| | 1 | libpve-access-control (7.1-6) bullseye; urgency=medium |
| | 2 | |
| | 3 | * fix #3768: warn on bad u2f or webauthn settings |
| | 4 | |
| | 5 | * tfa: when modifying others, verify the current user's password |
| | 6 | |
| | 7 | * tfa list: account for admin permissions |
| | 8 | |
| | 9 | * fix realm sync permissions |
| | 10 | |
| | 11 | * fix token permission display bug |
| | 12 | |
| | 13 | * include SDN permissions in permission tree |
| | 14 | |
| | 15 | -- Proxmox Support Team <support@proxmox.com> Fri, 21 Jan 2022 14:20:42 +0100 |
| | 16 | |
| | 17 | libpve-access-control (7.1-5) bullseye; urgency=medium |
| | 18 | |
| | 19 | * openid: fix username-claim fallback |
| | 20 | |
| | 21 | -- Proxmox Support Team <support@proxmox.com> Thu, 25 Nov 2021 07:57:38 +0100 |
| | 22 | |
| | 23 | libpve-access-control (7.1-4) bullseye; urgency=medium |
| | 24 | |
| | 25 | * set current origin in the webauthn config if no fixed origin was |
| | 26 | configured, to support webauthn via subdomains |
| | 27 | |
| | 28 | -- Proxmox Support Team <support@proxmox.com> Mon, 22 Nov 2021 14:04:06 +0100 |
| | 29 | |
| | 30 | libpve-access-control (7.1-3) bullseye; urgency=medium |
| | 31 | |
| | 32 | * openid: allow arbitrary username-claims |
| | 33 | |
| | 34 | * openid: support configuring the prompt, scopes and ACR values |
| | 35 | |
| | 36 | -- Proxmox Support Team <support@proxmox.com> Fri, 19 Nov 2021 08:11:52 +0100 |
| | 37 | |
| | 38 | libpve-access-control (7.1-2) bullseye; urgency=medium |
| | 39 | |
| | 40 | * catch incompatible tfa entries with a nice error |
| | 41 | |
| | 42 | -- Proxmox Support Team <support@proxmox.com> Wed, 17 Nov 2021 13:44:45 +0100 |
| | 43 | |
| | 44 | libpve-access-control (7.1-1) bullseye; urgency=medium |
| | 45 | |
| | 46 | * tfa: map HTTP 404 error in get_tfa_entry correctly |
| | 47 | |
| | 48 | -- Proxmox Support Team <support@proxmox.com> Mon, 15 Nov 2021 15:33:22 +0100 |
| | 49 | |
| | 50 | libpve-access-control (7.0-7) bullseye; urgency=medium |
| | 51 | |
| | 52 | * fix #3513: pass configured proxy to OpenID |
| | 53 | |
| | 54 | * use rust based parser for TFA config |
| | 55 | |
| | 56 | * use PBS-like auth api call flow, |
| | 57 | |
| | 58 | * merge old user.cfg keys to tfa config when adding entries |
| | 59 | |
| | 60 | * implement version checks for new tfa config writer to ensure all |
| | 61 | cluster nodes are ready to avoid login issues |
| | 62 | |
| | 63 | * tickets: add tunnel ticket |
| | 64 | |
| | 65 | -- Proxmox Support Team <support@proxmox.com> Thu, 11 Nov 2021 18:17:49 +0100 |
| | 66 | |
| | 67 | libpve-access-control (7.0-6) bullseye; urgency=medium |
| | 68 | |
| | 69 | * fix regression in user deletion when realm does not enforce TFA |
| | 70 | |
| | 71 | -- Proxmox Support Team <support@proxmox.com> Thu, 21 Oct 2021 12:28:52 +0200 |
| | 72 | |
| | 73 | libpve-access-control (7.0-5) bullseye; urgency=medium |
| | 74 | |
| | 75 | * acl: check path: add /sdn/vnets/* path |
| | 76 | |
| | 77 | * fix #2302: allow deletion of users when realm enforces TFA |
| | 78 | |
| | 79 | * api: delete user: disable user first to avoid surprise on error during the |
| | 80 | various cleanup action required for user deletion (e.g., TFA, ACL, group) |
| | 81 | |
| | 82 | -- Proxmox Support Team <support@proxmox.com> Mon, 27 Sep 2021 15:50:47 +0200 |
| | 83 | |
| | 84 | libpve-access-control (7.0-4) bullseye; urgency=medium |
| | 85 | |
| | 86 | * realm: add OpenID configuration |
| | 87 | |
| | 88 | * api: implement OpenID related endpoints |
| | 89 | |
| | 90 | * implement opt-in OpenID autocreate user feature |
| | 91 | |
| | 92 | * api: user: add 'realm-type' to user list response |
| | 93 | |
| | 94 | -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jul 2021 13:45:46 +0200 |
| | 95 | |
| | 96 | libpve-access-control (7.0-3) bullseye; urgency=medium |
| | 97 | |
| | 98 | * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and |
| | 99 | `/sdn/zones/<zone>` to allowed ACL paths |
