proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-08-18 02:57:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
199 Commits 5 Branches 0 Tags 988 KiB
stable-4
Commit Graph

138 Commits

Author SHA1 Message Date
Dietmar Maurer
3f62bdbea6 produce shorter spiceproxy tickets 
By using a simple Digest with private secret /etc/pve/pve-www.key. This is
less secure than pub key auth, but good enough for the proxy.
 2013-07-19 12:35:23 +02:00
Dietmar Maurer
bf3e6d3105 new ticket code for spice 2013-06-26 13:07:00 +02:00
Dietmar Maurer
83d1f13ec0 assemble_spice_ticket: do not use base32 encoding 2013-06-25 12:03:48 +02:00
Alexandre Derumier
23b35225d3 assemble_spice_ticket 
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
 2013-06-25 11:48:05 +02:00
Dietmar Maurer
018ae3a90e moved add_vm_to_pool/remove_vm_from_pool from qemu-server 
Because we can also use this for openvz containers
 2013-05-14 11:55:26 +02:00
Dietmar Maurer
7b395f990d rename VM.Copy to VM.Clone 2013-05-02 11:44:52 +02:00
Dietmar Maurer
ff4b223563 add VM.Copy priviledge 
And a new role called PVETemplateUser
 2013-04-29 11:40:32 +02:00
Dietmar Maurer
b78ce7c252 remove CGI.pm related code 
New pveproxy does not need that.
 2013-04-15 12:34:41 +02:00
Dietmar Maurer
e5ae548727 fix access permissions for backup files 
bump version to 1.0-26
 2013-02-28 10:01:04 +01:00
Dietmar Maurer
e3e6510c3a add VM.Snapshot permission 2012-09-10 09:24:37 +02:00
Dietmar Maurer
1e15ebe7b5 untaint path 2012-06-06 13:06:51 +02:00
Dietmar Maurer
437be042c2 correctly compute GUI capabilities (consider pools) 2012-05-30 08:47:43 +02:00
Dietmar Maurer
5bb4e06a64 new plugin architecture for Auth modules 2012-05-22 10:43:30 +02:00
Dietmar Maurer
3030a17643 do not allow user names including slash 2012-04-24 10:10:35 +02:00
Dietmar Maurer
3036e8b1be add ability to fork cli workers in background 2012-04-24 10:10:12 +02:00
Dietmar Maurer
dd2cfee072 return set of privileges on login - can be used to adopt GUI 2012-04-17 10:26:48 +02:00
Dietmar Maurer
533219a122 fix bug #151: corretly parse username inside ticket 2012-04-11 10:21:15 +02:00
Dietmar Maurer
1cf154b72f allow users to change his own password 2012-04-11 09:40:42 +02:00
Dietmar Maurer
2de144076b better error message for useradd 2012-03-01 12:40:52 +01:00
Dietmar Maurer
e2993b66c3 set propagate flag by default 2012-03-01 12:38:46 +01:00
Dietmar Maurer
cc7bdf3377 Add VM.Config.CDROM privilege to PVEVMUser rule 2012-02-22 11:45:55 +01:00
Dietmar Maurer
a69bbe2e7e fix buf in userid-param permission check 2012-02-22 10:53:08 +01:00
Dietmar Maurer
d9483d9406 allow more characters in ldap base_dn attribute 2012-02-22 06:17:27 +01:00
Dietmar Maurer
8461960715 allow more characters with realm IDs 2012-02-20 08:54:40 +01:00
Dietmar Maurer
09d270580b use full name for verify_user 2012-02-15 07:06:58 +01:00
Dietmar Maurer
9b2172261e fix acl group name parser 2012-02-14 11:57:41 +01:00
Dietmar Maurer
3eac4e3570 fix bug in check_volume_access (fixes vzrestore) 2012-02-13 09:58:37 +01:00
Dietmar Maurer
4384e19e9b fix return value for empty ACL list 2012-02-10 11:25:23 +01:00
Dietmar Maurer
59321f2682 do not allow to change system user passwords 2012-02-09 11:26:37 +01:00
Dietmar Maurer
17ecec711f fix syntax 2012-02-09 11:15:59 +01:00
Dietmar Maurer
fef1bc1717 moved check_volume_access from qemu-server 2012-02-06 12:35:39 +01:00
Dietmar Maurer
4fb3cc5841 remove buggy check_storage_perm 
Storage permissions are automatically inherited from pool, so this method is more or less useless.
