From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <pve-devel-bounces@lists.proxmox.com> Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 2476F1FF15E for <inbox@lore.proxmox.com>; Tue, 11 Feb 2025 06:41:17 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 16E0B1B0FC; Tue, 11 Feb 2025 06:41:15 +0100 (CET) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739252434; x=1739857234; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=qvx98bBhaHPtjEQucAdpdBB0oUhpjwoQjrOGMVE1idw=; b=Rzgeo1pZL1Ts1pNrQOv1ejRsZHBF4CO4E6Ty5UXwra2o8PYTG4lkRbzucEhBChwEN7 iF4XkrBiT4etebDWJsJvRPxwuINrrTq7uNzO9GqKVjsERrTg2Hc1sihXOOH5uS3Iu3pJ Sxlu1sY64hCkaQGV7EaqiqCjsS6dcOG96HPKd1DNyZDvCYPkmmyHenw7fj/Oe7hbAmDd /H6PmY6lQcLA2O/DEQ3sLmKu0oU5QMSSVq2vwQDeBorY3pmBzQc49i+hioYSEazL7CB2 QdyBS+4U6FjWZUa5gvKwSbLX4/Fo0vMTDWEdPR1HATRtMvGxj4nLuOK7LCnGliJH/fGp xznA== X-Gm-Message-State: AOJu0YyNTEhA/BuP4pzWQxnVdMhkDgrC9PqFsIDiSGUGhSPi3VKtUWkb 1MrTj41TXJ7n3mMDa5zJUqDITQvay1RpnL8s2LR5VAz7qIq61BAIoJDPcWxm X-Gm-Gg: ASbGnct/qm7LxjlwjVqke8qbHNcGaIsmf8O8PrYRpLTgGUw1sCH1beyNZvZIjQcdCKb 8V2d79vOF7bQcwuPB003zTWGQ2a3u/AA45GSGS+lSFrkEiLDL9189CdpmVmj/muc2RtyFUAMo0C 0aeeLmkkLKMBjLJb1oHCHaHyvEDN2f0AT2TK1gRHolYtsSGvGhLiteBc4YHGk9c40Nuc8Kb0j0z R6oCYBQubdQGlRQAYzDwT1y5yZLn/c3C3hS6d4Ij4GCxzN5lt/MzGWB06Gsws73UuXm84gZnKLz DQwfk41Kf9UTLSpvbgZP+rlHQtMQ6qZRSPu6z93Ba3hCbXFWAYqvubZKO+J9o/1WbckuR4KZNb9 fN6mzt6obUPSkRfuxIQhdvupe21eX X-Google-Smtp-Source: AGHT+IFHUjaz0U8WSdVPvSeFQ9k8kACuFiBTomkbZj3brh8Q9YWxIpDGzp4HBIMtput4eOHlEl0ykQ== X-Received: by 2002:a05:690c:6d0f:b0:6f9:4bb6:eb4e with SMTP id 00721157ae682-6fb0b655066mr31857997b3.31.1739252434615; Mon, 10 Feb 2025 21:40:34 -0800 (PST) From: Thomas Skinner <thomas@atskinner.net> To: pve-devel@lists.proxmox.com Date: Mon, 10 Feb 2025 23:40:25 -0600 Message-Id: <20250211054029.1269099-1-thomas@atskinner.net> X-Mailer: git-send-email 2.39.5 MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.007 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy FREEMAIL_FORGED_FROMDOMAIN 0.001 2nd level domains in From and EnvelopeFrom freemail headers are different FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider HEADER_FROM_DIFFERENT_DOMAINS 0.001 From and EnvelopeFrom 2nd level mail domains are different KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust RCVD_IN_MSPIKE_H2 0.001 Average reputation (+2) RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [accesscontrol.pm, lib.rs, plugin.pm, openid.pm] Subject: [pve-devel] [PATCH SERIES access-control/docs/manager/proxmox-openid v3] fix #4411: add support for openid groups X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com> List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe> List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/> List-Post: <mailto:pve-devel@lists.proxmox.com> List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help> List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe> Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com> Cc: Thomas Skinner <thomas@atskinner.net> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com> Continued work on adding support for OIDC groups. changes since v2: - Move RE for group name characters to Plugin.pm - Undo refactoring of user group deletion - Refactor logic to use hashes instead of arrays - Cleanup code style - Add RE and length limit for group claim - Clarify docs on suffix and automatic group creation access-control: Thomas Skinner (1): fix #4411: openid: add logic for openid groups support src/PVE/API2/OpenId.pm | 79 ++++++++++++++++++++++++++++++++++++++++ src/PVE/AccessControl.pm | 2 +- src/PVE/Auth/OpenId.pm | 33 +++++++++++++++++ src/PVE/Auth/Plugin.pm | 1 + 4 files changed, 114 insertions(+), 1 deletion(-) docs: Thomas Skinner (1): fix #4411: openid: add docs for openid groups support pveum.adoc | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) manager: Thomas Skinner (1): fix #4411: openid: add ui config for openid groups support www/manager6/dc/AuthEditOpenId.js | 44 ++++++++++++++++++++++++++++--- proxmox-openid: Thomas Skinner (1): fix #4411: openid: add library code for generic id token claim support proxmox-openid/src/lib.rs | 55 +++++++++++++++++++++++++++++++++------ -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel