1 libpve-access-control (7.2-5) bullseye; urgency=medium
3 * api: realm sync: avoid separate log line for "remove-vanished" opt
5 * auth ldap/ad: compare group member dn case-insensitively
7 * two factor auth: only lock tfa config for recovery keys
9 * privs: add Sys.Incoming for guarding cross-cluster data streams like guest
10 migrations and storage migrations
12 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Nov 2022 13:09:17 +0100
14 libpve-access-control (7.2-4) bullseye; urgency=medium
16 * fix #4074: increase API OpenID code size limit to 2048
18 * auth key: protect against rare chance of a double rotation in clusters,
19 leaving the potential that some set of nodes have the earlier key cached,
20 that then got rotated out due to the race, resulting in a possible other
21 set of nodes having the newer key cached. This is a split view of the auth
22 key and may resulting in spurious failures if API requests are made to a
23 different node than the ticket was generated on.
24 In addition to that, the "keep validity of old tickets if signed in the
25 last two hours before rotation" logic was disabled too in such a case,
26 making such tickets invalid too early.
27 Note that both are cases where Proxmox VE was too strict, so while this
28 had no security implications it can be a nuisance, especially for
29 environments that use the API through an automated or scripted way
31 -- Proxmox Support Team <support@proxmox.com> Thu, 14 Jul 2022 08:36:51 +0200
33 libpve-access-control (7.2-3) bullseye; urgency=medium
35 * api: token: use userid-group as API perm check to avoid being overly
36 strict through a misguided use of user id for non-root users.
38 * perm check: forbid undefined/empty ACL path for future proofing of against
41 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Jun 2022 15:51:14 +0200
43 libpve-access-control (7.2-2) bullseye; urgency=medium
45 * permissions: merge propagation flag for multiple roles on a path that
46 share privilege in a deterministic way, to avoid that it gets lost
47 depending on perl's random sort, which would result in returing less
48 privileges than an auth-id actually had.
50 * permissions: avoid that token and user privilege intersection is to strict
51 for user permissions that have propagation disabled.
53 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2022 14:02:30 +0200
55 libpve-access-control (7.2-1) bullseye; urgency=medium
57 * user check: fix expiration/enable order
59 -- Proxmox Support Team <support@proxmox.com> Tue, 31 May 2022 13:43:37 +0200
61 libpve-access-control (7.1-8) bullseye; urgency=medium
63 * fix #3668: realm-sync: replace 'full' & 'purge' with 'remove-
66 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Apr 2022 17:02:46 +0200
68 libpve-access-control (7.1-7) bullseye; urgency=medium
70 * userid-group check: distinguish create and update
72 * api: get user: declare token schema
74 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Mar 2022 16:15:23 +0100
76 libpve-access-control (7.1-6) bullseye; urgency=medium
78 * fix #3768: warn on bad u2f or webauthn settings
80 * tfa: when modifying others, verify the current user's password
82 * tfa list: account for admin permissions
84 * fix realm sync permissions
86 * fix token permission display bug
88 * include SDN permissions in permission tree
90 -- Proxmox Support Team <support@proxmox.com> Fri, 21 Jan 2022 14:20:42 +0100
92 libpve-access-control (7.1-5) bullseye; urgency=medium
94 * openid: fix username-claim fallback
96 -- Proxmox Support Team <support@proxmox.com> Thu, 25 Nov 2021 07:57:38 +0100
98 libpve-access-control (7.1-4) bullseye; urgency=medium
100 * set current origin in the webauthn config if no fixed origin was
101 configured, to support webauthn via subdomains
103 -- Proxmox Support Team <support@proxmox.com> Mon, 22 Nov 2021 14:04:06 +0100
105 libpve-access-control (7.1-3) bullseye; urgency=medium
107 * openid: allow arbitrary username-claims
109 * openid: support configuring the prompt, scopes and ACR values
111 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Nov 2021 08:11:52 +0100
113 libpve-access-control (7.1-2) bullseye; urgency=medium
115 * catch incompatible tfa entries with a nice error
117 -- Proxmox Support Team <support@proxmox.com> Wed, 17 Nov 2021 13:44:45 +0100
119 libpve-access-control (7.1-1) bullseye; urgency=medium
121 * tfa: map HTTP 404 error in get_tfa_entry correctly
123 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Nov 2021 15:33:22 +0100
125 libpve-access-control (7.0-7) bullseye; urgency=medium
127 * fix #3513: pass configured proxy to OpenID
129 * use rust based parser for TFA config
131 * use PBS-like auth api call flow,
133 * merge old user.cfg keys to tfa config when adding entries
135 * implement version checks for new tfa config writer to ensure all
136 cluster nodes are ready to avoid login issues
138 * tickets: add tunnel ticket
140 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Nov 2021 18:17:49 +0100
142 libpve-access-control (7.0-6) bullseye; urgency=medium
144 * fix regression in user deletion when realm does not enforce TFA
146 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Oct 2021 12:28:52 +0200