| | 100 | |
| | 101 | -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 10:31:19 +0200 |
| | 102 | |
| | 103 | libpve-access-control (7.0-2) bullseye; urgency=medium |
| | 104 | |
| | 105 | * fix #3402: add Pool.Audit privilege - custom roles containing |
| | 106 | Pool.Allocate must be updated to include the new privilege. |
| | 107 | |
| | 108 | -- Proxmox Support Team <support@proxmox.com> Tue, 1 Jun 2021 11:28:38 +0200 |
| | 109 | |
| | 110 | libpve-access-control (7.0-1) bullseye; urgency=medium |
| | 111 | |
| | 112 | * re-build for Debian 11 Bullseye based releases |
| | 113 | |
| | 114 | -- Proxmox Support Team <support@proxmox.com> Sun, 09 May 2021 18:18:23 +0200 |
| | 115 | |
| | 116 | libpve-access-control (6.4-1) pve; urgency=medium |
| | 117 | |
| | 118 | * fix #1670: change PAM service name to project specific name |
| | 119 | |
| | 120 | * fix #1500: permission path syntax check for access control |
| | 121 | |
| | 122 | * pveum: add resource pool CLI commands |
| | 123 | |
| | 124 | -- Proxmox Support Team <support@proxmox.com> Sat, 24 Apr 2021 19:48:21 +0200 |
| | 125 | |
| | 126 | libpve-access-control (6.1-3) pve; urgency=medium |
| | 127 | |
| | 128 | * partially fix #2825: authkey: rotate if it was generated in the |
| | 129 | future |
| | 130 | |
| | 131 | * fix #2947: add an option to LDAP or AD realm to switch user lookup to case |
| | 132 | insensitive |
| | 133 | |
| | 134 | -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200 |
| | 135 | |
| | 136 | libpve-access-control (6.1-2) pve; urgency=medium |
| | 137 | |
| | 138 | * also check SDN permission path when computing coarse permissions heuristic |
| | 139 | for UIs |
| | 140 | |
| | 141 | * add SDN Permissions.Modify |
| | 142 | |
| | 143 | * add VM.Config.Cloudinit |
| | 144 | |
| | 145 | -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200 |
| | 146 | |
| | 147 | libpve-access-control (6.1-1) pve; urgency=medium |
| | 148 | |
| | 149 | * pveum: add tfa delete subcommand for deleting user-TFA |
| | 150 | |
| | 151 | * LDAP: don't complain about missing credentials on realm removal |
| | 152 | |
| | 153 | * LDAP: skip anonymous bind when client certificate and key is configured |
| | 154 | |
| | 155 | -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200 |
| | 156 | |
| | 157 | libpve-access-control (6.0-7) pve; urgency=medium |
| | 158 | |
| | 159 | * fix #2575: die when trying to edit built-in roles |
| | 160 | |
| | 161 | * add realm sub commands to pveum CLI tool |
| | 162 | |
| | 163 | * api: domains: add user group sync API enpoint |
| | 164 | |
| | 165 | * allow one to sync and import users and groups from LDAP/AD based realms |
| | 166 | |
| | 167 | * realm: add default-sync-options to config for more convenient sync configuration |
| | 168 | |
| | 169 | * api: token create: return also full token id for convenience |
| | 170 | |
| | 171 | -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200 |
| | 172 | |
| | 173 | libpve-access-control (6.0-6) pve; urgency=medium |
| | 174 | |
| | 175 | * API: add group members to group index |
| | 176 | |
| | 177 | * implement API token support and management |
| | 178 | |
| | 179 | * pveum: add 'pveum user token add/update/remove/list' |
| | 180 | |
| | 181 | * pveum: add permissions sub-commands |
| | 182 | |
| | 183 | * API: add 'permissions' API endpoint |
| | 184 | |
| | 185 | * user.cfg: skip inexisting roles when parsing ACLs |
| | 186 | |
| | 187 | -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100 |
| | 188 | |
| | 189 | libpve-access-control (6.0-5) pve; urgency=medium |
| | 190 | |
| | 191 | * pveum: add list command for users, groups, ACLs and roles |
| | 192 | |
| | 193 | * add initial permissions for experimental SDN integration |
| | 194 | |
| | 195 | -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100 |
| | 196 | |
| | 197 | libpve-access-control (6.0-4) pve; urgency=medium |
| | 198 | |
| | 199 | * ticket: use clinfo to get cluster name |
