projects / pve-access-control.git / blame
| Commit | Line | Data |
|---|---|---|
| 1cf4389b TL |
1 | libpve-access-control (7.2-2) bullseye; urgency=medium |
| 2 | ||
| 3 | * permissions: merge propagation flag for multiple roles on a path that | |
| 4 | share privilege in a deterministic way, to avoid that it gets lost | |
| 5 | depending on perl's random sort, which would result in returing less | |
| 6 | privileges than an auth-id actually had. | |
| 7 | ||
| 8 | * permissions: avoid that token and user privilege intersection is to strict | |
| 9 | for user permissions that have propagation disabled. | |
| 10 | ||
| 11 | -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2022 14:02:30 +0200 | |
| 12 | ||
| e3604d48 TL |
13 | libpve-access-control (7.2-1) bullseye; urgency=medium |
| 14 | ||
| 15 | * user check: fix expiration/enable order | |
| 16 | ||
| 17 | -- Proxmox Support Team <support@proxmox.com> Tue, 31 May 2022 13:43:37 +0200 | |
| 18 | ||
| 79ae250f TL |
19 | libpve-access-control (7.1-8) bullseye; urgency=medium |
| 20 | ||
| 21 | * fix #3668: realm-sync: replace 'full' & 'purge' with 'remove- | |
| 22 | vanished' | |
| 23 | ||
| 24 | -- Proxmox Support Team <support@proxmox.com> Thu, 28 Apr 2022 17:02:46 +0200 | |
| 25 | ||
| eed46286 TL |
26 | libpve-access-control (7.1-7) bullseye; urgency=medium |
| 27 | ||
| 28 | * userid-group check: distinguish create and update | |
| 29 | ||
| 30 | * api: get user: declare token schema | |
| 31 | ||
| 32 | -- Proxmox Support Team <support@proxmox.com> Mon, 21 Mar 2022 16:15:23 +0100 | |
| 33 | ||
| cd78b295 FG |
34 | libpve-access-control (7.1-6) bullseye; urgency=medium |
| 35 | ||
| 36 | * fix #3768: warn on bad u2f or webauthn settings | |
| 37 | ||
| 38 | * tfa: when modifying others, verify the current user's password | |
| 39 | ||
| 40 | * tfa list: account for admin permissions | |
| 41 | ||
| 42 | * fix realm sync permissions | |
| 43 | ||
| 44 | * fix token permission display bug | |
| 45 | ||
| 46 | * include SDN permissions in permission tree | |
| 47 | ||
| 48 | -- Proxmox Support Team <support@proxmox.com> Fri, 21 Jan 2022 14:20:42 +0100 | |
| 49 | ||
| 118088d8 TL |
50 | libpve-access-control (7.1-5) bullseye; urgency=medium |
| 51 | ||
| 52 | * openid: fix username-claim fallback | |
| 53 | ||
| 54 | -- Proxmox Support Team <support@proxmox.com> Thu, 25 Nov 2021 07:57:38 +0100 | |
| 55 | ||
| ebb14277 WB |
56 | libpve-access-control (7.1-4) bullseye; urgency=medium |
| 57 | ||
| 58 | * set current origin in the webauthn config if no fixed origin was | |
| 59 | configured, to support webauthn via subdomains | |
| 60 | ||
| 61 | -- Proxmox Support Team <support@proxmox.com> Mon, 22 Nov 2021 14:04:06 +0100 | |
| 62 | ||
| 44a55ff7 TL |
63 | libpve-access-control (7.1-3) bullseye; urgency=medium |
| 64 | ||
| 65 | * openid: allow arbitrary username-claims | |
| 66 | ||
| 67 | * openid: support configuring the prompt, scopes and ACR values | |
| 68 | ||
| 69 | -- Proxmox Support Team <support@proxmox.com> Fri, 19 Nov 2021 08:11:52 +0100 | |
| 70 | ||
| 6f643e79 TL |
71 | libpve-access-control (7.1-2) bullseye; urgency=medium |
| 72 | ||
| 73 | * catch incompatible tfa entries with a nice error | |
| 74 | ||
| 75 | -- Proxmox Support Team <support@proxmox.com> Wed, 17 Nov 2021 13:44:45 +0100 | |
| 76 | ||
| 92bca71e TL |
77 | libpve-access-control (7.1-1) bullseye; urgency=medium |
| 78 | ||
| 79 | * tfa: map HTTP 404 error in get_tfa_entry correctly | |
| 80 | ||
| 81 | -- Proxmox Support Team <support@proxmox.com> Mon, 15 Nov 2021 15:33:22 +0100 | |
| 82 | ||
| 1c9b6501 TL |
83 | libpve-access-control (7.0-7) bullseye; urgency=medium |
| 84 | ||
| 85 | * fix #3513: pass configured proxy to OpenID | |
| 86 | ||
| 87 | * use rust based parser for TFA config | |
| 88 | ||
| 89 | * use PBS-like auth api call flow, | |
| 90 | ||
| 91 | * merge old user.cfg keys to tfa config when adding entries | |
| 92 | ||
| 93 | * implement version checks for new tfa config writer to ensure all | |
| 94 | cluster nodes are ready to avoid login issues | |
| 95 | ||
| 96 | * tickets: add tunnel ticket | |
| 97 | ||
| 98 | -- Proxmox Support Team <support@proxmox.com> Thu, 11 Nov 2021 18:17:49 +0100 | |
| 99 | ||
| cd46b379 TL |
100 | libpve-access-control (7.0-6) bullseye; urgency=medium |
| 101 | ||