148 libpve-access-control (7.0-5) bullseye; urgency=medium
150 * acl: check path: add /sdn/vnets/* path
152 * fix #2302: allow deletion of users when realm enforces TFA
154 * api: delete user: disable user first to avoid surprise on error during the
155 various cleanup action required for user deletion (e.g., TFA, ACL, group)
157 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Sep 2021 15:50:47 +0200
159 libpve-access-control (7.0-4) bullseye; urgency=medium
161 * realm: add OpenID configuration
163 * api: implement OpenID related endpoints
165 * implement opt-in OpenID autocreate user feature
167 * api: user: add 'realm-type' to user list response
169 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jul 2021 13:45:46 +0200
171 libpve-access-control (7.0-3) bullseye; urgency=medium
173 * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and
174 `/sdn/zones/<zone>` to allowed ACL paths
176 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 10:31:19 +0200
178 libpve-access-control (7.0-2) bullseye; urgency=medium
180 * fix #3402: add Pool.Audit privilege - custom roles containing
181 Pool.Allocate must be updated to include the new privilege.
183 -- Proxmox Support Team <support@proxmox.com> Tue, 1 Jun 2021 11:28:38 +0200
185 libpve-access-control (7.0-1) bullseye; urgency=medium
187 * re-build for Debian 11 Bullseye based releases
189 -- Proxmox Support Team <support@proxmox.com> Sun, 09 May 2021 18:18:23 +0200
191 libpve-access-control (6.4-1) pve; urgency=medium
193 * fix #1670: change PAM service name to project specific name
195 * fix #1500: permission path syntax check for access control
197 * pveum: add resource pool CLI commands
199 -- Proxmox Support Team <support@proxmox.com> Sat, 24 Apr 2021 19:48:21 +0200
201 libpve-access-control (6.1-3) pve; urgency=medium
203 * partially fix #2825: authkey: rotate if it was generated in the
206 * fix #2947: add an option to LDAP or AD realm to switch user lookup to case
209 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200
211 libpve-access-control (6.1-2) pve; urgency=medium
213 * also check SDN permission path when computing coarse permissions heuristic
216 * add SDN Permissions.Modify
218 * add VM.Config.Cloudinit
220 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200
222 libpve-access-control (6.1-1) pve; urgency=medium
224 * pveum: add tfa delete subcommand for deleting user-TFA
226 * LDAP: don't complain about missing credentials on realm removal
228 * LDAP: skip anonymous bind when client certificate and key is configured
230 -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200
232 libpve-access-control (6.0-7) pve; urgency=medium
234 * fix #2575: die when trying to edit built-in roles
236 * add realm sub commands to pveum CLI tool
238 * api: domains: add user group sync API endpoint
240 * allow one to sync and import users and groups from LDAP/AD based realms
242 * realm: add default-sync-options to config for more convenient sync configuration
244 * api: token create: return also full token id for convenience
246 -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
248 libpve-access-control (6.0-6) pve; urgency=medium
250 * API: add group members to group index
252 * implement API token support and management
254 * pveum: add 'pveum user token add/update/remove/list'
256 * pveum: add permissions sub-commands
258 * API: add 'permissions' API endpoint
260 * user.cfg: skip inexisting roles when parsing ACLs
262 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
264 libpve-access-control (6.0-5) pve; urgency=medium
266 * pveum: add list command for users, groups, ACLs and roles
268 * add initial permissions for experimental SDN integration
270 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
272 libpve-access-control (6.0-4) pve; urgency=medium
274 * ticket: use clinfo to get cluster name
276 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
279 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
281 libpve-access-control (6.0-3) pve; urgency=medium
283 * fix #2433: increase possible TFA secret length
285 * parse user configuration: correctly parse group names in ACLs, for users
286 which begin their name with an @
288 * sort user.cfg entries alphabetically
290 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
292 libpve-access-control (6.0-2) pve; urgency=medium
294 * improve CSRF verification compatibility with newer PVE
296 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
298 libpve-access-control (6.0-1) pve; urgency=medium
300 * ticket: properly verify exactly 5 minute old tickets
302 * use hmac_sha256 instead of sha1 for CSRF token generation
304 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
306 libpve-access-control (6.0-0+1) pve; urgency=medium
308 * bump for Debian buster
310 * fix #2079: add periodic auth key rotation
312 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
314 libpve-access-control (5.1-10) unstable; urgency=medium
316 * add /access/user/{id}/tfa api call to get tfa types
318 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
320 libpve-access-control (5.1-9) unstable; urgency=medium
322 * store the tfa type in user.cfg allowing to get it without proxying the call
323 to a higher privileged daemon.
