auth key: fix double rotation in clusters

[pve-access-control.git] / debian / changelog

libpve-access-control (7.2-3) bullseye; urgency=medium

  * api: token: use userid-group as API perm check to avoid being overly
    strict through a misguided use of user id for non-root users.

  * perm check: forbid undefined/empty ACL path for future proofing of against
    above issue

 -- Proxmox Support Team <support@proxmox.com>  Mon, 20 Jun 2022 15:51:14 +0200

libpve-access-control (7.2-2) bullseye; urgency=medium

  * permissions: merge propagation flag for multiple roles on a path that
    share privilege  in a deterministic way, to avoid that it gets lost
    depending on perl's random sort, which would result in returing less
    privileges than an auth-id actually had.

  * permissions: avoid that token and user privilege intersection is to strict
    for user permissions that have propagation disabled.

 -- Proxmox Support Team <support@proxmox.com>  Fri, 03 Jun 2022 14:02:30 +0200

libpve-access-control (7.2-1) bullseye; urgency=medium

  * user check: fix expiration/enable order

 -- Proxmox Support Team <support@proxmox.com>  Tue, 31 May 2022 13:43:37 +0200

libpve-access-control (7.1-8) bullseye; urgency=medium

  * fix #3668: realm-sync: replace 'full' & 'purge' with 'remove-
    vanished'

 -- Proxmox Support Team <support@proxmox.com>  Thu, 28 Apr 2022 17:02:46 +0200

libpve-access-control (7.1-7) bullseye; urgency=medium

  * userid-group check: distinguish create and update

  * api: get user: declare token schema

 -- Proxmox Support Team <support@proxmox.com>  Mon, 21 Mar 2022 16:15:23 +0100

libpve-access-control (7.1-6) bullseye; urgency=medium

  * fix #3768: warn on bad u2f or webauthn settings

  * tfa: when modifying others, verify the current user's password

  * tfa list: account for admin permissions

  * fix realm sync permissions

  * fix token permission display bug

  * include SDN permissions in permission tree

 -- Proxmox Support Team <support@proxmox.com>  Fri, 21 Jan 2022 14:20:42 +0100

libpve-access-control (7.1-5) bullseye; urgency=medium

  * openid: fix username-claim fallback

 -- Proxmox Support Team <support@proxmox.com>  Thu, 25 Nov 2021 07:57:38 +0100

libpve-access-control (7.1-4) bullseye; urgency=medium

  * set current origin in the webauthn config if no fixed origin was
    configured, to support webauthn via subdomains

 -- Proxmox Support Team <support@proxmox.com>  Mon, 22 Nov 2021 14:04:06 +0100

libpve-access-control (7.1-3) bullseye; urgency=medium

  * openid: allow arbitrary username-claims

  * openid: support configuring the prompt, scopes and ACR values

 -- Proxmox Support Team <support@proxmox.com>  Fri, 19 Nov 2021 08:11:52 +0100

libpve-access-control (7.1-2) bullseye; urgency=medium

  * catch incompatible tfa entries with a nice error

 -- Proxmox Support Team <support@proxmox.com>  Wed, 17 Nov 2021 13:44:45 +0100

libpve-access-control (7.1-1) bullseye; urgency=medium

  * tfa: map HTTP 404 error in get_tfa_entry correctly

 -- Proxmox Support Team <support@proxmox.com>  Mon, 15 Nov 2021 15:33:22 +0100

libpve-access-control (7.0-7) bullseye; urgency=medium

  * fix #3513: pass configured proxy to OpenID

  * use rust based parser for TFA config

  * use PBS-like auth api call flow,

  * merge old user.cfg keys to tfa config when adding entries

  * implement version checks for new tfa config writer to ensure all
    cluster nodes are ready to avoid login issues

  * tickets: add tunnel ticket

 -- Proxmox Support Team <support@proxmox.com>  Thu, 11 Nov 2021 18:17:49 +0100

libpve-access-control (7.0-6) bullseye; urgency=medium

  * fix regression in user deletion when realm does not enforce TFA

 -- Proxmox Support Team <support@proxmox.com>  Thu, 21 Oct 2021 12:28:52 +0200

libpve-access-control (7.0-5) bullseye; urgency=medium

  * acl: check path: add /sdn/vnets/* path

  * fix #2302: allow deletion of users when realm enforces TFA

  * api: delete user: disable user first to avoid surprise on error during the
    various cleanup action required for user deletion (e.g., TFA, ACL, group)

