Proxmox/pve-access-control
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-access-control.git synced 2025-03-05 20:58:17 +03:00
Code Releases Activity

Commit Graph

  • 44657865a7 api, auth: fix two typos in user-visible description master Christoph Heiss 2024-11-22 11:25:29 +01:00
  • de84a7894b bump version to 8.2.0 Thomas Lamprecht 2024-11-13 17:41:54 +01:00
  • 47b7e66764 api: enforce a minimum length of 8 on new passwords Shannon Sterz 2024-10-04 15:32:05 +02:00
  • 84599db265 api: code-style: fix breaking up long schema descriptions Thomas Lamprecht 2024-11-10 20:05:47 +01:00
  • b8b2d85fe9 tests: api: add tests for expected output of get permissions endpoint Daniel Kral 2024-11-06 15:48:13 +01:00
  • 138ecc60fa api: permissions: allow users to check their own tokens Fabian Grünbichler 2024-11-05 09:30:39 +01:00
  • 6287395114 api: permissions: allow users to view their own permissions Fabian Grünbichler 2024-11-05 09:30:38 +01:00
  • 37a813d721 pveum: user token: rename remove command to delete with alias Thomas Lamprecht 2024-07-22 18:33:11 +02:00
  • 3f73052b19 pveum: indentation clean-up Thomas Lamprecht 2024-07-22 18:32:37 +02:00
  • 7d05a239d2 api: ACL update: fix handling of Permissions.Modify Fabian Grünbichler 2024-07-11 13:44:07 +02:00
  • 2c74a9abd5 bump version to 8.1.4 Thomas Lamprecht 2024-04-22 13:45:27 +02:00
  • cca4c0009e fix : sort ACL entries in user.cfg Daniel Krambrock via pve-devel 2024-04-11 10:09:09 +02:00
  • 787e4c06e3 bump version to 8.1.3 Thomas Lamprecht 2024-03-22 14:14:39 +01:00
  • bb34ca534e jobs: realm sync: fix scheduled LDAP syncs not applying attributes correctly Christoph Heiss 2024-03-19 14:48:43 +01:00
  • 5bcf553e3a user: password change: require confirmation-password parameter Wolfgang Bumiller 2024-03-15 13:41:29 +01:00
  • 90faf488db return ruid in reauth_user_for_user_modification, add param name Wolfgang Bumiller 2024-03-15 13:44:27 +01:00
  • 060941d467 move/rename root_permission_check to RPCEnvironment Wolfgang Bumiller 2024-03-15 13:40:48 +01:00
  • 184a499e8a tfa: prototype fixup Wolfgang Bumiller 2024-03-18 09:20:23 +01:00
  • 85f6129773 bump version to 8.1.2 Thomas Lamprecht 2024-02-28 15:42:20 +01:00
  • 36c18144de add Sys.AccessNetwork privilege Thomas Lamprecht 2024-02-19 16:25:51 +01:00
  • 742a7b6cbd tests: split long expected-permission list over multiple lines Thomas Lamprecht 2024-02-19 15:12:22 +01:00
  • 0aa00d13a4 special roles: code-style improvements for generation of special roles Thomas Lamprecht 2024-02-19 14:40:10 +01:00
  • f96a4de50d bump version to 7.4.3 stable-7 Thomas Lamprecht 2024-02-08 19:05:13 +01:00
  • e537b51081 LDAP sync: fix-up assembling valid attribute set Thomas Lamprecht 2024-02-08 19:03:10 +01:00
  • 588927f14a bump version to 8.1.1 Thomas Lamprecht 2024-02-08 19:03:31 +01:00
  • 8c3bf4124c LDAP sync: fix-up assembling valid attribute set Thomas Lamprecht 2024-02-08 19:03:10 +01:00
  • 2c450c34d4 bump version to 7.4.2 Thomas Lamprecht 2024-02-08 18:53:04 +01:00
  • e934e958ad oidc: enforce generic URI regex for the ACR value Gabriel Goller 2024-02-06 11:11:01 +01:00
  • 0b2170a191 api: user: limit email to 254 characters and user comment to 2048 Thomas Lamprecht 2024-02-08 17:31:04 +01:00
  • 7d72bf7598 api: user: limit maximum length for certain properties Fiona Ebner 2024-02-08 10:45:41 +01:00
  • 7389e3c13b LDAP sync: bail if there is no schema to verify an attribute's value Thomas Lamprecht 2024-02-08 13:13:45 +01:00