| 102 | * fix regression in user deletion when realm does not enforce TFA | |
| 103 | ||
| 104 | -- Proxmox Support Team <support@proxmox.com> Thu, 21 Oct 2021 12:28:52 +0200 | |
| 105 | ||
| 52da88a8 TL |
106 | libpve-access-control (7.0-5) bullseye; urgency=medium |
| 107 | ||
| 108 | * acl: check path: add /sdn/vnets/* path | |
| 109 | ||
| 110 | * fix #2302: allow deletion of users when realm enforces TFA | |
| 111 | ||
| 112 | * api: delete user: disable user first to avoid surprise on error during the | |
| 113 | various cleanup action required for user deletion (e.g., TFA, ACL, group) | |
| 114 | ||
| 115 | -- Proxmox Support Team <support@proxmox.com> Mon, 27 Sep 2021 15:50:47 +0200 | |
| 116 | ||
| 543d646c TL |
117 | libpve-access-control (7.0-4) bullseye; urgency=medium |
| 118 | ||
| 119 | * realm: add OpenID configuration | |
| 120 | ||
| 121 | * api: implement OpenID related endpoints | |
| 122 | ||
| 123 | * implement opt-in OpenID autocreate user feature | |
| 124 | ||
| 125 | * api: user: add 'realm-type' to user list response | |
| 126 | ||
| 127 | -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jul 2021 13:45:46 +0200 | |
| 128 | ||
| 7a4c4fd8 TL |
129 | libpve-access-control (7.0-3) bullseye; urgency=medium |
| 130 | ||
| 131 | * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and | |
| 132 | `/sdn/zones/<zone>` to allowed ACL paths | |
| 133 | ||
| 134 | -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 10:31:19 +0200 | |
| 135 | ||
| 0902a936 FG |
136 | libpve-access-control (7.0-2) bullseye; urgency=medium |
| 137 | ||
| 138 | * fix #3402: add Pool.Audit privilege - custom roles containing | |
| 139 | Pool.Allocate must be updated to include the new privilege. | |
| 140 | ||
| 141 | -- Proxmox Support Team <support@proxmox.com> Tue, 1 Jun 2021 11:28:38 +0200 | |
| 142 | ||
| 67febb69 TL |
143 | libpve-access-control (7.0-1) bullseye; urgency=medium |
| 144 | ||
| 145 | * re-build for Debian 11 Bullseye based releases | |
| 146 | ||
| 147 | -- Proxmox Support Team <support@proxmox.com> Sun, 09 May 2021 18:18:23 +0200 | |
| 148 | ||
| 2942ba41 TL |
149 | libpve-access-control (6.4-1) pve; urgency=medium |
| 150 | ||
| 151 | * fix #1670: change PAM service name to project specific name | |
| 152 | ||
| 153 | * fix #1500: permission path syntax check for access control | |
| 154 | ||
| 155 | * pveum: add resource pool CLI commands | |
| 156 | ||
| 157 | -- Proxmox Support Team <support@proxmox.com> Sat, 24 Apr 2021 19:48:21 +0200 | |
| 158 | ||
| 54d312f3 TL |
159 | libpve-access-control (6.1-3) pve; urgency=medium |
| 160 | ||
| 161 | * partially fix #2825: authkey: rotate if it was generated in the | |
| 162 | future | |
| 163 | ||
| 164 | * fix #2947: add an option to LDAP or AD realm to switch user lookup to case | |
| 165 | insensitive | |
| 166 | ||
| 167 | -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200 | |
| 168 | ||
| 6a9be12f TL |
169 | libpve-access-control (6.1-2) pve; urgency=medium |
| 170 | ||
| 171 | * also check SDN permission path when computing coarse permissions heuristic | |
| 172 | for UIs | |
| 173 | ||
| 174 | * add SDN Permissions.Modify | |
| 175 | ||
| 176 | * add VM.Config.Cloudinit | |
| 177 | ||
| 178 | -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200 | |
| 179 | ||
| e6624f50 TL |
180 | libpve-access-control (6.1-1) pve; urgency=medium |
| 181 | ||
| 182 | * pveum: add tfa delete subcommand for deleting user-TFA | |
| 183 | ||
| 184 | * LDAP: don't complain about missing credentials on realm removal | |
| 185 | ||
| 186 | * LDAP: skip anonymous bind when client certificate and key is configured | |
| 187 | ||
| 188 | -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200 | |
| 189 | ||
| 8f4a522f TL |
190 | libpve-access-control (6.0-7) pve; urgency=medium |
| 191 | ||
| 192 | * fix #2575: die when trying to edit built-in roles | |
| 193 | ||
| 194 | * add realm sub commands to pveum CLI tool | |
| 195 | ||
| 7d23b7ca | 196 | * api: domains: add user group sync API endpoint |
| 8f4a522f TL |
197 | |
| 198 | * allow one to sync and import users and groups from LDAP/AD based realms | |
| 199 | ||
| 200 | * realm: add default-sync-options to config for more convenient sync configuration | |
| 201 | ||
| 202 | * api: token create: return also full token id for convenience | |
