use the get_standar_mapping 'pve-password'
then we can get rid of the Term::ReadLine dependency
we use this change to only ask for the password once on
'pveum ticket'
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
use a sub-command structure instead of abbreviated words, where useful.
Keep old commands as aliases.
Signed-off-by: Philip Abernethy <p.abernethy@proxmox.com>
Co-authored-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Fixes a problem where a non root@pam system administrator does not
sees the 'Permissions' tab for a storage in our WebUI.
Fixes commit a2c18811d3
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
this was missing and lead to 'use of unitialized value $realm...'
and a not working second server if a bindpw was defined
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Die with a helpful error message instead of silently ignoring the user
when trying to delete a special role.
Also add a property to the API answer for possible later use by the
WebUI.
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
We accessed methods from PVE::Storage here but did not define a
"use PVE::Storage". This thus only worked if modules if the
PVE::Storage module got pulled in by something else, by luck.
Simply including said use statement is not an option because
pve-storage is already dependent from pve-access-control, and we want
to avoid cyclic dependencies, especially on the perl module level.
The reason the offending module was used in the first place here
stems from the way how this coarse grained permissions are
calculated.
We check all permission object paths for privileges for an user.
So we got all vmids and all storage ids and computed paths from them.
This works, but is overkill and led to this "illegal" module use.
Instead I opt to not generating all possible paths, but just check
the ones configured plus a small required static set of top level
paths - this allows to generalize handling of the special root@pam
and "normal" users.
It has to be noted that this method is in general just intended for a
coarse capability check to allow hiding a few UI elements which are
not generated by backend calls (which are already permission aware).
The real checks get done by each backend call, automatically for
simple ones and semi-automatically for complex ones.
This adds 4 more options to the ldap authentication method:
verify: boolean
If enabled, the server certificate must be valid
capath: path to a file or directory
The CA to use to verify the server certificate. Used only
if 'verify' is true.
cert: path to a certificate
Used as client certificate when connecting to a server,
provided 'secure' is true. Requires 'certkey' to be set.
certkey: path to the certificate's key
Required only used when 'cert' is used.
add debian directory and move the respective files there and add
missing (rules, compat).
Add a Source section to the control.in file.
Move the verify_api check to the new "test" target, which gets
executed before the dh_auto_install target.
Cleanup the "clean" target.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