 -- Proxmox Support Team <support@proxmox.com>  Mon, 27 Sep 2021 15:50:47 +0200

libpve-access-control (7.0-4) bullseye; urgency=medium

  * realm: add OpenID configuration

  * api: implement OpenID related endpoints

  * implement opt-in OpenID autocreate user feature

  * api: user: add 'realm-type' to user list response

 -- Proxmox Support Team <support@proxmox.com>  Fri, 02 Jul 2021 13:45:46 +0200

libpve-access-control (7.0-3) bullseye; urgency=medium

  * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and
    `/sdn/zones/<zone>` to allowed ACL paths

 -- Proxmox Support Team <support@proxmox.com>  Mon, 21 Jun 2021 10:31:19 +0200

libpve-access-control (7.0-2) bullseye; urgency=medium

  * fix #3402: add Pool.Audit privilege - custom roles containing
    Pool.Allocate must be updated to include the new privilege.

 -- Proxmox Support Team <support@proxmox.com>  Tue, 1 Jun 2021 11:28:38 +0200

libpve-access-control (7.0-1) bullseye; urgency=medium

  * re-build for Debian 11 Bullseye based releases

 -- Proxmox Support Team <support@proxmox.com>  Sun, 09 May 2021 18:18:23 +0200

libpve-access-control (6.4-1) pve; urgency=medium

  * fix #1670: change PAM service name to project specific name

  * fix #1500: permission path syntax check for access control

  * pveum: add resource pool CLI commands

 -- Proxmox Support Team <support@proxmox.com>  Sat, 24 Apr 2021 19:48:21 +0200

libpve-access-control (6.1-3) pve; urgency=medium

  * partially fix #2825: authkey: rotate if it was generated in the
    future

  * fix #2947: add an option to LDAP or AD realm to switch user lookup to case
    insensitive

 -- Proxmox Support Team <support@proxmox.com>  Tue, 29 Sep 2020 08:54:13 +0200

libpve-access-control (6.1-2) pve; urgency=medium

  * also check SDN permission path when computing coarse permissions heuristic
    for UIs

  * add SDN Permissions.Modify

  * add VM.Config.Cloudinit

 -- Proxmox Support Team <support@proxmox.com>  Tue, 30 Jun 2020 13:06:56 +0200

libpve-access-control (6.1-1) pve; urgency=medium

  * pveum: add tfa delete subcommand for deleting user-TFA

  * LDAP: don't complain about missing credentials on realm removal

  * LDAP: skip anonymous bind when client certificate and key is configured

 -- Proxmox Support Team <support@proxmox.com>  Fri, 08 May 2020 17:47:41 +0200

libpve-access-control (6.0-7) pve; urgency=medium

  * fix #2575: die when trying to edit built-in roles

  * add realm sub commands to pveum CLI tool

  * api: domains: add user group sync API endpoint

  * allow one to sync and import users and groups from LDAP/AD based realms

  * realm: add default-sync-options to config for more convenient sync configuration

  * api: token create: return also full token id for convenience

 -- Proxmox Support Team <support@proxmox.com>  Sat, 25 Apr 2020 19:35:17 +0200

libpve-access-control (6.0-6) pve; urgency=medium

  * API: add group members to group index

  * implement API token support and management

  * pveum: add 'pveum user token add/update/remove/list'

  * pveum: add permissions sub-commands

  * API: add 'permissions' API endpoint

  * user.cfg: skip inexisting roles when parsing ACLs

 -- Proxmox Support Team <support@proxmox.com>  Wed, 29 Jan 2020 10:17:27 +0100

libpve-access-control (6.0-5) pve; urgency=medium

  * pveum: add list command for users, groups, ACLs and roles

  * add initial permissions for experimental SDN integration

 -- Proxmox Support Team <support@proxmox.com>  Tue, 26 Nov 2019 17:56:37 +0100

libpve-access-control (6.0-4) pve; urgency=medium

  * ticket: use clinfo to get cluster name

  * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
    SSL version

 -- Proxmox Support Team <support@proxmox.com>  Mon, 18 Nov 2019 11:55:11 +0100

libpve-access-control (6.0-3) pve; urgency=medium

  * fix #2433: increase possible TFA secret length

  * parse user configuration: correctly parse group names in ACLs, for users
    which begin their name with an @

