1 libpve-access-control (7.2-3) bullseye; urgency=medium
3 * api: token: use userid-group as API perm check to avoid being overly
4 strict through a misguided use of user id for non-root users.
6 * perm check: forbid undefined/empty ACL path for future proofing of against
9 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Jun 2022 15:51:14 +0200
11 libpve-access-control (7.2-2) bullseye; urgency=medium
13 * permissions: merge propagation flag for multiple roles on a path that
14 share privilege in a deterministic way, to avoid that it gets lost
15 depending on perl's random sort, which would result in returing less
16 privileges than an auth-id actually had.
18 * permissions: avoid that token and user privilege intersection is to strict
19 for user permissions that have propagation disabled.
21 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2022 14:02:30 +0200
23 libpve-access-control (7.2-1) bullseye; urgency=medium
25 * user check: fix expiration/enable order
27 -- Proxmox Support Team <support@proxmox.com> Tue, 31 May 2022 13:43:37 +0200
29 libpve-access-control (7.1-8) bullseye; urgency=medium
31 * fix #3668: realm-sync: replace 'full' & 'purge' with 'remove-
34 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Apr 2022 17:02:46 +0200
36 libpve-access-control (7.1-7) bullseye; urgency=medium
38 * userid-group check: distinguish create and update
40 * api: get user: declare token schema
42 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Mar 2022 16:15:23 +0100
44 libpve-access-control (7.1-6) bullseye; urgency=medium
46 * fix #3768: warn on bad u2f or webauthn settings
48 * tfa: when modifying others, verify the current user's password
50 * tfa list: account for admin permissions
52 * fix realm sync permissions
54 * fix token permission display bug
56 * include SDN permissions in permission tree
58 -- Proxmox Support Team <support@proxmox.com> Fri, 21 Jan 2022 14:20:42 +0100
60 libpve-access-control (7.1-5) bullseye; urgency=medium
62 * openid: fix username-claim fallback
64 -- Proxmox Support Team <support@proxmox.com> Thu, 25 Nov 2021 07:57:38 +0100
66 libpve-access-control (7.1-4) bullseye; urgency=medium
68 * set current origin in the webauthn config if no fixed origin was
69 configured, to support webauthn via subdomains
71 -- Proxmox Support Team <support@proxmox.com> Mon, 22 Nov 2021 14:04:06 +0100
73 libpve-access-control (7.1-3) bullseye; urgency=medium
75 * openid: allow arbitrary username-claims
77 * openid: support configuring the prompt, scopes and ACR values
79 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Nov 2021 08:11:52 +0100
81 libpve-access-control (7.1-2) bullseye; urgency=medium
83 * catch incompatible tfa entries with a nice error
85 -- Proxmox Support Team <support@proxmox.com> Wed, 17 Nov 2021 13:44:45 +0100
87 libpve-access-control (7.1-1) bullseye; urgency=medium
89 * tfa: map HTTP 404 error in get_tfa_entry correctly
91 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Nov 2021 15:33:22 +0100
93 libpve-access-control (7.0-7) bullseye; urgency=medium
95 * fix #3513: pass configured proxy to OpenID
97 * use rust based parser for TFA config
99 * use PBS-like auth api call flow,
101 * merge old user.cfg keys to tfa config when adding entries
103 * implement version checks for new tfa config writer to ensure all
104 cluster nodes are ready to avoid login issues
106 * tickets: add tunnel ticket
108 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Nov 2021 18:17:49 +0100
110 libpve-access-control (7.0-6) bullseye; urgency=medium
112 * fix regression in user deletion when realm does not enforce TFA
114 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Oct 2021 12:28:52 +0200
116 libpve-access-control (7.0-5) bullseye; urgency=medium
118 * acl: check path: add /sdn/vnets/* path
120 * fix #2302: allow deletion of users when realm enforces TFA
122 * api: delete user: disable user first to avoid surprise on error during the
123 various cleanup action required for user deletion (e.g., TFA, ACL, group)
