]> git.proxmox.com Git - pve-access-control.git/blame - debian/changelog
projects / pve-access-control.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
bump version to 7.2-5
[pve-access-control.git] / debian / changelog
CommitLineData
b84bf623
TL		 1libpve-access-control (7.2-5) bullseye; urgency=medium
2
3 * api: realm sync: avoid separate log line for "remove-vanished" opt
4
5 * auth ldap/ad: compare group member dn case-insensitively
6
7 * two factor auth: only lock tfa config for recovery keys
8
9 * privs: add Sys.Incoming for guarding cross-cluster data streams like guest
10 migrations and storage migrations
11
12 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Nov 2022 13:09:17 +0100
13
f4e68e49
TL		 14libpve-access-control (7.2-4) bullseye; urgency=medium
15
16 * fix #4074: increase API OpenID code size limit to 2048
17
18 * auth key: protect against rare chance of a double rotation in clusters,
19 leaving the potential that some set of nodes have the earlier key cached,
20 that then got rotated out due to the race, resulting in a possible other
21 set of nodes having the newer key cached. This is a split view of the auth
22 key and may resulting in spurious failures if API requests are made to a
23 different node than the ticket was generated on.
24 In addition to that, the "keep validity of old tickets if signed in the
25 last two hours before rotation" logic was disabled too in such a case,
26 making such tickets invalid too early.
27 Note that both are cases where Proxmox VE was too strict, so while this
28 had no security implications it can be a nuisance, especially for
29 environments that use the API through an automated or scripted way
30
31 -- Proxmox Support Team <support@proxmox.com> Thu, 14 Jul 2022 08:36:51 +0200
32
26dde491
TL		 33libpve-access-control (7.2-3) bullseye; urgency=medium
34
35 * api: token: use userid-group as API perm check to avoid being overly
36 strict through a misguided use of user id for non-root users.
37
38 * perm check: forbid undefined/empty ACL path for future proofing of against
39 above issue
40
41 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Jun 2022 15:51:14 +0200
42
1cf4389b
TL		 43libpve-access-control (7.2-2) bullseye; urgency=medium
44
45 * permissions: merge propagation flag for multiple roles on a path that
46 share privilege in a deterministic way, to avoid that it gets lost
47 depending on perl's random sort, which would result in returing less
48 privileges than an auth-id actually had.
49
50 * permissions: avoid that token and user privilege intersection is to strict
51 for user permissions that have propagation disabled.
52
53 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2022 14:02:30 +0200
54
e3604d48
TL		 55libpve-access-control (7.2-1) bullseye; urgency=medium
56
57 * user check: fix expiration/enable order
58
59 -- Proxmox Support Team <support@proxmox.com> Tue, 31 May 2022 13:43:37 +0200
60
79ae250f
TL		 61libpve-access-control (7.1-8) bullseye; urgency=medium
62
63 * fix #3668: realm-sync: replace 'full' & 'purge' with 'remove-
64 vanished'
65
