]> git.proxmox.com Git - pve-access-control.git/blame - debian/changelog
projects / pve-access-control.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
bump version to 7.4-2
[pve-access-control.git] / debian / changelog
CommitLineData
f0595d15
TL		 1libpve-access-control (7.4-2) bullseye; urgency=medium
2
3 * fix #4609: fix regression where a valid DN in the ldap/ad realm config
4 wasn't accepted anymore
5
6 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Mar 2023 15:44:21 +0100
7
a23eaa1a
TL		 8libpve-access-control (7.4-1) bullseye; urgency=medium
9
10 * realm sync: refactor scope/remove-vanished into a standard option
11
12 * ldap: Allow quoted values for DN attribute values
13
14 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Mar 2023 17:16:11 +0100
15
df33b3b9
TL		 16libpve-access-control (7.3-2) bullseye; urgency=medium
17
18 * fix #4518: dramatically improve ACL computation performance
19
20 * userid format: clarify that this is the full name@realm in description
21
22 -- Proxmox Support Team <support@proxmox.com> Mon, 06 Mar 2023 11:40:11 +0100
23
2da8c203
TL		 24libpve-access-control (7.3-1) bullseye; urgency=medium
25
26 * realm: sync: allow explicit 'none' for 'remove-vanished' option
27
28 -- Proxmox Support Team <support@proxmox.com> Fri, 16 Dec 2022 13:11:04 +0100
29
b84bf623
TL		 30libpve-access-control (7.2-5) bullseye; urgency=medium
31
32 * api: realm sync: avoid separate log line for "remove-vanished" opt
33
34 * auth ldap/ad: compare group member dn case-insensitively
35
36 * two factor auth: only lock tfa config for recovery keys
37
38 * privs: add Sys.Incoming for guarding cross-cluster data streams like guest
39 migrations and storage migrations
40
41 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Nov 2022 13:09:17 +0100
42
f4e68e49
TL		 43libpve-access-control (7.2-4) bullseye; urgency=medium
44
45 * fix #4074: increase API OpenID code size limit to 2048
46
47 * auth key: protect against rare chance of a double rotation in clusters,
48 leaving the potential that some set of nodes have the earlier key cached,
49 that then got rotated out due to the race, resulting in a possible other
50 set of nodes having the newer key cached. This is a split view of the auth
51 key and may resulting in spurious failures if API requests are made to a
52 different node than the ticket was generated on.
53 In addition to that, the "keep validity of old tickets if signed in the
54 last two hours before rotation" logic was disabled too in such a case,
55 making such tickets invalid too early.
56 Note that both are cases where Proxmox VE was too strict, so while this
57 had no security implications it can be a nuisance, especially for
58 environments that use the API through an automated or scripted way
59
60 -- Proxmox Support Team <support@proxmox.com> Thu, 14 Jul 2022 08:36:51 +0200
61
26dde491
TL		 62libpve-access-control (7.2-3) bullseye; urgency=medium
63
64 * api: token: use userid-group as API perm check to avoid being overly
65 strict through a misguided use of user id for non-root users.
66
67 * perm check: forbid undefined/empty ACL path for future proofing of against
68 above issue
69
70 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Jun 2022 15:51:14 +0200
71
1cf4389b
TL		 72libpve-access-control (7.2-2) bullseye; urgency=medium
73
74 * permissions: merge propagation flag for multiple roles on a path that
75 share privilege in a deterministic way, to avoid that it gets lost
76 depending on perl's random sort, which would result in returing less
77 privileges than an auth-id actually had.
78
79 * permissions: avoid that token and user privilege intersection is to strict
80 for user permissions that have propagation disabled.
