1 libpve-access-control (8.0.0~1) bookworm; urgency=medium
3 * bump pve-rs dependency to 0.8.3
5 * drop old verify_tfa api call (POST /access/tfa)
7 * drop support for old login API:
8 - 'new-format' is now considured to be 1 and ignored by the API
10 * pam auth: set PAM_RHOST to allow pam configs to log/restrict/... by remote
13 * cli: add 'pveum tfa list'
15 * cli: add 'pveum tfa unlock'
17 * enable lockout of TFA:
18 - too many TOTP attempts will lock out of TOTP
19 - using a recovery key will unlock TOTP
20 - too many TFA attempts will lock a user's TFA auth for an hour
22 * api: add /access/users/<userid>/unlock-tfa to unlock a user's TFA
23 authentication if it was locked by too many wrong 2nd factor login attempts
25 * api: /access/tfa and /access/users now include the tfa lockout status
27 -- Proxmox Support Team <support@proxmox.com> Mon, 05 Jun 2023 14:52:29 +0200
29 libpve-access-control (7.99.0) bookworm; urgency=medium
31 * initial re-build for Proxmox VE 8.x series
33 * switch to native versioning
35 -- Proxmox Support Team <support@proxmox.com> Sun, 21 May 2023 10:34:19 +0200
37 libpve-access-control (7.4-3) bullseye; urgency=medium
39 * use new 2nd factor verification from pve-rs
41 -- Proxmox Support Team <support@proxmox.com> Tue, 16 May 2023 13:31:28 +0200
43 libpve-access-control (7.4-2) bullseye; urgency=medium
45 * fix #4609: fix regression where a valid DN in the ldap/ad realm config
46 wasn't accepted anymore
48 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Mar 2023 15:44:21 +0100
50 libpve-access-control (7.4-1) bullseye; urgency=medium
52 * realm sync: refactor scope/remove-vanished into a standard option
54 * ldap: Allow quoted values for DN attribute values
56 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Mar 2023 17:16:11 +0100
58 libpve-access-control (7.3-2) bullseye; urgency=medium
60 * fix #4518: dramatically improve ACL computation performance
62 * userid format: clarify that this is the full name@realm in description
64 -- Proxmox Support Team <support@proxmox.com> Mon, 06 Mar 2023 11:40:11 +0100
66 libpve-access-control (7.3-1) bullseye; urgency=medium
68 * realm: sync: allow explicit 'none' for 'remove-vanished' option
70 -- Proxmox Support Team <support@proxmox.com> Fri, 16 Dec 2022 13:11:04 +0100
72 libpve-access-control (7.2-5) bullseye; urgency=medium
74 * api: realm sync: avoid separate log line for "remove-vanished" opt
76 * auth ldap/ad: compare group member dn case-insensitively
78 * two factor auth: only lock tfa config for recovery keys
80 * privs: add Sys.Incoming for guarding cross-cluster data streams like guest
81 migrations and storage migrations
83 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Nov 2022 13:09:17 +0100
85 libpve-access-control (7.2-4) bullseye; urgency=medium
87 * fix #4074: increase API OpenID code size limit to 2048
89 * auth key: protect against rare chance of a double rotation in clusters,
90 leaving the potential that some set of nodes have the earlier key cached,
91 that then got rotated out due to the race, resulting in a possible other
92 set of nodes having the newer key cached. This is a split view of the auth
93 key and may resulting in spurious failures if API requests are made to a
94 different node than the ticket was generated on.
95 In addition to that, the "keep validity of old tickets if signed in the
96 last two hours before rotation" logic was disabled too in such a case,
97 making such tickets invalid too early.
98 Note that both are cases where Proxmox VE was too strict, so while this
99 had no security implications it can be a nuisance, especially for
100 environments that use the API through an automated or scripted way
102 -- Proxmox Support Team <support@proxmox.com> Thu, 14 Jul 2022 08:36:51 +0200
104 libpve-access-control (7.2-3) bullseye; urgency=medium
106 * api: token: use userid-group as API perm check to avoid being overly
107 strict through a misguided use of user id for non-root users.