66 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Apr 2022 17:02:46 +0200
67
eed46286
TL		 68libpve-access-control (7.1-7) bullseye; urgency=medium
69
70 * userid-group check: distinguish create and update
71
72 * api: get user: declare token schema
73
74 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Mar 2022 16:15:23 +0100
75
cd78b295
FG		 76libpve-access-control (7.1-6) bullseye; urgency=medium
77
78 * fix #3768: warn on bad u2f or webauthn settings
79
80 * tfa: when modifying others, verify the current user's password
81
82 * tfa list: account for admin permissions
83
84 * fix realm sync permissions
85
86 * fix token permission display bug
87
88 * include SDN permissions in permission tree
89
90 -- Proxmox Support Team <support@proxmox.com> Fri, 21 Jan 2022 14:20:42 +0100
91
118088d8
TL		 92libpve-access-control (7.1-5) bullseye; urgency=medium
93
94 * openid: fix username-claim fallback
95
96 -- Proxmox Support Team <support@proxmox.com> Thu, 25 Nov 2021 07:57:38 +0100
97
ebb14277
WB		 98libpve-access-control (7.1-4) bullseye; urgency=medium
99
100 * set current origin in the webauthn config if no fixed origin was
101 configured, to support webauthn via subdomains
102
103 -- Proxmox Support Team <support@proxmox.com> Mon, 22 Nov 2021 14:04:06 +0100
104
44a55ff7
TL		 105libpve-access-control (7.1-3) bullseye; urgency=medium
106
107 * openid: allow arbitrary username-claims
108
109 * openid: support configuring the prompt, scopes and ACR values
110
111 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Nov 2021 08:11:52 +0100
112
6f643e79
TL		 113libpve-access-control (7.1-2) bullseye; urgency=medium
114
115 * catch incompatible tfa entries with a nice error
116
117 -- Proxmox Support Team <support@proxmox.com> Wed, 17 Nov 2021 13:44:45 +0100
118
92bca71e
TL		 119libpve-access-control (7.1-1) bullseye; urgency=medium
120
121 * tfa: map HTTP 404 error in get_tfa_entry correctly
122
123 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Nov 2021 15:33:22 +0100
124
1c9b6501
TL		 125libpve-access-control (7.0-7) bullseye; urgency=medium
126
127 * fix #3513: pass configured proxy to OpenID
128
129 * use rust based parser for TFA config
130
131 * use PBS-like auth api call flow,
132
133 * merge old user.cfg keys to tfa config when adding entries
134
135 * implement version checks for new tfa config writer to ensure all
136 cluster nodes are ready to avoid login issues
137
138 * tickets: add tunnel ticket
139
140 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Nov 2021 18:17:49 +0100
141
cd46b379
TL		 142libpve-access-control (7.0-6) bullseye; urgency=medium
143
144 * fix regression in user deletion when realm does not enforce TFA
145
146 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Oct 2021 12:28:52 +0200
147
52da88a8
TL		 148libpve-access-control (7.0-5) bullseye; urgency=medium
149
150 * acl: check path: add /sdn/vnets/* path
151
152 * fix #2302: allow deletion of users when realm enforces TFA
153
154 * api: delete user: disable user first to avoid surprise on error during the
155 various cleanup action required for user deletion (e.g., TFA, ACL, group)
