proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-06-07 10:26:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
128 Commits 5 Branches 0 Tags 868 KiB
1abc2c0aee
Commit Graph

46 Commits

Author SHA1 Message Date
Dietmar Maurer
1abc2c0aee add oath two factor auth, bump version to 3.0-14 2014-07-17 14:04:13 +02:00
Dietmar Maurer
077f078cd6 enable yubico OTP (by removing debuging code) 2014-07-15 14:18:17 +02:00
Dietmar Maurer
96f8ebd625 add basic support for two factor auth 2014-06-23 11:42:44 +02:00
Dietmar Maurer
ab652a8018 add experimental code for yubico OTP verification 2014-06-20 12:58:17 +02:00
Dietmar Maurer
63691fc66a cleanup previous patch 2014-01-22 07:25:09 +01:00
Lindsay Mathieson
dc7573bf85 Sets common hot keys for spice client 
* "Ctl-Alt-Insert" for secure-attention (Ctrl-Alt-del)
 * "Shift-F11" for Full Screen toggle
 * "Ctrl-Alt-R" for cursor release

Signed-off-by: Lindsay Mathieson <lindsay.mathieson@gmail.com>
 2014-01-22 07:22:57 +01:00
Dietmar Maurer
cee5583b3d implement helper to generate SPICE remote-viewer configuration 
Moved read_x509_subject_spice() from PVE::QemuServer.
Depend on libnet-ssleay-perl.
 2013-12-10 10:43:46 +01:00
Dietmar Maurer
e4f8fc2e7e allow dots in access paths 
Because storage IDs may contain dots.
 2013-11-26 07:52:05 +01:00
Dietmar Maurer
6126ab75a0 prevent user enumeration attacks 2013-11-18 09:05:04 +01:00
Dietmar Maurer
cb442f35e7 spice: use lowercase hostname in ticktet signature 2013-10-28 08:10:48 +01:00
Dietmar Maurer
7c410d6301 use warnings instead of global -w flag 2013-10-01 13:04:53 +02:00
Dietmar Maurer
3f62bdbea6 produce shorter spiceproxy tickets 
By using a simple Digest with private secret /etc/pve/pve-www.key. This is
less secure than pub key auth, but good enough for the proxy.
 2013-07-19 12:35:23 +02:00
Dietmar Maurer
bf3e6d3105 new ticket code for spice 2013-06-26 13:07:00 +02:00
Dietmar Maurer
83d1f13ec0 assemble_spice_ticket: do not use base32 encoding 2013-06-25 12:03:48 +02:00
Alexandre Derumier
23b35225d3 assemble_spice_ticket 
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
 2013-06-25 11:48:05 +02:00
Dietmar Maurer
018ae3a90e moved add_vm_to_pool/remove_vm_from_pool from qemu-server 
Because we can also use this for openvz containers
 2013-05-14 11:55:26 +02:00
Dietmar Maurer
7b395f990d rename VM.Copy to VM.Clone 2013-05-02 11:44:52 +02:00
Dietmar Maurer
ff4b223563 add VM.Copy priviledge 
And a new role called PVETemplateUser
 2013-04-29 11:40:32 +02:00
Dietmar Maurer
e3e6510c3a add VM.Snapshot permission 2012-09-10 09:24:37 +02:00
Dietmar Maurer
5bb4e06a64 new plugin architecture for Auth modules 2012-05-22 10:43:30 +02:00
Dietmar Maurer
3030a17643 do not allow user names including slash 2012-04-24 10:10:35 +02:00
Dietmar Maurer
533219a122 fix bug #151: corretly parse username inside ticket 2012-04-11 10:21:15 +02:00
Dietmar Maurer
2de144076b better error message for useradd 2012-03-01 12:40:52 +01:00
Dietmar Maurer
cc7bdf3377 Add VM.Config.CDROM privilege to PVEVMUser rule 2012-02-22 11:45:55 +01:00
Dietmar Maurer
d9483d9406 allow more characters in ldap base_dn attribute 2012-02-22 06:17:27 +01:00
Dietmar Maurer
8461960715 allow more characters with realm IDs 2012-02-20 08:54:40 +01:00
Dietmar Maurer
9b2172261e fix acl group name parser 2012-02-14 11:57:41 +01:00
Dietmar Maurer
68d5a86d1a new privilege VM.Backup 2012-02-06 10:44:42 +01:00
Dietmar Maurer
373cb38394 new privilege Datastore.AllocateTemplate 2012-02-06 10:05:18 +01:00
Dietmar Maurer
c0fead8c98 add more privileges, improve docs 2012-02-01 13:26:21 +01:00
Dietmar Maurer
dee1c8829a add Pool.Allocate priviledge 2012-01-31 07:37:38 +01:00
Dietmar Maurer
82b63965eb cleanup permission checks 
Added new Real.AllocateUser priviledge
 2012-01-27 08:34:12 +01:00
Dietmar Maurer
39c85db819 add pool API 2012-01-26 12:42:01 +01:00
Dietmar Maurer
2e376c5849 only add Permissions.Modify to SysAdmin role 2012-01-26 09:39:02 +01:00
Dietmar Maurer
19f60b5e3c use User.Allocate instead of User.Add/User.Delete 2012-01-26 08:26:31 +01:00
Dietmar Maurer
4bc17477d8 start pool support, return NoAccess role, fix acl cache 2012-01-25 14:32:12 +01:00
Dietmar Maurer
12683df7c4 use new syntax for permission checks 
And use better names for user priviledges.
 2012-01-23 12:14:45 +01:00
Dietmar Maurer
37d45debb1 new API to change password 
Started to implement fine grained permission checks.
 2012-01-20 12:45:24 +01:00
Dietmar Maurer
adf8d771d0 fix bug #85: implement vnc tickets 
Those tickets are restricted to a single resource path, and are only valid for
a short period of time (60s).
 2012-01-19 09:27:05 +01:00
Dietmar Maurer
7070c1aee5 rename user_enabled to check_user_enabled 
And add $noerr parameter.
 2012-01-19 06:55:53 +01:00
Dietmar Maurer
9238b8a49c allow to safe attribute for root@pam 
We will use the email address to forward notification (and root mails).
 2012-01-18 09:10:49 +01:00
Dietmar Maurer
845cf3a363 fix perl syntax 2012-01-18 07:09:39 +01:00
Dietmar Maurer
0c1563637a allow to pass emtpy strings to delete settings 2012-01-13 09:42:53 +01:00
Dietmar Maurer
af4a8a8522 allow port 0 to use default value 2012-01-13 09:13:41 +01:00
Dietmar Maurer
5eabc98447 allow expire to be undefined 2011-08-24 09:28:01 +02:00
Dietmar Maurer
2c3a6c0aaa iimported from svn 'pve-access-control/trunk' 2011-08-23 07:27:48 +02:00