109 * perm check: forbid undefined/empty ACL path for future proofing of against
112 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Jun 2022 15:51:14 +0200
114 libpve-access-control (7.2-2) bullseye; urgency=medium
116 * permissions: merge propagation flag for multiple roles on a path that
117 share privilege in a deterministic way, to avoid that it gets lost
118 depending on perl's random sort, which would result in returing less
119 privileges than an auth-id actually had.
121 * permissions: avoid that token and user privilege intersection is to strict
122 for user permissions that have propagation disabled.
124 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2022 14:02:30 +0200
126 libpve-access-control (7.2-1) bullseye; urgency=medium
128 * user check: fix expiration/enable order
130 -- Proxmox Support Team <support@proxmox.com> Tue, 31 May 2022 13:43:37 +0200
132 libpve-access-control (7.1-8) bullseye; urgency=medium
134 * fix #3668: realm-sync: replace 'full' & 'purge' with 'remove-
137 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Apr 2022 17:02:46 +0200
139 libpve-access-control (7.1-7) bullseye; urgency=medium
141 * userid-group check: distinguish create and update
143 * api: get user: declare token schema
145 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Mar 2022 16:15:23 +0100
147 libpve-access-control (7.1-6) bullseye; urgency=medium
149 * fix #3768: warn on bad u2f or webauthn settings
151 * tfa: when modifying others, verify the current user's password
153 * tfa list: account for admin permissions
155 * fix realm sync permissions
157 * fix token permission display bug
159 * include SDN permissions in permission tree
161 -- Proxmox Support Team <support@proxmox.com> Fri, 21 Jan 2022 14:20:42 +0100
163 libpve-access-control (7.1-5) bullseye; urgency=medium
165 * openid: fix username-claim fallback
167 -- Proxmox Support Team <support@proxmox.com> Thu, 25 Nov 2021 07:57:38 +0100
169 libpve-access-control (7.1-4) bullseye; urgency=medium
171 * set current origin in the webauthn config if no fixed origin was
172 configured, to support webauthn via subdomains
174 -- Proxmox Support Team <support@proxmox.com> Mon, 22 Nov 2021 14:04:06 +0100
176 libpve-access-control (7.1-3) bullseye; urgency=medium
178 * openid: allow arbitrary username-claims
180 * openid: support configuring the prompt, scopes and ACR values
182 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Nov 2021 08:11:52 +0100
184 libpve-access-control (7.1-2) bullseye; urgency=medium
186 * catch incompatible tfa entries with a nice error
188 -- Proxmox Support Team <support@proxmox.com> Wed, 17 Nov 2021 13:44:45 +0100
190 libpve-access-control (7.1-1) bullseye; urgency=medium
192 * tfa: map HTTP 404 error in get_tfa_entry correctly
194 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Nov 2021 15:33:22 +0100
196 libpve-access-control (7.0-7) bullseye; urgency=medium
198 * fix #3513: pass configured proxy to OpenID
200 * use rust based parser for TFA config
202 * use PBS-like auth api call flow,
204 * merge old user.cfg keys to tfa config when adding entries
206 * implement version checks for new tfa config writer to ensure all
207 cluster nodes are ready to avoid login issues
209 * tickets: add tunnel ticket
211 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Nov 2021 18:17:49 +0100
213 libpve-access-control (7.0-6) bullseye; urgency=medium
215 * fix regression in user deletion when realm does not enforce TFA
217 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Oct 2021 12:28:52 +0200
219 libpve-access-control (7.0-5) bullseye; urgency=medium
221 * acl: check path: add /sdn/vnets/* path
223 * fix #2302: allow deletion of users when realm enforces TFA
225 * api: delete user: disable user first to avoid surprise on error during the
226 various cleanup action required for user deletion (e.g., TFA, ACL, group)