156
157 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Sep 2021 15:50:47 +0200
158
543d646c
TL		 159libpve-access-control (7.0-4) bullseye; urgency=medium
160
161 * realm: add OpenID configuration
162
163 * api: implement OpenID related endpoints
164
165 * implement opt-in OpenID autocreate user feature
166
167 * api: user: add 'realm-type' to user list response
168
169 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jul 2021 13:45:46 +0200
170
7a4c4fd8
TL		 171libpve-access-control (7.0-3) bullseye; urgency=medium
172
173 * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and
174 `/sdn/zones/<zone>` to allowed ACL paths
175
176 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 10:31:19 +0200
177
0902a936
FG		 178libpve-access-control (7.0-2) bullseye; urgency=medium
179
180 * fix #3402: add Pool.Audit privilege - custom roles containing
181 Pool.Allocate must be updated to include the new privilege.
182
183 -- Proxmox Support Team <support@proxmox.com> Tue, 1 Jun 2021 11:28:38 +0200
184
67febb69
TL		 185libpve-access-control (7.0-1) bullseye; urgency=medium
186
187 * re-build for Debian 11 Bullseye based releases
188
189 -- Proxmox Support Team <support@proxmox.com> Sun, 09 May 2021 18:18:23 +0200
190
2942ba41
TL		 191libpve-access-control (6.4-1) pve; urgency=medium
192
193 * fix #1670: change PAM service name to project specific name
194
195 * fix #1500: permission path syntax check for access control
196
197 * pveum: add resource pool CLI commands
198
199 -- Proxmox Support Team <support@proxmox.com> Sat, 24 Apr 2021 19:48:21 +0200
200
54d312f3
TL		 201libpve-access-control (6.1-3) pve; urgency=medium
202
203 * partially fix #2825: authkey: rotate if it was generated in the
204 future
205
206 * fix #2947: add an option to LDAP or AD realm to switch user lookup to case
207 insensitive
208
209 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200
210
6a9be12f
TL		 211libpve-access-control (6.1-2) pve; urgency=medium
212
213 * also check SDN permission path when computing coarse permissions heuristic
214 for UIs
215
216 * add SDN Permissions.Modify
217
218 * add VM.Config.Cloudinit
219
220 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200
221
e6624f50
TL		 222libpve-access-control (6.1-1) pve; urgency=medium
223
224 * pveum: add tfa delete subcommand for deleting user-TFA
225
226 * LDAP: don't complain about missing credentials on realm removal
227
228 * LDAP: skip anonymous bind when client certificate and key is configured
229
230 -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200
231
8f4a522f
TL		 232libpve-access-control (6.0-7) pve; urgency=medium
233
234 * fix #2575: die when trying to edit built-in roles
235
236 * add realm sub commands to pveum CLI tool
237
7d23b7ca 238 * api: domains: add user group sync API endpoint
8f4a522f
TL		 239
240 * allow one to sync and import users and groups from LDAP/AD based realms
241
242 * realm: add default-sync-options to config for more convenient sync configuration
243
244 * api: token create: return also full token id for convenience
245
246 -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
247
23059f35
TL		 248libpve-access-control (6.0-6) pve; urgency=medium
249
250 * API: add group members to group index
251
252 * implement API token support and management
253
254 * pveum: add 'pveum user token add/update/remove/list'
255
256 * pveum: add permissions sub-commands
257
258 * API: add 'permissions' API endpoint
259
260 * user.cfg: skip inexisting roles when parsing ACLs
261
262 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
263
3dd692e9
TL		 264libpve-access-control (6.0-5) pve; urgency=medium
265
266 * pveum: add list command for users, groups, ACLs and roles
267
268 * add initial permissions for experimental SDN integration
269
270 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
271
4ef92d0d
FG		 272libpve-access-control (6.0-4) pve; urgency=medium
273
274 * ticket: use clinfo to get cluster name
275
276 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
277 SSL version
278
279 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
280
6e5bbca4
TL		 281libpve-access-control (6.0-3) pve; urgency=medium
282
283 * fix #2433: increase possible TFA secret length
284
285 * parse user configuration: correctly parse group names in ACLs, for users
286 which begin their name with an @
287
288 * sort user.cfg entries alphabetically
289
290 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
291
e073493c
TL		 292libpve-access-control (6.0-2) pve; urgency=medium
293
294 * improve CSRF verification compatibility with newer PVE
295
296 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
297
a237dc2e
TL		 298libpve-access-control (6.0-1) pve; urgency=medium
299
300 * ticket: properly verify exactly 5 minute old tickets
301
302 * use hmac_sha256 instead of sha1 for CSRF token generation
303
304 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
305
f1531f22
TL		 306libpve-access-control (6.0-0+1) pve; urgency=medium
307
308 * bump for Debian buster
309
310 * fix #2079: add periodic auth key rotation
311
312 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
313
ef761f51
TL		 314libpve-access-control (5.1-10) unstable; urgency=medium
315
316 * add /access/user/{id}/tfa api call to get tfa types
317
318 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
319
860ddcba
TL		 320libpve-access-control (5.1-9) unstable; urgency=medium
321
322 * store the tfa type in user.cfg allowing to get it without proxying the call
7d23b7ca 323 to a higher privileged daemon.
