]> git.proxmox.com Git - pve-access-control.git/blame - debian/changelog
projects / pve-access-control.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tree wide: typo fixes
[pve-access-control.git] / debian / changelog
CommitLineData
e3604d48
TL		 1libpve-access-control (7.2-1) bullseye; urgency=medium
2
3 * user check: fix expiration/enable order
4
5 -- Proxmox Support Team <support@proxmox.com> Tue, 31 May 2022 13:43:37 +0200
6
79ae250f
TL		 7libpve-access-control (7.1-8) bullseye; urgency=medium
8
9 * fix #3668: realm-sync: replace 'full' & 'purge' with 'remove-
10 vanished'
11
12 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Apr 2022 17:02:46 +0200
13
eed46286
TL		 14libpve-access-control (7.1-7) bullseye; urgency=medium
15
16 * userid-group check: distinguish create and update
17
18 * api: get user: declare token schema
19
20 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Mar 2022 16:15:23 +0100
21
cd78b295
FG		 22libpve-access-control (7.1-6) bullseye; urgency=medium
23
24 * fix #3768: warn on bad u2f or webauthn settings
25
26 * tfa: when modifying others, verify the current user's password
27
28 * tfa list: account for admin permissions
29
30 * fix realm sync permissions
31
32 * fix token permission display bug
33
34 * include SDN permissions in permission tree
35
36 -- Proxmox Support Team <support@proxmox.com> Fri, 21 Jan 2022 14:20:42 +0100
37
118088d8
TL		 38libpve-access-control (7.1-5) bullseye; urgency=medium
39
40 * openid: fix username-claim fallback
41
42 -- Proxmox Support Team <support@proxmox.com> Thu, 25 Nov 2021 07:57:38 +0100
43
ebb14277
WB		 44libpve-access-control (7.1-4) bullseye; urgency=medium
45
46 * set current origin in the webauthn config if no fixed origin was
47 configured, to support webauthn via subdomains
48
49 -- Proxmox Support Team <support@proxmox.com> Mon, 22 Nov 2021 14:04:06 +0100
50
44a55ff7
TL		 51libpve-access-control (7.1-3) bullseye; urgency=medium
52
53 * openid: allow arbitrary username-claims
54
55 * openid: support configuring the prompt, scopes and ACR values
56
57 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Nov 2021 08:11:52 +0100
58
6f643e79
TL		 59libpve-access-control (7.1-2) bullseye; urgency=medium
60
61 * catch incompatible tfa entries with a nice error
62
63 -- Proxmox Support Team <support@proxmox.com> Wed, 17 Nov 2021 13:44:45 +0100
64
92bca71e
TL		 65libpve-access-control (7.1-1) bullseye; urgency=medium
66
67 * tfa: map HTTP 404 error in get_tfa_entry correctly
68
69 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Nov 2021 15:33:22 +0100
70
1c9b6501
TL		 71libpve-access-control (7.0-7) bullseye; urgency=medium
72
73 * fix #3513: pass configured proxy to OpenID
74
75 * use rust based parser for TFA config
76
77 * use PBS-like auth api call flow,
78
79 * merge old user.cfg keys to tfa config when adding entries
80
81 * implement version checks for new tfa config writer to ensure all
82 cluster nodes are ready to avoid login issues
83
84 * tickets: add tunnel ticket
85
86 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Nov 2021 18:17:49 +0100
87
cd46b379
TL		 88libpve-access-control (7.0-6) bullseye; urgency=medium
89
90 * fix regression in user deletion when realm does not enforce TFA
91
92 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Oct 2021 12:28:52 +0200
93
52da88a8
TL		 94libpve-access-control (7.0-5) bullseye; urgency=medium
95
96 * acl: check path: add /sdn/vnets/* path
97
98 * fix #2302: allow deletion of users when realm enforces TFA
99
100 * api: delete user: disable user first to avoid surprise on error during the
101 various cleanup action required for user deletion (e.g., TFA, ACL, group)
