]> git.proxmox.com Git - pve-access-control.git/blob - debian/changelog
projects / pve-access-control.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
bump version to 8.0.0~1
[pve-access-control.git] / debian / changelog
1 libpve-access-control (8.0.0~1) bookworm; urgency=medium
2
3 * bump pve-rs dependency to 0.8.3
4
5 * drop old verify_tfa api call (POST /access/tfa)
6
7 * drop support for old login API:
8 - 'new-format' is now considured to be 1 and ignored by the API
9
10 * pam auth: set PAM_RHOST to allow pam configs to log/restrict/... by remote
11 address
12
13 * cli: add 'pveum tfa list'
14
15 * cli: add 'pveum tfa unlock'
16
17 * enable lockout of TFA:
18 - too many TOTP attempts will lock out of TOTP
19 - using a recovery key will unlock TOTP
20 - too many TFA attempts will lock a user's TFA auth for an hour
21
22 * api: add /access/users/<userid>/unlock-tfa to unlock a user's TFA
23 authentication if it was locked by too many wrong 2nd factor login attempts
24
25 * api: /access/tfa and /access/users now include the tfa lockout status
26
27 -- Proxmox Support Team <support@proxmox.com> Mon, 05 Jun 2023 14:52:29 +0200
28
29 libpve-access-control (7.99.0) bookworm; urgency=medium
30
31 * initial re-build for Proxmox VE 8.x series
32
33 * switch to native versioning
34
35 -- Proxmox Support Team <support@proxmox.com> Sun, 21 May 2023 10:34:19 +0200
36
37 libpve-access-control (7.4-3) bullseye; urgency=medium
38
39 * use new 2nd factor verification from pve-rs
40
41 -- Proxmox Support Team <support@proxmox.com> Tue, 16 May 2023 13:31:28 +0200
42
43 libpve-access-control (7.4-2) bullseye; urgency=medium
44
45 * fix #4609: fix regression where a valid DN in the ldap/ad realm config
46 wasn't accepted anymore
47
48 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Mar 2023 15:44:21 +0100
49
50 libpve-access-control (7.4-1) bullseye; urgency=medium
51
52 * realm sync: refactor scope/remove-vanished into a standard option
53
54 * ldap: Allow quoted values for DN attribute values
55
56 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Mar 2023 17:16:11 +0100
57
58 libpve-access-control (7.3-2) bullseye; urgency=medium
59
60 * fix #4518: dramatically improve ACL computation performance
61
62 * userid format: clarify that this is the full name@realm in description
63
64 -- Proxmox Support Team <support@proxmox.com> Mon, 06 Mar 2023 11:40:11 +0100
65
66 libpve-access-control (7.3-1) bullseye; urgency=medium
67
68 * realm: sync: allow explicit 'none' for 'remove-vanished' option
69
70 -- Proxmox Support Team <support@proxmox.com> Fri, 16 Dec 2022 13:11:04 +0100
71
72 libpve-access-control (7.2-5) bullseye; urgency=medium
73
74 * api: realm sync: avoid separate log line for "remove-vanished" opt
75
76 * auth ldap/ad: compare group member dn case-insensitively
77
78 * two factor auth: only lock tfa config for recovery keys
79
80 * privs: add Sys.Incoming for guarding cross-cluster data streams like guest
81 migrations and storage migrations
82
83 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Nov 2022 13:09:17 +0100
84
85 libpve-access-control (7.2-4) bullseye; urgency=medium
86
87 * fix #4074: increase API OpenID code size limit to 2048
88
89 * auth key: protect against rare chance of a double rotation in clusters,
90 leaving the potential that some set of nodes have the earlier key cached,
91 that then got rotated out due to the race, resulting in a possible other
92 set of nodes having the newer key cached. This is a split view of the auth
93 key and may resulting in spurious failures if API requests are made to a
94 different node than the ticket was generated on.
95 In addition to that, the "keep validity of old tickets if signed in the
96 last two hours before rotation" logic was disabled too in such a case,
97 making such tickets invalid too early.
98 Note that both are cases where Proxmox VE was too strict, so while this
99 had no security implications it can be a nuisance, especially for
100 environments that use the API through an automated or scripted way
101
102 -- Proxmox Support Team <support@proxmox.com> Thu, 14 Jul 2022 08:36:51 +0200
103
104 libpve-access-control (7.2-3) bullseye; urgency=medium
105
106 * api: token: use userid-group as API perm check to avoid being overly
107 strict through a misguided use of user id for non-root users.