| | 200 | |
| | 201 | * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as |
| | 202 | SSL version |
| | 203 | |
| | 204 | -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100 |
| | 205 | |
| | 206 | libpve-access-control (6.0-3) pve; urgency=medium |
| | 207 | |
| | 208 | * fix #2433: increase possible TFA secret length |
| | 209 | |
| | 210 | * parse user configuration: correctly parse group names in ACLs, for users |
| | 211 | which begin their name with an @ |
| | 212 | |
| | 213 | * sort user.cfg entries alphabetically |
| | 214 | |
| | 215 | -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100 |
| | 216 | |
| | 217 | libpve-access-control (6.0-2) pve; urgency=medium |
| | 218 | |
| | 219 | * improve CSRF verification compatibility with newer PVE |
| | 220 | |
| | 221 | -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200 |
| | 222 | |
| | 223 | libpve-access-control (6.0-1) pve; urgency=medium |
| | 224 | |
| | 225 | * ticket: properly verify exactly 5 minute old tickets |
| | 226 | |
| | 227 | * use hmac_sha256 instead of sha1 for CSRF token generation |
| | 228 | |
| | 229 | -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200 |
| | 230 | |
| | 231 | libpve-access-control (6.0-0+1) pve; urgency=medium |
| | 232 | |
| | 233 | * bump for Debian buster |
| | 234 | |
| | 235 | * fix #2079: add periodic auth key rotation |
| | 236 | |
| | 237 | -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200 |
| | 238 | |
| | 239 | libpve-access-control (5.1-10) unstable; urgency=medium |
| | 240 | |
| | 241 | * add /access/user/{id}/tfa api call to get tfa types |
| | 242 | |
| | 243 | -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200 |
| | 244 | |
| | 245 | libpve-access-control (5.1-9) unstable; urgency=medium |
| | 246 | |
| | 247 | * store the tfa type in user.cfg allowing to get it without proxying the call |
| | 248 | to a higher priviledged daemon. |
| | 249 | |
| | 250 | * tfa: realm required TFA should lock out users without TFA configured, as it |
| | 251 | was done before Proxmox VE 5.4 |
| | 252 | |
| | 253 | -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000 |
| | 254 | |
| | 255 | libpve-access-control (5.1-8) unstable; urgency=medium |
| | 256 | |
| | 257 | * U2F: ensure we save correct public key on registration |
| | 258 | |
| | 259 | -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200 |
| | 260 | |
| | 261 | libpve-access-control (5.1-7) unstable; urgency=medium |
| | 262 | |
| | 263 | * verify_ticket: allow general non-challenge tfa to be run as two step |
| | 264 | call |
| | 265 | |
| | 266 | -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200 |
| | 267 | |
| | 268 | libpve-access-control (5.1-6) unstable; urgency=medium |
| | 269 | |
| | 270 | * more general 2FA configuration via priv/tfa.cfg |
| | 271 | |
| | 272 | * add u2f api endpoints |
| | 273 | |
| | 274 | * delete TFA entries when deleting a user |
| | 275 | |
| | 276 | * allow users to change their TOTP settings |
| | 277 | |
| | 278 | -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200 |
| | 279 | |
| | 280 | libpve-access-control (5.1-5) unstable; urgency=medium |
| | 281 | |
| | 282 | * fix vnc ticket verification without authkey lifetime |
| | 283 | |
| | 284 | -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100 |
| | 285 | |
| | 286 | libpve-access-control (5.1-4) unstable; urgency=medium |
| | 287 | |
| | 288 | * fix #1891: Add zsh command completion for pveum |
| | 289 | |
| | 290 | * ground work to fix #2079: add periodic auth key rotation. Not yet enabled |
| | 291 | to avoid issues on upgrade, will be enabled with 6.0 |
| | 292 | |
| | 293 | -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100 |
| | 294 | |
| | 295 | libpve-access-control (5.1-3) unstable; urgency=medium |
| | 296 | |
| | 297 | * api/ticket: move getting cluster name into an eval |
| | 298 | |
| | 299 | -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100 |
| | 300 | |