102
103 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Sep 2021 15:50:47 +0200
104
543d646c
TL		 105libpve-access-control (7.0-4) bullseye; urgency=medium
106
107 * realm: add OpenID configuration
108
109 * api: implement OpenID related endpoints
110
111 * implement opt-in OpenID autocreate user feature
112
113 * api: user: add 'realm-type' to user list response
114
115 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jul 2021 13:45:46 +0200
116
7a4c4fd8
TL		 117libpve-access-control (7.0-3) bullseye; urgency=medium
118
119 * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and
120 `/sdn/zones/<zone>` to allowed ACL paths
121
122 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 10:31:19 +0200
123
0902a936
FG		 124libpve-access-control (7.0-2) bullseye; urgency=medium
125
126 * fix #3402: add Pool.Audit privilege - custom roles containing
127 Pool.Allocate must be updated to include the new privilege.
128
129 -- Proxmox Support Team <support@proxmox.com> Tue, 1 Jun 2021 11:28:38 +0200
130
67febb69
TL		 131libpve-access-control (7.0-1) bullseye; urgency=medium
132
133 * re-build for Debian 11 Bullseye based releases
134
135 -- Proxmox Support Team <support@proxmox.com> Sun, 09 May 2021 18:18:23 +0200
136
2942ba41
TL		 137libpve-access-control (6.4-1) pve; urgency=medium
138
139 * fix #1670: change PAM service name to project specific name
140
141 * fix #1500: permission path syntax check for access control
142
143 * pveum: add resource pool CLI commands
144
145 -- Proxmox Support Team <support@proxmox.com> Sat, 24 Apr 2021 19:48:21 +0200
146
54d312f3
TL		 147libpve-access-control (6.1-3) pve; urgency=medium
148
149 * partially fix #2825: authkey: rotate if it was generated in the
150 future
151
152 * fix #2947: add an option to LDAP or AD realm to switch user lookup to case
153 insensitive
154
155 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200
156
6a9be12f
TL		 157libpve-access-control (6.1-2) pve; urgency=medium
158
159 * also check SDN permission path when computing coarse permissions heuristic
160 for UIs
161
162 * add SDN Permissions.Modify
163
164 * add VM.Config.Cloudinit
165
166 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200
167
e6624f50
TL		 168libpve-access-control (6.1-1) pve; urgency=medium
169
170 * pveum: add tfa delete subcommand for deleting user-TFA
171
172 * LDAP: don't complain about missing credentials on realm removal
173
174 * LDAP: skip anonymous bind when client certificate and key is configured
175
176 -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200
177
8f4a522f
TL		 178libpve-access-control (6.0-7) pve; urgency=medium
179
180 * fix #2575: die when trying to edit built-in roles
181
182 * add realm sub commands to pveum CLI tool
183
7d23b7ca 184 * api: domains: add user group sync API endpoint
8f4a522f
TL		 185
186 * allow one to sync and import users and groups from LDAP/AD based realms
187
188 * realm: add default-sync-options to config for more convenient sync configuration
189
190 * api: token create: return also full token id for convenience
191
192 -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
193
23059f35
TL		 194libpve-access-control (6.0-6) pve; urgency=medium
195
196 * API: add group members to group index
197
198 * implement API token support and management
199
200 * pveum: add 'pveum user token add/update/remove/list'
201
202 * pveum: add permissions sub-commands
203
204 * API: add 'permissions' API endpoint
205
206 * user.cfg: skip inexisting roles when parsing ACLs
207
208 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
209
3dd692e9
TL		 210libpve-access-control (6.0-5) pve; urgency=medium
211
212 * pveum: add list command for users, groups, ACLs and roles
213
214 * add initial permissions for experimental SDN integration
215
216 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
217
4ef92d0d
FG		 218libpve-access-control (6.0-4) pve; urgency=medium
219
220 * ticket: use clinfo to get cluster name
221
222 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
223 SSL version
224
225 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
226
6e5bbca4
TL		 227libpve-access-control (6.0-3) pve; urgency=medium
228
229 * fix #2433: increase possible TFA secret length
230
231 * parse user configuration: correctly parse group names in ACLs, for users
232 which begin their name with an @
233
234 * sort user.cfg entries alphabetically
235
236 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
237
e073493c
TL		 238libpve-access-control (6.0-2) pve; urgency=medium
239
240 * improve CSRF verification compatibility with newer PVE
241
242 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
243
a237dc2e
TL		 244libpve-access-control (6.0-1) pve; urgency=medium
245
246 * ticket: properly verify exactly 5 minute old tickets
247
248 * use hmac_sha256 instead of sha1 for CSRF token generation
249
250 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
251
f1531f22
TL		 252libpve-access-control (6.0-0+1) pve; urgency=medium
253
254 * bump for Debian buster
255
256 * fix #2079: add periodic auth key rotation
257
258 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
259
ef761f51
TL		 260libpve-access-control (5.1-10) unstable; urgency=medium
261
262 * add /access/user/{id}/tfa api call to get tfa types
263
264 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
265
860ddcba
TL		 266libpve-access-control (5.1-9) unstable; urgency=medium
267
268 * store the tfa type in user.cfg allowing to get it without proxying the call
7d23b7ca 269 to a higher privileged daemon.