125 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Sep 2021 15:50:47 +0200
127 libpve-access-control (7.0-4) bullseye; urgency=medium
129 * realm: add OpenID configuration
131 * api: implement OpenID related endpoints
133 * implement opt-in OpenID autocreate user feature
135 * api: user: add 'realm-type' to user list response
137 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jul 2021 13:45:46 +0200
139 libpve-access-control (7.0-3) bullseye; urgency=medium
141 * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and
142 `/sdn/zones/<zone>` to allowed ACL paths
144 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 10:31:19 +0200
146 libpve-access-control (7.0-2) bullseye; urgency=medium
148 * fix #3402: add Pool.Audit privilege - custom roles containing
149 Pool.Allocate must be updated to include the new privilege.
151 -- Proxmox Support Team <support@proxmox.com> Tue, 1 Jun 2021 11:28:38 +0200
153 libpve-access-control (7.0-1) bullseye; urgency=medium
155 * re-build for Debian 11 Bullseye based releases
157 -- Proxmox Support Team <support@proxmox.com> Sun, 09 May 2021 18:18:23 +0200
159 libpve-access-control (6.4-1) pve; urgency=medium
161 * fix #1670: change PAM service name to project specific name
163 * fix #1500: permission path syntax check for access control
165 * pveum: add resource pool CLI commands
167 -- Proxmox Support Team <support@proxmox.com> Sat, 24 Apr 2021 19:48:21 +0200
169 libpve-access-control (6.1-3) pve; urgency=medium
171 * partially fix #2825: authkey: rotate if it was generated in the
174 * fix #2947: add an option to LDAP or AD realm to switch user lookup to case
177 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200
179 libpve-access-control (6.1-2) pve; urgency=medium
181 * also check SDN permission path when computing coarse permissions heuristic
184 * add SDN Permissions.Modify
186 * add VM.Config.Cloudinit
188 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200
190 libpve-access-control (6.1-1) pve; urgency=medium
192 * pveum: add tfa delete subcommand for deleting user-TFA
194 * LDAP: don't complain about missing credentials on realm removal
196 * LDAP: skip anonymous bind when client certificate and key is configured
198 -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200
200 libpve-access-control (6.0-7) pve; urgency=medium
202 * fix #2575: die when trying to edit built-in roles
204 * add realm sub commands to pveum CLI tool
206 * api: domains: add user group sync API endpoint
208 * allow one to sync and import users and groups from LDAP/AD based realms
210 * realm: add default-sync-options to config for more convenient sync configuration
212 * api: token create: return also full token id for convenience
214 -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
216 libpve-access-control (6.0-6) pve; urgency=medium
218 * API: add group members to group index
220 * implement API token support and management
222 * pveum: add 'pveum user token add/update/remove/list'
224 * pveum: add permissions sub-commands
226 * API: add 'permissions' API endpoint
228 * user.cfg: skip inexisting roles when parsing ACLs
230 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
232 libpve-access-control (6.0-5) pve; urgency=medium
234 * pveum: add list command for users, groups, ACLs and roles
236 * add initial permissions for experimental SDN integration
238 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
240 libpve-access-control (6.0-4) pve; urgency=medium
242 * ticket: use clinfo to get cluster name
244 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
247 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
249 libpve-access-control (6.0-3) pve; urgency=medium
251 * fix #2433: increase possible TFA secret length
253 * parse user configuration: correctly parse group names in ACLs, for users
254 which begin their name with an @
256 * sort user.cfg entries alphabetically
258 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
260 libpve-access-control (6.0-2) pve; urgency=medium
262 * improve CSRF verification compatibility with newer PVE
264 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
266 libpve-access-control (6.0-1) pve; urgency=medium
268 * ticket: properly verify exactly 5 minute old tickets
270 * use hmac_sha256 instead of sha1 for CSRF token generation
272 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
274 libpve-access-control (6.0-0+1) pve; urgency=medium
276 * bump for Debian buster
278 * fix #2079: add periodic auth key rotation
280 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
282 libpve-access-control (5.1-10) unstable; urgency=medium
284 * add /access/user/{id}/tfa api call to get tfa types
286 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
288 libpve-access-control (5.1-9) unstable; urgency=medium
290 * store the tfa type in user.cfg allowing to get it without proxying the call
291 to a higher privileged daemon.
