proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-07-17 18:23:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

remove Changelog, we now have git

Browse Source
This commit is contained in:
Dietmar Maurer 2011-08-24 09:57:37 +02:00
parent 151acc1f31
commit 1979c2297b
1 changed files with 0 additions and 457 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

457
ChangeLog
View File

@ -1,457 +0,0 @@
2011-08-15 Proxmox Support Team <support@proxmox.com>
* PVE/AccessControl.pm (parse_user_config): fix parser for files
without newline at eof
(parse_shadow_passwd): fix parser for files without newline at eof
(parse_domains): fix parser for files without newline at eof
2011-08-01 Proxmox Support Team <support@proxmox.com>
* PVE/AccessControl.pm (lock_*): remove $parent in calls to
cfs_lock_file()
2011-07-22 Proxmox Support Team <support@proxmox.com>
* PVE/API2/Domains.pm (create): use lower case: s/AD/ad/ and
s/LDAP/ldap/
* PVE/AccessControl.pm (write_domains): use lc($type)
2011-07-14 Proxmox Support Team <support@proxmox.com>
* control.in (Depends): remove depend on liburi-perl (code moved
to pve-common)
2011-07-05 Proxmox Support Team <support@proxmox.com>
* PVE/API2/User.pm (create_user): add -enable parameter
* PVE/API2/User.pm (update_user): use -enable instead of
-lock/-unlock
2011-06-27 Proxmox Support Team <support@proxmox.com>
* PVE/AccessControl.pm (normalize_path): allow '-' in path
2011-05-30 Proxmox Support Team <support@proxmox.com>
* PVE/AccessControl.pm (assemble_csrf_prevention_token): CSRF
token may not depend on cookie, because cookie can be updated from
other window.
2011-03-30 Proxmox Support Team <support@proxmox.com>
* PVE/API2/AccessControl.pm (create_ticket): also return user name
2011-03-24 Proxmox Support Team <support@proxmox.com>
* PVE/AccessControl.pm (verify_csrf_prevention_token): add CSRF
prevention code
2011-03-23 Proxmox Support Team <support@proxmox.com>
* PVE/RPCEnvironment.pm (active_workers): simple log rotation when
file is bigger that 50KB
2011-03-22 Proxmox Support Team <support@proxmox.com>
* PVE/RPCEnvironment.pm (set_result_count): a way to set the total
number of results - we use that for the ExtJS paging grid.
2011-03-21 Proxmox Support Team <support@proxmox.com>
* PVE/RPCEnvironment.pm (active_workers): immediately move finished
task to the index file.
2011-03-17 Proxmox Support Team <support@proxmox.com>
* PVE/RPCEnvironment.pm (active_workers): update/get worker list
2011-03-16 Proxmox Support Team <support@proxmox.com>
* PVE/RPCEnvironment.pm (fork_worker): add code to simulate running
in foreground (cli).
2011-02-24 Proxmox Support Team <support@proxmox.com>
* PVE/AccessControl.pm (roles): fix group permission propagation
* PVE/API2/ACL.pm: cleanup API - use '-users' and '-gropus'
instead of '-uglist'
2011-02-23 Proxmox Support Team <support@proxmox.com>
* PVE/API2/AccessControl.pm (create_ticket): moved code from REST.pm
2011-02-22 Proxmox Support Team <support@proxmox.com>
* PVE/AccessControl.pm: make 'domains.cfg' readable by www-data,
add 'default' attribute.
* PVE/AccessControl.pm: realm is now part of the username.
Example: 'userid@realm'
(valid_attributes): add 'domain, port, secure' attributes for AD.
(parse_domains): add attribute 'secure' (replace LDAPS type),
* PVE/AccessControl.pm (parse_user_config): add firstname/lastname
and email fields.
2011-02-21 Proxmox Support Team <support@proxmox.com>
* PVE/API2/Group.pm (update_group): implement modgroup (set
comment)
2011-02-18 Proxmox Support Team <support@proxmox.com>
* PVE/AccessControl.pm (create_roles): try to create a predefined
set of roles automatically.