 2012-02-06 12:04:21 +01:00
Dietmar Maurer
68d5a86d1a new privilege VM.Backup 2012-02-06 10:44:42 +01:00
Dietmar Maurer
373cb38394 new privilege Datastore.AllocateTemplate 2012-02-06 10:05:18 +01:00
Dietmar Maurer
c0fead8c98 add more privileges, improve docs 2012-02-01 13:26:21 +01:00
Dietmar Maurer
a23cec1f94 new helper functions 2012-02-01 11:14:29 +01:00
Dietmar Maurer
c4a776a657 new test option 'require_param' - code cleanup 2012-02-01 08:12:21 +01:00
Dietmar Maurer
7a7a517a52 add special test for pool 2012-01-31 08:23:33 +01:00
Dietmar Maurer
dee1c8829a add Pool.Allocate priviledge 2012-01-31 07:37:38 +01:00
Dietmar Maurer
f3957883eb moved Pool.pm to pve-manager package 2012-01-27 08:44:22 +01:00
Dietmar Maurer
82b63965eb cleanup permission checks 
Added new Real.AllocateUser priviledge
 2012-01-27 08:34:12 +01:00
Dietmar Maurer
8de1fb5ae3 code cleanup 2012-01-26 14:02:25 +01:00
Dietmar Maurer
9a53427a8e fix return format 2012-01-26 13:47:07 +01:00
Dietmar Maurer
cab28ea50b code cleanup 2012-01-26 13:35:33 +01:00
Dietmar Maurer
399932c682 return array instead of hash 2012-01-26 13:02:07 +01:00
Dietmar Maurer
39c85db819 add pool API 2012-01-26 12:42:01 +01:00
Dietmar Maurer
7b6f1fd306 remove debug message 2012-01-26 09:54:56 +01:00
Dietmar Maurer
2e376c5849 only add Permissions.Modify to SysAdmin role 2012-01-26 09:39:02 +01:00
Dietmar Maurer
fc21a5c220 add description 2012-01-26 08:31:27 +01:00
Dietmar Maurer
19f60b5e3c use User.Allocate instead of User.Add/User.Delete 2012-01-26 08:26:31 +01:00
Dietmar Maurer
e3a3a0d746 implement helper to check if we can modify permission 2012-01-26 08:25:16 +01:00
Dietmar Maurer
8ade28e685 fix NoAccess when inheritred from pool 2012-01-26 06:13:59 +01:00
Dietmar Maurer
efce1d5767 remove debug message 2012-01-26 06:03:06 +01:00
Dietmar Maurer
4bc17477d8 start pool support, return NoAccess role, fix acl cache 2012-01-25 14:32:12 +01:00
Dietmar Maurer
f8cc5a5f36 moved permission check code from REST.pm 2012-01-25 06:40:08 +01:00
Dietmar Maurer
9691923469 fix access control 2012-01-24 11:50:41 +01:00
Dietmar Maurer
12683df7c4 use new syntax for permission checks 
And use better names for user priviledges.
 2012-01-23 12:14:45 +01:00
Dietmar Maurer
b9180ed235 simplify filter_groups 2012-01-23 09:58:03 +01:00
Dietmar Maurer
37d45debb1 new API to change password 
Started to implement fine grained permission checks.