293 * tfa: realm required TFA should lock out users without TFA configured, as it
294 was done before Proxmox VE 5.4
296 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
298 libpve-access-control (5.1-8) unstable; urgency=medium
300 * U2F: ensure we save correct public key on registration
302 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
304 libpve-access-control (5.1-7) unstable; urgency=medium
306 * verify_ticket: allow general non-challenge tfa to be run as two step
309 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
311 libpve-access-control (5.1-6) unstable; urgency=medium
313 * more general 2FA configuration via priv/tfa.cfg
315 * add u2f api endpoints
317 * delete TFA entries when deleting a user
319 * allow users to change their TOTP settings
321 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
323 libpve-access-control (5.1-5) unstable; urgency=medium
325 * fix vnc ticket verification without authkey lifetime
327 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
329 libpve-access-control (5.1-4) unstable; urgency=medium
331 * fix #1891: Add zsh command completion for pveum
333 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
334 to avoid issues on upgrade, will be enabled with 6.0
336 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
338 libpve-access-control (5.1-3) unstable; urgency=medium
340 * api/ticket: move getting cluster name into an eval
342 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
344 libpve-access-control (5.1-2) unstable; urgency=medium
346 * fix #1998: correct return properties for read_role
348 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
350 libpve-access-control (5.1-1) unstable; urgency=medium
352 * pveum: introduce sub-commands
354 * register userid with completion
356 * fix #233: return cluster name on successful login
358 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
360 libpve-access-control (5.0-8) unstable; urgency=medium
362 * fix #1612: ldap: make 2nd server work with bind domains again
364 * fix an error message where passing a bad pool id to an API function would
365 make it complain about a wrong group name instead
367 * fix the API-returned permission list so that the GUI knows to show the
368 'Permissions' tab for a storage to an administrator apart from root@pam
370 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
372 libpve-access-control (5.0-7) unstable; urgency=medium
374 * VM.Snapshot.Rollback privilege added
376 * api: check for special roles before locking the usercfg
378 * fix #1501: pveum: die when deleting special role
380 * API/ticket: rework coarse grained permission computation
382 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
384 libpve-access-control (5.0-6) unstable; urgency=medium
386 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
387 'verify' option. For compatibility reasons this defaults to off for now,
388 but that might change with future updates.
390 * AD, LDAP: Add ability to specify a CA path or file, and a client
391 certificate via the 'capath', 'cert' and 'certkey' options.
393 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
395 libpve-access-control (5.0-5) unstable; urgency=medium
397 * change from dpkg-deb to dpkg-buildpackage
399 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
401 libpve-access-control (5.0-4) unstable; urgency=medium
403 * PVE/CLI/pveum.pm: call setup_default_cli_env()
405 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
407 * check_api2_permissions: avoid warning about uninitialized value
409 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
411 libpve-access-control (5.0-3) unstable; urgency=medium
413 * use new PVE::OTP class from pve-common
415 * use new PVE::Tools::encrypt_pw from pve-common
417 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
419 libpve-access-control (5.0-2) unstable; urgency=medium
421 * encrypt_pw: avoid '+' for crypt salt
423 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
425 libpve-access-control (5.0-1) unstable; urgency=medium
427 * rebuild for PVE 5.0
429 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
431 libpve-access-control (4.0-23) unstable; urgency=medium
433 * use new PVE::Ticket class
435 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
437 libpve-access-control (4.0-22) unstable; urgency=medium
439 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
440 (moved to PVE::Storage)
442 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
444 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
446 libpve-access-control (4.0-21) unstable; urgency=medium
448 * setup_default_cli_env: expect $class as first parameter
450 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
452 libpve-access-control (4.0-20) unstable; urgency=medium
454 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
456 * PVE/API2/Domains.pm: fix property description
458 * use new repoman for upload target
460 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
462 libpve-access-control (4.0-19) unstable; urgency=medium