108
109 * perm check: forbid undefined/empty ACL path for future proofing of against
110 above issue
111
112 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Jun 2022 15:51:14 +0200
113
114 libpve-access-control (7.2-2) bullseye; urgency=medium
115
116 * permissions: merge propagation flag for multiple roles on a path that
117 share privilege in a deterministic way, to avoid that it gets lost
118 depending on perl's random sort, which would result in returing less
119 privileges than an auth-id actually had.
120
121 * permissions: avoid that token and user privilege intersection is to strict
122 for user permissions that have propagation disabled.
123
124 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2022 14:02:30 +0200
125
126 libpve-access-control (7.2-1) bullseye; urgency=medium
127
128 * user check: fix expiration/enable order
129
130 -- Proxmox Support Team <support@proxmox.com> Tue, 31 May 2022 13:43:37 +0200
131
132 libpve-access-control (7.1-8) bullseye; urgency=medium
133
134 * fix #3668: realm-sync: replace 'full' & 'purge' with 'remove-
135 vanished'
136
137 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Apr 2022 17:02:46 +0200
138
139 libpve-access-control (7.1-7) bullseye; urgency=medium
140
141 * userid-group check: distinguish create and update
142
143 * api: get user: declare token schema
144
145 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Mar 2022 16:15:23 +0100
146
147 libpve-access-control (7.1-6) bullseye; urgency=medium
148
149 * fix #3768: warn on bad u2f or webauthn settings
150
151 * tfa: when modifying others, verify the current user's password
152
153 * tfa list: account for admin permissions
154
155 * fix realm sync permissions
156
157 * fix token permission display bug
158
159 * include SDN permissions in permission tree
160
161 -- Proxmox Support Team <support@proxmox.com> Fri, 21 Jan 2022 14:20:42 +0100
162
163 libpve-access-control (7.1-5) bullseye; urgency=medium
164
165 * openid: fix username-claim fallback
166
167 -- Proxmox Support Team <support@proxmox.com> Thu, 25 Nov 2021 07:57:38 +0100
168
169 libpve-access-control (7.1-4) bullseye; urgency=medium
170
171 * set current origin in the webauthn config if no fixed origin was
172 configured, to support webauthn via subdomains
173
174 -- Proxmox Support Team <support@proxmox.com> Mon, 22 Nov 2021 14:04:06 +0100
175
176 libpve-access-control (7.1-3) bullseye; urgency=medium
177
178 * openid: allow arbitrary username-claims
179
180 * openid: support configuring the prompt, scopes and ACR values
181
182 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Nov 2021 08:11:52 +0100
183
184 libpve-access-control (7.1-2) bullseye; urgency=medium
185
186 * catch incompatible tfa entries with a nice error
187
188 -- Proxmox Support Team <support@proxmox.com> Wed, 17 Nov 2021 13:44:45 +0100
189
190 libpve-access-control (7.1-1) bullseye; urgency=medium
191
192 * tfa: map HTTP 404 error in get_tfa_entry correctly
193
194 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Nov 2021 15:33:22 +0100
195
196 libpve-access-control (7.0-7) bullseye; urgency=medium
197
198 * fix #3513: pass configured proxy to OpenID
199
200 * use rust based parser for TFA config
201
202 * use PBS-like auth api call flow,
203
204 * merge old user.cfg keys to tfa config when adding entries
205
206 * implement version checks for new tfa config writer to ensure all
207 cluster nodes are ready to avoid login issues
208
209 * tickets: add tunnel ticket
210
211 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Nov 2021 18:17:49 +0100
212
213 libpve-access-control (7.0-6) bullseye; urgency=medium
214
215 * fix regression in user deletion when realm does not enforce TFA
216
217 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Oct 2021 12:28:52 +0200
218
219 libpve-access-control (7.0-5) bullseye; urgency=medium
220
221 * acl: check path: add /sdn/vnets/* path
222
223 * fix #2302: allow deletion of users when realm enforces TFA
224
225 * api: delete user: disable user first to avoid surprise on error during the
226 various cleanup action required for user deletion (e.g., TFA, ACL, group)
