On June 29, 2021 3:53 pm, Lorenz Stechauner wrote:
> increased the timeout for detect_arch from 5 to 10 seconds.
>
> until now, on any error detect_architecture would fall back to amd64.
> to avoid falling back due to an timeout error this function now dies
> on timeout errors.
>
> additionally m
This moves compute_api_permission() into RPCEnvironment.pm.
---
src/PVE/API2/AccessControl.pm | 60 ++
src/PVE/API2/Makefile | 3 +-
src/PVE/API2/OpenId.pm| 211 ++
src/PVE/RPCEnvironment.pm | 49
4 files changed, 270 inserti
---
src/PVE/API2/OpenId.pm | 35 +++
1 file changed, 31 insertions(+), 4 deletions(-)
diff --git a/src/PVE/API2/OpenId.pm b/src/PVE/API2/OpenId.pm
index d0b29fc..8384729 100644
--- a/src/PVE/API2/OpenId.pm
+++ b/src/PVE/API2/OpenId.pm
@@ -9,9 +9,10 @@ use PVE::RS::
---
src/PVE/AccessControl.pm | 2 ++
src/PVE/Auth/Makefile| 3 +-
src/PVE/Auth/OpenId.pm | 68
3 files changed, 72 insertions(+), 1 deletion(-)
create mode 100755 src/PVE/Auth/OpenId.pm
diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl
Changes in v2:
- also check if user is expired (in check_user_enabled)
- always die with newline
- rename "user-attr" to "username-claim"
Dietmar Maurer (5):
check_user_enabled: also check if user is expired
add OpenId configuration
depend on libpve-rs-perl
api: implement openid API
imp
---
debian/control | 2 ++
1 file changed, 2 insertions(+)
diff --git a/debian/control b/debian/control
index 81a32bd..3ef748b 100644
--- a/debian/control
+++ b/debian/control
@@ -10,6 +10,7 @@ Build-Depends: debhelper (>= 12~),
lintian,
perl,
libpv
---
src/PVE/AccessControl.pm | 16 +++-
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm
index 2569a35..8628678 100644
--- a/src/PVE/AccessControl.pm
+++ b/src/PVE/AccessControl.pm
@@ -428,12 +428,10 @@ sub verify_token {
increased the timeout for detect_arch from 5 to 10 seconds.
until now, on any error detect_architecture would fall back to amd64.
to avoid falling back due to an timeout error this function now dies
on timeout errors.
additionally minor changes to the error messages have been made.
Signed-off-by
On 29.06.21 10:13, Fabian Grünbichler wrote:
> not directly related to this patch - we should probably disable TFA for
> openid realms (and their users), since TFA would need to be handled at
> the openid provider in that case.. e.g., if I login via openid and then
> hit TFA in the top right cor
On June 24, 2021 10:17 am, Dietmar Maurer wrote:
> ---
> src/PVE/AccessControl.pm | 2 ++
> src/PVE/Auth/Makefile| 3 +-
> src/PVE/Auth/OpenId.pm | 67
> 3 files changed, 71 insertions(+), 1 deletion(-)
> create mode 100755 src/PVE/Auth/OpenId.pm
>
also missing in pve-manager - code to add/edit openid realms via the
GUI..
On June 24, 2021 10:17 am, Dietmar Maurer wrote:
> ---
> PVE/HTTPServer.pm | 4 +-
> www/manager6/Utils.js | 8 +++
> www/manager6/window/LoginWindow.js | 105
On June 24, 2021 10:18 am, Dietmar Maurer wrote:
> This moves compute_api_permission() into RPCEnvironment.pm.
> ---
> src/PVE/API2/AccessControl.pm | 60 ++
> src/PVE/API2/Makefile | 3 +-
> src/PVE/API2/OpenId.pm| 214 ++
> src/PVE/RPCEn
not directly related to this patch - we should probably disable TFA for
openid realms (and their users), since TFA would need to be handled at
the openid provider in that case.. e.g., if I login via openid and then
hit TFA in the top right corner user menu, I get prompted for a password
to setu
13 matches
Mail list logo