860ddcba
TL		 324
325 * tfa: realm required TFA should lock out users without TFA configured, as it
326 was done before Proxmox VE 5.4
327
328 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
329
9fbad012
TL		 330libpve-access-control (5.1-8) unstable; urgency=medium
331
332 * U2F: ensure we save correct public key on registration
333
334 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
335
4473c96c
TL		 336libpve-access-control (5.1-7) unstable; urgency=medium
337
338 * verify_ticket: allow general non-challenge tfa to be run as two step
339 call
340
341 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
342
a270d4e1
TL		 343libpve-access-control (5.1-6) unstable; urgency=medium
344
345 * more general 2FA configuration via priv/tfa.cfg
346
347 * add u2f api endpoints
348
349 * delete TFA entries when deleting a user
350
351 * allow users to change their TOTP settings
352
353 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
354
374647e8
TL		 355libpve-access-control (5.1-5) unstable; urgency=medium
356
357 * fix vnc ticket verification without authkey lifetime
358
359 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
360
7fb70c94
TL		 361libpve-access-control (5.1-4) unstable; urgency=medium
362
363 * fix #1891: Add zsh command completion for pveum
364
365 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
366 to avoid issues on upgrade, will be enabled with 6.0
367
368 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
369
6e010cde
TL		 370libpve-access-control (5.1-3) unstable; urgency=medium
371
372 * api/ticket: move getting cluster name into an eval
373
374 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
375
f5a9380a
TL		 376libpve-access-control (5.1-2) unstable; urgency=medium
377
378 * fix #1998: correct return properties for read_role
379
380 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
381
b54b7474
TL		 382libpve-access-control (5.1-1) unstable; urgency=medium
383
384 * pveum: introduce sub-commands
385
386 * register userid with completion
387
388 * fix #233: return cluster name on successful login
389
390 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
391
52192dd4
WB		 392libpve-access-control (5.0-8) unstable; urgency=medium
393
394 * fix #1612: ldap: make 2nd server work with bind domains again
395
396 * fix an error message where passing a bad pool id to an API function would
397 make it complain about a wrong group name instead
398
399 * fix the API-returned permission list so that the GUI knows to show the
400 'Permissions' tab for a storage to an administrator apart from root@pam
401
402 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
403
3dadf8cf
FG		 404libpve-access-control (5.0-7) unstable; urgency=medium
405
406 * VM.Snapshot.Rollback privilege added
407
408 * api: check for special roles before locking the usercfg
409
410 * fix #1501: pveum: die when deleting special role
411
412 * API/ticket: rework coarse grained permission computation
413
414 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
415
ec4141f4
WB		 416libpve-access-control (5.0-6) unstable; urgency=medium
417
418 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
419 'verify' option. For compatibility reasons this defaults to off for now,
420 but that might change with future updates.
421
422 * AD, LDAP: Add ability to specify a CA path or file, and a client
423 certificate via the 'capath', 'cert' and 'certkey' options.
424
425 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
426
63134bd4
DM		 427libpve-access-control (5.0-5) unstable; urgency=medium
428
429 * change from dpkg-deb to dpkg-buildpackage
430
431 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
432
868fb1ea
DM		 433libpve-access-control (5.0-4) unstable; urgency=medium
434
435 * PVE/CLI/pveum.pm: call setup_default_cli_env()
436
437 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
438
439 * check_api2_permissions: avoid warning about uninitialized value
440
441 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
442
63358f40
DM		 443libpve-access-control (5.0-3) unstable; urgency=medium
444
445 * use new PVE::OTP class from pve-common
446
447 * use new PVE::Tools::encrypt_pw from pve-common
448
449 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
450
05fd50af
DM		 451libpve-access-control (5.0-2) unstable; urgency=medium
452
453 * encrypt_pw: avoid '+' for crypt salt
454
455 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
456
0835385b
FG		 457libpve-access-control (5.0-1) unstable; urgency=medium
458
459 * rebuild for PVE 5.0
460
461 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
462
730f8863
DM		 463libpve-access-control (4.0-23) unstable; urgency=medium
464