  * sort user.cfg entries alphabetically

 -- Proxmox Support Team <support@proxmox.com>  Tue, 29 Oct 2019 08:52:23 +0100

libpve-access-control (6.0-2) pve; urgency=medium

  * improve CSRF verification compatibility with newer PVE

 -- Proxmox Support Team <support@proxmox.com>  Wed, 26 Jun 2019 20:24:35 +0200

libpve-access-control (6.0-1) pve; urgency=medium

  * ticket: properly verify exactly 5 minute old tickets

  * use hmac_sha256 instead of sha1 for CSRF token generation

 -- Proxmox Support Team <support@proxmox.com>  Mon, 24 Jun 2019 18:14:45 +0200

libpve-access-control (6.0-0+1) pve; urgency=medium

  * bump for Debian buster

  * fix #2079: add periodic auth key rotation

 -- Proxmox Support Team <support@proxmox.com>  Tue, 21 May 2019 21:31:15 +0200

libpve-access-control (5.1-10) unstable; urgency=medium

  * add /access/user/{id}/tfa api call to get tfa types

 -- Proxmox Support Team <support@proxmox.com>  Wed, 15 May 2019 16:21:10 +0200

libpve-access-control (5.1-9) unstable; urgency=medium

  * store the tfa type in user.cfg allowing to get it without proxying the call
    to a higher privileged daemon.

  * tfa: realm required TFA should lock out users without TFA configured, as it
    was done before Proxmox VE 5.4

 -- Proxmox Support Team <support@proxmox.com>  Tue, 30 Apr 2019 14:01:00 +0000

libpve-access-control (5.1-8) unstable; urgency=medium

  * U2F: ensure we save correct public key on registration

 -- Proxmox Support Team <support@proxmox.com>  Tue, 09 Apr 2019 12:47:12 +0200

libpve-access-control (5.1-7) unstable; urgency=medium

  * verify_ticket: allow general non-challenge tfa to be run as two step
    call

 -- Proxmox Support Team <support@proxmox.com>  Mon, 08 Apr 2019 16:56:14 +0200

libpve-access-control (5.1-6) unstable; urgency=medium

  * more general 2FA configuration via priv/tfa.cfg

  * add u2f api endpoints

  * delete TFA entries when deleting a user

  * allow users to change their TOTP settings

 -- Proxmox Support Team <support@proxmox.com>  Wed, 03 Apr 2019 13:40:26 +0200

libpve-access-control (5.1-5) unstable; urgency=medium

  * fix vnc ticket verification without authkey lifetime

 -- Proxmox Support Team <support@proxmox.com>  Mon, 18 Mar 2019 10:43:17 +0100

libpve-access-control (5.1-4) unstable; urgency=medium

  * fix #1891: Add zsh command completion for pveum

  * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
    to avoid issues on upgrade, will be enabled with 6.0

 -- Proxmox Support Team <support@proxmox.com>  Mon, 18 Mar 2019 09:12:05 +0100

libpve-access-control (5.1-3) unstable; urgency=medium

  * api/ticket: move getting cluster name into an eval

 -- Proxmox Support Team <support@proxmox.com>  Thu, 29 Nov 2018 12:59:36 +0100

libpve-access-control (5.1-2) unstable; urgency=medium

  * fix #1998: correct return properties for read_role

 -- Proxmox Support Team <support@proxmox.com>  Fri, 23 Nov 2018 14:22:40 +0100

libpve-access-control (5.1-1) unstable; urgency=medium

  * pveum: introduce sub-commands

  * register userid with completion

  * fix #233: return cluster name on successful login

 -- Proxmox Support Team <support@proxmox.com>  Thu, 15 Nov 2018 09:34:47 +0100

libpve-access-control (5.0-8) unstable; urgency=medium

  * fix #1612: ldap: make 2nd server work with bind domains again

  * fix an error message where passing a bad pool id to an API function would
    make it complain about a wrong group name instead

  * fix the API-returned permission list so that the GUI knows to show the
    'Permissions' tab for a storage to an administrator apart from root@pam

 -- Proxmox Support Team <support@proxmox.com>  Thu, 18 Jan 2018 13:34:50 +0100

libpve-access-control (5.0-7) unstable; urgency=medium

  * VM.Snapshot.Rollback privilege added

  * api: check for special roles before locking the usercfg

  * fix #1501: pveum: die when deleting special role

  * API/ticket: rework coarse grained permission computation

 -- Proxmox Support Team <support@proxmox.com>  Thu, 5 Oct 2017 11:27:48 +0200

libpve-access-control (5.0-6) unstable; urgency=medium

  * Close #1470: Add server ceritifcate verification for AD and LDAP via the
    'verify' option. For compatibility reasons this defaults to off for now,
    but that might change with future updates.

