-deb
Wolfgang Bumiller [Mon, 6 Feb 2017 10:47:37 +0000 (11:47 +0100)]
buildsys: use fakeroot for dpkg-deb

2 years agobuildsys: use gzip -n to disable timestamps
Wolfgang Bumiller [Mon, 6 Feb 2017 10:47:18 +0000 (11:47 +0100)]
buildsys: use gzip -n to disable timestamps

2 years agobuildsys: make job safety
Wolfgang Bumiller [Mon, 6 Feb 2017 10:46:12 +0000 (11:46 +0100)]
buildsys: make job safety

2 years agobump version to 4.0-23
Dietmar Maurer [Thu, 19 Jan 2017 12:42:26 +0000 (13:42 +0100)]
bump version to 4.0-23

2 years agoremove old test.pl code (does not work anyways).
Dietmar Maurer [Thu, 19 Jan 2017 12:41:12 +0000 (13:41 +0100)]
remove old test.pl code (does not work anyways).

2 years agouse new PVE::Ticket class
Dietmar Maurer [Thu, 19 Jan 2017 12:40:25 +0000 (13:40 +0100)]
use new PVE::Ticket class

2 years agobump version to 4.0-22
Dietmar Maurer [Thu, 19 Jan 2017 08:12:34 +0000 (09:12 +0100)]
bump version to 4.0-22

2 years agoRPCEnvironment: removed check_volume_access() to avoid cyclic dependency
Dietmar Maurer [Wed, 18 Jan 2017 16:35:50 +0000 (17:35 +0100)]
RPCEnvironment: removed check_volume_access() to avoid cyclic dependency

moved to PVE::Storage

2 years agoPVE::PCEnvironment: use new PVE::RESTEnvironment as base class
Dietmar Maurer [Wed, 18 Jan 2017 12:25:51 +0000 (13:25 +0100)]
PVE::PCEnvironment: use new PVE::RESTEnvironment as base class

2 years agobump versuion to 4.0-21
Dietmar Maurer [Thu, 12 Jan 2017 12:56:28 +0000 (13:56 +0100)]
bump versuion to 4.0-21

2 years agosetup_default_cli_env: expect $class as first parameter
Dietmar Maurer [Thu, 12 Jan 2017 12:53:18 +0000 (13:53 +0100)]
setup_default_cli_env: expect $class as first parameter

2 years agobump version to 4.0-20
Dietmar Maurer [Wed, 11 Jan 2017 11:41:16 +0000 (12:41 +0100)]
bump version to 4.0-20

2 years agoPVE/RPCEnvironment.pm: new function setup_default_cli_env
Dietmar Maurer [Wed, 11 Jan 2017 11:12:11 +0000 (12:12 +0100)]
PVE/RPCEnvironment.pm: new function setup_default_cli_env

Convenience function for command line tools.

2 years agoPVE/API2/Domains.pm: fix property description
Dietmar Maurer [Wed, 11 Jan 2017 11:11:01 +0000 (12:11 +0100)]
PVE/API2/Domains.pm: fix property description

3 years agouse new repoman for upload target
Dietmar Maurer [Fri, 5 Aug 2016 11:10:17 +0000 (13:10 +0200)]
use new repoman for upload target

3 years agobump version to 4.0-19
Dietmar Maurer [Fri, 5 Aug 2016 11:09:27 +0000 (13:09 +0200)]
bump version to 4.0-19

3 years agoClose #833: ldap: non-anonymous bind support
Wolfgang Bumiller [Mon, 25 Jul 2016 13:56:03 +0000 (15:56 +0200)]
Close #833: ldap: non-anonymous bind support

The password will be read from /etc/pve/priv/ldap/$realm.pw

3 years agodon't import 'RFC' from MIME::Base32
Wolfgang Bumiller [Mon, 25 Jul 2016 06:33:29 +0000 (08:33 +0200)]
don't import 'RFC' from MIME::Base32

call encode_rfc3548 explicitly instead as newer versions of
the base32 package will drop this import scheme (stretch)

3 years agobump version to 4.0-18
Wolfgang Bumiller [Thu, 21 Jul 2016 06:44:25 +0000 (08:44 +0200)]
bump version to 4.0-18

3 years agofix #1062: use correct length for base32 keys
Dominik Csapak [Wed, 20 Jul 2016 11:31:33 +0000 (13:31 +0200)]
fix #1062: use correct length for base32 keys

we wrongly assumed the keys to be 32 chars long,
instead of 16

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
3 years agobump version to 4.0-17
Wolfgang Bumiller [Mon, 11 Jul 2016 10:04:39 +0000 (12:04 +0200)]
bump version to 4.0-17

3 years agodrop oathtool dependency
Wolfgang Bumiller [Fri, 1 Jul 2016 08:15:28 +0000 (10:15 +0200)]
drop oathtool dependency

Generate hotp/totp in perl directly, also support keys in
hex notation (this is how eg. the
yubikey-personalization-gui displays them, but without the
whitespaces).