465 * use new PVE::Ticket class
466
467 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
468
1f1c4593
DM		 469libpve-access-control (4.0-22) unstable; urgency=medium
470
471 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
472 (moved to PVE::Storage)
473
474 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
475
476 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
477
f9105063
DM		 478libpve-access-control (4.0-21) unstable; urgency=medium
479
480 * setup_default_cli_env: expect $class as first parameter
481
482 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
483
9595066e
DM		 484libpve-access-control (4.0-20) unstable; urgency=medium
485
486 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
487
488 * PVE/API2/Domains.pm: fix property description
489
490 * use new repoman for upload target
491
492 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
493
2af5a793
DM		 494libpve-access-control (4.0-19) unstable; urgency=medium
495
496 * Close #833: ldap: non-anonymous bind support
497
498 * don't import 'RFC' from MIME::Base32
499
500 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
501
5d87bb77
WB		 502libpve-access-control (4.0-18) unstable; urgency=medium
503
504 * fix #1062: recognize base32 otp keys again
505
506 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
507
28ddf48b
WB		 508libpve-access-control (4.0-17) unstable; urgency=medium
509
510 * drop oathtool and libdigest-hmac-perl dependencies
511
512 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
513
15cebb28
DM		 514libpve-access-control (4.0-16) unstable; urgency=medium
515
516 * use pve-doc-generator to generate man pages
517
518 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
519
678df887
DM		 520libpve-access-control (4.0-15) unstable; urgency=medium
521
522 * Fix uninitialized warning when shadow.cfg does not exist
523
524 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
525
cca9761a
DM		 526libpve-access-control (4.0-14) unstable; urgency=medium
527
528 * Add is_worker to RPCEnvironment
529
530 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
531
8643c99d
DM		 532libpve-access-control (4.0-13) unstable; urgency=medium
533
534 * fix #916: allow HTTPS to access custom yubico url
535
536 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
537
ae2a6bf9
DM		 538libpve-access-control (4.0-12) unstable; urgency=medium
539
540 * Catch certificate errors instead of segfaulting
541
542 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
543
4836db5f
DM		 544libpve-access-control (4.0-11) unstable; urgency=medium
545
546 * Fix #861: use safer sprintf formatting
547
548 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
549
ccbe23dc
DM		 550libpve-access-control (4.0-10) unstable; urgency=medium
551
552 * Auth::LDAP, Auth::AD: ipv6 support
553
554 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
555
90399ca4
DM		 556libpve-access-control (4.0-9) unstable; urgency=medium
557
558 * pveum: implement bash completion
559
560 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
561
364ffc13
DM		 562libpve-access-control (4.0-8) unstable; urgency=medium
563
564 * remove_storage_access: cleanup of access permissions for removed storage
565
566 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
567
7c26cb4a
DM		 568libpve-access-control (4.0-7) unstable; urgency=medium
569
570 * new helper to remove access permissions for removed VMs
571
572 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
573
296afbd1
DM		 574libpve-access-control (4.0-6) unstable; urgency=medium
575
576 * improve parse_user_config, parse_shadow_config
577
578 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
579
7d2df2ef
DM		 580libpve-access-control (4.0-5) unstable; urgency=medium
581
582 * pveum: check for $cmd being defined
583
584 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
585
98a34e3f
DM		 586libpve-access-control (4.0-4) unstable; urgency=medium
587
588 * use activate-noawait triggers
589
590 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
591
15462727
DM		 592libpve-access-control (4.0-3) unstable; urgency=medium
593
594 * IPv6 fixes
595
596 * non-root buildfix
597
598 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
599
bbf4cc9a
DM		 600libpve-access-control (4.0-2) unstable; urgency=medium
601
602 * trigger pve-api-updates event
603
604 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
605
dfbcf6d3
DM		 606libpve-access-control (4.0-1) unstable; urgency=medium
607
608 * bump version for Debian Jessie
609
610 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
611
94971b3a
DM		 612libpve-access-control (3.0-16) unstable; urgency=low
613
614 * root@pam can now be disabled in GUI.