81
82 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2022 14:02:30 +0200
83
e3604d48
TL		 84libpve-access-control (7.2-1) bullseye; urgency=medium
85
86 * user check: fix expiration/enable order
87
88 -- Proxmox Support Team <support@proxmox.com> Tue, 31 May 2022 13:43:37 +0200
89
79ae250f
TL		 90libpve-access-control (7.1-8) bullseye; urgency=medium
91
92 * fix #3668: realm-sync: replace 'full' & 'purge' with 'remove-
93 vanished'
94
95 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Apr 2022 17:02:46 +0200
96
eed46286
TL		 97libpve-access-control (7.1-7) bullseye; urgency=medium
98
99 * userid-group check: distinguish create and update
100
101 * api: get user: declare token schema
102
103 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Mar 2022 16:15:23 +0100
104
cd78b295
FG		 105libpve-access-control (7.1-6) bullseye; urgency=medium
106
107 * fix #3768: warn on bad u2f or webauthn settings
108
109 * tfa: when modifying others, verify the current user's password
110
111 * tfa list: account for admin permissions
112
113 * fix realm sync permissions
114
115 * fix token permission display bug
116
117 * include SDN permissions in permission tree
118
119 -- Proxmox Support Team <support@proxmox.com> Fri, 21 Jan 2022 14:20:42 +0100
120
118088d8
TL		 121libpve-access-control (7.1-5) bullseye; urgency=medium
122
123 * openid: fix username-claim fallback
124
125 -- Proxmox Support Team <support@proxmox.com> Thu, 25 Nov 2021 07:57:38 +0100
126
ebb14277
WB		 127libpve-access-control (7.1-4) bullseye; urgency=medium
128
129 * set current origin in the webauthn config if no fixed origin was
130 configured, to support webauthn via subdomains
131
132 -- Proxmox Support Team <support@proxmox.com> Mon, 22 Nov 2021 14:04:06 +0100
133
44a55ff7
TL		 134libpve-access-control (7.1-3) bullseye; urgency=medium
135
136 * openid: allow arbitrary username-claims
137
138 * openid: support configuring the prompt, scopes and ACR values
139
140 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Nov 2021 08:11:52 +0100
141
6f643e79
TL		 142libpve-access-control (7.1-2) bullseye; urgency=medium
143
144 * catch incompatible tfa entries with a nice error
145
146 -- Proxmox Support Team <support@proxmox.com> Wed, 17 Nov 2021 13:44:45 +0100
147
92bca71e
TL		 148libpve-access-control (7.1-1) bullseye; urgency=medium
149
150 * tfa: map HTTP 404 error in get_tfa_entry correctly
151
152 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Nov 2021 15:33:22 +0100
153
1c9b6501
TL		 154libpve-access-control (7.0-7) bullseye; urgency=medium
155
156 * fix #3513: pass configured proxy to OpenID
157
158 * use rust based parser for TFA config
159
160 * use PBS-like auth api call flow,
161
162 * merge old user.cfg keys to tfa config when adding entries
163
164 * implement version checks for new tfa config writer to ensure all
165 cluster nodes are ready to avoid login issues
166
167 * tickets: add tunnel ticket
168
169 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Nov 2021 18:17:49 +0100
170
cd46b379
TL		 171libpve-access-control (7.0-6) bullseye; urgency=medium
172
173 * fix regression in user deletion when realm does not enforce TFA
174
175 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Oct 2021 12:28:52 +0200
176
52da88a8
TL		 177libpve-access-control (7.0-5) bullseye; urgency=medium
178
179 * acl: check path: add /sdn/vnets/* path
180
181 * fix #2302: allow deletion of users when realm enforces TFA
182
183 * api: delete user: disable user first to avoid surprise on error during the
184 various cleanup action required for user deletion (e.g., TFA, ACL, group)