| 203 | ||
| 204 | -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200 | |
| 205 | ||
| 23059f35 TL |
206 | libpve-access-control (6.0-6) pve; urgency=medium |
| 207 | ||
| 208 | * API: add group members to group index | |
| 209 | ||
| 210 | * implement API token support and management | |
| 211 | ||
| 212 | * pveum: add 'pveum user token add/update/remove/list' | |
| 213 | ||
| 214 | * pveum: add permissions sub-commands | |
| 215 | ||
| 216 | * API: add 'permissions' API endpoint | |
| 217 | ||
| 218 | * user.cfg: skip inexisting roles when parsing ACLs | |
| 219 | ||
| 220 | -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100 | |
| 221 | ||
| 3dd692e9 TL |
222 | libpve-access-control (6.0-5) pve; urgency=medium |
| 223 | ||
| 224 | * pveum: add list command for users, groups, ACLs and roles | |
| 225 | ||
| 226 | * add initial permissions for experimental SDN integration | |
| 227 | ||
| 228 | -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100 | |
| 229 | ||
| 4ef92d0d FG |
230 | libpve-access-control (6.0-4) pve; urgency=medium |
| 231 | ||
| 232 | * ticket: use clinfo to get cluster name | |
| 233 | ||
| 234 | * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as | |
| 235 | SSL version | |
| 236 | ||
| 237 | -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100 | |
| 238 | ||
| 6e5bbca4 TL |
239 | libpve-access-control (6.0-3) pve; urgency=medium |
| 240 | ||
| 241 | * fix #2433: increase possible TFA secret length | |
| 242 | ||
| 243 | * parse user configuration: correctly parse group names in ACLs, for users | |
| 244 | which begin their name with an @ | |
| 245 | ||
| 246 | * sort user.cfg entries alphabetically | |
| 247 | ||
| 248 | -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100 | |
| 249 | ||
| e073493c TL |
250 | libpve-access-control (6.0-2) pve; urgency=medium |
| 251 | ||
| 252 | * improve CSRF verification compatibility with newer PVE | |
| 253 | ||
| 254 | -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200 | |
| 255 | ||
| a237dc2e TL |
256 | libpve-access-control (6.0-1) pve; urgency=medium |
| 257 | ||
| 258 | * ticket: properly verify exactly 5 minute old tickets | |
| 259 | ||
| 260 | * use hmac_sha256 instead of sha1 for CSRF token generation | |
| 261 | ||
| 262 | -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200 | |
| 263 | ||
| f1531f22 TL |
264 | libpve-access-control (6.0-0+1) pve; urgency=medium |
| 265 | ||
| 266 | * bump for Debian buster | |
| 267 | ||
| 268 | * fix #2079: add periodic auth key rotation | |
| 269 | ||
| 270 | -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200 | |
| 271 | ||
| ef761f51 TL |
272 | libpve-access-control (5.1-10) unstable; urgency=medium |
| 273 | ||
| 274 | * add /access/user/{id}/tfa api call to get tfa types | |
| 275 | ||
| 276 | -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200 | |
| 277 | ||
| 860ddcba TL |
278 | libpve-access-control (5.1-9) unstable; urgency=medium |
| 279 | ||
| 280 | * store the tfa type in user.cfg allowing to get it without proxying the call | |
| 7d23b7ca | 281 | to a higher privileged daemon. |
| 860ddcba TL |
282 | |
| 283 | * tfa: realm required TFA should lock out users without TFA configured, as it | |
| 284 | was done before Proxmox VE 5.4 | |
| 285 | ||
| 286 | -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000 | |
| 287 | ||
| 9fbad012 TL |
288 | libpve-access-control (5.1-8) unstable; urgency=medium |
| 289 | ||
| 290 | * U2F: ensure we save correct public key on registration | |
| 291 | ||
| 292 | -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200 | |
| 293 | ||
| 4473c96c TL |
294 | libpve-access-control (5.1-7) unstable; urgency=medium |
| 295 | ||
| 296 | * verify_ticket: allow general non-challenge tfa to be run as two step | |
| 297 | call | |
| 298 | ||
| 299 | -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200 | |
| 300 | ||
| a270d4e1 TL |
301 | libpve-access-control (5.1-6) unstable; urgency=medium |
| 302 | ||
| 303 | * more general 2FA configuration via priv/tfa.cfg | |
| 304 | ||
| 305 | * add u2f api endpoints | |
| 306 | ||
| 307 | * delete TFA entries when deleting a user | |
| 308 | ||
| 309 | * allow users to change their TOTP settings | |
| 310 | ||
| 311 | -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200 | |
| 312 | ||