615
616 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
617
7b17c7cb
DM		 618libpve-access-control (3.0-15) unstable; urgency=low
619
620 * oath: add 'step' and 'digits' option
621
622 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
623
1abc2c0a
DM		 624libpve-access-control (3.0-14) unstable; urgency=low
625
626 * add oath two factor auth
627
628 * add oathkeygen binary to generate keys for oath
629
630 * add yubico two factor auth
631
632 * dedend on oathtool
633
634 * depend on libmime-base32-perl
30be0de9
DM		 635
636 * allow to write builtin auth domains config (comment/tfa/default)
1abc2c0a
DM		 637
638 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
639
298450ab
DM		 640libpve-access-control (3.0-13) unstable; urgency=low
641
642 * use correct connection string for AD auth
643
644 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
645
396034e4
DM		 646libpve-access-control (3.0-12) unstable; urgency=low
647
648 * add dummy API for GET /access/ticket (useful to generate login pages)
649
650 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
651
26361123
DM		 652libpve-access-control (3.0-11) unstable; urgency=low
653
654 * Sets common hot keys for spice client
655
656 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
657
3643383d
DM		 658libpve-access-control (3.0-10) unstable; urgency=low
659
660 * implement helper to generate SPICE remote-viewer configuration
661
662 * depend on libnet-ssleay-perl
663
664 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
665
0baedcf7
DM		 666libpve-access-control (3.0-9) unstable; urgency=low
667
668 * prevent user enumeration attacks
e4f8fc2e
DM		 669
670 * allow dots in access paths
0baedcf7
DM		 671
672 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
673
d4b63eae
DM		 674libpve-access-control (3.0-8) unstable; urgency=low
675
676 * spice: use lowercase hostname in ticktet signature
677
678 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
679
49594944
DM		 680libpve-access-control (3.0-7) unstable; urgency=low
681
682 * check_volume_access : use parse_volname instead of path, and remove
683 path related code.
7c410d63
DM		 684
685 * use warnings instead of global -w flag.
49594944
DM		 686
687 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
688
fe7de5d0
DM		 689libpve-access-control (3.0-6) unstable; urgency=low
690
691 * use shorter spiceproxy tickets
692
693 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
694
4cdd9507
DM		 695libpve-access-control (3.0-5) unstable; urgency=low
696
697 * add code to generate tickets for SPICE
698
699 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
700
677f9ab0
DM		 701libpve-access-control (3.0-4) unstable; urgency=low
702
703 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
704
705 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
706
139a8ecf
DM		 707libpve-access-control (3.0-3) unstable; urgency=low
708
7d23b7ca 709 * Add new role PVETemplateUser (and VM.Clone privilege)
139a8ecf
DM		 710
711 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
712
b78ce7c2
DM		 713libpve-access-control (3.0-2) unstable; urgency=low
714
715 * remove CGI.pm related code (pveproxy does not need that)
716
717 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
718
786820f9
DM		 719libpve-access-control (3.0-1) unstable; urgency=low
720
721 * bump version for wheezy release
722
723 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
724
e5ae5487
DM		 725libpve-access-control (1.0-26) unstable; urgency=low
726
727 * check_volume_access: fix access permissions for backup files
728
729 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
730
e3e6510c
DM		 731libpve-access-control (1.0-25) unstable; urgency=low
732
733 * add VM.Snapshot permission
734
735 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
736
1e15ebe7
DM		 737libpve-access-control (1.0-24) unstable; urgency=low
738
739 * untaint path (allow root to restore arbitrary paths)
740
741 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
742
437be042
DM		 743libpve-access-control (1.0-23) unstable; urgency=low
744
745 * correctly compute GUI capabilities (consider pools)
746
747 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
748
5bb4e06a
DM		 749libpve-access-control (1.0-22) unstable; urgency=low
750
751 * new plugin architecture for Auth modules, minor API change for Auth
752 domains (new 'delete' parameter)
753
754 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