464 * Close #833: ldap: non-anonymous bind support
466 * don't import 'RFC' from MIME::Base32
468 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
470 libpve-access-control (4.0-18) unstable; urgency=medium
472 * fix #1062: recognize base32 otp keys again
474 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
476 libpve-access-control (4.0-17) unstable; urgency=medium
478 * drop oathtool and libdigest-hmac-perl dependencies
480 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
482 libpve-access-control (4.0-16) unstable; urgency=medium
484 * use pve-doc-generator to generate man pages
486 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
488 libpve-access-control (4.0-15) unstable; urgency=medium
490 * Fix uninitialized warning when shadow.cfg does not exist
492 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
494 libpve-access-control (4.0-14) unstable; urgency=medium
496 * Add is_worker to RPCEnvironment
498 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
500 libpve-access-control (4.0-13) unstable; urgency=medium
502 * fix #916: allow HTTPS to access custom yubico url
504 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
506 libpve-access-control (4.0-12) unstable; urgency=medium
508 * Catch certificate errors instead of segfaulting
510 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
512 libpve-access-control (4.0-11) unstable; urgency=medium
514 * Fix #861: use safer sprintf formatting
516 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
518 libpve-access-control (4.0-10) unstable; urgency=medium
520 * Auth::LDAP, Auth::AD: ipv6 support
522 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
524 libpve-access-control (4.0-9) unstable; urgency=medium
526 * pveum: implement bash completion
528 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
530 libpve-access-control (4.0-8) unstable; urgency=medium
532 * remove_storage_access: cleanup of access permissions for removed storage
534 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
536 libpve-access-control (4.0-7) unstable; urgency=medium
538 * new helper to remove access permissions for removed VMs
540 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
542 libpve-access-control (4.0-6) unstable; urgency=medium
544 * improve parse_user_config, parse_shadow_config
546 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
548 libpve-access-control (4.0-5) unstable; urgency=medium
550 * pveum: check for $cmd being defined
552 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
554 libpve-access-control (4.0-4) unstable; urgency=medium
556 * use activate-noawait triggers
558 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
560 libpve-access-control (4.0-3) unstable; urgency=medium
566 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
568 libpve-access-control (4.0-2) unstable; urgency=medium
570 * trigger pve-api-updates event
572 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
574 libpve-access-control (4.0-1) unstable; urgency=medium
576 * bump version for Debian Jessie
578 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
580 libpve-access-control (3.0-16) unstable; urgency=low
582 * root@pam can now be disabled in GUI.
584 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
586 libpve-access-control (3.0-15) unstable; urgency=low
588 * oath: add 'step' and 'digits' option
590 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
592 libpve-access-control (3.0-14) unstable; urgency=low
594 * add oath two factor auth
596 * add oathkeygen binary to generate keys for oath
598 * add yubico two factor auth
602 * depend on libmime-base32-perl
604 * allow to write builtin auth domains config (comment/tfa/default)
606 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
608 libpve-access-control (3.0-13) unstable; urgency=low
610 * use correct connection string for AD auth
612 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
614 libpve-access-control (3.0-12) unstable; urgency=low
616 * add dummy API for GET /access/ticket (useful to generate login pages)
618 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
620 libpve-access-control (3.0-11) unstable; urgency=low
622 * Sets common hot keys for spice client
624 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
626 libpve-access-control (3.0-10) unstable; urgency=low
628 * implement helper to generate SPICE remote-viewer configuration
630 * depend on libnet-ssleay-perl
632 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
634 libpve-access-control (3.0-9) unstable; urgency=low
636 * prevent user enumeration attacks
638 * allow dots in access paths
640 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
642 libpve-access-control (3.0-8) unstable; urgency=low
644 * spice: use lowercase hostname in ticktet signature
646 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
648 libpve-access-control (3.0-7) unstable; urgency=low
650 * check_volume_access : use parse_volname instead of path, and remove
653 * use warnings instead of global -w flag.