860ddcba
TL		 270
271 * tfa: realm required TFA should lock out users without TFA configured, as it
272 was done before Proxmox VE 5.4
273
274 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
275
9fbad012
TL		 276libpve-access-control (5.1-8) unstable; urgency=medium
277
278 * U2F: ensure we save correct public key on registration
279
280 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
281
4473c96c
TL		 282libpve-access-control (5.1-7) unstable; urgency=medium
283
284 * verify_ticket: allow general non-challenge tfa to be run as two step
285 call
286
287 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
288
a270d4e1
TL		 289libpve-access-control (5.1-6) unstable; urgency=medium
290
291 * more general 2FA configuration via priv/tfa.cfg
292
293 * add u2f api endpoints
294
295 * delete TFA entries when deleting a user
296
297 * allow users to change their TOTP settings
298
299 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
300
374647e8
TL		 301libpve-access-control (5.1-5) unstable; urgency=medium
302
303 * fix vnc ticket verification without authkey lifetime
304
305 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
306
7fb70c94
TL		 307libpve-access-control (5.1-4) unstable; urgency=medium
308
309 * fix #1891: Add zsh command completion for pveum
310
311 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
312 to avoid issues on upgrade, will be enabled with 6.0
313
314 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
315
6e010cde
TL		 316libpve-access-control (5.1-3) unstable; urgency=medium
317
318 * api/ticket: move getting cluster name into an eval
319
320 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
321
f5a9380a
TL		 322libpve-access-control (5.1-2) unstable; urgency=medium
323
324 * fix #1998: correct return properties for read_role
325
326 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
327
b54b7474
TL		 328libpve-access-control (5.1-1) unstable; urgency=medium
329
330 * pveum: introduce sub-commands
331
332 * register userid with completion
333
334 * fix #233: return cluster name on successful login
335
336 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
337
52192dd4
WB		 338libpve-access-control (5.0-8) unstable; urgency=medium
339
340 * fix #1612: ldap: make 2nd server work with bind domains again
341
342 * fix an error message where passing a bad pool id to an API function would
343 make it complain about a wrong group name instead
344
345 * fix the API-returned permission list so that the GUI knows to show the
346 'Permissions' tab for a storage to an administrator apart from root@pam
347
348 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
349
3dadf8cf
FG		 350libpve-access-control (5.0-7) unstable; urgency=medium
351
352 * VM.Snapshot.Rollback privilege added
353
354 * api: check for special roles before locking the usercfg
355
356 * fix #1501: pveum: die when deleting special role
357
358 * API/ticket: rework coarse grained permission computation
359
360 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
361
ec4141f4
WB		 362libpve-access-control (5.0-6) unstable; urgency=medium
363
364 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
365 'verify' option. For compatibility reasons this defaults to off for now,
366 but that might change with future updates.
367
368 * AD, LDAP: Add ability to specify a CA path or file, and a client
369 certificate via the 'capath', 'cert' and 'certkey' options.