185
186 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Sep 2021 15:50:47 +0200
187
543d646c
TL		 188libpve-access-control (7.0-4) bullseye; urgency=medium
189
190 * realm: add OpenID configuration
191
192 * api: implement OpenID related endpoints
193
194 * implement opt-in OpenID autocreate user feature
195
196 * api: user: add 'realm-type' to user list response
197
198 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jul 2021 13:45:46 +0200
199
7a4c4fd8
TL		 200libpve-access-control (7.0-3) bullseye; urgency=medium
201
202 * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and
203 `/sdn/zones/<zone>` to allowed ACL paths
204
205 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 10:31:19 +0200
206
0902a936
FG		 207libpve-access-control (7.0-2) bullseye; urgency=medium
208
209 * fix #3402: add Pool.Audit privilege - custom roles containing
210 Pool.Allocate must be updated to include the new privilege.
211
212 -- Proxmox Support Team <support@proxmox.com> Tue, 1 Jun 2021 11:28:38 +0200
213
67febb69
TL		 214libpve-access-control (7.0-1) bullseye; urgency=medium
215
216 * re-build for Debian 11 Bullseye based releases
217
218 -- Proxmox Support Team <support@proxmox.com> Sun, 09 May 2021 18:18:23 +0200
219
2942ba41
TL		 220libpve-access-control (6.4-1) pve; urgency=medium
221
222 * fix #1670: change PAM service name to project specific name
223
224 * fix #1500: permission path syntax check for access control
225
226 * pveum: add resource pool CLI commands
227
228 -- Proxmox Support Team <support@proxmox.com> Sat, 24 Apr 2021 19:48:21 +0200
229
54d312f3
TL		 230libpve-access-control (6.1-3) pve; urgency=medium
231
232 * partially fix #2825: authkey: rotate if it was generated in the
233 future
234
235 * fix #2947: add an option to LDAP or AD realm to switch user lookup to case
236 insensitive
237
238 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200
239
6a9be12f
TL		 240libpve-access-control (6.1-2) pve; urgency=medium
241
242 * also check SDN permission path when computing coarse permissions heuristic
243 for UIs
244
245 * add SDN Permissions.Modify
246
247 * add VM.Config.Cloudinit
248
249 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200
250
e6624f50
TL		 251libpve-access-control (6.1-1) pve; urgency=medium
252
253 * pveum: add tfa delete subcommand for deleting user-TFA
254
255 * LDAP: don't complain about missing credentials on realm removal
256
257 * LDAP: skip anonymous bind when client certificate and key is configured
258
259 -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200
260
8f4a522f
TL		 261libpve-access-control (6.0-7) pve; urgency=medium
262
263 * fix #2575: die when trying to edit built-in roles
264
265 * add realm sub commands to pveum CLI tool
266
7d23b7ca 267 * api: domains: add user group sync API endpoint
8f4a522f
TL		 268
269 * allow one to sync and import users and groups from LDAP/AD based realms
270
271 * realm: add default-sync-options to config for more convenient sync configuration
272
273 * api: token create: return also full token id for convenience
274
275 -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
276
23059f35
TL		 277libpve-access-control (6.0-6) pve; urgency=medium
278
279 * API: add group members to group index
280
281 * implement API token support and management
282
283 * pveum: add 'pveum user token add/update/remove/list'
284
285 * pveum: add permissions sub-commands
286
287 * API: add 'permissions' API endpoint
288
289 * user.cfg: skip inexisting roles when parsing ACLs
290
291 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
292
3dd692e9
TL		 293libpve-access-control (6.0-5) pve; urgency=medium
294
295 * pveum: add list command for users, groups, ACLs and roles
296
297 * add initial permissions for experimental SDN integration
298
299 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
300
4ef92d0d
FG		 301libpve-access-control (6.0-4) pve; urgency=medium
302
303 * ticket: use clinfo to get cluster name
304
305 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
306 SSL version
307
308 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
309
6e5bbca4
TL		 310libpve-access-control (6.0-3) pve; urgency=medium
311
312 * fix #2433: increase possible TFA secret length
313
314 * parse user configuration: correctly parse group names in ACLs, for users
315 which begin their name with an @
316
317 * sort user.cfg entries alphabetically
318
319 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
320
e073493c
TL		 321libpve-access-control (6.0-2) pve; urgency=medium
322
323 * improve CSRF verification compatibility with newer PVE
324
325 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
326
a237dc2e
TL		 327libpve-access-control (6.0-1) pve; urgency=medium
328
329 * ticket: properly verify exactly 5 minute old tickets
330
331 * use hmac_sha256 instead of sha1 for CSRF token generation
332
333 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
334
f1531f22
TL		 335libpve-access-control (6.0-0+1) pve; urgency=medium
336
337 * bump for Debian buster
338
339 * fix #2079: add periodic auth key rotation
340
341 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
342
ef761f51
TL		 343libpve-access-control (5.1-10) unstable; urgency=medium
344
345 * add /access/user/{id}/tfa api call to get tfa types
346
347 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
348
860ddcba
TL		 349libpve-access-control (5.1-9) unstable; urgency=medium
350
351 * store the tfa type in user.cfg allowing to get it without proxying the call
7d23b7ca 352 to a higher privileged daemon.