228 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Sep 2021 15:50:47 +0200
230 libpve-access-control (7.0-4) bullseye; urgency=medium
232 * realm: add OpenID configuration
234 * api: implement OpenID related endpoints
236 * implement opt-in OpenID autocreate user feature
238 * api: user: add 'realm-type' to user list response
240 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jul 2021 13:45:46 +0200
242 libpve-access-control (7.0-3) bullseye; urgency=medium
244 * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and
245 `/sdn/zones/<zone>` to allowed ACL paths
247 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 10:31:19 +0200
249 libpve-access-control (7.0-2) bullseye; urgency=medium
251 * fix #3402: add Pool.Audit privilege - custom roles containing
252 Pool.Allocate must be updated to include the new privilege.
254 -- Proxmox Support Team <support@proxmox.com> Tue, 1 Jun 2021 11:28:38 +0200
256 libpve-access-control (7.0-1) bullseye; urgency=medium
258 * re-build for Debian 11 Bullseye based releases
260 -- Proxmox Support Team <support@proxmox.com> Sun, 09 May 2021 18:18:23 +0200
262 libpve-access-control (6.4-1) pve; urgency=medium
264 * fix #1670: change PAM service name to project specific name
266 * fix #1500: permission path syntax check for access control
268 * pveum: add resource pool CLI commands
270 -- Proxmox Support Team <support@proxmox.com> Sat, 24 Apr 2021 19:48:21 +0200
272 libpve-access-control (6.1-3) pve; urgency=medium
274 * partially fix #2825: authkey: rotate if it was generated in the
277 * fix #2947: add an option to LDAP or AD realm to switch user lookup to case
280 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200
282 libpve-access-control (6.1-2) pve; urgency=medium
284 * also check SDN permission path when computing coarse permissions heuristic
287 * add SDN Permissions.Modify
289 * add VM.Config.Cloudinit
291 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200
293 libpve-access-control (6.1-1) pve; urgency=medium
295 * pveum: add tfa delete subcommand for deleting user-TFA
297 * LDAP: don't complain about missing credentials on realm removal
299 * LDAP: skip anonymous bind when client certificate and key is configured
301 -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200
303 libpve-access-control (6.0-7) pve; urgency=medium
305 * fix #2575: die when trying to edit built-in roles
307 * add realm sub commands to pveum CLI tool
309 * api: domains: add user group sync API endpoint
311 * allow one to sync and import users and groups from LDAP/AD based realms
313 * realm: add default-sync-options to config for more convenient sync configuration
315 * api: token create: return also full token id for convenience
317 -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
319 libpve-access-control (6.0-6) pve; urgency=medium
321 * API: add group members to group index
323 * implement API token support and management
325 * pveum: add 'pveum user token add/update/remove/list'
327 * pveum: add permissions sub-commands
329 * API: add 'permissions' API endpoint
331 * user.cfg: skip inexisting roles when parsing ACLs
333 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
335 libpve-access-control (6.0-5) pve; urgency=medium
337 * pveum: add list command for users, groups, ACLs and roles
339 * add initial permissions for experimental SDN integration
341 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
343 libpve-access-control (6.0-4) pve; urgency=medium
345 * ticket: use clinfo to get cluster name
347 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
350 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
352 libpve-access-control (6.0-3) pve; urgency=medium
354 * fix #2433: increase possible TFA secret length
356 * parse user configuration: correctly parse group names in ACLs, for users
357 which begin their name with an @
359 * sort user.cfg entries alphabetically
361 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
363 libpve-access-control (6.0-2) pve; urgency=medium
365 * improve CSRF verification compatibility with newer PVE
367 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
369 libpve-access-control (6.0-1) pve; urgency=medium
371 * ticket: properly verify exactly 5 minute old tickets
373 * use hmac_sha256 instead of sha1 for CSRF token generation
375 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
377 libpve-access-control (6.0-0+1) pve; urgency=medium
379 * bump for Debian buster
381 * fix #2079: add periodic auth key rotation
383 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
385 libpve-access-control (5.1-10) unstable; urgency=medium
387 * add /access/user/{id}/tfa api call to get tfa types
389 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
391 libpve-access-control (5.1-9) unstable; urgency=medium
393 * store the tfa type in user.cfg allowing to get it without proxying the call
394 to a higher privileged daemon.