  • 433f6bdf57 LDAP sync: build valid-target-attribute list on the fly to avoid coupling Thomas Lamprecht 2024-02-08 12:10:31 +01:00
  • 92ab209ab5 LDAP sync: improve validation of synced attributes Fiona Ebner 2024-02-08 10:45:40 +01:00
  • 42476f0f65 api: user: add pattern for user keys option Fiona Ebner 2024-02-08 10:45:39 +01:00
  • 6324cbb39c bump version to 8.1.0 Thomas Lamprecht 2024-02-08 17:58:05 +01:00
  • b543394c93 oidc: enforce generic URI regex for the ACR value Gabriel Goller 2024-02-06 11:11:01 +01:00
  • 744ec31426 api: user: limit email to 254 characters and user comment to 2048 Thomas Lamprecht 2024-02-08 17:31:04 +01:00
  • 04712fc464 api: user: limit maximum length for certain properties Fiona Ebner 2024-02-08 10:45:41 +01:00
  • 793039db4d LDAP sync: bail if there is no schema to verify an attribute's value Thomas Lamprecht 2024-02-08 13:13:45 +01:00
  • 7abb20a1ea LDAP sync: build valid-target-attribute list on the fly to avoid coupling Thomas Lamprecht 2024-02-08 12:10:31 +01:00
  • cb93636b55 LDAP sync: improve validation of synced attributes Fiona Ebner 2024-02-08 10:45:40 +01:00
  • 2dabf3c3ae api: user: add pattern for user keys option Fiona Ebner 2024-02-08 10:45:39 +01:00
  • a53fd5d882 build: fix file list Fabian Grünbichler 2023-12-07 12:36:40 +01:00
  • ffc4e503ec bump version to 8.0.7 Wolfgang Bumiller 2023-11-20 12:24:32 +01:00
  • 4418b06b35 pools: record parent/subpool information Fabian Grünbichler 2023-11-20 08:22:40 +01:00
  • e7224f6e30 fix : allow up to three levels of pool nesting Fabian Grünbichler 2023-11-20 08:22:39 +01:00
  • 401e32056e bump version to 8.0.6 Thomas Lamprecht 2023-11-17 08:27:08 +01:00
  • 7b5d2abde5 acl: add missing SDN ACL paths to allowed list Fabian Grünbichler 2023-11-08 07:55:17 +01:00
  • 3d7afd6f3e perms: fix wrong /pools entry in default set of ACL paths Fabian Grünbichler 2023-11-08 11:29:29 +01:00
  • b8a52eac77 bump version to 8.0.5 Wolfgang Bumiller 2023-08-11 13:35:37 +02:00
  • d4397b514f fixup comments about config locks Wolfgang Bumiller 2023-08-11 13:30:13 +02:00
  • fbb1fa448f ldap: add opt-in check-connection param to perform a bind check Christoph Heiss 2023-08-10 14:37:07 +02:00
  • 9ac31bc6d3 bump pve-common dependency to 8.0.8 Wolfgang Bumiller 2023-08-11 13:30:47 +02:00
  • 162e68903d api: domains: fix setting only the realm authentication password Christoph Heiss 2023-07-20 16:48:47 +02:00
  • 33e4480a77 bump version to 8.0.4 Wolfgang Bumiller 2023-07-20 10:59:56 +02:00
  • 032e7d6d44 auth: tfa: fail if realm requires TFA but no challenge is generated Friedrich Weber 2023-07-19 17:38:04 +02:00
  • 72950c1d53 add fixme comments about pending pve-rs improvements Wolfgang Bumiller 2023-07-14 14:16:19 +02:00
  • 0f3d14d6be auth: tfa: read tfa.cfg also if the user.cfg entry has no "x" marker Friedrich Weber 2023-07-14 13:49:50 +02:00
  • 8a856968f7 bump version to 8.0.3 Thomas Lamprecht 2023-06-21 19:45:32 +02:00
  • b3edff39f9 drop assert_new_tfa_config_available for Proxmox VE 8 Thomas Lamprecht 2023-06-21 19:43:37 +02:00
  • aba03c966e pveum: list tfa: sort by user ID Thomas Lamprecht 2023-06-21 19:41:31 +02:00
  • c200d9fd70 pveum: list tfa: recovery keys have no descriptions Thomas Lamprecht 2023-06-21 19:27:41 +02:00
  • 1852a92938 bump version to 8.0.2 Thomas Lamprecht 2023-06-21 18:13:58 +02:00
  • b7ab634a20 api: tfa: add missing links for child-routes Thomas Lamprecht 2023-06-15 16:55:41 +02:00
  • 79c9d3b84b api: tfa: don't block tokens from viewing and list TFA entries Thomas Lamprecht 2023-06-15 09:23:33 +02:00