370
371 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
372
63134bd4
DM		 373libpve-access-control (5.0-5) unstable; urgency=medium
374
375 * change from dpkg-deb to dpkg-buildpackage
376
377 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
378
868fb1ea
DM		 379libpve-access-control (5.0-4) unstable; urgency=medium
380
381 * PVE/CLI/pveum.pm: call setup_default_cli_env()
382
383 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
384
385 * check_api2_permissions: avoid warning about uninitialized value
386
387 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
388
63358f40
DM		 389libpve-access-control (5.0-3) unstable; urgency=medium
390
391 * use new PVE::OTP class from pve-common
392
393 * use new PVE::Tools::encrypt_pw from pve-common
394
395 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
396
05fd50af
DM		 397libpve-access-control (5.0-2) unstable; urgency=medium
398
399 * encrypt_pw: avoid '+' for crypt salt
400
401 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
402
0835385b
FG		 403libpve-access-control (5.0-1) unstable; urgency=medium
404
405 * rebuild for PVE 5.0
406
407 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
408
730f8863
DM		 409libpve-access-control (4.0-23) unstable; urgency=medium
410
411 * use new PVE::Ticket class
412
413 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
414
1f1c4593
DM		 415libpve-access-control (4.0-22) unstable; urgency=medium
416
417 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
418 (moved to PVE::Storage)
419
420 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
421
422 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
423
f9105063
DM		 424libpve-access-control (4.0-21) unstable; urgency=medium
425
426 * setup_default_cli_env: expect $class as first parameter
427
428 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
429
9595066e
DM		 430libpve-access-control (4.0-20) unstable; urgency=medium
431
432 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
433
434 * PVE/API2/Domains.pm: fix property description
435
436 * use new repoman for upload target
437
438 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
439
2af5a793
DM		 440libpve-access-control (4.0-19) unstable; urgency=medium
441
442 * Close #833: ldap: non-anonymous bind support
443
444 * don't import 'RFC' from MIME::Base32
445
446 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
447
5d87bb77
WB		 448libpve-access-control (4.0-18) unstable; urgency=medium
449
450 * fix #1062: recognize base32 otp keys again
451
452 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
453
28ddf48b
WB		 454libpve-access-control (4.0-17) unstable; urgency=medium
455
456 * drop oathtool and libdigest-hmac-perl dependencies
457
458 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
459
15cebb28
DM		 460libpve-access-control (4.0-16) unstable; urgency=medium
461
462 * use pve-doc-generator to generate man pages
463
464 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
465
678df887
DM		 466libpve-access-control (4.0-15) unstable; urgency=medium
467
468 * Fix uninitialized warning when shadow.cfg does not exist
469
470 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
471
cca9761a
DM		 472libpve-access-control (4.0-14) unstable; urgency=medium
473
474 * Add is_worker to RPCEnvironment
475
476 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
477
8643c99d
DM		 478libpve-access-control (4.0-13) unstable; urgency=medium
479
480 * fix #916: allow HTTPS to access custom yubico url
481
482 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
483
ae2a6bf9
DM		 484libpve-access-control (4.0-12) unstable; urgency=medium
485
486 * Catch certificate errors instead of segfaulting
487
488 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
489
4836db5f
DM		 490libpve-access-control (4.0-11) unstable; urgency=medium
491
492 * Fix #861: use safer sprintf formatting
493
494 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
495
ccbe23dc
DM		 496libpve-access-control (4.0-10) unstable; urgency=medium
497
498 * Auth::LDAP, Auth::AD: ipv6 support
499
500 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
501
90399ca4
DM		 502libpve-access-control (4.0-9) unstable; urgency=medium
503
504 * pveum: implement bash completion
505
506 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
507
364ffc13
DM		 508libpve-access-control (4.0-8) unstable; urgency=medium
509
510 * remove_storage_access: cleanup of access permissions for removed storage
511
512 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
513
7c26cb4a
DM		 514libpve-access-control (4.0-7) unstable; urgency=medium
515
516 * new helper to remove access permissions for removed VMs
517
518 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
519
296afbd1
DM		 520libpve-access-control (4.0-6) unstable; urgency=medium
521
522 * improve parse_user_config, parse_shadow_config
523
524 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
525
7d2df2ef
DM		 526libpve-access-control (4.0-5) unstable; urgency=medium
527
528 * pveum: check for $cmd being defined
529
530 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
531
98a34e3f
DM		 532libpve-access-control (4.0-4) unstable; urgency=medium
533
534 * use activate-noawait triggers
535
536 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
537
15462727
DM		 538libpve-access-control (4.0-3) unstable; urgency=medium
539
540 * IPv6 fixes
541
542 * non-root buildfix
543
544 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
545
bbf4cc9a
DM		 546libpve-access-control (4.0-2) unstable; urgency=medium
547
548 * trigger pve-api-updates event
549
550 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
551
dfbcf6d3
DM		 552libpve-access-control (4.0-1) unstable; urgency=medium
553
554 * bump version for Debian Jessie
555
556 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
557
94971b3a
DM		 558libpve-access-control (3.0-16) unstable; urgency=low
559
560 * root@pam can now be disabled in GUI.