325 * tfa: realm required TFA should lock out users without TFA configured, as it
326 was done before Proxmox VE 5.4
328 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
330 libpve-access-control (5.1-8) unstable; urgency=medium
332 * U2F: ensure we save correct public key on registration
334 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
336 libpve-access-control (5.1-7) unstable; urgency=medium
338 * verify_ticket: allow general non-challenge tfa to be run as two step
341 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
343 libpve-access-control (5.1-6) unstable; urgency=medium
345 * more general 2FA configuration via priv/tfa.cfg
347 * add u2f api endpoints
349 * delete TFA entries when deleting a user
351 * allow users to change their TOTP settings
353 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
355 libpve-access-control (5.1-5) unstable; urgency=medium
357 * fix vnc ticket verification without authkey lifetime
359 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
361 libpve-access-control (5.1-4) unstable; urgency=medium
363 * fix #1891: Add zsh command completion for pveum
365 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
366 to avoid issues on upgrade, will be enabled with 6.0
368 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
370 libpve-access-control (5.1-3) unstable; urgency=medium
372 * api/ticket: move getting cluster name into an eval
374 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
376 libpve-access-control (5.1-2) unstable; urgency=medium
378 * fix #1998: correct return properties for read_role
380 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
382 libpve-access-control (5.1-1) unstable; urgency=medium
384 * pveum: introduce sub-commands
386 * register userid with completion
388 * fix #233: return cluster name on successful login
390 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
392 libpve-access-control (5.0-8) unstable; urgency=medium
394 * fix #1612: ldap: make 2nd server work with bind domains again
396 * fix an error message where passing a bad pool id to an API function would
397 make it complain about a wrong group name instead
399 * fix the API-returned permission list so that the GUI knows to show the
400 'Permissions' tab for a storage to an administrator apart from root@pam
402 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
404 libpve-access-control (5.0-7) unstable; urgency=medium
406 * VM.Snapshot.Rollback privilege added
408 * api: check for special roles before locking the usercfg
410 * fix #1501: pveum: die when deleting special role
412 * API/ticket: rework coarse grained permission computation
414 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
416 libpve-access-control (5.0-6) unstable; urgency=medium
418 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
419 'verify' option. For compatibility reasons this defaults to off for now,
420 but that might change with future updates.
422 * AD, LDAP: Add ability to specify a CA path or file, and a client
423 certificate via the 'capath', 'cert' and 'certkey' options.