2011-02-17 Proxmox Support Team <support@proxmox.com>
* PVE/API2/Domains.pm: new API to for domains.cfg
* PVE/AccessControl.pm (authenticate_user_domain): added a 'domid'
attribute to users. This references an entry in the domain
config. This is simpler than the previous domain search
algorithm.
* PVE/API2/User.pm: save domid, name, comment and expire time for
user entries.
* PVE/AccessControl.pm (authenticate_user): check for expired
accounts
* control.in (Depends): depend on liburi-perl (we use URI::Escape
to encode text in our config files).
* PVE/AccessControl.pm (enable_user, disable_user): removed
clumsy methods, not needed.
2011-02-16 Proxmox Support Team <support@proxmox.com>
* README (privileges): Changes set of privileges. We try to be as
simple as possible. We can refinen them in future.
* PVE/ACLCache.pm: deleted - moved code into RPCEnvironment.
2011-02-15 Proxmox Support Team <support@proxmox.com>
* PVE/AccessControl.pm (verify_username): restrict user names to
64 charachters. Add new priviledges Sys.PowerOff, Sys.Console and
Sys.Syslog
* PVE/ACLCache.pm: move code into new file.
* test/perm-test1.pl: modified to use new PVE::ACLCache class.
* PVE/AccessControl.pm: add new class PVE::ACLCache (speed up ACL
checks)
2011-01-27 Proxmox Support Team <support@proxmox.com>
* pveum (auth): remove auth method - we do not use it any
longer, comment out ability to pass password via environment
variable.
* PVE/AccessControl.pm (check_permissions): new helper to check
permissions.
2011-01-21 root <root@maui.maurer-it.com>
* PVE/AccessControl.pm: register a JSONSchema standard option for
'userid'.
* pveum: allow to pass passwords with environment variable
PVE_PW_TICKET
* pveum (auth): new method to verify credentials/privileges (used
by our kvm patches and vncterm)
2011-01-12 root <root@maui.maurer-it.com>
* PVE/AccessControl.pm: use new PVE::Cluster class and read data
from cluster filesystem (instead of local filesystem).
2011-01-11 root <root@maui.maurer-it.com>
* control.in (Depends): depend on new pve-cluster package
* PVE/AccessControl.pm (read_pubkey, read_privkey): inotify does
not work on the cluster filesystem, so I removed that code. Also
moved lock files to /var/lock/pve-manager (cluster filesystem does
not support locks - we need to do cluster wide locks later)
2010-09-14 Proxmox Support Team <support@proxmox.com>
* PVE/API2/AccessControl.pm: moved from pve-manager
* PVE/: create correct directory hierarchy
* Makefile (install): use 'verifyapi'
* pveum: add verifyapi
2010-08-25 Proxmox Support Team <support@proxmox.com>
* pveum: use new PVE::CLIHandler
2010-08-24 Proxmox Support Team <support@proxmox.com>
* pveum: use new PVE::RPCEnvironment
* *.pm: remove $conn parameter everywhere
2010-08-16 Proxmox Support Team <support@proxmox.com>
* AccessControl.pm (lock_user_config): add call to die, remove
@param - we do not need that here
(lock_shadow_config): add call to die, remove @param
* *.pm: remove $resp parameter everywhere.
* AccessControl.pm (verify_username): add test for username
length (at least 3 characters)
2010-08-13 Proxmox Support Team <support@proxmox.com>
* User.pm: use new 'format' property in schema
* ACL.pm: use new 'format' property in schema, remove redundant
calls to verify_XXX calls.
* Role.pm: use new 'format' property in schema, remove redundant
calls to verify_XXX calls.
* Group.pm: use new 'format' property in schema, remove redundant
calls to verify_XXX calls.