561
562 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
563
7b17c7cb
DM		 564libpve-access-control (3.0-15) unstable; urgency=low
565
566 * oath: add 'step' and 'digits' option
567
568 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
569
1abc2c0a
DM		 570libpve-access-control (3.0-14) unstable; urgency=low
571
572 * add oath two factor auth
573
574 * add oathkeygen binary to generate keys for oath
575
576 * add yubico two factor auth
577
578 * dedend on oathtool
579
580 * depend on libmime-base32-perl
30be0de9
DM		 581
582 * allow to write builtin auth domains config (comment/tfa/default)
1abc2c0a
DM		 583
584 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
585
298450ab
DM		 586libpve-access-control (3.0-13) unstable; urgency=low
587
588 * use correct connection string for AD auth
589
590 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
591
396034e4
DM		 592libpve-access-control (3.0-12) unstable; urgency=low
593
594 * add dummy API for GET /access/ticket (useful to generate login pages)
595
596 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
597
26361123
DM		 598libpve-access-control (3.0-11) unstable; urgency=low
599
600 * Sets common hot keys for spice client
601
602 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
603
3643383d
DM		 604libpve-access-control (3.0-10) unstable; urgency=low
605
606 * implement helper to generate SPICE remote-viewer configuration
607
608 * depend on libnet-ssleay-perl
609
610 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
611
0baedcf7
DM		 612libpve-access-control (3.0-9) unstable; urgency=low
613
614 * prevent user enumeration attacks
e4f8fc2e
DM		 615
616 * allow dots in access paths
0baedcf7
DM		 617
618 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
619
d4b63eae
DM		 620libpve-access-control (3.0-8) unstable; urgency=low
621
622 * spice: use lowercase hostname in ticktet signature
623
624 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
625
49594944
DM		 626libpve-access-control (3.0-7) unstable; urgency=low
627
628 * check_volume_access : use parse_volname instead of path, and remove
629 path related code.
7c410d63
DM		 630
631 * use warnings instead of global -w flag.
49594944
DM		 632
633 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
634
fe7de5d0
DM		 635libpve-access-control (3.0-6) unstable; urgency=low
636
637 * use shorter spiceproxy tickets
638
639 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
640
4cdd9507
DM		 641libpve-access-control (3.0-5) unstable; urgency=low
642
643 * add code to generate tickets for SPICE
644
645 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
646
677f9ab0
DM		 647libpve-access-control (3.0-4) unstable; urgency=low
648
649 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
650
651 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
652
139a8ecf
DM		 653libpve-access-control (3.0-3) unstable; urgency=low
654
7d23b7ca 655 * Add new role PVETemplateUser (and VM.Clone privilege)
139a8ecf
DM		 656
657 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
658
b78ce7c2
DM		 659libpve-access-control (3.0-2) unstable; urgency=low
660
661 * remove CGI.pm related code (pveproxy does not need that)
662
663 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
664
786820f9
DM		 665libpve-access-control (3.0-1) unstable; urgency=low
666
667 * bump version for wheezy release
668
669 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
670
e5ae5487
DM		 671libpve-access-control (1.0-26) unstable; urgency=low
672
673 * check_volume_access: fix access permissions for backup files
674
675 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
676
e3e6510c
DM		 677libpve-access-control (1.0-25) unstable; urgency=low
678
679 * add VM.Snapshot permission
680
681 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
682
1e15ebe7
DM		 683libpve-access-control (1.0-24) unstable; urgency=low
684
685 * untaint path (allow root to restore arbitrary paths)
686
687 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
688
437be042
DM		 689libpve-access-control (1.0-23) unstable; urgency=low
690
691 * correctly compute GUI capabilities (consider pools)
692
693 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
694
5bb4e06a
DM		 695libpve-access-control (1.0-22) unstable; urgency=low
696
697 * new plugin architecture for Auth modules, minor API change for Auth
698 domains (new 'delete' parameter)
699
700 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