3 years agodrop libdigest-hmac-perl dependency
Wolfgang Bumiller [Fri, 1 Jul 2016 08:15:27 +0000 (10:15 +0200)]
drop libdigest-hmac-perl dependency

Its functionality is provided by perl core's Digest::SHA
module now.

3 years agoremove unused inline docs
Dietmar Maurer [Fri, 8 Apr 2016 05:08:23 +0000 (07:08 +0200)]
remove unused inline docs

3 years agouse pve-doc-generator, bump version to 4.0-16
Dietmar Maurer [Fri, 8 Apr 2016 05:06:27 +0000 (07:06 +0200)]
use pve-doc-generator, bump version to 4.0-16

3 years agobump version to 4.0-15
Dietmar Maurer [Fri, 1 Apr 2016 05:11:24 +0000 (07:11 +0200)]
bump version to 4.0-15

3 years agoFix uninitialized warning
Fabian Grünbichler [Wed, 30 Mar 2016 10:09:12 +0000 (12:09 +0200)]
Fix uninitialized warning

when shadow.cfg does not exist, parsing should return an
empty hash instead of displaying a warning

3 years agobump version to 4.0-14
Dietmar Maurer [Tue, 15 Mar 2016 15:47:51 +0000 (16:47 +0100)]
bump version to 4.0-14

3 years agoAdd is_worker to RPCEnvironment
Fabian Grünbichler [Tue, 15 Mar 2016 12:58:44 +0000 (13:58 +0100)]
Add is_worker to RPCEnvironment

after forking the actual worker process, the child/worker
sets a flag that can be checked later on by methods called
in the worker.

used in the ZFS storage plugins in pve-storage to decide on
a short or long default timeout for ZFS operations.

3 years agobump version to 4.0-13
Dietmar Maurer [Mon, 14 Mar 2016 10:39:43 +0000 (11:39 +0100)]
bump version to 4.0-13

3 years agofix typos and grammar
Fabian Grünbichler [Mon, 14 Mar 2016 10:25:03 +0000 (11:25 +0100)]
fix typos and grammar

3 years agofix #916: allow HTTPS to access custom yubico url
Fabian Grünbichler [Mon, 14 Mar 2016 10:25:02 +0000 (11:25 +0100)]
fix #916: allow HTTPS to access custom yubico url

remove the limit to HTTP only, since it would only apply for
custom yubico validation server urls anyway.

3 years agobump version to 4.0-12
Dietmar Maurer [Wed, 9 Mar 2016 13:41:35 +0000 (14:41 +0100)]
bump version to 4.0-12

3 years agoCatch error instead of segfaulting
Fabian Grünbichler [Tue, 8 Mar 2016 15:17:55 +0000 (16:17 +0100)]
Catch error instead of segfaulting

when trying to parse a certificate subject, Net::SSLeay
will segfault in libcrypto when given 0 as input. Catch
this and die with a meaningful error message instead.

3 years agobump version to 4.0-11
Dietmar Maurer [Fri, 8 Jan 2016 11:53:03 +0000 (12:53 +0100)]
bump version to 4.0-11

3 years agoFix #861: use safer sprintf formatting
Wolfgang Bumiller [Fri, 8 Jan 2016 11:43:43 +0000 (12:43 +0100)]
Fix #861: use safer sprintf formatting

3 years agoset RELEASE=4.1
Dietmar Maurer [Thu, 3 Dec 2015 11:12:43 +0000 (12:12 +0100)]
set RELEASE=4.1

3 years agobump version to 4.0-10
Dietmar Maurer [Thu, 3 Dec 2015 11:09:51 +0000 (12:09 +0100)]
bump version to 4.0-10

3 years agoAuth::LDAP, Auth::AD: ipv6 support
Wolfgang Bumiller [Wed, 2 Dec 2015 15:06:46 +0000 (16:06 +0100)]
Auth::LDAP, Auth::AD: ipv6 support

Also had to change server1/server2 schema from a pattern to
the 'address' format.