227
228 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Sep 2021 15:50:47 +0200
229
230 libpve-access-control (7.0-4) bullseye; urgency=medium
231
232 * realm: add OpenID configuration
233
234 * api: implement OpenID related endpoints
235
236 * implement opt-in OpenID autocreate user feature
237
238 * api: user: add 'realm-type' to user list response
239
240 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jul 2021 13:45:46 +0200
241
242 libpve-access-control (7.0-3) bullseye; urgency=medium
243
244 * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and
245 `/sdn/zones/<zone>` to allowed ACL paths
246
247 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 10:31:19 +0200
248
249 libpve-access-control (7.0-2) bullseye; urgency=medium
250
251 * fix #3402: add Pool.Audit privilege - custom roles containing
252 Pool.Allocate must be updated to include the new privilege.
253
254 -- Proxmox Support Team <support@proxmox.com> Tue, 1 Jun 2021 11:28:38 +0200
255
256 libpve-access-control (7.0-1) bullseye; urgency=medium
257
258 * re-build for Debian 11 Bullseye based releases
259
260 -- Proxmox Support Team <support@proxmox.com> Sun, 09 May 2021 18:18:23 +0200
261
262 libpve-access-control (6.4-1) pve; urgency=medium
263
264 * fix #1670: change PAM service name to project specific name
265
266 * fix #1500: permission path syntax check for access control
267
268 * pveum: add resource pool CLI commands
269
270 -- Proxmox Support Team <support@proxmox.com> Sat, 24 Apr 2021 19:48:21 +0200
271
272 libpve-access-control (6.1-3) pve; urgency=medium
273
274 * partially fix #2825: authkey: rotate if it was generated in the
275 future
276
277 * fix #2947: add an option to LDAP or AD realm to switch user lookup to case
278 insensitive
279
280 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200
281
282 libpve-access-control (6.1-2) pve; urgency=medium
283
284 * also check SDN permission path when computing coarse permissions heuristic
285 for UIs
286
287 * add SDN Permissions.Modify
288
289 * add VM.Config.Cloudinit
290
291 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200
292
293 libpve-access-control (6.1-1) pve; urgency=medium
294
295 * pveum: add tfa delete subcommand for deleting user-TFA
296
297 * LDAP: don't complain about missing credentials on realm removal
298
299 * LDAP: skip anonymous bind when client certificate and key is configured
300
301 -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200
302
303 libpve-access-control (6.0-7) pve; urgency=medium
304
305 * fix #2575: die when trying to edit built-in roles
306
307 * add realm sub commands to pveum CLI tool
308
309 * api: domains: add user group sync API endpoint
310
311 * allow one to sync and import users and groups from LDAP/AD based realms
312
313 * realm: add default-sync-options to config for more convenient sync configuration
314
315 * api: token create: return also full token id for convenience
316
317 -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
318
319 libpve-access-control (6.0-6) pve; urgency=medium
320
321 * API: add group members to group index
322
323 * implement API token support and management
324
325 * pveum: add 'pveum user token add/update/remove/list'
326
327 * pveum: add permissions sub-commands
328
329 * API: add 'permissions' API endpoint
330
331 * user.cfg: skip inexisting roles when parsing ACLs
332
333 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
334
335 libpve-access-control (6.0-5) pve; urgency=medium
336
337 * pveum: add list command for users, groups, ACLs and roles
338
339 * add initial permissions for experimental SDN integration
340
341 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
342
343 libpve-access-control (6.0-4) pve; urgency=medium
344
345 * ticket: use clinfo to get cluster name
346
347 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
348 SSL version
349
350 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
351
352 libpve-access-control (6.0-3) pve; urgency=medium
353
354 * fix #2433: increase possible TFA secret length
355
356 * parse user configuration: correctly parse group names in ACLs, for users
357 which begin their name with an @
358
359 * sort user.cfg entries alphabetically
360
361 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
362
363 libpve-access-control (6.0-2) pve; urgency=medium
364
365 * improve CSRF verification compatibility with newer PVE
366
367 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
368
369 libpve-access-control (6.0-1) pve; urgency=medium
370
371 * ticket: properly verify exactly 5 minute old tickets
372
373 * use hmac_sha256 instead of sha1 for CSRF token generation
374
375 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
376
377 libpve-access-control (6.0-0+1) pve; urgency=medium
378
379 * bump for Debian buster
380
381 * fix #2079: add periodic auth key rotation
382
383 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
384
385 libpve-access-control (5.1-10) unstable; urgency=medium
386
387 * add /access/user/{id}/tfa api call to get tfa types
388
389 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
390
391 libpve-access-control (5.1-9) unstable; urgency=medium
392
393 * store the tfa type in user.cfg allowing to get it without proxying the call
394 to a higher privileged daemon.