  • 329780350c api: users: sort groups Thomas Lamprecht 2023-06-14 16:07:55 +02:00
  • 3f1331f0c5 tfa: cope with native versions in cluster version check Thomas Lamprecht 2023-06-09 16:06:43 +02:00
  • ebf82c7781 bump version to 8.0.1 Thomas Lamprecht 2023-06-09 16:12:05 +02:00
  • 4a7b5956ec tfa: cope with native versions in cluster version check Thomas Lamprecht 2023-06-09 16:06:43 +02:00
  • 97a3696297 bump version to 7.4.1 Fabian Grünbichler 2023-06-09 10:55:03 +02:00
  • 5ca12ba097 add new SDN.use privilege in PVESDNUser role Alexandre Derumier 2023-06-06 15:19:25 +02:00
  • 3de9b672da access control: add /sdn/zones/<zone>/<vnet>/<vlan> path Alexandre Derumier 2023-06-06 15:19:18 +02:00
  • 6004f25eda bump version to 8.0.0 Thomas Lamprecht 2023-06-09 10:14:36 +02:00
  • 00b90e7185 api: roles: forbid creatin new roles starting with "PVE" namespace Thomas Lamprecht 2023-06-08 09:31:19 +02:00
  • d6fb84bfef api: roles: cleanup imports Thomas Lamprecht 2023-06-08 09:29:25 +02:00
  • 43aa2489fc api: roles: whitespace and indendation clean-ups Thomas Lamprecht 2023-06-08 09:22:00 +02:00
  • 8e8023b1e9 bump version to 8.0.0~3 Thomas Lamprecht 2023-06-07 19:06:58 +02:00
  • bd993a4cfc tests: adapt new test for admin ACL with mapping privs Thomas Lamprecht 2023-06-07 19:12:04 +02:00
  • 8b5fd2e66e add privileges and paths for cluster resource mapping Dominik Csapak 2023-06-06 15:52:00 +02:00
  • a62d78db33 add new SDN.use privilege in PVESDNUser role Alexandre Derumier 2023-06-06 15:19:25 +02:00
  • e1ea58c810 check_sdn_bridge: check bridge first Fabian Grünbichler 2023-06-07 11:34:33 +02:00
  • 3c97bee53c check_sdn_bridge: correctly handle noerr Fabian Grünbichler 2023-06-07 11:33:39 +02:00
  • a5616d5c6e rpcenvironnment: add check_sdn_bridge Alexandre Derumier 2023-06-06 15:19:24 +02:00
  • 4d5b0937a3 access control: add /sdn/zones/<zone>/<vnet>/<vlan> path Alexandre Derumier 2023-06-06 15:19:18 +02:00
  • c27eb24526 rpcenv: api permission heuristic: query Sys.Modify for root ACL-path Alexandre Derumier 2023-03-27 12:18:20 +02:00
  • 3ef602fe95 bump version to 8.0.0~2 Thomas Lamprecht 2023-06-07 11:34:33 +02:00
  • 46bfd59dfc acls: restrict less-privileged ACL modifications Fabian Grünbichler 2023-06-05 16:21:37 +02:00
  • df619a8dc2 roles: restrict Permissions.Modify to Administrator Fabian Grünbichler 2023-06-05 16:21:36 +02:00
  • 27014b5908 fix module namespace of realm sync API Thomas Lamprecht 2023-06-07 09:37:46 +02:00
  • 37976acc6d api: realm sync: die early if no job options Thomas Lamprecht 2023-06-07 09:33:16 +02:00
  • c0210e3cf1 api: realm sync: code cleanups Thomas Lamprecht 2023-06-07 09:32:26 +02:00
  • 51ae7bbb69 realm sync: cleanup imports Thomas Lamprecht 2023-06-07 09:31:39 +02:00
  • dc982c4b76 add realm-sync plugin for jobs and CRUD api for realm-sync-jobs Dominik Csapak 2023-01-17 12:46:54 +01:00
  • 53a2b71563 api: user index: only include existing tfa lock flags Wolfgang Bumiller 2023-06-06 11:18:56 +02:00
  • f63364a755 bump version to 8.0.0~1 Wolfgang Bumiller 2023-06-05 14:52:39 +02:00
  • 3c4cebc9b7 api: include tfa lock status in user list Wolfgang Bumiller 2023-06-02 11:28:34 +02:00
  • 32893f1308 tfa: update list_tfa return schema Wolfgang Bumiller 2023-06-01 12:26:10 +02:00
  • ddf78dfbf3 cli: add 'tfa unlock' command Wolfgang Bumiller 2023-05-30 11:55:08 +02:00
  • 330b8dbbe1 api: add /access/users/<userid>/unlock-tfa api call Wolfgang Bumiller 2023-05-30 13:39:15 +02:00
  • 9036621e28 tfa: enable lockout of users via tfa.cfg Wolfgang Bumiller 2023-05-16 13:43:53 +02:00