  * AD, LDAP: Add ability to specify a CA path or file, and a client
    certificate via the 'capath', 'cert' and 'certkey' options.

 -- Proxmox Support Team <support@proxmox.com>  Tue, 08 Aug 2017 11:56:38 +0200

libpve-access-control (5.0-5) unstable; urgency=medium

  * change from dpkg-deb to dpkg-buildpackage

 -- Proxmox Support Team <support@proxmox.com>  Thu, 22 Jun 2017 09:12:37 +0200

libpve-access-control (5.0-4) unstable; urgency=medium

  * PVE/CLI/pveum.pm: call setup_default_cli_env()

  * PVE/Auth/PVE.pm: encode uft8 password before calling crypt

  * check_api2_permissions: avoid warning about uninitialized value

 -- Proxmox Support Team <support@proxmox.com>  Tue, 02 May 2017 11:58:15 +0200

libpve-access-control (5.0-3) unstable; urgency=medium

  * use new PVE::OTP class from pve-common

  * use new PVE::Tools::encrypt_pw from pve-common

 -- Proxmox Support Team <support@proxmox.com>  Thu, 30 Mar 2017 17:45:55 +0200

libpve-access-control (5.0-2) unstable; urgency=medium

  * encrypt_pw: avoid '+' for crypt salt

 -- Proxmox Support Team <support@proxmox.com>  Thu, 30 Mar 2017 08:54:10 +0200

libpve-access-control (5.0-1) unstable; urgency=medium

  * rebuild for PVE 5.0

 -- Proxmox Support Team <support@proxmox.com>  Mon, 6 Mar 2017 13:42:01 +0100

libpve-access-control (4.0-23) unstable; urgency=medium

  * use new PVE::Ticket class

 -- Proxmox Support Team <support@proxmox.com>  Thu, 19 Jan 2017 13:42:06 +0100

libpve-access-control (4.0-22) unstable; urgency=medium

  * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
    (moved to PVE::Storage)

  * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class

 -- Proxmox Support Team <support@proxmox.com>  Thu, 19 Jan 2017 09:12:04 +0100

libpve-access-control (4.0-21) unstable; urgency=medium

  * setup_default_cli_env: expect $class as first parameter

 -- Proxmox Support Team <support@proxmox.com>  Thu, 12 Jan 2017 13:54:27 +0100

libpve-access-control (4.0-20) unstable; urgency=medium

  * PVE/RPCEnvironment.pm: new function setup_default_cli_env

  * PVE/API2/Domains.pm: fix property description

  * use new repoman for upload target

 -- Proxmox Support Team <support@proxmox.com>  Wed, 11 Jan 2017 12:13:26 +0100

libpve-access-control (4.0-19) unstable; urgency=medium

  * Close #833: ldap: non-anonymous bind support

  * don't import 'RFC' from MIME::Base32

 -- Proxmox Support Team <support@proxmox.com>  Fri, 05 Aug 2016 13:09:08 +0200

libpve-access-control (4.0-18) unstable; urgency=medium

  * fix #1062: recognize base32 otp keys again

 -- Proxmox Support Team <support@proxmox.com>  Thu, 21 Jul 2016 08:43:18 +0200

libpve-access-control (4.0-17) unstable; urgency=medium

  * drop oathtool and libdigest-hmac-perl dependencies

 -- Proxmox Support Team <support@proxmox.com>  Mon, 11 Jul 2016 12:03:22 +0200

libpve-access-control (4.0-16) unstable; urgency=medium

  * use pve-doc-generator to generate man pages

 -- Proxmox Support Team <support@proxmox.com>  Fri, 08 Apr 2016 07:06:05 +0200

libpve-access-control (4.0-15) unstable; urgency=medium

  * Fix uninitialized warning when shadow.cfg does not exist

 -- Proxmox Support Team <support@proxmox.com>  Fri, 01 Apr 2016 07:10:57 +0200

libpve-access-control (4.0-14) unstable; urgency=medium

  * Add is_worker to RPCEnvironment

 -- Proxmox Support Team <support@proxmox.com>  Tue, 15 Mar 2016 16:47:34 +0100

libpve-access-control (4.0-13) unstable; urgency=medium

  * fix #916: allow HTTPS to access custom yubico url

 -- Proxmox Support Team <support@proxmox.com>  Mon, 14 Mar 2016 11:39:23 +0100

libpve-access-control (4.0-12) unstable; urgency=medium

  * Catch certificate errors instead of segfaulting

 -- Proxmox Support Team <support@proxmox.com>  Wed, 09 Mar 2016 14:41:01 +0100

libpve-access-control (4.0-11) unstable; urgency=medium

  * Fix #861: use safer sprintf formatting

 -- Proxmox Support Team <support@proxmox.com>  Fri, 08 Jan 2016 12:52:39 +0100

libpve-access-control (4.0-10) unstable; urgency=medium

  *  Auth::LDAP, Auth::AD: ipv6 support

 -- Proxmox Support Team <support@proxmox.com>  Thu, 03 Dec 2015 12:09:32 +0100

libpve-access-control (4.0-9) unstable; urgency=medium

  * pveum: implement bash completion

 -- Proxmox Support Team <support@proxmox.com>  Thu, 01 Oct 2015 17:22:52 +0200

libpve-access-control (4.0-8) unstable; urgency=medium

  * remove_storage_access: cleanup of access permissions for removed storage

 -- Proxmox Support Team <support@proxmox.com>  Wed, 19 Aug 2015 15:39:15 +0200

libpve-access-control (4.0-7) unstable; urgency=medium

  * new helper to remove access permissions for removed VMs

 -- Proxmox Support Team <support@proxmox.com>  Fri, 14 Aug 2015 07:57:02 +0200

libpve-access-control (4.0-6) unstable; urgency=medium

  * improve parse_user_config, parse_shadow_config

 -- Proxmox Support Team <support@proxmox.com>  Mon, 27 Jul 2015 13:14:33 +0200

libpve-access-control (4.0-5) unstable; urgency=medium

  * pveum: check for $cmd being defined

 -- Proxmox Support Team <support@proxmox.com>  Wed, 10 Jun 2015 10:40:15 +0200

libpve-access-control (4.0-4) unstable; urgency=medium

  * use activate-noawait triggers

 -- Proxmox Support Team <support@proxmox.com>  Mon, 01 Jun 2015 12:25:31 +0200

libpve-access-control (4.0-3) unstable; urgency=medium

  * IPv6 fixes

  * non-root buildfix

 -- Proxmox Support Team <support@proxmox.com>  Wed, 27 May 2015 11:15:44 +0200

libpve-access-control (4.0-2) unstable; urgency=medium

  * trigger pve-api-updates event

 -- Proxmox Support Team <support@proxmox.com>  Tue, 05 May 2015 15:06:38 +0200

libpve-access-control (4.0-1) unstable; urgency=medium

  * bump version for Debian Jessie

 -- Proxmox Support Team <support@proxmox.com>  Thu, 26 Feb 2015 11:22:01 +0100

libpve-access-control (3.0-16) unstable; urgency=low

  * root@pam can now be disabled in GUI.

 -- Proxmox Support Team <support@proxmox.com>  Fri, 30 Jan 2015 06:20:22 +0100

libpve-access-control (3.0-15) unstable; urgency=low

  * oath: add 'step' and 'digits' option

 -- Proxmox Support Team <support@proxmox.com>  Wed, 23 Jul 2014 06:59:52 +0200

libpve-access-control (3.0-14) unstable; urgency=low
  
  * add oath two factor auth

  * add oathkeygen binary to generate keys for oath
  
  * add yubico two factor auth

  * dedend on oathtool
  
  * depend on libmime-base32-perl
  
  * allow to write builtin auth domains config (comment/tfa/default)

 -- Proxmox Support Team <support@proxmox.com>  Thu, 17 Jul 2014 13:09:56 +0200

libpve-access-control (3.0-13) unstable; urgency=low

  * use correct connection string for AD auth

 -- Proxmox Support Team <support@proxmox.com>  Thu, 22 May 2014 07:16:09 +0200

libpve-access-control (3.0-12) unstable; urgency=low

  * add dummy API for GET /access/ticket (useful to generate login pages)