395
396 * tfa: realm required TFA should lock out users without TFA configured, as it
397 was done before Proxmox VE 5.4
398
399 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
400
401 libpve-access-control (5.1-8) unstable; urgency=medium
402
403 * U2F: ensure we save correct public key on registration
404
405 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
406
407 libpve-access-control (5.1-7) unstable; urgency=medium
408
409 * verify_ticket: allow general non-challenge tfa to be run as two step
410 call
411
412 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
413
414 libpve-access-control (5.1-6) unstable; urgency=medium
415
416 * more general 2FA configuration via priv/tfa.cfg
417
418 * add u2f api endpoints
419
420 * delete TFA entries when deleting a user
421
422 * allow users to change their TOTP settings
423
424 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
425
426 libpve-access-control (5.1-5) unstable; urgency=medium
427
428 * fix vnc ticket verification without authkey lifetime
429
430 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
431
432 libpve-access-control (5.1-4) unstable; urgency=medium
433
434 * fix #1891: Add zsh command completion for pveum
435
436 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
437 to avoid issues on upgrade, will be enabled with 6.0
438
439 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
440
441 libpve-access-control (5.1-3) unstable; urgency=medium
442
443 * api/ticket: move getting cluster name into an eval
444
445 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
446
447 libpve-access-control (5.1-2) unstable; urgency=medium
448
449 * fix #1998: correct return properties for read_role
450
451 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
452
453 libpve-access-control (5.1-1) unstable; urgency=medium
454
455 * pveum: introduce sub-commands
456
457 * register userid with completion
458
459 * fix #233: return cluster name on successful login
460
461 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
462
463 libpve-access-control (5.0-8) unstable; urgency=medium
464
465 * fix #1612: ldap: make 2nd server work with bind domains again
466
467 * fix an error message where passing a bad pool id to an API function would
468 make it complain about a wrong group name instead
469
470 * fix the API-returned permission list so that the GUI knows to show the
471 'Permissions' tab for a storage to an administrator apart from root@pam
472
473 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
474
475 libpve-access-control (5.0-7) unstable; urgency=medium
476
477 * VM.Snapshot.Rollback privilege added
478
479 * api: check for special roles before locking the usercfg
480
481 * fix #1501: pveum: die when deleting special role
482
483 * API/ticket: rework coarse grained permission computation
484
485 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
486
487 libpve-access-control (5.0-6) unstable; urgency=medium
488
489 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
490 'verify' option. For compatibility reasons this defaults to off for now,
491 but that might change with future updates.
492
493 * AD, LDAP: Add ability to specify a CA path or file, and a client
494 certificate via the 'capath', 'cert' and 'certkey' options.
495
496 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
497
498 libpve-access-control (5.0-5) unstable; urgency=medium
499
500 * change from dpkg-deb to dpkg-buildpackage
501
502 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
503
504 libpve-access-control (5.0-4) unstable; urgency=medium
505
506 * PVE/CLI/pveum.pm: call setup_default_cli_env()
507
508 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
509
510 * check_api2_permissions: avoid warning about uninitialized value
511
512 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
513
514 libpve-access-control (5.0-3) unstable; urgency=medium
515
516 * use new PVE::OTP class from pve-common
517
518 * use new PVE::Tools::encrypt_pw from pve-common
519
520 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
521
522 libpve-access-control (5.0-2) unstable; urgency=medium
523
524 * encrypt_pw: avoid '+' for crypt salt
525
526 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
527
528 libpve-access-control (5.0-1) unstable; urgency=medium
529
530 * rebuild for PVE 5.0
531
532 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
533
534 libpve-access-control (4.0-23) unstable; urgency=medium
535
536 * use new PVE::Ticket class
537
538 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
539
540 libpve-access-control (4.0-22) unstable; urgency=medium
541
542 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
543 (moved to PVE::Storage)
544
545 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
546
547 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
548
549 libpve-access-control (4.0-21) unstable; urgency=medium
550
551 * setup_default_cli_env: expect $class as first parameter
552
553 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
554
555 libpve-access-control (4.0-20) unstable; urgency=medium
556
557 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
558
559 * PVE/API2/Domains.pm: fix property description
560
561 * use new repoman for upload target
562
563 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
564
565 libpve-access-control (4.0-19) unstable; urgency=medium
566
567 * Close #833: ldap: non-anonymous bind support
568