* AccessControl.pm (modify_acl): strict error checking - use 'die'
instead of 'warn', moved to ACL.pm
(verify_username): fix serious bug
2010-08-12 Proxmox Support Team <support@proxmox.com>
* Group.pm: use the new RESTHandler for API methods
* Role.pm: use the new RESTHandler for API methods
* AccessControl.pm (add_group): moved to Group.pm
(delete_group): moved to Group.pm
(delete_role): moved to Role.pm
(modify_role): moved to Role.pm
* User.pm: strict error checking - use 'die' instead of 'warn'
* User.pm (delete_user): raise error when user does not exist.
* Group.pm (delete_group): raise error when group does not exist.
* pveum: use the new
RESTHandler (PVE::API2::User->cli_handler()). That way we have
automatic command line argument parsing.
* User.pm: use the new RESTHandler for API methods. Those methods
are automatically exposed with the API Server (pve-manager), and
we can use them in the command line tools.
* AccessControl.pm (modify_user, delete_user): moved to User.pm
2010-08-10 Proxmox Support Team <support@proxmox.com>
* control.in (Depends): depend on libpve-common-perl
* AccessControl.pm: initialize Crypt::OpenSSL::RSA with
import_random_seed(), else I get a 'Segmentation fault' when
creating tickets ("pveum ticket <testuser>").
* AccessControl.pm: Moved utilities to new PVE::Tools
module (pve-common), use new PVE::INotify to read/write config files.
* AccessControl.pm (parse_domains): ignore case (always convert
type to lower case), fix bug from Seth and test for 'ldaps'.
(file_set_contents): use O_WRONLY|O_CREAT instead of 'w' - else
perm gets ignored.
2010-08-09 Seth Lauzon <seth.lauzon@gmail.com>
* AccessControl.pm (authenticate_user_ldap): changed the bind function
for LDAP to allow for secure connection
2010-07-21 Seth Lauzon <seth.lauzon@gmail.com>
* AccessControl.pm (parse_domains): require base_dn for LDAP domains
(valid_attributes): renamed from valid_params to maintain conformity
2010-07-19 Proxmox Support Team <support@proxmox.com>
* AccessControl.pm (authenticate_user_domain): always add timeout
after failed auth
(file_set_contents): correctly emit exception if print/close fails
2010-07-19 Seth Lauzon <seth.lauzon@gmail.com>
* AccessControl.pm: fixed timeout for ldap/AD errors and reduced to two seconds
* AccessControl.pm: modified LDAP authentication to a two step bind method
2010-07-16 Proxmox Support Team <support@proxmox.com>
* AccessControl.pm (authenticate_user_domain): catch special
case ($domain eq '')
(parse_domains): fix various bugs, allow spaces between domains,
skip duplicate parameters
2010-07-16 Seth Lauzon <seth.lauzon@gmail.com>
* AccessControl.pm (parse_domains): borrowed code from Storage.pm to make it
less fragile to syntax errors in the domains.cfg file
* AccessControl.pm: implemented LDAP authentication
* AccessControl.pm: added four second timeout on authentication failure for
user_authentication_ldap and user_authentication_ad
2010-07-14 Proxmox Support Team <support@proxmox.com>
* AccessControl.pm (ldap_bind): rename to authenticate_user_ad (AD
only)
(load_domains_config): return a reference to an array (not the
array itself)
(parse_config): return a reference to an array (not the array
itself)
(authenticate_user_domain): restructure code - this is no the
centralized interface for authenticationn
(authenticate_user_domain): add 'shadow' and 'PAM' default entries
if there is no configuration for them in domain.cfg
(authenticate_user_shadow): renamed from authenticate_user_pve
* control.in (Depends): add libnet-ldap-perl
2010-07-14 Seth Lauzon <seth.lauzon@gmail.com>A
* AccessControl.pm: implemented Active Directory authentication
2010-07-09 Seth Lauzon <seth.lauzon@gmail.com>
* AccessControl.pm (modify_acl): check if role exists
2010-07-08 Proxmox Support Team <support@proxmox.com>
* pveum (print_usage): improve usage text.