701
3030a176
DM		 702libpve-access-control (1.0-21) unstable; urgency=low
703
704 * do not allow user names including slash
705
706 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
707
708libpve-access-control (1.0-20) unstable; urgency=low
709
710 * add ability to fork cli workers in background
711
712 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
713
dd2cfee0
DM		 714libpve-access-control (1.0-19) unstable; urgency=low
715
716 * return set of privileges on login - can be used to adopt GUI
717
718 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
719
1cf154b7
DM		 720libpve-access-control (1.0-18) unstable; urgency=low
721
7d23b7ca 722 * fix bug #151: correctly parse username inside ticket
533219a1
DM		 723
724 * fix bug #152: allow user to change his own password
1cf154b7
DM		 725
726 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
727
2de14407
DM		 728libpve-access-control (1.0-17) unstable; urgency=low
729
730 * set propagate flag by default
731
732 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
733
bdc61d7a
DM		 734libpve-access-control (1.0-16) unstable; urgency=low
735
736 * add 'pveum passwd' method
737
738 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
739
cc7bdf33
DM		 740libpve-access-control (1.0-15) unstable; urgency=low
741
742 * Add VM.Config.CDROM privilege to PVEVMUser rule
743
744 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
745
a69bbe2e
DM		 746libpve-access-control (1.0-14) unstable; urgency=low
747
748 * fix buf in userid-param permission check
749
750 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
751
d9483d94
DM		 752libpve-access-control (1.0-13) unstable; urgency=low
753
754 * allow more characters in ldap base_dn attribute
755
756 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
757
84619607
DM		 758libpve-access-control (1.0-12) unstable; urgency=low
759
760 * allow more characters with realm IDs
761
762 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
763
09d27058
DM		 764libpve-access-control (1.0-11) unstable; urgency=low
765
766 * fix bug in exec_api2_perm_check
767
768 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
769
7a4c849e
DM		 770libpve-access-control (1.0-10) unstable; urgency=low
771
772 * fix ACL group name parser
773
774 * changed 'pveum aclmod' command line arguments
775
776 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
777
3eac4e35
DM		 778libpve-access-control (1.0-9) unstable; urgency=low
779
780 * fix bug in check_volume_access (fixes vzrestore)
781
782 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
783
4384e19e
DM		 784libpve-access-control (1.0-8) unstable; urgency=low
785
786 * fix return value for empty ACL list.
787
788 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
789
d8a56966
DM		 790libpve-access-control (1.0-7) unstable; urgency=low
791
792 * fix bug #85: allow root@pam to generate tickets for other users
793
794 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
795
cb6f2f93
DM		 796libpve-access-control (1.0-6) unstable; urgency=low
797
798 * API change: allow to filter enabled/disabled users.
799
800 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
801
272fe9ff
DM		 802libpve-access-control (1.0-5) unstable; urgency=low
803
804 * add a way to return file changes (diffs): set_result_changes()
805
806 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
807
e42eedbc
DM		 808libpve-access-control (1.0-4) unstable; urgency=low
809
810 * new environment type for ha agents
811
812 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
813
1fba27e0
DM		 814libpve-access-control (1.0-3) unstable; urgency=low
815
816 * add support for delayed parameter parsing - We need that to disable
7d23b7ca 817 file upload for normal API request (avoid DOS attacks)
1fba27e0
DM		 818
819 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
820
5bf71a96
DM		 821libpve-access-control (1.0-2) unstable; urgency=low
822
823 * fix bug in fork_worker
824
825 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
826
2c3a6c0a
DM		 827libpve-access-control (1.0-1) unstable; urgency=low
828
829 * allow '-' in permission paths
830
831 * bump version to 1.0
832
833 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
834
835libpve-access-control (0.1) unstable; urgency=low
836
837 * first dummy package - no functionality
838
839 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200
840
Access control framework