| 374647e8 TL |
313 | libpve-access-control (5.1-5) unstable; urgency=medium |
| 314 | ||
| 315 | * fix vnc ticket verification without authkey lifetime | |
| 316 | ||
| 317 | -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100 | |
| 318 | ||
| 7fb70c94 TL |
319 | libpve-access-control (5.1-4) unstable; urgency=medium |
| 320 | ||
| 321 | * fix #1891: Add zsh command completion for pveum | |
| 322 | ||
| 323 | * ground work to fix #2079: add periodic auth key rotation. Not yet enabled | |
| 324 | to avoid issues on upgrade, will be enabled with 6.0 | |
| 325 | ||
| 326 | -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100 | |
| 327 | ||
| 6e010cde TL |
328 | libpve-access-control (5.1-3) unstable; urgency=medium |
| 329 | ||
| 330 | * api/ticket: move getting cluster name into an eval | |
| 331 | ||
| 332 | -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100 | |
| 333 | ||
| f5a9380a TL |
334 | libpve-access-control (5.1-2) unstable; urgency=medium |
| 335 | ||
| 336 | * fix #1998: correct return properties for read_role | |
| 337 | ||
| 338 | -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100 | |
| 339 | ||
| b54b7474 TL |
340 | libpve-access-control (5.1-1) unstable; urgency=medium |
| 341 | ||
| 342 | * pveum: introduce sub-commands | |
| 343 | ||
| 344 | * register userid with completion | |
| 345 | ||
| 346 | * fix #233: return cluster name on successful login | |
| 347 | ||
| 348 | -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100 | |
| 349 | ||
| 52192dd4 WB |
350 | libpve-access-control (5.0-8) unstable; urgency=medium |
| 351 | ||
| 352 | * fix #1612: ldap: make 2nd server work with bind domains again | |
| 353 | ||
| 354 | * fix an error message where passing a bad pool id to an API function would | |
| 355 | make it complain about a wrong group name instead | |
| 356 | ||
| 357 | * fix the API-returned permission list so that the GUI knows to show the | |
| 358 | 'Permissions' tab for a storage to an administrator apart from root@pam | |
| 359 | ||
| 360 | -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100 | |
| 361 | ||
| 3dadf8cf FG |
362 | libpve-access-control (5.0-7) unstable; urgency=medium |
| 363 | ||
| 364 | * VM.Snapshot.Rollback privilege added | |
| 365 | ||
| 366 | * api: check for special roles before locking the usercfg | |
| 367 | ||
| 368 | * fix #1501: pveum: die when deleting special role | |
| 369 | ||
| 370 | * API/ticket: rework coarse grained permission computation | |
| 371 | ||
| 372 | -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200 | |
| 373 | ||
| ec4141f4 WB |
374 | libpve-access-control (5.0-6) unstable; urgency=medium |
| 375 | ||
| 376 | * Close #1470: Add server ceritifcate verification for AD and LDAP via the | |
| 377 | 'verify' option. For compatibility reasons this defaults to off for now, | |
| 378 | but that might change with future updates. | |
| 379 | ||
| 380 | * AD, LDAP: Add ability to specify a CA path or file, and a client | |
| 381 | certificate via the 'capath', 'cert' and 'certkey' options. | |
| 382 | ||
| 383 | -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200 | |
| 384 | ||
| 63134bd4 DM |
385 | libpve-access-control (5.0-5) unstable; urgency=medium |
| 386 | ||
| 387 | * change from dpkg-deb to dpkg-buildpackage | |
| 388 | ||
| 389 | -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200 | |
| 390 | ||
| 868fb1ea DM |
391 | libpve-access-control (5.0-4) unstable; urgency=medium |
| 392 | ||
| 393 | * PVE/CLI/pveum.pm: call setup_default_cli_env() | |
| 394 | ||
| 395 | * PVE/Auth/PVE.pm: encode uft8 password before calling crypt | |
| 396 | ||
| 397 | * check_api2_permissions: avoid warning about uninitialized value | |
| 398 | ||
| 399 | -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200 | |
| 400 | ||
| 63358f40 DM |
401 | libpve-access-control (5.0-3) unstable; urgency=medium |
| 402 | ||
| 403 | * use new PVE::OTP class from pve-common | |
| 404 | ||
| 405 | * use new PVE::Tools::encrypt_pw from pve-common | |
| 406 | ||
| 407 | -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200 | |
| 408 | ||
| 05fd50af DM |
409 | libpve-access-control (5.0-2) unstable; urgency=medium |
| 410 | ||
| 411 | * encrypt_pw: avoid '+' for crypt salt | |
| 412 | ||
| 413 | -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200 | |