| | 301 | libpve-access-control (5.1-2) unstable; urgency=medium |
| | 302 | |
| | 303 | * fix #1998: correct return properties for read_role |
| | 304 | |
| | 305 | -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100 |
| | 306 | |
| | 307 | libpve-access-control (5.1-1) unstable; urgency=medium |
| | 308 | |
| | 309 | * pveum: introduce sub-commands |
| | 310 | |
| | 311 | * register userid with completion |
| | 312 | |
| | 313 | * fix #233: return cluster name on successful login |
| | 314 | |
| | 315 | -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100 |
| | 316 | |
| | 317 | libpve-access-control (5.0-8) unstable; urgency=medium |
| | 318 | |
| | 319 | * fix #1612: ldap: make 2nd server work with bind domains again |
| | 320 | |
| | 321 | * fix an error message where passing a bad pool id to an API function would |
| | 322 | make it complain about a wrong group name instead |
| | 323 | |
| | 324 | * fix the API-returned permission list so that the GUI knows to show the |
| | 325 | 'Permissions' tab for a storage to an administrator apart from root@pam |
| | 326 | |
| | 327 | -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100 |
| | 328 | |
| | 329 | libpve-access-control (5.0-7) unstable; urgency=medium |
| | 330 | |
| | 331 | * VM.Snapshot.Rollback privilege added |
| | 332 | |
| | 333 | * api: check for special roles before locking the usercfg |
| | 334 | |
| | 335 | * fix #1501: pveum: die when deleting special role |
| | 336 | |
| | 337 | * API/ticket: rework coarse grained permission computation |
| | 338 | |
| | 339 | -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200 |
| | 340 | |
| | 341 | libpve-access-control (5.0-6) unstable; urgency=medium |
| | 342 | |
| | 343 | * Close #1470: Add server ceritifcate verification for AD and LDAP via the |
| | 344 | 'verify' option. For compatibility reasons this defaults to off for now, |
| | 345 | but that might change with future updates. |
| | 346 | |
| | 347 | * AD, LDAP: Add ability to specify a CA path or file, and a client |
| | 348 | certificate via the 'capath', 'cert' and 'certkey' options. |
| | 349 | |
| | 350 | -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200 |
| | 351 | |
| | 352 | libpve-access-control (5.0-5) unstable; urgency=medium |
| | 353 | |
| | 354 | * change from dpkg-deb to dpkg-buildpackage |
| | 355 | |
| | 356 | -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200 |
| | 357 | |
| | 358 | libpve-access-control (5.0-4) unstable; urgency=medium |
| | 359 | |
| | 360 | * PVE/CLI/pveum.pm: call setup_default_cli_env() |
| | 361 | |
| | 362 | * PVE/Auth/PVE.pm: encode uft8 password before calling crypt |
| | 363 | |
| | 364 | * check_api2_permissions: avoid warning about uninitialized value |
| | 365 | |
| | 366 | -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200 |
| | 367 | |
| | 368 | libpve-access-control (5.0-3) unstable; urgency=medium |
| | 369 | |
| | 370 | * use new PVE::OTP class from pve-common |
| | 371 | |
| | 372 | * use new PVE::Tools::encrypt_pw from pve-common |
| | 373 | |
| | 374 | -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200 |
| | 375 | |
| | 376 | libpve-access-control (5.0-2) unstable; urgency=medium |
| | 377 | |
| | 378 | * encrypt_pw: avoid '+' for crypt salt |
| | 379 | |
| | 380 | -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200 |
| | 381 | |
| | 382 | libpve-access-control (5.0-1) unstable; urgency=medium |
| | 383 | |
| | 384 | * rebuild for PVE 5.0 |
| | 385 | |
| | 386 | -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100 |
| | 387 | |
| | 388 | libpve-access-control (4.0-23) unstable; urgency=medium |
| | 389 | |
| | 390 | * use new PVE::Ticket class |
| | 391 | |
| | 392 | -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100 |
| | 393 | |
| | 394 | libpve-access-control (4.0-22) unstable; urgency=medium |
| | 395 | |
| | 396 | * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency |
| | 397 | (moved to PVE::Storage) |
| | 398 | |