425 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
427 libpve-access-control (5.0-5) unstable; urgency=medium
429 * change from dpkg-deb to dpkg-buildpackage
431 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
433 libpve-access-control (5.0-4) unstable; urgency=medium
435 * PVE/CLI/pveum.pm: call setup_default_cli_env()
437 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
439 * check_api2_permissions: avoid warning about uninitialized value
441 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
443 libpve-access-control (5.0-3) unstable; urgency=medium
445 * use new PVE::OTP class from pve-common
447 * use new PVE::Tools::encrypt_pw from pve-common
449 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
451 libpve-access-control (5.0-2) unstable; urgency=medium
453 * encrypt_pw: avoid '+' for crypt salt
455 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
457 libpve-access-control (5.0-1) unstable; urgency=medium
459 * rebuild for PVE 5.0
461 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
463 libpve-access-control (4.0-23) unstable; urgency=medium
465 * use new PVE::Ticket class
467 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
469 libpve-access-control (4.0-22) unstable; urgency=medium
471 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
472 (moved to PVE::Storage)
474 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
476 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
478 libpve-access-control (4.0-21) unstable; urgency=medium
480 * setup_default_cli_env: expect $class as first parameter
482 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
484 libpve-access-control (4.0-20) unstable; urgency=medium
486 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
488 * PVE/API2/Domains.pm: fix property description
490 * use new repoman for upload target
492 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
494 libpve-access-control (4.0-19) unstable; urgency=medium
496 * Close #833: ldap: non-anonymous bind support
498 * don't import 'RFC' from MIME::Base32
500 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
502 libpve-access-control (4.0-18) unstable; urgency=medium
504 * fix #1062: recognize base32 otp keys again
506 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
508 libpve-access-control (4.0-17) unstable; urgency=medium
510 * drop oathtool and libdigest-hmac-perl dependencies
512 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
514 libpve-access-control (4.0-16) unstable; urgency=medium
516 * use pve-doc-generator to generate man pages
518 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
520 libpve-access-control (4.0-15) unstable; urgency=medium
522 * Fix uninitialized warning when shadow.cfg does not exist
524 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
526 libpve-access-control (4.0-14) unstable; urgency=medium
528 * Add is_worker to RPCEnvironment
530 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
532 libpve-access-control (4.0-13) unstable; urgency=medium
534 * fix #916: allow HTTPS to access custom yubico url
536 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
538 libpve-access-control (4.0-12) unstable; urgency=medium
540 * Catch certificate errors instead of segfaulting
542 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
544 libpve-access-control (4.0-11) unstable; urgency=medium
546 * Fix #861: use safer sprintf formatting
548 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
550 libpve-access-control (4.0-10) unstable; urgency=medium
552 * Auth::LDAP, Auth::AD: ipv6 support
554 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
556 libpve-access-control (4.0-9) unstable; urgency=medium
558 * pveum: implement bash completion
560 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
562 libpve-access-control (4.0-8) unstable; urgency=medium
564 * remove_storage_access: cleanup of access permissions for removed storage
566 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
568 libpve-access-control (4.0-7) unstable; urgency=medium
570 * new helper to remove access permissions for removed VMs
572 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
574 libpve-access-control (4.0-6) unstable; urgency=medium
576 * improve parse_user_config, parse_shadow_config
578 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
580 libpve-access-control (4.0-5) unstable; urgency=medium
582 * pveum: check for $cmd being defined
584 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
586 libpve-access-control (4.0-4) unstable; urgency=medium
588 * use activate-noawait triggers
590 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
592 libpve-access-control (4.0-3) unstable; urgency=medium
598 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
600 libpve-access-control (4.0-2) unstable; urgency=medium
602 * trigger pve-api-updates event
604 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
606 libpve-access-control (4.0-1) unstable; urgency=medium
608 * bump version for Debian Jessie
610 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
612 libpve-access-control (3.0-16) unstable; urgency=low
614 * root@pam can now be disabled in GUI.
616 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
618 libpve-access-control (3.0-15) unstable; urgency=low
620 * oath: add 'step' and 'digits' option
622 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
624 libpve-access-control (3.0-14) unstable; urgency=low
626 * add oath two factor auth
628 * add oathkeygen binary to generate keys for oath
630 * add yubico two factor auth
634 * depend on libmime-base32-perl
636 * allow to write builtin auth domains config (comment/tfa/default)
638 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
640 libpve-access-control (3.0-13) unstable; urgency=low
642 * use correct connection string for AD auth
644 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
646 libpve-access-control (3.0-12) unstable; urgency=low
648 * add dummy API for GET /access/ticket (useful to generate login pages)
650 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
652 libpve-access-control (3.0-11) unstable; urgency=low
654 * Sets common hot keys for spice client
656 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
658 libpve-access-control (3.0-10) unstable; urgency=low
660 * implement helper to generate SPICE remote-viewer configuration
662 * depend on libnet-ssleay-perl
664 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
666 libpve-access-control (3.0-9) unstable; urgency=low
668 * prevent user enumeration attacks
670 * allow dots in access paths
672 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
674 libpve-access-control (3.0-8) unstable; urgency=low
676 * spice: use lowercase hostname in ticktet signature
678 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
680 libpve-access-control (3.0-7) unstable; urgency=low
682 * check_volume_access : use parse_volname instead of path, and remove
685 * use warnings instead of global -w flag.