 -- Proxmox Support Team <support@proxmox.com>  Wed, 30 Apr 2014 14:47:56 +0200

libpve-access-control (3.0-11) unstable; urgency=low

  * Sets common hot keys for spice client

 -- Proxmox Support Team <support@proxmox.com>  Fri, 31 Jan 2014 10:24:28 +0100

libpve-access-control (3.0-10) unstable; urgency=low

  * implement helper to generate SPICE remote-viewer configuration
  
  * depend on libnet-ssleay-perl

 -- Proxmox Support Team <support@proxmox.com>  Tue, 10 Dec 2013 10:45:08 +0100

libpve-access-control (3.0-9) unstable; urgency=low

  * prevent user enumeration attacks
  
  * allow dots in access paths

 -- Proxmox Support Team <support@proxmox.com>  Mon, 18 Nov 2013 09:06:38 +0100

libpve-access-control (3.0-8) unstable; urgency=low

  * spice: use lowercase hostname in ticktet signature

 -- Proxmox Support Team <support@proxmox.com>  Mon, 28 Oct 2013 08:11:57 +0100

libpve-access-control (3.0-7) unstable; urgency=low

  * check_volume_access : use parse_volname instead of path, and remove 
    path related code.
  
  * use warnings instead of global -w flag.

 -- Proxmox Support Team <support@proxmox.com>  Tue, 01 Oct 2013 12:35:53 +0200

libpve-access-control (3.0-6) unstable; urgency=low

  * use shorter spiceproxy tickets

 -- Proxmox Support Team <support@proxmox.com>  Fri, 19 Jul 2013 12:39:09 +0200

libpve-access-control (3.0-5) unstable; urgency=low

  * add code to generate tickets for SPICE

 -- Proxmox Support Team <support@proxmox.com>  Wed, 26 Jun 2013 13:08:32 +0200

libpve-access-control (3.0-4) unstable; urgency=low

  * moved add_vm_to_pool/remove_vm_from_pool from qemu-server

 -- Proxmox Support Team <support@proxmox.com>  Tue, 14 May 2013 11:56:54 +0200

libpve-access-control (3.0-3) unstable; urgency=low

  * Add new role PVETemplateUser (and VM.Clone privilege)

 -- Proxmox Support Team <support@proxmox.com>  Mon, 29 Apr 2013 11:42:15 +0200

libpve-access-control (3.0-2) unstable; urgency=low

  * remove CGI.pm related code (pveproxy does not need that)

 -- Proxmox Support Team <support@proxmox.com>  Mon, 15 Apr 2013 12:34:23 +0200

libpve-access-control (3.0-1) unstable; urgency=low

  * bump version for wheezy release

 -- Proxmox Support Team <support@proxmox.com>  Fri, 15 Mar 2013 08:07:06 +0100

libpve-access-control (1.0-26) unstable; urgency=low

  * check_volume_access: fix access permissions for backup files

 -- Proxmox Support Team <support@proxmox.com>  Thu, 28 Feb 2013 10:00:14 +0100

libpve-access-control (1.0-25) unstable; urgency=low

  * add VM.Snapshot permission 

 -- Proxmox Support Team <support@proxmox.com>  Mon, 10 Sep 2012 09:23:32 +0200

libpve-access-control (1.0-24) unstable; urgency=low

  * untaint path (allow root to restore arbitrary paths)

 -- Proxmox Support Team <support@proxmox.com>  Wed, 06 Jun 2012 13:06:34 +0200

libpve-access-control (1.0-23) unstable; urgency=low

  * correctly compute GUI capabilities (consider pools)

 -- Proxmox Support Team <support@proxmox.com>  Wed, 30 May 2012 08:47:23 +0200

libpve-access-control (1.0-22) unstable; urgency=low

  * new plugin architecture for Auth modules, minor API change for Auth
    domains (new 'delete' parameter)