| | 399 | * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class |
| | 400 | |
| | 401 | -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100 |
| | 402 | |
| | 403 | libpve-access-control (4.0-21) unstable; urgency=medium |
| | 404 | |
| | 405 | * setup_default_cli_env: expect $class as first parameter |
| | 406 | |
| | 407 | -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100 |
| | 408 | |
| | 409 | libpve-access-control (4.0-20) unstable; urgency=medium |
| | 410 | |
| | 411 | * PVE/RPCEnvironment.pm: new function setup_default_cli_env |
| | 412 | |
| | 413 | * PVE/API2/Domains.pm: fix property description |
| | 414 | |
| | 415 | * use new repoman for upload target |
| | 416 | |
| | 417 | -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100 |
| | 418 | |
| | 419 | libpve-access-control (4.0-19) unstable; urgency=medium |
| | 420 | |
| | 421 | * Close #833: ldap: non-anonymous bind support |
| | 422 | |
| | 423 | * don't import 'RFC' from MIME::Base32 |
| | 424 | |
| | 425 | -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200 |
| | 426 | |
| | 427 | libpve-access-control (4.0-18) unstable; urgency=medium |
| | 428 | |
| | 429 | * fix #1062: recognize base32 otp keys again |
| | 430 | |
| | 431 | -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200 |
| | 432 | |
| | 433 | libpve-access-control (4.0-17) unstable; urgency=medium |
| | 434 | |
| | 435 | * drop oathtool and libdigest-hmac-perl dependencies |
| | 436 | |
| | 437 | -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200 |
| | 438 | |
| | 439 | libpve-access-control (4.0-16) unstable; urgency=medium |
| | 440 | |
| | 441 | * use pve-doc-generator to generate man pages |
| | 442 | |
| | 443 | -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200 |
| | 444 | |
| | 445 | libpve-access-control (4.0-15) unstable; urgency=medium |
| | 446 | |
| | 447 | * Fix uninitialized warning when shadow.cfg does not exist |
| | 448 | |
| | 449 | -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200 |
| | 450 | |
| | 451 | libpve-access-control (4.0-14) unstable; urgency=medium |
| | 452 | |
| | 453 | * Add is_worker to RPCEnvironment |
| | 454 | |
| | 455 | -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100 |
| | 456 | |
| | 457 | libpve-access-control (4.0-13) unstable; urgency=medium |
| | 458 | |
| | 459 | * fix #916: allow HTTPS to access custom yubico url |
| | 460 | |
| | 461 | -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100 |
| | 462 | |
| | 463 | libpve-access-control (4.0-12) unstable; urgency=medium |
| | 464 | |
| | 465 | * Catch certificate errors instead of segfaulting |
| | 466 | |
| | 467 | -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100 |
| | 468 | |
| | 469 | libpve-access-control (4.0-11) unstable; urgency=medium |
| | 470 | |
| | 471 | * Fix #861: use safer sprintf formatting |
| | 472 | |
| | 473 | -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100 |
| | 474 | |
| | 475 | libpve-access-control (4.0-10) unstable; urgency=medium |
| | 476 | |
| | 477 | * Auth::LDAP, Auth::AD: ipv6 support |
| | 478 | |
| | 479 | -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100 |
| | 480 | |
| | 481 | libpve-access-control (4.0-9) unstable; urgency=medium |
| | 482 | |
| | 483 | * pveum: implement bash completion |
| | 484 | |
| | 485 | -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200 |
| | 486 | |
| | 487 | libpve-access-control (4.0-8) unstable; urgency=medium |
| | 488 | |
| | 489 | * remove_storage_access: cleanup of access permissions for removed storage |
| | 490 | |
| | 491 | -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200 |
| | 492 | |
| | 493 | libpve-access-control (4.0-7) unstable; urgency=medium |
| | 494 | |
| | 495 | * new helper to remove access permissions for removed VMs |
| | 496 | |
| | 497 | -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200 |
| | 498 | |
| | 499 | libpve-access-control (4.0-6) unstable; urgency=medium |
| | 500 | |
| | 501 | * improve parse_user_config, parse_shadow_config |