| 414 | ||
| 0835385b FG |
415 | libpve-access-control (5.0-1) unstable; urgency=medium |
| 416 | ||
| 417 | * rebuild for PVE 5.0 | |
| 418 | ||
| 419 | -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100 | |
| 420 | ||
| 730f8863 DM |
421 | libpve-access-control (4.0-23) unstable; urgency=medium |
| 422 | ||
| 423 | * use new PVE::Ticket class | |
| 424 | ||
| 425 | -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100 | |
| 426 | ||
| 1f1c4593 DM |
427 | libpve-access-control (4.0-22) unstable; urgency=medium |
| 428 | ||
| 429 | * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency | |
| 430 | (moved to PVE::Storage) | |
| 431 | ||
| 432 | * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class | |
| 433 | ||
| 434 | -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100 | |
| 435 | ||
| f9105063 DM |
436 | libpve-access-control (4.0-21) unstable; urgency=medium |
| 437 | ||
| 438 | * setup_default_cli_env: expect $class as first parameter | |
| 439 | ||
| 440 | -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100 | |
| 441 | ||
| 9595066e DM |
442 | libpve-access-control (4.0-20) unstable; urgency=medium |
| 443 | ||
| 444 | * PVE/RPCEnvironment.pm: new function setup_default_cli_env | |
| 445 | ||
| 446 | * PVE/API2/Domains.pm: fix property description | |
| 447 | ||
| 448 | * use new repoman for upload target | |
| 449 | ||
| 450 | -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100 | |
| 451 | ||
| 2af5a793 DM |
452 | libpve-access-control (4.0-19) unstable; urgency=medium |
| 453 | ||
| 454 | * Close #833: ldap: non-anonymous bind support | |
| 455 | ||
| 456 | * don't import 'RFC' from MIME::Base32 | |
| 457 | ||
| 458 | -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200 | |
| 459 | ||
| 5d87bb77 WB |
460 | libpve-access-control (4.0-18) unstable; urgency=medium |
| 461 | ||
| 462 | * fix #1062: recognize base32 otp keys again | |
| 463 | ||
| 464 | -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200 | |
| 465 | ||
| 28ddf48b WB |
466 | libpve-access-control (4.0-17) unstable; urgency=medium |
| 467 | ||
| 468 | * drop oathtool and libdigest-hmac-perl dependencies | |
| 469 | ||
| 470 | -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200 | |
| 471 | ||
| 15cebb28 DM |
472 | libpve-access-control (4.0-16) unstable; urgency=medium |
| 473 | ||
| 474 | * use pve-doc-generator to generate man pages | |
| 475 | ||
| 476 | -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200 | |
| 477 | ||
| 678df887 DM |
478 | libpve-access-control (4.0-15) unstable; urgency=medium |
| 479 | ||
| 480 | * Fix uninitialized warning when shadow.cfg does not exist | |
| 481 | ||
| 482 | -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200 | |
| 483 | ||
| cca9761a DM |
484 | libpve-access-control (4.0-14) unstable; urgency=medium |
| 485 | ||
| 486 | * Add is_worker to RPCEnvironment | |
| 487 | ||
| 488 | -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100 | |
| 489 | ||
| 8643c99d DM |
490 | libpve-access-control (4.0-13) unstable; urgency=medium |
| 491 | ||
| 492 | * fix #916: allow HTTPS to access custom yubico url | |
| 493 | ||
| 494 | -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100 | |
| 495 | ||
| ae2a6bf9 DM |
496 | libpve-access-control (4.0-12) unstable; urgency=medium |
| 497 | ||
| 498 | * Catch certificate errors instead of segfaulting | |
| 499 | ||
| 500 | -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100 | |
| 501 | ||
| 4836db5f DM |
502 | libpve-access-control (4.0-11) unstable; urgency=medium |
| 503 | ||
| 504 | * Fix #861: use safer sprintf formatting | |
| 505 | ||
| 506 | -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100 | |
| 507 | ||
| ccbe23dc DM |
508 | libpve-access-control (4.0-10) unstable; urgency=medium |
| 509 | ||
| 510 | * Auth::LDAP, Auth::AD: ipv6 support | |
| 511 | ||
| 512 | -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100 | |
| 513 | ||
| 90399ca4 DM |
514 | libpve-access-control (4.0-9) unstable; urgency=medium |
| 515 | ||
| 516 | * pveum: implement bash completion | |
| 517 | ||
| 518 | -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200 | |
| 519 | ||
| 364ffc13 DM |
520 | libpve-access-control (4.0-8) unstable; urgency=medium |
| 521 | ||
| 522 | * remove_storage_access: cleanup of access permissions for removed storage | |