396 * tfa: realm required TFA should lock out users without TFA configured, as it
397 was done before Proxmox VE 5.4
399 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
401 libpve-access-control (5.1-8) unstable; urgency=medium
403 * U2F: ensure we save correct public key on registration
405 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
407 libpve-access-control (5.1-7) unstable; urgency=medium
409 * verify_ticket: allow general non-challenge tfa to be run as two step
412 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
414 libpve-access-control (5.1-6) unstable; urgency=medium
416 * more general 2FA configuration via priv/tfa.cfg
418 * add u2f api endpoints
420 * delete TFA entries when deleting a user
422 * allow users to change their TOTP settings
424 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
426 libpve-access-control (5.1-5) unstable; urgency=medium
428 * fix vnc ticket verification without authkey lifetime
430 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
432 libpve-access-control (5.1-4) unstable; urgency=medium
434 * fix #1891: Add zsh command completion for pveum
436 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
437 to avoid issues on upgrade, will be enabled with 6.0
439 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
441 libpve-access-control (5.1-3) unstable; urgency=medium
443 * api/ticket: move getting cluster name into an eval
445 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
447 libpve-access-control (5.1-2) unstable; urgency=medium
449 * fix #1998: correct return properties for read_role
451 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
453 libpve-access-control (5.1-1) unstable; urgency=medium
455 * pveum: introduce sub-commands
457 * register userid with completion
459 * fix #233: return cluster name on successful login
461 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
463 libpve-access-control (5.0-8) unstable; urgency=medium
465 * fix #1612: ldap: make 2nd server work with bind domains again
467 * fix an error message where passing a bad pool id to an API function would
468 make it complain about a wrong group name instead
470 * fix the API-returned permission list so that the GUI knows to show the
471 'Permissions' tab for a storage to an administrator apart from root@pam
473 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
475 libpve-access-control (5.0-7) unstable; urgency=medium
477 * VM.Snapshot.Rollback privilege added
479 * api: check for special roles before locking the usercfg
481 * fix #1501: pveum: die when deleting special role
483 * API/ticket: rework coarse grained permission computation
485 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
487 libpve-access-control (5.0-6) unstable; urgency=medium
489 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
490 'verify' option. For compatibility reasons this defaults to off for now,
491 but that might change with future updates.
493 * AD, LDAP: Add ability to specify a CA path or file, and a client
494 certificate via the 'capath', 'cert' and 'certkey' options.
496 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
498 libpve-access-control (5.0-5) unstable; urgency=medium
500 * change from dpkg-deb to dpkg-buildpackage
502 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
504 libpve-access-control (5.0-4) unstable; urgency=medium
506 * PVE/CLI/pveum.pm: call setup_default_cli_env()
508 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
510 * check_api2_permissions: avoid warning about uninitialized value
512 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
514 libpve-access-control (5.0-3) unstable; urgency=medium
516 * use new PVE::OTP class from pve-common
518 * use new PVE::Tools::encrypt_pw from pve-common
520 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
522 libpve-access-control (5.0-2) unstable; urgency=medium
524 * encrypt_pw: avoid '+' for crypt salt
526 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
528 libpve-access-control (5.0-1) unstable; urgency=medium
530 * rebuild for PVE 5.0
532 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
534 libpve-access-control (4.0-23) unstable; urgency=medium
536 * use new PVE::Ticket class
538 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
540 libpve-access-control (4.0-22) unstable; urgency=medium
542 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
543 (moved to PVE::Storage)
545 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
547 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
549 libpve-access-control (4.0-21) unstable; urgency=medium
551 * setup_default_cli_env: expect $class as first parameter
553 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
555 libpve-access-control (4.0-20) unstable; urgency=medium
557 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
559 * PVE/API2/Domains.pm: fix property description
561 * use new repoman for upload target
563 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
565 libpve-access-control (4.0-19) unstable; urgency=medium