2010-07-08 Seth Lauzon <seth.lauzon@gmail.com>
* AccessControl.pm: modify/delete ACL functionality
* pveum (aclmod): Add/Modify ACL
(acldel): Delete ACL
2010-07-07 Proxmox Support Team <support@proxmox.com>
* AccessControl.pm: implemented shadowauthentication (add/modify/delete/verify)
with file locking (Seth)
(encrypt_pw): use SHA256 to crypt passwords
(save_shadow_config): change mode to 0600, store to /etc/pve/auth/shadow.cfg
(parse_shadow): simplify code - there is no need to trim strings. Instead check for
correct format.
* test/auth-test.pl: program for testing authentication methods (Seth)
* pveum (read_password): added confirm password
2010-07-05 Proxmox Support Team <support@proxmox.com>
* AccessControl.pm (modify_user): remove call to change_password()
- not neccessary at all (Seth)
* AccessControl.pm: cleanup - remove space in function calls(Seth)
2010-07-02 Proxmox Support Team <support@proxmox.com>
* AccessControl.pm (lock_user_config): renamed from lock_config,
because we will have more then one config file (auth.conf, shadow
password, ...)
(modify_user): check for exceptions after lock_user_config()
(delete_user): check for exceptions after lock_user_config(),
raise invalid characters exception
(delete_group): check for exceptions after lock_user_config(),
raise invalid characters exception
(modify_role): check for exceptions after lock_user_config()
(delete_role): check for exceptions after lock_user_config(),
raise invalid characters exception
(verify_username): add $noerr parameter, raise exeption if
user name contain invalid characters and $noerr is not set
(verify_groupname): add $noerr parameter, raise exeption if
group name contain invalid characters and $noerr is not set
(verify_rolename): add $noerr parameter, raise exeption if
role name contain invalid characters and $noerr is not set
2010-07-01 Proxmox Support Team <support@proxmox.com>
* AccessControl.pm: implemented file locking functionality for all
processes that make modifications to configuration file (Seth) -
code for lock_file() was copied from QemuServer.pm.
2010-06-29 Proxmox Support Team <support@proxmox.com>
* pveum: new roleadd/rolemod/roledel (Seth)
* AccessControl.pm (modify_role): create role and modify privileges (Seth)
* AccessControl.pm (delete_role): delete role functionality (Seth)
2010-06-28 Proxmox Support Team <support@proxmox.com>
* pveum: new groupadd/groupdel (patch from Seth)
* AccessControl.pm (add_user): moved functionality to modify_user and
removed subroutine (Seth)
* pveum: useradd command no longer requires a password and now uses
modify_user (Seth)
2010-06-25 Proxmox Support Team <support@proxmox.com>
* AccessControl.pm (modify_user): include patch from Seth
2010-06-24 Proxmox Support Team <support@proxmox.com>
* test/perm-test1.pl (check_permission): a first regression test
* test/user.cfg.ex1: add another example - for use by regression
tests
* test/dump-perm.pl: print permission as nice list, add ability to
specify usr.cfg file
2010-06-23 Proxmox Support Team <support@proxmox.com>
* pveum: implement some simple functions (add user, create ticket)
* pveum-pl: rename to pveum
* pveum.c: remove suexec code - we will use a daemon instead
* pvesh: removed (dead code)
* test/dump-perm.pl: simple script to dump permissions
* test/: created new directory for test skripts
* test/dump-users.pl: simple script to dump user table
2010-06-22 Proxmox Support Team <support@proxmox.com>
* AccessControl.pm (add_user): Updated "valid_privs" with new
permissions from readme (Seth)
2010-06-21 Proxmox Support Team <support@proxmox.com>
* copyright: change license to AGPL
2010-03-17 Proxmox Support Team <support@proxmox.com>
* pveum-pl: move all priviledged function to this file.
2009-07-09 Proxmox Support Team <support@proxmox.com>
* pveum: added dummy binary