| | 502 | |
| | 503 | -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200 |
| | 504 | |
| | 505 | libpve-access-control (4.0-5) unstable; urgency=medium |
| | 506 | |
| | 507 | * pveum: check for $cmd being defined |
| | 508 | |
| | 509 | -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200 |
| | 510 | |
| | 511 | libpve-access-control (4.0-4) unstable; urgency=medium |
| | 512 | |
| | 513 | * use activate-noawait triggers |
| | 514 | |
| | 515 | -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200 |
| | 516 | |
| | 517 | libpve-access-control (4.0-3) unstable; urgency=medium |
| | 518 | |
| | 519 | * IPv6 fixes |
| | 520 | |
| | 521 | * non-root buildfix |
| | 522 | |
| | 523 | -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200 |
| | 524 | |
| | 525 | libpve-access-control (4.0-2) unstable; urgency=medium |
| | 526 | |
| | 527 | * trigger pve-api-updates event |
| | 528 | |
| | 529 | -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200 |
| | 530 | |
| | 531 | libpve-access-control (4.0-1) unstable; urgency=medium |
| | 532 | |
| | 533 | * bump version for Debian Jessie |
| | 534 | |
| | 535 | -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100 |
| | 536 | |
| | 537 | libpve-access-control (3.0-16) unstable; urgency=low |
| | 538 | |
| | 539 | * root@pam can now be disabled in GUI. |
| | 540 | |
| | 541 | -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100 |
| | 542 | |
| | 543 | libpve-access-control (3.0-15) unstable; urgency=low |
| | 544 | |
| | 545 | * oath: add 'step' and 'digits' option |
| | 546 | |
| | 547 | -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200 |
| | 548 | |
| | 549 | libpve-access-control (3.0-14) unstable; urgency=low |
| | 550 | |
| | 551 | * add oath two factor auth |
| | 552 | |
| | 553 | * add oathkeygen binary to generate keys for oath |
| | 554 | |
| | 555 | * add yubico two factor auth |
| | 556 | |
| | 557 | * dedend on oathtool |
| | 558 | |
| | 559 | * depend on libmime-base32-perl |
| | 560 | |
| | 561 | * allow to write builtin auth domains config (comment/tfa/default) |
| | 562 | |
| | 563 | -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200 |
| | 564 | |
| | 565 | libpve-access-control (3.0-13) unstable; urgency=low |
| | 566 | |
| | 567 | * use correct connection string for AD auth |
| | 568 | |
| | 569 | -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200 |
| | 570 | |
| | 571 | libpve-access-control (3.0-12) unstable; urgency=low |
| | 572 | |
| | 573 | * add dummy API for GET /access/ticket (useful to generate login pages) |
| | 574 | |
| | 575 | -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200 |
| | 576 | |
| | 577 | libpve-access-control (3.0-11) unstable; urgency=low |
| | 578 | |
| | 579 | * Sets common hot keys for spice client |
| | 580 | |
| | 581 | -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100 |
| | 582 | |
| | 583 | libpve-access-control (3.0-10) unstable; urgency=low |
| | 584 | |
| | 585 | * implement helper to generate SPICE remote-viewer configuration |
| | 586 | |
| | 587 | * depend on libnet-ssleay-perl |
| | 588 | |
| | 589 | -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100 |
| | 590 | |
| | 591 | libpve-access-control (3.0-9) unstable; urgency=low |
| | 592 | |
| | 593 | * prevent user enumeration attacks |
| | 594 | |
| | 595 | * allow dots in access paths |
| | 596 | |
| | 597 | -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100 |
| | 598 | |
| | 599 | libpve-access-control (3.0-8) unstable; urgency=low |
| | 600 | |
| | 601 | * spice: use lowercase hostname in ticktet signature |
| | 602 | |
| | 603 | -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100 |
| | 604 | |
| | 605 | libpve-access-control (3.0-7) unstable; urgency=low |
| | 606 | |
| | 607 | * check_volume_access : use parse_volname instead of path, and remove |
| | 608 | path related code. |
| | 609 | |
| | 610 | * use warnings instead of global -w flag. |
| | 611 | |