3 years agoimprove manual page
Dietmar Maurer [Fri, 2 Oct 2015 08:59:40 +0000 (10:59 +0200)]
improve manual page

3 years agomake read_password a CLIHandler class method
Dietmar Maurer [Fri, 2 Oct 2015 08:45:58 +0000 (10:45 +0200)]
make read_password a CLIHandler class method

And use new run_cli_handler() method.

3 years agobump version to 4.0-9
Dietmar Maurer [Thu, 1 Oct 2015 15:23:12 +0000 (17:23 +0200)]
bump version to 4.0-9

3 years agopveum: implement bash completion hooks
Dietmar Maurer [Thu, 1 Oct 2015 15:22:09 +0000 (17:22 +0200)]
pveum: implement bash completion hooks

3 years agopveum: install bash completion config
Dietmar Maurer [Thu, 1 Oct 2015 14:53:01 +0000 (16:53 +0200)]
pveum: install bash completion config

3 years agoconvert pveum into a PVE::CLI class
Dietmar Maurer [Thu, 1 Oct 2015 14:44:43 +0000 (16:44 +0200)]
convert pveum into a PVE::CLI class

4 years agobump version to 4.0-8
Dietmar Maurer [Wed, 19 Aug 2015 13:39:34 +0000 (15:39 +0200)]
bump version to 4.0-8

4 years agoremove_storage_access: cleanup of access permissions for removed storage
Alen Grizonic [Wed, 19 Aug 2015 08:32:19 +0000 (10:32 +0200)]
remove_storage_access: cleanup of access permissions for removed storage

Signed-off-by: Alen Grizonic <a.grizonic@proxmox.com>
4 years agobump version to 4.0-7
Dietmar Maurer [Fri, 14 Aug 2015 05:57:29 +0000 (07:57 +0200)]
bump version to 4.0-7

4 years agocleanup: avoid writing user.cfg twice
Dietmar Maurer [Fri, 14 Aug 2015 05:55:36 +0000 (07:55 +0200)]
cleanup: avoid writing user.cfg twice

4 years agowhite space cleanup
Dietmar Maurer [Fri, 14 Aug 2015 05:49:18 +0000 (07:49 +0200)]
white space cleanup

4 years agoaccess permissions cleanup fix
Alen Grizonic [Thu, 13 Aug 2015 11:41:33 +0000 (13:41 +0200)]
access permissions cleanup fix

for removed vms and pools

Signed-off-by: Alen Grizonic <a.grizonic@proxmox.com>
4 years agofix access of possibly undefined variable
Wolfgang Bumiller [Fri, 7 Aug 2015 07:49:53 +0000 (09:49 +0200)]
fix access of possibly undefined variable

4 years agobump version to 4.0-6
Dietmar Maurer [Mon, 27 Jul 2015 11:14:54 +0000 (13:14 +0200)]
bump version to 4.0-6

4 years agoimprove parse_user_config, parse_shadow_config
Wolfgang Bumiller [Wed, 15 Jul 2015 08:25:42 +0000 (10:25 +0200)]
improve parse_user_config, parse_shadow_config

same as in pve-common: replace substituting line parsing
with /gm modified match regexps.

4 years agobump version to 4.0-5
Dietmar Maurer [Wed, 10 Jun 2015 08:40:28 +0000 (10:40 +0200)]
bump version to 4.0-5

4 years agopveum: check for $cmd being defined
Wolfgang Bumiller [Wed, 10 Jun 2015 07:20:00 +0000 (09:20 +0200)]
pveum: check for $cmd being defined

fixes an 'undefined value' error when no command is
specified.

4 years agobump version to 4.0-4
Dietmar Maurer [Mon, 1 Jun 2015 10:25:48 +0000 (12:25 +0200)]
bump version to 4.0-4

4 years agouse activate-noawait triggers
Dietmar Maurer [Mon, 1 Jun 2015 08:03:48 +0000 (10:03 +0200)]
use activate-noawait triggers

4 years agobump version to 4.0-3
Dietmar Maurer [Wed, 27 May 2015 09:16:01 +0000 (11:16 +0200)]
bump version to 4.0-3

4 years agoremote_viewer_config: brackets around ipv6 http address
Wolfgang Bumiller [Wed, 27 May 2015 07:30:55 +0000 (09:30 +0200)]
remote_viewer_config: brackets around ipv6 http address