| 523 | ||
| 524 | -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200 | |
| 525 | ||
| 7c26cb4a DM |
526 | libpve-access-control (4.0-7) unstable; urgency=medium |
| 527 | ||
| 528 | * new helper to remove access permissions for removed VMs | |
| 529 | ||
| 530 | -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200 | |
| 531 | ||
| 296afbd1 DM |
532 | libpve-access-control (4.0-6) unstable; urgency=medium |
| 533 | ||
| 534 | * improve parse_user_config, parse_shadow_config | |
| 535 | ||
| 536 | -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200 | |
| 537 | ||
| 7d2df2ef DM |
538 | libpve-access-control (4.0-5) unstable; urgency=medium |
| 539 | ||
| 540 | * pveum: check for $cmd being defined | |
| 541 | ||
| 542 | -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200 | |
| 543 | ||
| 98a34e3f DM |
544 | libpve-access-control (4.0-4) unstable; urgency=medium |
| 545 | ||
| 546 | * use activate-noawait triggers | |
| 547 | ||
| 548 | -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200 | |
| 549 | ||
| 15462727 DM |
550 | libpve-access-control (4.0-3) unstable; urgency=medium |
| 551 | ||
| 552 | * IPv6 fixes | |
| 553 | ||
| 554 | * non-root buildfix | |
| 555 | ||
| 556 | -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200 | |
| 557 | ||
| bbf4cc9a DM |
558 | libpve-access-control (4.0-2) unstable; urgency=medium |
| 559 | ||
| 560 | * trigger pve-api-updates event | |
| 561 | ||
| 562 | -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200 | |
| 563 | ||
| dfbcf6d3 DM |
564 | libpve-access-control (4.0-1) unstable; urgency=medium |
| 565 | ||
| 566 | * bump version for Debian Jessie | |
| 567 | ||
| 568 | -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100 | |
| 569 | ||
| 94971b3a DM |
570 | libpve-access-control (3.0-16) unstable; urgency=low |
| 571 | ||
| 572 | * root@pam can now be disabled in GUI. | |
| 573 | ||
| 574 | -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100 | |
| 575 | ||
| 7b17c7cb DM |
576 | libpve-access-control (3.0-15) unstable; urgency=low |
| 577 | ||
| 578 | * oath: add 'step' and 'digits' option | |
| 579 | ||
| 580 | -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200 | |
| 581 | ||
| 1abc2c0a DM |
582 | libpve-access-control (3.0-14) unstable; urgency=low |
| 583 | ||
| 584 | * add oath two factor auth | |
| 585 | ||
| 586 | * add oathkeygen binary to generate keys for oath | |
| 587 | ||
| 588 | * add yubico two factor auth | |
| 589 | ||
| 590 | * dedend on oathtool | |
| 591 | ||
| 592 | * depend on libmime-base32-perl | |
| 30be0de9 DM |
593 | |
| 594 | * allow to write builtin auth domains config (comment/tfa/default) | |
| 1abc2c0a DM |
595 | |
| 596 | -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200 | |
| 597 | ||
| 298450ab DM |
598 | libpve-access-control (3.0-13) unstable; urgency=low |
| 599 | ||
| 600 | * use correct connection string for AD auth | |
| 601 | ||
| 602 | -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200 | |
| 603 | ||
| 396034e4 DM |
604 | libpve-access-control (3.0-12) unstable; urgency=low |
| 605 | ||
| 606 | * add dummy API for GET /access/ticket (useful to generate login pages) | |
| 607 | ||
| 608 | -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200 | |
| 609 | ||
| 26361123 DM |
610 | libpve-access-control (3.0-11) unstable; urgency=low |
| 611 | ||
| 612 | * Sets common hot keys for spice client | |
| 613 | ||
| 614 | -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100 | |
| 615 | ||
| 3643383d DM |
616 | libpve-access-control (3.0-10) unstable; urgency=low |
| 617 | ||
| 618 | * implement helper to generate SPICE remote-viewer configuration | |
| 619 | ||
| 620 | * depend on libnet-ssleay-perl | |
| 621 | ||
| 622 | -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100 | |
| 623 | ||
| 0baedcf7 DM |
624 | libpve-access-control (3.0-9) unstable; urgency=low |
| 625 | ||
| 626 | * prevent user enumeration attacks | |
| e4f8fc2e DM |
627 | |
| 628 | * allow dots in access paths | |
| 0baedcf7 DM |
629 | |
| 630 | -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100 | |
| 631 | ||
| d4b63eae DM |
632 | libpve-access-control (3.0-8) unstable; urgency=low |
| 633 | ||
| 634 | * spice: use lowercase hostname in ticktet signature | |
| 635 | ||