| | 612 | -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200 |
| | 613 | |
| | 614 | libpve-access-control (3.0-6) unstable; urgency=low |
| | 615 | |
| | 616 | * use shorter spiceproxy tickets |
| | 617 | |
| | 618 | -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200 |
| | 619 | |
| | 620 | libpve-access-control (3.0-5) unstable; urgency=low |
| | 621 | |
| | 622 | * add code to generate tickets for SPICE |
| | 623 | |
| | 624 | -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200 |
| | 625 | |
| | 626 | libpve-access-control (3.0-4) unstable; urgency=low |
| | 627 | |
| | 628 | * moved add_vm_to_pool/remove_vm_from_pool from qemu-server |
| | 629 | |
| | 630 | -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200 |
| | 631 | |
| | 632 | libpve-access-control (3.0-3) unstable; urgency=low |
| | 633 | |
| | 634 | * Add new role PVETemplateUser (and VM.Clone priviledge) |
| | 635 | |
| | 636 | -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200 |
| | 637 | |
| | 638 | libpve-access-control (3.0-2) unstable; urgency=low |
| | 639 | |
| | 640 | * remove CGI.pm related code (pveproxy does not need that) |
| | 641 | |
| | 642 | -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200 |
| | 643 | |
| | 644 | libpve-access-control (3.0-1) unstable; urgency=low |
| | 645 | |
| | 646 | * bump version for wheezy release |
| | 647 | |
| | 648 | -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100 |
| | 649 | |
| | 650 | libpve-access-control (1.0-26) unstable; urgency=low |
| | 651 | |
| | 652 | * check_volume_access: fix access permissions for backup files |
| | 653 | |
| | 654 | -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100 |
| | 655 | |
| | 656 | libpve-access-control (1.0-25) unstable; urgency=low |
| | 657 | |
| | 658 | * add VM.Snapshot permission |
| | 659 | |
| | 660 | -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200 |
| | 661 | |
| | 662 | libpve-access-control (1.0-24) unstable; urgency=low |
| | 663 | |
| | 664 | * untaint path (allow root to restore arbitrary paths) |
| | 665 | |
| | 666 | -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200 |
| | 667 | |
| | 668 | libpve-access-control (1.0-23) unstable; urgency=low |
| | 669 | |
| | 670 | * correctly compute GUI capabilities (consider pools) |
| | 671 | |
| | 672 | -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200 |
| | 673 | |
| | 674 | libpve-access-control (1.0-22) unstable; urgency=low |
| | 675 | |
| | 676 | * new plugin architecture for Auth modules, minor API change for Auth |
| | 677 | domains (new 'delete' parameter) |
| | 678 | |
| | 679 | -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200 |
| | 680 | |
| | 681 | libpve-access-control (1.0-21) unstable; urgency=low |
| | 682 | |
| | 683 | * do not allow user names including slash |
| | 684 | |
| | 685 | -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200 |
| | 686 | |
| | 687 | libpve-access-control (1.0-20) unstable; urgency=low |
| | 688 | |
| | 689 | * add ability to fork cli workers in background |
| | 690 | |
| | 691 | -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200 |
| | 692 | |
| | 693 | libpve-access-control (1.0-19) unstable; urgency=low |
| | 694 | |
| | 695 | * return set of privileges on login - can be used to adopt GUI |
| | 696 | |
| | 697 | -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200 |
| | 698 | |
| | 699 | libpve-access-control (1.0-18) unstable; urgency=low |
| | 700 | |
| | 701 | * fix bug #151: corretly parse username inside ticket |
| | 702 | |
| | 703 | * fix bug #152: allow user to change his own password |
| | 704 | |
| | 705 | -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200 |
| | 706 | |
| | 707 | libpve-access-control (1.0-17) unstable; urgency=low |
| | 708 | |
| | 709 | * set propagate flag by default |
| | 710 | |
| | 711 | -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100 |
| | 712 | |
| | 713 | libpve-access-control (1.0-16) unstable; urgency=low |
| | 714 | |