567 * Close #833: ldap: non-anonymous bind support
569 * don't import 'RFC' from MIME::Base32
571 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
573 libpve-access-control (4.0-18) unstable; urgency=medium
575 * fix #1062: recognize base32 otp keys again
577 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
579 libpve-access-control (4.0-17) unstable; urgency=medium
581 * drop oathtool and libdigest-hmac-perl dependencies
583 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
585 libpve-access-control (4.0-16) unstable; urgency=medium
587 * use pve-doc-generator to generate man pages
589 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
591 libpve-access-control (4.0-15) unstable; urgency=medium
593 * Fix uninitialized warning when shadow.cfg does not exist
595 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
597 libpve-access-control (4.0-14) unstable; urgency=medium
599 * Add is_worker to RPCEnvironment
601 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
603 libpve-access-control (4.0-13) unstable; urgency=medium
605 * fix #916: allow HTTPS to access custom yubico url
607 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
609 libpve-access-control (4.0-12) unstable; urgency=medium
611 * Catch certificate errors instead of segfaulting
613 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
615 libpve-access-control (4.0-11) unstable; urgency=medium
617 * Fix #861: use safer sprintf formatting
619 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
621 libpve-access-control (4.0-10) unstable; urgency=medium
623 * Auth::LDAP, Auth::AD: ipv6 support
625 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
627 libpve-access-control (4.0-9) unstable; urgency=medium
629 * pveum: implement bash completion
631 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
633 libpve-access-control (4.0-8) unstable; urgency=medium
635 * remove_storage_access: cleanup of access permissions for removed storage
637 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
639 libpve-access-control (4.0-7) unstable; urgency=medium
641 * new helper to remove access permissions for removed VMs
643 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
645 libpve-access-control (4.0-6) unstable; urgency=medium
647 * improve parse_user_config, parse_shadow_config
649 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
651 libpve-access-control (4.0-5) unstable; urgency=medium
653 * pveum: check for $cmd being defined
655 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
657 libpve-access-control (4.0-4) unstable; urgency=medium
659 * use activate-noawait triggers
661 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
663 libpve-access-control (4.0-3) unstable; urgency=medium
669 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
671 libpve-access-control (4.0-2) unstable; urgency=medium
673 * trigger pve-api-updates event
675 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
677 libpve-access-control (4.0-1) unstable; urgency=medium
679 * bump version for Debian Jessie
681 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
683 libpve-access-control (3.0-16) unstable; urgency=low
685 * root@pam can now be disabled in GUI.
687 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
689 libpve-access-control (3.0-15) unstable; urgency=low
691 * oath: add 'step' and 'digits' option
693 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
695 libpve-access-control (3.0-14) unstable; urgency=low
697 * add oath two factor auth
699 * add oathkeygen binary to generate keys for oath
701 * add yubico two factor auth
705 * depend on libmime-base32-perl
707 * allow to write builtin auth domains config (comment/tfa/default)
709 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
711 libpve-access-control (3.0-13) unstable; urgency=low
713 * use correct connection string for AD auth
715 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
717 libpve-access-control (3.0-12) unstable; urgency=low
719 * add dummy API for GET /access/ticket (useful to generate login pages)
721 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
723 libpve-access-control (3.0-11) unstable; urgency=low
725 * Sets common hot keys for spice client
727 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
729 libpve-access-control (3.0-10) unstable; urgency=low
731 * implement helper to generate SPICE remote-viewer configuration
733 * depend on libnet-ssleay-perl
735 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
737 libpve-access-control (3.0-9) unstable; urgency=low
739 * prevent user enumeration attacks
741 * allow dots in access paths
743 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
745 libpve-access-control (3.0-8) unstable; urgency=low
747 * spice: use lowercase hostname in ticktet signature
749 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
751 libpve-access-control (3.0-7) unstable; urgency=low
753 * check_volume_access : use parse_volname instead of path, and remove
756 * use warnings instead of global -w flag.