| 636 | -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100 | |
| 637 | ||
| 49594944 DM |
638 | libpve-access-control (3.0-7) unstable; urgency=low |
| 639 | ||
| 640 | * check_volume_access : use parse_volname instead of path, and remove | |
| 641 | path related code. | |
| 7c410d63 DM |
642 | |
| 643 | * use warnings instead of global -w flag. | |
| 49594944 DM |
644 | |
| 645 | -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200 | |
| 646 | ||
| fe7de5d0 DM |
647 | libpve-access-control (3.0-6) unstable; urgency=low |
| 648 | ||
| 649 | * use shorter spiceproxy tickets | |
| 650 | ||
| 651 | -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200 | |
| 652 | ||
| 4cdd9507 DM |
653 | libpve-access-control (3.0-5) unstable; urgency=low |
| 654 | ||
| 655 | * add code to generate tickets for SPICE | |
| 656 | ||
| 657 | -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200 | |
| 658 | ||
| 677f9ab0 DM |
659 | libpve-access-control (3.0-4) unstable; urgency=low |
| 660 | ||
| 661 | * moved add_vm_to_pool/remove_vm_from_pool from qemu-server | |
| 662 | ||
| 663 | -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200 | |
| 664 | ||
| 139a8ecf DM |
665 | libpve-access-control (3.0-3) unstable; urgency=low |
| 666 | ||
| 7d23b7ca | 667 | * Add new role PVETemplateUser (and VM.Clone privilege) |
| 139a8ecf DM |
668 | |
| 669 | -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200 | |
| 670 | ||
| b78ce7c2 DM |
671 | libpve-access-control (3.0-2) unstable; urgency=low |
| 672 | ||
| 673 | * remove CGI.pm related code (pveproxy does not need that) | |
| 674 | ||
| 675 | -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200 | |
| 676 | ||
| 786820f9 DM |
677 | libpve-access-control (3.0-1) unstable; urgency=low |
| 678 | ||
| 679 | * bump version for wheezy release | |
| 680 | ||
| 681 | -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100 | |
| 682 | ||
| e5ae5487 DM |
683 | libpve-access-control (1.0-26) unstable; urgency=low |
| 684 | ||
| 685 | * check_volume_access: fix access permissions for backup files | |
| 686 | ||
| 687 | -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100 | |
| 688 | ||
| e3e6510c DM |
689 | libpve-access-control (1.0-25) unstable; urgency=low |
| 690 | ||
| 691 | * add VM.Snapshot permission | |
| 692 | ||
| 693 | -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200 | |
| 694 | ||
| 1e15ebe7 DM |
695 | libpve-access-control (1.0-24) unstable; urgency=low |
| 696 | ||
| 697 | * untaint path (allow root to restore arbitrary paths) | |
| 698 | ||
| 699 | -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200 | |
| 700 | ||
| 437be042 DM |
701 | libpve-access-control (1.0-23) unstable; urgency=low |
| 702 | ||
| 703 | * correctly compute GUI capabilities (consider pools) | |
| 704 | ||
| 705 | -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200 | |
| 706 | ||
| 5bb4e06a DM |
707 | libpve-access-control (1.0-22) unstable; urgency=low |
| 708 | ||
| 709 | * new plugin architecture for Auth modules, minor API change for Auth | |
| 710 | domains (new 'delete' parameter) | |
| 711 | ||
| 712 | -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200 | |
| 713 | ||
| 3030a176 DM |
714 | libpve-access-control (1.0-21) unstable; urgency=low |
| 715 | ||
| 716 | * do not allow user names including slash | |
| 717 | ||
| 718 | -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200 | |
| 719 | ||
| 720 | libpve-access-control (1.0-20) unstable; urgency=low | |
| 721 | ||
| 722 | * add ability to fork cli workers in background | |
| 723 | ||
| 724 | -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200 | |
| 725 | ||
| dd2cfee0 DM |
726 | libpve-access-control (1.0-19) unstable; urgency=low |
| 727 | ||
| 728 | * return set of privileges on login - can be used to adopt GUI | |
| 729 | ||
| 730 | -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200 | |
| 731 | ||
| 1cf154b7 DM |
732 | libpve-access-control (1.0-18) unstable; urgency=low |
| 733 | ||
| 7d23b7ca | 734 | * fix bug #151: correctly parse username inside ticket |
| 533219a1 DM |
735 | |
| 736 | * fix bug #152: allow user to change his own password | |
| 1cf154b7 DM |
737 | |
| 738 | -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200 | |
| 739 | ||
| 2de14407 DM |
740 | libpve-access-control (1.0-17) unstable; urgency=low |
| 741 | ||