| | 715 | * add 'pveum passwd' method |
| | 716 | |
| | 717 | -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100 |
| | 718 | |
| | 719 | libpve-access-control (1.0-15) unstable; urgency=low |
| | 720 | |
| | 721 | * Add VM.Config.CDROM privilege to PVEVMUser rule |
| | 722 | |
| | 723 | -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100 |
| | 724 | |
| | 725 | libpve-access-control (1.0-14) unstable; urgency=low |
| | 726 | |
| | 727 | * fix buf in userid-param permission check |
| | 728 | |
| | 729 | -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100 |
| | 730 | |
| | 731 | libpve-access-control (1.0-13) unstable; urgency=low |
| | 732 | |
| | 733 | * allow more characters in ldap base_dn attribute |
| | 734 | |
| | 735 | -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100 |
| | 736 | |
| | 737 | libpve-access-control (1.0-12) unstable; urgency=low |
| | 738 | |
| | 739 | * allow more characters with realm IDs |
| | 740 | |
| | 741 | -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100 |
| | 742 | |
| | 743 | libpve-access-control (1.0-11) unstable; urgency=low |
| | 744 | |
| | 745 | * fix bug in exec_api2_perm_check |
| | 746 | |
| | 747 | -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100 |
| | 748 | |
| | 749 | libpve-access-control (1.0-10) unstable; urgency=low |
| | 750 | |
| | 751 | * fix ACL group name parser |
| | 752 | |
| | 753 | * changed 'pveum aclmod' command line arguments |
| | 754 | |
| | 755 | -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100 |
| | 756 | |
| | 757 | libpve-access-control (1.0-9) unstable; urgency=low |
| | 758 | |
| | 759 | * fix bug in check_volume_access (fixes vzrestore) |
| | 760 | |
| | 761 | -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100 |
| | 762 | |
| | 763 | libpve-access-control (1.0-8) unstable; urgency=low |
| | 764 | |
| | 765 | * fix return value for empty ACL list. |
| | 766 | |
| | 767 | -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100 |
| | 768 | |
| | 769 | libpve-access-control (1.0-7) unstable; urgency=low |
| | 770 | |
| | 771 | * fix bug #85: allow root@pam to generate tickets for other users |
| | 772 | |
| | 773 | -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100 |
| | 774 | |
| | 775 | libpve-access-control (1.0-6) unstable; urgency=low |
| | 776 | |
| | 777 | * API change: allow to filter enabled/disabled users. |
| | 778 | |
| | 779 | -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100 |
| | 780 | |
| | 781 | libpve-access-control (1.0-5) unstable; urgency=low |
| | 782 | |
| | 783 | * add a way to return file changes (diffs): set_result_changes() |
| | 784 | |
| | 785 | -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100 |
| | 786 | |
| | 787 | libpve-access-control (1.0-4) unstable; urgency=low |
| | 788 | |
| | 789 | * new environment type for ha agents |
| | 790 | |
| | 791 | -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100 |
| | 792 | |
| | 793 | libpve-access-control (1.0-3) unstable; urgency=low |
| | 794 | |
| | 795 | * add support for delayed parameter parsing - We need that to disable |
| | 796 | file upload for normal API request (avoid DOS attacs) |
| | 797 | |
| | 798 | -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100 |
| | 799 | |
| | 800 | libpve-access-control (1.0-2) unstable; urgency=low |
| | 801 | |
| | 802 | * fix bug in fork_worker |
| | 803 | |
| | 804 | -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200 |
| | 805 | |
| | 806 | libpve-access-control (1.0-1) unstable; urgency=low |
| | 807 | |
| | 808 | * allow '-' in permission paths |
| | 809 | |
| | 810 | * bump version to 1.0 |
| | 811 | |
| | 812 | -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200 |
| | 813 | |
| | 814 | libpve-access-control (0.1) unstable; urgency=low |
| | 815 | |
| | 816 | * first dummy package - no functionality |
| | 817 | |
| | 818 | -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200 |
| | 819 | |
projects / pve-access-control.git / blame_incremental