 -- Proxmox Support Team <support@proxmox.com>  Wed, 16 May 2012 07:21:44 +0200

libpve-access-control (1.0-21) unstable; urgency=low

  * do not allow user names including slash

 -- Proxmox Support Team <support@proxmox.com>  Tue, 24 Apr 2012 10:07:47 +0200

libpve-access-control (1.0-20) unstable; urgency=low

  * add ability to fork cli workers in background

 -- Proxmox Support Team <support@proxmox.com>  Wed, 18 Apr 2012 08:28:20 +0200

libpve-access-control (1.0-19) unstable; urgency=low

  * return set of privileges on login - can be used to adopt GUI

 -- Proxmox Support Team <support@proxmox.com>  Tue, 17 Apr 2012 10:25:10 +0200

libpve-access-control (1.0-18) unstable; urgency=low

  * fix bug #151: correctly parse username inside ticket
  
  * fix bug #152: allow user to change his own password

 -- Proxmox Support Team <support@proxmox.com>  Wed, 11 Apr 2012 09:40:15 +0200

libpve-access-control (1.0-17) unstable; urgency=low

  * set propagate flag by default

 -- Proxmox Support Team <support@proxmox.com>  Thu, 01 Mar 2012 12:40:19 +0100

libpve-access-control (1.0-16) unstable; urgency=low

  * add 'pveum passwd' method

 -- Proxmox Support Team <support@proxmox.com>  Thu, 23 Feb 2012 12:05:25 +0100

libpve-access-control (1.0-15) unstable; urgency=low

  * Add VM.Config.CDROM privilege to PVEVMUser rule

 -- Proxmox Support Team <support@proxmox.com>  Wed, 22 Feb 2012 11:44:23 +0100

libpve-access-control (1.0-14) unstable; urgency=low

  * fix buf in userid-param permission check

 -- Proxmox Support Team <support@proxmox.com>  Wed, 22 Feb 2012 10:52:35 +0100

libpve-access-control (1.0-13) unstable; urgency=low

  * allow more characters in ldap base_dn attribute

 -- Proxmox Support Team <support@proxmox.com>  Wed, 22 Feb 2012 06:17:02 +0100

libpve-access-control (1.0-12) unstable; urgency=low

  * allow more characters with realm IDs 

 -- Proxmox Support Team <support@proxmox.com>  Mon, 20 Feb 2012 08:50:33 +0100

libpve-access-control (1.0-11) unstable; urgency=low

  * fix bug in exec_api2_perm_check
  
 -- Proxmox Support Team <support@proxmox.com>  Wed, 15 Feb 2012 07:06:30 +0100

libpve-access-control (1.0-10) unstable; urgency=low

  * fix ACL group name parser
  
  * changed 'pveum aclmod' command line arguments

 -- Proxmox Support Team <support@proxmox.com>  Tue, 14 Feb 2012 12:08:02 +0100

libpve-access-control (1.0-9) unstable; urgency=low

  * fix bug in check_volume_access (fixes vzrestore)

 -- Proxmox Support Team <support@proxmox.com>  Mon, 13 Feb 2012 09:56:37 +0100

libpve-access-control (1.0-8) unstable; urgency=low

  * fix return value for empty ACL list.

 -- Proxmox Support Team <support@proxmox.com>  Fri, 10 Feb 2012 11:25:04 +0100

libpve-access-control (1.0-7) unstable; urgency=low

  * fix bug #85: allow root@pam to generate tickets for other users

 -- Proxmox Support Team <support@proxmox.com>  Tue, 17 Jan 2012 06:40:18 +0100

libpve-access-control (1.0-6) unstable; urgency=low

  * API change: allow to filter enabled/disabled users.

 -- Proxmox Support Team <support@proxmox.com>  Wed, 11 Jan 2012 12:30:37 +0100

libpve-access-control (1.0-5) unstable; urgency=low

  * add a way to return file changes (diffs): set_result_changes()

 -- Proxmox Support Team <support@proxmox.com>  Tue, 20 Dec 2011 11:18:48 +0100

libpve-access-control (1.0-4) unstable; urgency=low

  * new environment type for ha agents

 -- Proxmox Support Team <support@proxmox.com>  Tue, 13 Dec 2011 10:08:53 +0100

libpve-access-control (1.0-3) unstable; urgency=low

  * add support for delayed parameter parsing - We need that to disable
    file upload for normal API request (avoid DOS attacks)

 -- Proxmox Support Team <support@proxmox.com>  Fri, 02 Dec 2011 09:56:10 +0100

libpve-access-control (1.0-2) unstable; urgency=low

  * fix bug in fork_worker

 -- Proxmox Support Team <support@proxmox.com>  Tue, 11 Oct 2011 08:37:05 +0200

libpve-access-control (1.0-1) unstable; urgency=low

  * allow '-' in permission paths
  
  * bump version to 1.0

 -- Proxmox Support Team <support@proxmox.com>  Mon, 27 Jun 2011 13:51:48 +0200

libpve-access-control (0.1) unstable; urgency=low

  * first dummy package - no functionality

 -- Proxmox Support Team <support@proxmox.com>  Thu, 09 Jul 2009 16:03:00 +0200