proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-08-06 00:27:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
129 Commits 5 Branches 0 Tags 868 KiB
30be0de97a
Commit Graph

105 Commits

Author SHA1 Message Date
Dietmar Maurer
30be0de97a allow to write builtin auth domains 
So that we can set tfa, comment, default with the GUI.
 2014-07-18 11:30:19 +02:00
Dietmar Maurer
1abc2c0aee add oath two factor auth, bump version to 3.0-14 2014-07-17 14:04:13 +02:00
Dietmar Maurer
077f078cd6 enable yubico OTP (by removing debuging code) 2014-07-15 14:18:17 +02:00
Dietmar Maurer
96f8ebd625 add basic support for two factor auth 2014-06-23 11:42:44 +02:00
Dietmar Maurer
ab652a8018 add experimental code for yubico OTP verification 2014-06-20 12:58:17 +02:00
Dietmar Maurer
11a9043610 use correct connection string for AD auth (use encryption and port info). 2014-05-22 07:12:25 +02:00
Dietmar Maurer
39e4e36348 add dummy API for login page 2014-04-30 14:45:57 +02:00
Dietmar Maurer
63691fc66a cleanup previous patch 2014-01-22 07:25:09 +01:00
Lindsay Mathieson
dc7573bf85 Sets common hot keys for spice client 
* "Ctl-Alt-Insert" for secure-attention (Ctrl-Alt-del)
 * "Shift-F11" for Full Screen toggle
 * "Ctrl-Alt-R" for cursor release

Signed-off-by: Lindsay Mathieson <lindsay.mathieson@gmail.com>
 2014-01-22 07:22:57 +01:00
Dietmar Maurer
cee5583b3d implement helper to generate SPICE remote-viewer configuration 
Moved read_x509_subject_spice() from PVE::QemuServer.
Depend on libnet-ssleay-perl.
 2013-12-10 10:43:46 +01:00
Dietmar Maurer
e4f8fc2e7e allow dots in access paths 
Because storage IDs may contain dots.
 2013-11-26 07:52:05 +01:00
Dietmar Maurer
fe2defd9d5 return correct 401 status code for unauthorized calls 
New HTTP::Server will delay the call by 3 seconds.
 2013-11-18 11:25:32 +01:00
Dietmar Maurer
6126ab75a0 prevent user enumeration attacks 2013-11-18 09:05:04 +01:00
Dietmar Maurer
cb442f35e7 spice: use lowercase hostname in ticktet signature 2013-10-28 08:10:48 +01:00
Dietmar Maurer
7c410d6301 use warnings instead of global -w flag 2013-10-01 13:04:53 +02:00
Dietmar Maurer
5f494227b8 remove path related code from check_volume_access() 2013-10-01 12:09:51 +02:00
Alexandre Derumier
854f1dceb6 check_volume_access : use parse_volname instead path 
to avoid extra calls for some storageplugins (zfs,nexenta).

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
 2013-10-01 11:40:57 +02:00
Dietmar Maurer
3f62bdbea6 produce shorter spiceproxy tickets 
By using a simple Digest with private secret /etc/pve/pve-www.key. This is
less secure than pub key auth, but good enough for the proxy.
 2013-07-19 12:35:23 +02:00
Dietmar Maurer
bf3e6d3105 new ticket code for spice 2013-06-26 13:07:00 +02:00
Dietmar Maurer
83d1f13ec0 assemble_spice_ticket: do not use base32 encoding 2013-06-25 12:03:48 +02:00
Alexandre Derumier
23b35225d3 assemble_spice_ticket 
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
 2013-06-25 11:48:05 +02:00
Dietmar Maurer
018ae3a90e moved add_vm_to_pool/remove_vm_from_pool from qemu-server 
Because we can also use this for openvz containers
 2013-05-14 11:55:26 +02:00
Dietmar Maurer
7b395f990d rename VM.Copy to VM.Clone 2013-05-02 11:44:52 +02:00
Dietmar Maurer
ff4b223563 add VM.Copy priviledge 
And a new role called PVETemplateUser
 2013-04-29 11:40:32 +02:00
Dietmar Maurer
b78ce7c252 remove CGI.pm related code 
New pveproxy does not need that.
 2013-04-15 12:34:41 +02:00
Dietmar Maurer
e5ae548727 fix access permissions for backup files 
bump version to 1.0-26
 2013-02-28 10:01:04 +01:00
Dietmar Maurer
e3e6510c3a add VM.Snapshot permission 2012-09-10 09:24:37 +02:00
Dietmar Maurer
1e15ebe7b5 untaint path 2012-06-06 13:06:51 +02:00
Dietmar Maurer
437be042c2 correctly compute GUI capabilities (consider pools) 2012-05-30 08:47:43 +02:00
Dietmar Maurer
5bb4e06a64 new plugin architecture for Auth modules 2012-05-22 10:43:30 +02:00
Dietmar Maurer
3030a17643 do not allow user names including slash 2012-04-24 10:10:35 +02:00
Dietmar Maurer
3036e8b1be add ability to fork cli workers in background 2012-04-24 10:10:12 +02:00
Dietmar Maurer
dd2cfee072 return set of privileges on login - can be used to adopt GUI 2012-04-17 10:26:48 +02:00
Dietmar Maurer
533219a122 fix bug #151: corretly parse username inside ticket 2012-04-11 10:21:15 +02:00
Dietmar Maurer
1cf154b72f allow users to change his own password 2012-04-11 09:40:42 +02:00
Dietmar Maurer
2de144076b better error message for useradd 2012-03-01 12:40:52 +01:00
Dietmar Maurer
e2993b66c3 set propagate flag by default 2012-03-01 12:38:46 +01:00
Dietmar Maurer
cc7bdf3377 Add VM.Config.CDROM privilege to PVEVMUser rule 2012-02-22 11:45:55 +01:00
Dietmar Maurer
a69bbe2e7e fix buf in userid-param permission check 2012-02-22 10:53:08 +01:00
Dietmar Maurer
d9483d9406 allow more characters in ldap base_dn attribute 2012-02-22 06:17:27 +01:00
Dietmar Maurer
8461960715 allow more characters with realm IDs 2012-02-20 08:54:40 +01:00
Dietmar Maurer
09d270580b use full name for verify_user 2012-02-15 07:06:58 +01:00
Dietmar Maurer
9b2172261e fix acl group name parser 2012-02-14 11:57:41 +01:00
Dietmar Maurer
3eac4e3570 fix bug in check_volume_access (fixes vzrestore) 2012-02-13 09:58:37 +01:00
Dietmar Maurer
4384e19e9b fix return value for empty ACL list 2012-02-10 11:25:23 +01:00
Dietmar Maurer
59321f2682 do not allow to change system user passwords 2012-02-09 11:26:37 +01:00
Dietmar Maurer
17ecec711f fix syntax 2012-02-09 11:15:59 +01:00
Dietmar Maurer
fef1bc1717 moved check_volume_access from qemu-server 2012-02-06 12:35:39 +01:00
Dietmar Maurer
4fb3cc5841 remove buggy check_storage_perm 
Storage permissions are automatically inherited from pool, so this method is more or less useless.
 2012-02-06 12:04:21 +01:00
Dietmar Maurer
68d5a86d1a new privilege VM.Backup 2012-02-06 10:44:42 +01:00