| 742 | * set propagate flag by default | |
| 743 | ||
| 744 | -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100 | |
| 745 | ||
| bdc61d7a DM |
746 | libpve-access-control (1.0-16) unstable; urgency=low |
| 747 | ||
| 748 | * add 'pveum passwd' method | |
| 749 | ||
| 750 | -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100 | |
| 751 | ||
| cc7bdf33 DM |
752 | libpve-access-control (1.0-15) unstable; urgency=low |
| 753 | ||
| 754 | * Add VM.Config.CDROM privilege to PVEVMUser rule | |
| 755 | ||
| 756 | -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100 | |
| 757 | ||
| a69bbe2e DM |
758 | libpve-access-control (1.0-14) unstable; urgency=low |
| 759 | ||
| 760 | * fix buf in userid-param permission check | |
| 761 | ||
| 762 | -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100 | |
| 763 | ||
| d9483d94 DM |
764 | libpve-access-control (1.0-13) unstable; urgency=low |
| 765 | ||
| 766 | * allow more characters in ldap base_dn attribute | |
| 767 | ||
| 768 | -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100 | |
| 769 | ||
| 84619607 DM |
770 | libpve-access-control (1.0-12) unstable; urgency=low |
| 771 | ||
| 772 | * allow more characters with realm IDs | |
| 773 | ||
| 774 | -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100 | |
| 775 | ||
| 09d27058 DM |
776 | libpve-access-control (1.0-11) unstable; urgency=low |
| 777 | ||
| 778 | * fix bug in exec_api2_perm_check | |
| 779 | ||
| 780 | -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100 | |
| 781 | ||
| 7a4c849e DM |
782 | libpve-access-control (1.0-10) unstable; urgency=low |
| 783 | ||
| 784 | * fix ACL group name parser | |
| 785 | ||
| 786 | * changed 'pveum aclmod' command line arguments | |
| 787 | ||
| 788 | -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100 | |
| 789 | ||
| 3eac4e35 DM |
790 | libpve-access-control (1.0-9) unstable; urgency=low |
| 791 | ||
| 792 | * fix bug in check_volume_access (fixes vzrestore) | |
| 793 | ||
| 794 | -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100 | |
| 795 | ||
| 4384e19e DM |
796 | libpve-access-control (1.0-8) unstable; urgency=low |
| 797 | ||
| 798 | * fix return value for empty ACL list. | |
| 799 | ||
| 800 | -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100 | |
| 801 | ||
| d8a56966 DM |
802 | libpve-access-control (1.0-7) unstable; urgency=low |
| 803 | ||
| 804 | * fix bug #85: allow root@pam to generate tickets for other users | |
| 805 | ||
| 806 | -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100 | |
| 807 | ||
| cb6f2f93 DM |
808 | libpve-access-control (1.0-6) unstable; urgency=low |
| 809 | ||
| 810 | * API change: allow to filter enabled/disabled users. | |
| 811 | ||
| 812 | -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100 | |
| 813 | ||
| 272fe9ff DM |
814 | libpve-access-control (1.0-5) unstable; urgency=low |
| 815 | ||
| 816 | * add a way to return file changes (diffs): set_result_changes() | |
| 817 | ||
| 818 | -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100 | |
| 819 | ||
| e42eedbc DM |
820 | libpve-access-control (1.0-4) unstable; urgency=low |
| 821 | ||
| 822 | * new environment type for ha agents | |
| 823 | ||
| 824 | -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100 | |
| 825 | ||
| 1fba27e0 DM |
826 | libpve-access-control (1.0-3) unstable; urgency=low |
| 827 | ||
| 828 | * add support for delayed parameter parsing - We need that to disable | |
| 7d23b7ca | 829 | file upload for normal API request (avoid DOS attacks) |
| 1fba27e0 DM |
830 | |
| 831 | -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100 | |
| 832 | ||
| 5bf71a96 DM |
833 | libpve-access-control (1.0-2) unstable; urgency=low |
| 834 | ||
| 835 | * fix bug in fork_worker | |
| 836 | ||
| 837 | -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200 | |
| 838 | ||
| 2c3a6c0a DM |
839 | libpve-access-control (1.0-1) unstable; urgency=low |
| 840 | ||
| 841 | * allow '-' in permission paths | |
| 842 | ||
| 843 | * bump version to 1.0 | |
| 844 | ||
| 845 | -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200 | |
| 846 | ||
| 847 | libpve-access-control (0.1) unstable; urgency=low | |
| 848 | ||
| 849 | * first dummy package - no functionality | |
| 850 | ||
| 851 | -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200 | |
| 852 |