655 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
657 libpve-access-control (3.0-6) unstable; urgency=low
659 * use shorter spiceproxy tickets
661 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
663 libpve-access-control (3.0-5) unstable; urgency=low
665 * add code to generate tickets for SPICE
667 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
669 libpve-access-control (3.0-4) unstable; urgency=low
671 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
673 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
675 libpve-access-control (3.0-3) unstable; urgency=low
677 * Add new role PVETemplateUser (and VM.Clone privilege)
679 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
681 libpve-access-control (3.0-2) unstable; urgency=low
683 * remove CGI.pm related code (pveproxy does not need that)
685 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
687 libpve-access-control (3.0-1) unstable; urgency=low
689 * bump version for wheezy release
691 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
693 libpve-access-control (1.0-26) unstable; urgency=low
695 * check_volume_access: fix access permissions for backup files
697 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
699 libpve-access-control (1.0-25) unstable; urgency=low
701 * add VM.Snapshot permission
703 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
705 libpve-access-control (1.0-24) unstable; urgency=low
707 * untaint path (allow root to restore arbitrary paths)
709 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
711 libpve-access-control (1.0-23) unstable; urgency=low
713 * correctly compute GUI capabilities (consider pools)
715 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
717 libpve-access-control (1.0-22) unstable; urgency=low
719 * new plugin architecture for Auth modules, minor API change for Auth
720 domains (new 'delete' parameter)
722 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
724 libpve-access-control (1.0-21) unstable; urgency=low
726 * do not allow user names including slash
728 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
730 libpve-access-control (1.0-20) unstable; urgency=low
732 * add ability to fork cli workers in background
734 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
736 libpve-access-control (1.0-19) unstable; urgency=low
738 * return set of privileges on login - can be used to adopt GUI
740 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
742 libpve-access-control (1.0-18) unstable; urgency=low
744 * fix bug #151: correctly parse username inside ticket
746 * fix bug #152: allow user to change his own password
748 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
750 libpve-access-control (1.0-17) unstable; urgency=low
752 * set propagate flag by default
754 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
756 libpve-access-control (1.0-16) unstable; urgency=low
758 * add 'pveum passwd' method
760 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
762 libpve-access-control (1.0-15) unstable; urgency=low
764 * Add VM.Config.CDROM privilege to PVEVMUser rule
766 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
768 libpve-access-control (1.0-14) unstable; urgency=low
770 * fix buf in userid-param permission check
772 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
774 libpve-access-control (1.0-13) unstable; urgency=low
776 * allow more characters in ldap base_dn attribute
778 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
780 libpve-access-control (1.0-12) unstable; urgency=low
782 * allow more characters with realm IDs
784 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
786 libpve-access-control (1.0-11) unstable; urgency=low
788 * fix bug in exec_api2_perm_check
790 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
792 libpve-access-control (1.0-10) unstable; urgency=low
794 * fix ACL group name parser
796 * changed 'pveum aclmod' command line arguments
798 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
800 libpve-access-control (1.0-9) unstable; urgency=low
802 * fix bug in check_volume_access (fixes vzrestore)
804 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
806 libpve-access-control (1.0-8) unstable; urgency=low
808 * fix return value for empty ACL list.
810 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
812 libpve-access-control (1.0-7) unstable; urgency=low
814 * fix bug #85: allow root@pam to generate tickets for other users
816 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
818 libpve-access-control (1.0-6) unstable; urgency=low
820 * API change: allow to filter enabled/disabled users.
822 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
824 libpve-access-control (1.0-5) unstable; urgency=low
826 * add a way to return file changes (diffs): set_result_changes()
828 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
830 libpve-access-control (1.0-4) unstable; urgency=low
832 * new environment type for ha agents
834 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
836 libpve-access-control (1.0-3) unstable; urgency=low
838 * add support for delayed parameter parsing - We need that to disable
839 file upload for normal API request (avoid DOS attacks)
841 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
843 libpve-access-control (1.0-2) unstable; urgency=low
845 * fix bug in fork_worker
847 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
849 libpve-access-control (1.0-1) unstable; urgency=low
851 * allow '-' in permission paths
853 * bump version to 1.0
855 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
857 libpve-access-control (0.1) unstable; urgency=low
859 * first dummy package - no functionality
861 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200