758 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
760 libpve-access-control (3.0-6) unstable; urgency=low
762 * use shorter spiceproxy tickets
764 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
766 libpve-access-control (3.0-5) unstable; urgency=low
768 * add code to generate tickets for SPICE
770 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
772 libpve-access-control (3.0-4) unstable; urgency=low
774 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
776 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
778 libpve-access-control (3.0-3) unstable; urgency=low
780 * Add new role PVETemplateUser (and VM.Clone privilege)
782 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
784 libpve-access-control (3.0-2) unstable; urgency=low
786 * remove CGI.pm related code (pveproxy does not need that)
788 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
790 libpve-access-control (3.0-1) unstable; urgency=low
792 * bump version for wheezy release
794 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
796 libpve-access-control (1.0-26) unstable; urgency=low
798 * check_volume_access: fix access permissions for backup files
800 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
802 libpve-access-control (1.0-25) unstable; urgency=low
804 * add VM.Snapshot permission
806 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
808 libpve-access-control (1.0-24) unstable; urgency=low
810 * untaint path (allow root to restore arbitrary paths)
812 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
814 libpve-access-control (1.0-23) unstable; urgency=low
816 * correctly compute GUI capabilities (consider pools)
818 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
820 libpve-access-control (1.0-22) unstable; urgency=low
822 * new plugin architecture for Auth modules, minor API change for Auth
823 domains (new 'delete' parameter)
825 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
827 libpve-access-control (1.0-21) unstable; urgency=low
829 * do not allow user names including slash
831 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
833 libpve-access-control (1.0-20) unstable; urgency=low
835 * add ability to fork cli workers in background
837 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
839 libpve-access-control (1.0-19) unstable; urgency=low
841 * return set of privileges on login - can be used to adopt GUI
843 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
845 libpve-access-control (1.0-18) unstable; urgency=low
847 * fix bug #151: correctly parse username inside ticket
849 * fix bug #152: allow user to change his own password
851 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
853 libpve-access-control (1.0-17) unstable; urgency=low
855 * set propagate flag by default
857 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
859 libpve-access-control (1.0-16) unstable; urgency=low
861 * add 'pveum passwd' method
863 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
865 libpve-access-control (1.0-15) unstable; urgency=low
867 * Add VM.Config.CDROM privilege to PVEVMUser rule
869 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
871 libpve-access-control (1.0-14) unstable; urgency=low
873 * fix buf in userid-param permission check
875 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
877 libpve-access-control (1.0-13) unstable; urgency=low
879 * allow more characters in ldap base_dn attribute
881 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
883 libpve-access-control (1.0-12) unstable; urgency=low
885 * allow more characters with realm IDs
887 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
889 libpve-access-control (1.0-11) unstable; urgency=low
891 * fix bug in exec_api2_perm_check
893 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
895 libpve-access-control (1.0-10) unstable; urgency=low
897 * fix ACL group name parser
899 * changed 'pveum aclmod' command line arguments
901 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
903 libpve-access-control (1.0-9) unstable; urgency=low
905 * fix bug in check_volume_access (fixes vzrestore)
907 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
909 libpve-access-control (1.0-8) unstable; urgency=low
911 * fix return value for empty ACL list.
913 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
915 libpve-access-control (1.0-7) unstable; urgency=low
917 * fix bug #85: allow root@pam to generate tickets for other users
919 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
921 libpve-access-control (1.0-6) unstable; urgency=low
923 * API change: allow to filter enabled/disabled users.
925 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
927 libpve-access-control (1.0-5) unstable; urgency=low
929 * add a way to return file changes (diffs): set_result_changes()
931 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
933 libpve-access-control (1.0-4) unstable; urgency=low
935 * new environment type for ha agents
937 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
939 libpve-access-control (1.0-3) unstable; urgency=low
941 * add support for delayed parameter parsing - We need that to disable
942 file upload for normal API request (avoid DOS attacks)
944 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
946 libpve-access-control (1.0-2) unstable; urgency=low
948 * fix bug in fork_worker
950 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
952 libpve-access-control (1.0-1) unstable; urgency=low
954 * allow '-' in permission paths
956 * bump version to 1.0
958 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
960 libpve-access-control (0.1) unstable; urgency=low
962 * first dummy package - no functionality
964 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200