569 * don't import 'RFC' from MIME::Base32
570
571 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
572
573 libpve-access-control (4.0-18) unstable; urgency=medium
574
575 * fix #1062: recognize base32 otp keys again
576
577 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
578
579 libpve-access-control (4.0-17) unstable; urgency=medium
580
581 * drop oathtool and libdigest-hmac-perl dependencies
582
583 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
584
585 libpve-access-control (4.0-16) unstable; urgency=medium
586
587 * use pve-doc-generator to generate man pages
588
589 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
590
591 libpve-access-control (4.0-15) unstable; urgency=medium
592
593 * Fix uninitialized warning when shadow.cfg does not exist
594
595 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
596
597 libpve-access-control (4.0-14) unstable; urgency=medium
598
599 * Add is_worker to RPCEnvironment
600
601 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
602
603 libpve-access-control (4.0-13) unstable; urgency=medium
604
605 * fix #916: allow HTTPS to access custom yubico url
606
607 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
608
609 libpve-access-control (4.0-12) unstable; urgency=medium
610
611 * Catch certificate errors instead of segfaulting
612
613 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
614
615 libpve-access-control (4.0-11) unstable; urgency=medium
616
617 * Fix #861: use safer sprintf formatting
618
619 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
620
621 libpve-access-control (4.0-10) unstable; urgency=medium
622
623 * Auth::LDAP, Auth::AD: ipv6 support
624
625 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
626
627 libpve-access-control (4.0-9) unstable; urgency=medium
628
629 * pveum: implement bash completion
630
631 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
632
633 libpve-access-control (4.0-8) unstable; urgency=medium
634
635 * remove_storage_access: cleanup of access permissions for removed storage
636
637 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
638
639 libpve-access-control (4.0-7) unstable; urgency=medium
640
641 * new helper to remove access permissions for removed VMs
642
643 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
644
645 libpve-access-control (4.0-6) unstable; urgency=medium
646
647 * improve parse_user_config, parse_shadow_config
648
649 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
650
651 libpve-access-control (4.0-5) unstable; urgency=medium
652
653 * pveum: check for $cmd being defined
654
655 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
656
657 libpve-access-control (4.0-4) unstable; urgency=medium
658
659 * use activate-noawait triggers
660
661 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
662
663 libpve-access-control (4.0-3) unstable; urgency=medium
664
665 * IPv6 fixes
666
667 * non-root buildfix
668
669 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
670
671 libpve-access-control (4.0-2) unstable; urgency=medium
672
673 * trigger pve-api-updates event
674
675 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
676
677 libpve-access-control (4.0-1) unstable; urgency=medium
678
679 * bump version for Debian Jessie
680
681 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
682
683 libpve-access-control (3.0-16) unstable; urgency=low
684
685 * root@pam can now be disabled in GUI.
686
687 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
688
689 libpve-access-control (3.0-15) unstable; urgency=low
690
691 * oath: add 'step' and 'digits' option
692
693 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
694
695 libpve-access-control (3.0-14) unstable; urgency=low
696
697 * add oath two factor auth
698
699 * add oathkeygen binary to generate keys for oath
700
701 * add yubico two factor auth
702
703 * dedend on oathtool
704
705 * depend on libmime-base32-perl
706
707 * allow to write builtin auth domains config (comment/tfa/default)
708
709 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
710
711 libpve-access-control (3.0-13) unstable; urgency=low
712
713 * use correct connection string for AD auth
714
715 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
716
717 libpve-access-control (3.0-12) unstable; urgency=low
718
719 * add dummy API for GET /access/ticket (useful to generate login pages)
720
721 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
722
723 libpve-access-control (3.0-11) unstable; urgency=low
724
725 * Sets common hot keys for spice client
726
727 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
728
729 libpve-access-control (3.0-10) unstable; urgency=low
730
731 * implement helper to generate SPICE remote-viewer configuration
732
733 * depend on libnet-ssleay-perl
734
735 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
736
737 libpve-access-control (3.0-9) unstable; urgency=low
738
739 * prevent user enumeration attacks
740
741 * allow dots in access paths
742
743 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
744
745 libpve-access-control (3.0-8) unstable; urgency=low
746
747 * spice: use lowercase hostname in ticktet signature
748
749 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
750
751 libpve-access-control (3.0-7) unstable; urgency=low
752
753 * check_volume_access : use parse_volname instead of path, and remove
754 path related code.
755
756 * use warnings instead of global -w flag.