 2012-01-20 12:45:24 +01:00
Dietmar Maurer
76c377c1c4 use new decode_utf8_parameters() to decode CGI parameters 2012-01-19 14:06:41 +01:00
Dietmar Maurer
adf8d771d0 fix bug #85: implement vnc tickets 
Those tickets are restricted to a single resource path, and are only valid for
a short period of time (60s).
 2012-01-19 09:27:05 +01:00
Dietmar Maurer
7070c1aee5 rename user_enabled to check_user_enabled 
And add $noerr parameter.
 2012-01-19 06:55:53 +01:00
Dietmar Maurer
a427cecb2b import cfs_read_file 2012-01-18 09:21:21 +01:00
Dietmar Maurer
9238b8a49c allow to safe attribute for root@pam 
We will use the email address to forward notification (and root mails).
 2012-01-18 09:10:49 +01:00
Dietmar Maurer
845cf3a363 fix perl syntax 2012-01-18 07:09:39 +01:00
Dietmar Maurer
66b7e98db9 add test if user exists 2012-01-18 07:06:16 +01:00
Dietmar Maurer
d8a56966bc fix bug #85: allow root@pam to generate tickets for other users 2012-01-17 06:42:42 +01:00
Dietmar Maurer
930dcfc8b0 allow user to see his own entry 2012-01-13 13:31:18 +01:00
Dietmar Maurer
fdb30a4cc5 set minimal and maximal password length 2012-01-13 12:18:40 +01:00
Dietmar Maurer
0c1563637a allow to pass emtpy strings to delete settings 2012-01-13 09:42:53 +01:00
Dietmar Maurer
af4a8a8522 allow port 0 to use default value 2012-01-13 09:13:41 +01:00
Dietmar Maurer
a0492cd61b added domain attribute for AD servers 2012-01-13 08:03:25 +01:00
Dietmar Maurer
e652173849 allow to delete all groups 2012-01-12 09:27:32 +01:00
Dietmar Maurer
cb6f2f93ed allow to filter enabled/disabled user 2012-01-11 12:31:50 +01:00
Dietmar Maurer
be6ea72391 cleanup code to get/set result_attributes 2011-12-21 07:06:37 +01:00
Dietmar Maurer
272fe9ffa2 add a way to return file changes (diffs) 2011-12-20 11:19:50 +01:00
Dietmar Maurer
e42eedbca4 add new environment type 'ha' 
We use this to mark tasks started by HA manager (rgmanager agents).
 2011-12-13 10:09:15 +01:00
Dietmar Maurer
7b24102dc5 add support for delayed parameter parsing 
We need that to disable file upload for normal API request (avoid DOS attacs).
 2011-11-03 07:11:34 +01:00
Dietmar Maurer
b28410fcf4 exit when child finish 
Some programs daemonize without closing stdout/stderr, but we do not want to wait until all childs closed stdout/stderr.
 2011-10-22 10:43:17 +02:00
Dietmar Maurer
5a941ebef2 do not close STDIN if rune in foreground 2011-10-19 07:30:44 +02:00
Dietmar Maurer
527b2e7aed sen TERM to all pgrp members 2011-10-18 07:47:09 +02:00
Dietmar Maurer
8d6e045f21 correctly catch EINTR 2011-10-18 07:26:43 +02:00
Dietmar Maurer
d33d0735a9 fix nockeck parameter in active_workers 2011-10-13 11:53:12 +02:00
Dietmar Maurer
5bf71a968e fix bug in fork_worker 2011-10-11 08:37:32 +02:00
Dietmar Maurer
b9e47e5738 implement a way to abort workers 2011-09-14 08:14:43 +02:00
Dietmar Maurer
f6f2d51fa9 flush output file handle and send kill to whole process group 2011-09-12 13:50:21 +02:00
Dietmar Maurer
5eabc98447 allow expire to be undefined 2011-08-24 09:28:01 +02:00
Dietmar Maurer
2c3a6c0aaa iimported from svn 'pve-access-control/trunk' 2011-08-23 07:27:48 +02:00