755
3030a176
DM		 756libpve-access-control (1.0-21) unstable; urgency=low
757
758 * do not allow user names including slash
759
760 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
761
762libpve-access-control (1.0-20) unstable; urgency=low
763
764 * add ability to fork cli workers in background
765
766 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
767
dd2cfee0
DM		 768libpve-access-control (1.0-19) unstable; urgency=low
769
770 * return set of privileges on login - can be used to adopt GUI
771
772 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
773
1cf154b7
DM		 774libpve-access-control (1.0-18) unstable; urgency=low
775
7d23b7ca 776 * fix bug #151: correctly parse username inside ticket
533219a1
DM		 777
778 * fix bug #152: allow user to change his own password
1cf154b7
DM		 779
780 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
781
2de14407
DM		 782libpve-access-control (1.0-17) unstable; urgency=low
783
784 * set propagate flag by default
785
786 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
787
bdc61d7a
DM		 788libpve-access-control (1.0-16) unstable; urgency=low
789
790 * add 'pveum passwd' method
791
792 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
793
cc7bdf33
DM		 794libpve-access-control (1.0-15) unstable; urgency=low
795
796 * Add VM.Config.CDROM privilege to PVEVMUser rule
797
798 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
799
a69bbe2e
DM		 800libpve-access-control (1.0-14) unstable; urgency=low
801
802 * fix buf in userid-param permission check
803
804 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
805
d9483d94
DM		 806libpve-access-control (1.0-13) unstable; urgency=low
807
808 * allow more characters in ldap base_dn attribute
809
810 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
811
84619607
DM		 812libpve-access-control (1.0-12) unstable; urgency=low
813
814 * allow more characters with realm IDs
815
816 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
817
09d27058
DM		 818libpve-access-control (1.0-11) unstable; urgency=low
819
820 * fix bug in exec_api2_perm_check
821
822 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
823
7a4c849e
DM		 824libpve-access-control (1.0-10) unstable; urgency=low
825
826 * fix ACL group name parser
827
828 * changed 'pveum aclmod' command line arguments
829
830 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
831
3eac4e35
DM		 832libpve-access-control (1.0-9) unstable; urgency=low
833
834 * fix bug in check_volume_access (fixes vzrestore)
835
836 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
837
4384e19e
DM		 838libpve-access-control (1.0-8) unstable; urgency=low
839
840 * fix return value for empty ACL list.
841
842 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
843
d8a56966
DM		 844libpve-access-control (1.0-7) unstable; urgency=low
845
846 * fix bug #85: allow root@pam to generate tickets for other users
847
848 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
849
cb6f2f93
DM		 850libpve-access-control (1.0-6) unstable; urgency=low
851
852 * API change: allow to filter enabled/disabled users.
853
854 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
855
272fe9ff
DM		 856libpve-access-control (1.0-5) unstable; urgency=low
857
858 * add a way to return file changes (diffs): set_result_changes()
859
860 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
861
e42eedbc
DM		 862libpve-access-control (1.0-4) unstable; urgency=low
863
864 * new environment type for ha agents
865
866 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
867
1fba27e0
DM		 868libpve-access-control (1.0-3) unstable; urgency=low
869
870 * add support for delayed parameter parsing - We need that to disable
7d23b7ca 871 file upload for normal API request (avoid DOS attacks)
1fba27e0
DM		 872
873 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
874
5bf71a96
DM		 875libpve-access-control (1.0-2) unstable; urgency=low
876
877 * fix bug in fork_worker
878
879 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
880
2c3a6c0a
DM		 881libpve-access-control (1.0-1) unstable; urgency=low
882
883 * allow '-' in permission paths
884
885 * bump version to 1.0
886
887 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
888
889libpve-access-control (0.1) unstable; urgency=low
890
891 * first dummy package - no functionality
892
893 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200
894
Access control framework