757
758 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
759
760 libpve-access-control (3.0-6) unstable; urgency=low
761
762 * use shorter spiceproxy tickets
763
764 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
765
766 libpve-access-control (3.0-5) unstable; urgency=low
767
768 * add code to generate tickets for SPICE
769
770 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
771
772 libpve-access-control (3.0-4) unstable; urgency=low
773
774 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
775
776 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
777
778 libpve-access-control (3.0-3) unstable; urgency=low
779
780 * Add new role PVETemplateUser (and VM.Clone privilege)
781
782 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
783
784 libpve-access-control (3.0-2) unstable; urgency=low
785
786 * remove CGI.pm related code (pveproxy does not need that)
787
788 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
789
790 libpve-access-control (3.0-1) unstable; urgency=low
791
792 * bump version for wheezy release
793
794 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
795
796 libpve-access-control (1.0-26) unstable; urgency=low
797
798 * check_volume_access: fix access permissions for backup files
799
800 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
801
802 libpve-access-control (1.0-25) unstable; urgency=low
803
804 * add VM.Snapshot permission
805
806 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
807
808 libpve-access-control (1.0-24) unstable; urgency=low
809
810 * untaint path (allow root to restore arbitrary paths)
811
812 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
813
814 libpve-access-control (1.0-23) unstable; urgency=low
815
816 * correctly compute GUI capabilities (consider pools)
817
818 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
819
820 libpve-access-control (1.0-22) unstable; urgency=low
821
822 * new plugin architecture for Auth modules, minor API change for Auth
823 domains (new 'delete' parameter)
824
825 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
826
827 libpve-access-control (1.0-21) unstable; urgency=low
828
829 * do not allow user names including slash
830
831 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
832
833 libpve-access-control (1.0-20) unstable; urgency=low
834
835 * add ability to fork cli workers in background
836
837 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
838
839 libpve-access-control (1.0-19) unstable; urgency=low
840
841 * return set of privileges on login - can be used to adopt GUI
842
843 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
844
845 libpve-access-control (1.0-18) unstable; urgency=low
846
847 * fix bug #151: correctly parse username inside ticket
848
849 * fix bug #152: allow user to change his own password
850
851 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
852
853 libpve-access-control (1.0-17) unstable; urgency=low
854
855 * set propagate flag by default
856
857 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
858
859 libpve-access-control (1.0-16) unstable; urgency=low
860
861 * add 'pveum passwd' method
862
863 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
864
865 libpve-access-control (1.0-15) unstable; urgency=low
866
867 * Add VM.Config.CDROM privilege to PVEVMUser rule
868
869 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
870
871 libpve-access-control (1.0-14) unstable; urgency=low
872
873 * fix buf in userid-param permission check
874
875 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
876
877 libpve-access-control (1.0-13) unstable; urgency=low
878
879 * allow more characters in ldap base_dn attribute
880
881 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
882
883 libpve-access-control (1.0-12) unstable; urgency=low
884
885 * allow more characters with realm IDs
886
887 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
888
889 libpve-access-control (1.0-11) unstable; urgency=low
890
891 * fix bug in exec_api2_perm_check
892
893 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
894
895 libpve-access-control (1.0-10) unstable; urgency=low
896
897 * fix ACL group name parser
898
899 * changed 'pveum aclmod' command line arguments
900
901 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
902
903 libpve-access-control (1.0-9) unstable; urgency=low
904
905 * fix bug in check_volume_access (fixes vzrestore)
906
907 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
908
909 libpve-access-control (1.0-8) unstable; urgency=low
910
911 * fix return value for empty ACL list.
912
913 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
914
915 libpve-access-control (1.0-7) unstable; urgency=low
916
917 * fix bug #85: allow root@pam to generate tickets for other users
918
919 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
920
921 libpve-access-control (1.0-6) unstable; urgency=low
922
923 * API change: allow to filter enabled/disabled users.
924
925 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
926
927 libpve-access-control (1.0-5) unstable; urgency=low
928
929 * add a way to return file changes (diffs): set_result_changes()
930
931 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
932
933 libpve-access-control (1.0-4) unstable; urgency=low
934
935 * new environment type for ha agents
936
937 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
938
939 libpve-access-control (1.0-3) unstable; urgency=low
940
941 * add support for delayed parameter parsing - We need that to disable
942 file upload for normal API request (avoid DOS attacks)
943
944 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
945
946 libpve-access-control (1.0-2) unstable; urgency=low
947
948 * fix bug in fork_worker
949
950 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
951
952 libpve-access-control (1.0-1) unstable; urgency=low
953
954 * allow '-' in permission paths
955
956 * bump version to 1.0
957
958 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
959
960 libpve-access-control (0.1) unstable; urgency=low
961
962 * first dummy package - no functionality
963
964 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200
965
Access control framework