4 years agonon-root buildfix
Wolfgang Bumiller [Wed, 27 May 2015 07:30:54 +0000 (09:30 +0200)]
non-root buildfix

4 years agobump version to 4.0-2
Dietmar Maurer [Tue, 5 May 2015 13:06:53 +0000 (15:06 +0200)]
bump version to 4.0-2

4 years agotrigger pve-api-updates event
Dietmar Maurer [Tue, 5 May 2015 13:06:06 +0000 (15:06 +0200)]
trigger pve-api-updates event

4 years agobump version for Debian Jessie
Dietmar Maurer [Thu, 26 Feb 2015 10:31:54 +0000 (11:31 +0100)]
bump version for Debian Jessie

4 years agobump version to 3.0-16
Dietmar Maurer [Fri, 30 Jan 2015 05:20:42 +0000 (06:20 +0100)]
bump version to 3.0-16

4 years agoFix: disable root
Wolfgang Link [Wed, 28 Jan 2015 09:36:49 +0000 (10:36 +0100)]
Fix: disable root

root can now be disabled in GUI.

Signed-off-by: Wolfgang Link <w.link@proxmox.com>
5 years agoremove debugging code
Dietmar Maurer [Wed, 23 Jul 2014 05:02:37 +0000 (07:02 +0200)]
remove debugging code

5 years agobump version to 3.0-15
Dietmar Maurer [Wed, 23 Jul 2014 05:01:04 +0000 (07:01 +0200)]
bump version to 3.0-15

5 years agoadd step/digits option to oath configuration
Dietmar Maurer [Wed, 23 Jul 2014 04:59:01 +0000 (06:59 +0200)]
add step/digits option to oath configuration

5 years agoallow to write builtin auth domains
Dietmar Maurer [Fri, 18 Jul 2014 09:24:55 +0000 (11:24 +0200)]
allow to write builtin auth domains

So that we can set tfa, comment, default with the GUI.

5 years agoadd oath two factor auth, bump version to 3.0-14
Dietmar Maurer [Thu, 17 Jul 2014 11:59:53 +0000 (13:59 +0200)]
add oath two factor auth, bump version to 3.0-14

5 years agoenable yubico OTP (by removing debuging code)
Dietmar Maurer [Tue, 15 Jul 2014 12:18:17 +0000 (14:18 +0200)]
enable yubico OTP (by removing debuging code)

5 years agoadd basic support for two factor auth
Dietmar Maurer [Mon, 23 Jun 2014 09:42:44 +0000 (11:42 +0200)]
add basic support for two factor auth

5 years agoadd experimental code for yubico OTP verification
Dietmar Maurer [Fri, 20 Jun 2014 10:58:17 +0000 (12:58 +0200)]
add experimental code for yubico OTP verification

5 years agobump version to 3.0-13
Dietmar Maurer [Thu, 22 May 2014 05:16:36 +0000 (07:16 +0200)]
bump version to 3.0-13

5 years agouse correct connection string for AD auth (use encryption and port info).
Dietmar Maurer [Thu, 22 May 2014 05:12:25 +0000 (07:12 +0200)]
use correct connection string for AD auth (use encryption and port info).

5 years agobump version to 3.0-12
Dietmar Maurer [Wed, 30 Apr 2014 12:48:27 +0000 (14:48 +0200)]
bump version to 3.0-12

5 years agoadd dummy API for login page
Dietmar Maurer [Wed, 30 Apr 2014 12:45:57 +0000 (14:45 +0200)]
add dummy API for login page

5 years agobump version tp 3.0-11
Dietmar Maurer [Fri, 31 Jan 2014 09:26:17 +0000 (10:26 +0100)]
bump version tp 3.0-11

5 years agocleanup previous patch
Dietmar Maurer [Wed, 22 Jan 2014 06:25:09 +0000 (07:25 +0100)]
cleanup previous patch

5 years agoSets common hot keys for spice client
Lindsay Mathieson [Thu, 16 Jan 2014 13:14:01 +0000 (23:14 +1000)]
Sets common hot keys for spice client

 * "Ctl-Alt-Insert" for secure-attention (Ctrl-Alt-del)
 * "Shift-F11" for Full Screen toggle
 * "Ctrl-Alt-R" for cursor release

Signed-off-by: Lindsay Mathieson <lindsay.mathieson@gmail.com>
5 years agobump version to 3.0-10
Dietmar Maurer [Tue, 10 Dec 2013 09:45:25 +0000 (10:45 +0100)]
bump version to 3.0-10