687 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
689 libpve-access-control (3.0-6) unstable; urgency=low
691 * use shorter spiceproxy tickets
693 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
695 libpve-access-control (3.0-5) unstable; urgency=low
697 * add code to generate tickets for SPICE
699 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
701 libpve-access-control (3.0-4) unstable; urgency=low
703 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
705 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
707 libpve-access-control (3.0-3) unstable; urgency=low
709 * Add new role PVETemplateUser (and VM.Clone privilege)
711 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
713 libpve-access-control (3.0-2) unstable; urgency=low
715 * remove CGI.pm related code (pveproxy does not need that)
717 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
719 libpve-access-control (3.0-1) unstable; urgency=low
721 * bump version for wheezy release
723 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
725 libpve-access-control (1.0-26) unstable; urgency=low
727 * check_volume_access: fix access permissions for backup files
729 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
731 libpve-access-control (1.0-25) unstable; urgency=low
733 * add VM.Snapshot permission
735 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
737 libpve-access-control (1.0-24) unstable; urgency=low
739 * untaint path (allow root to restore arbitrary paths)
741 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
743 libpve-access-control (1.0-23) unstable; urgency=low
745 * correctly compute GUI capabilities (consider pools)
747 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
749 libpve-access-control (1.0-22) unstable; urgency=low
751 * new plugin architecture for Auth modules, minor API change for Auth
752 domains (new 'delete' parameter)
754 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
756 libpve-access-control (1.0-21) unstable; urgency=low
758 * do not allow user names including slash
760 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
762 libpve-access-control (1.0-20) unstable; urgency=low
764 * add ability to fork cli workers in background
766 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
768 libpve-access-control (1.0-19) unstable; urgency=low
770 * return set of privileges on login - can be used to adopt GUI
772 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
774 libpve-access-control (1.0-18) unstable; urgency=low
776 * fix bug #151: correctly parse username inside ticket
778 * fix bug #152: allow user to change his own password
780 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
782 libpve-access-control (1.0-17) unstable; urgency=low
784 * set propagate flag by default
786 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
788 libpve-access-control (1.0-16) unstable; urgency=low
790 * add 'pveum passwd' method
792 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
794 libpve-access-control (1.0-15) unstable; urgency=low
796 * Add VM.Config.CDROM privilege to PVEVMUser rule
798 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
800 libpve-access-control (1.0-14) unstable; urgency=low
802 * fix buf in userid-param permission check
804 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
806 libpve-access-control (1.0-13) unstable; urgency=low
808 * allow more characters in ldap base_dn attribute
810 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
812 libpve-access-control (1.0-12) unstable; urgency=low
814 * allow more characters with realm IDs
816 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
818 libpve-access-control (1.0-11) unstable; urgency=low
820 * fix bug in exec_api2_perm_check
822 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
824 libpve-access-control (1.0-10) unstable; urgency=low
826 * fix ACL group name parser
828 * changed 'pveum aclmod' command line arguments
830 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
832 libpve-access-control (1.0-9) unstable; urgency=low
834 * fix bug in check_volume_access (fixes vzrestore)
836 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
838 libpve-access-control (1.0-8) unstable; urgency=low
840 * fix return value for empty ACL list.
842 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
844 libpve-access-control (1.0-7) unstable; urgency=low
846 * fix bug #85: allow root@pam to generate tickets for other users
848 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
850 libpve-access-control (1.0-6) unstable; urgency=low
852 * API change: allow to filter enabled/disabled users.
854 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
856 libpve-access-control (1.0-5) unstable; urgency=low
858 * add a way to return file changes (diffs): set_result_changes()
860 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
862 libpve-access-control (1.0-4) unstable; urgency=low
864 * new environment type for ha agents
866 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
868 libpve-access-control (1.0-3) unstable; urgency=low
870 * add support for delayed parameter parsing - We need that to disable
871 file upload for normal API request (avoid DOS attacks)
873 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
875 libpve-access-control (1.0-2) unstable; urgency=low
877 * fix bug in fork_worker
879 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
881 libpve-access-control (1.0-1) unstable; urgency=low
883 * allow '-' in permission paths
885 * bump version to 1.0
887 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
889 libpve-access-control (0.1) unstable; urgency=low
891 * first dummy package - no functionality
893 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200