860ddcba
TL		 353
354 * tfa: realm required TFA should lock out users without TFA configured, as it
355 was done before Proxmox VE 5.4
356
357 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
358
9fbad012
TL		 359libpve-access-control (5.1-8) unstable; urgency=medium
360
361 * U2F: ensure we save correct public key on registration
362
363 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
364
4473c96c
TL		 365libpve-access-control (5.1-7) unstable; urgency=medium
366
367 * verify_ticket: allow general non-challenge tfa to be run as two step
368 call
369
370 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
371
a270d4e1
TL		 372libpve-access-control (5.1-6) unstable; urgency=medium
373
374 * more general 2FA configuration via priv/tfa.cfg
375
376 * add u2f api endpoints
377
378 * delete TFA entries when deleting a user
379
380 * allow users to change their TOTP settings
381
382 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
383
374647e8
TL		 384libpve-access-control (5.1-5) unstable; urgency=medium
385
386 * fix vnc ticket verification without authkey lifetime
387
388 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
389
7fb70c94
TL		 390libpve-access-control (5.1-4) unstable; urgency=medium
391
392 * fix #1891: Add zsh command completion for pveum
393
394 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
395 to avoid issues on upgrade, will be enabled with 6.0
396
397 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
398
6e010cde
TL		 399libpve-access-control (5.1-3) unstable; urgency=medium
400
401 * api/ticket: move getting cluster name into an eval
402
403 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
404
f5a9380a
TL		 405libpve-access-control (5.1-2) unstable; urgency=medium
406
407 * fix #1998: correct return properties for read_role
408
409 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
410
b54b7474
TL		 411libpve-access-control (5.1-1) unstable; urgency=medium
412
413 * pveum: introduce sub-commands
414
415 * register userid with completion
416
417 * fix #233: return cluster name on successful login
418
419 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
420
52192dd4
WB		 421libpve-access-control (5.0-8) unstable; urgency=medium
422
423 * fix #1612: ldap: make 2nd server work with bind domains again
424
425 * fix an error message where passing a bad pool id to an API function would
426 make it complain about a wrong group name instead
427
428 * fix the API-returned permission list so that the GUI knows to show the
429 'Permissions' tab for a storage to an administrator apart from root@pam
430
431 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
432
3dadf8cf
FG		 433libpve-access-control (5.0-7) unstable; urgency=medium
434
435 * VM.Snapshot.Rollback privilege added
436
437 * api: check for special roles before locking the usercfg
438
439 * fix #1501: pveum: die when deleting special role
440
441 * API/ticket: rework coarse grained permission computation
442
443 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
444
ec4141f4
WB		 445libpve-access-control (5.0-6) unstable; urgency=medium
446
447 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
448 'verify' option. For compatibility reasons this defaults to off for now,
449 but that might change with future updates.
450
451 * AD, LDAP: Add ability to specify a CA path or file, and a client
452 certificate via the 'capath', 'cert' and 'certkey' options.
453
454 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
455
63134bd4
DM		 456libpve-access-control (5.0-5) unstable; urgency=medium
457
458 * change from dpkg-deb to dpkg-buildpackage
459
460 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
461
868fb1ea
DM		 462libpve-access-control (5.0-4) unstable; urgency=medium
463
464 * PVE/CLI/pveum.pm: call setup_default_cli_env()
465
466 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
467
468 * check_api2_permissions: avoid warning about uninitialized value
469
470 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
471
63358f40
DM		 472libpve-access-control (5.0-3) unstable; urgency=medium
473
474 * use new PVE::OTP class from pve-common
475
476 * use new PVE::Tools::encrypt_pw from pve-common
477
478 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
479
05fd50af
DM		 480libpve-access-control (5.0-2) unstable; urgency=medium
481
482 * encrypt_pw: avoid '+' for crypt salt
483
484 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
485
0835385b
FG		 486libpve-access-control (5.0-1) unstable; urgency=medium
487
488 * rebuild for PVE 5.0
489
490 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
491
730f8863
DM		 492libpve-access-control (4.0-23) unstable; urgency=medium
493
494 * use new PVE::Ticket class
495
496 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
497
1f1c4593
DM		 498libpve-access-control (4.0-22) unstable; urgency=medium
499
500 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
501 (moved to PVE::Storage)
502
503 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
504
505 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
506
f9105063
DM		 507libpve-access-control (4.0-21) unstable; urgency=medium
508
509 * setup_default_cli_env: expect $class as first parameter
510
511 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
512
9595066e
DM		 513libpve-access-control (4.0-20) unstable; urgency=medium
514
515 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
516
517 * PVE/API2/Domains.pm: fix property description
518
519 * use new repoman for upload target
520
521 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
522
2af5a793
DM		 523libpve-access-control (4.0-19) unstable; urgency=medium
524
525 * Close #833: ldap: non-anonymous bind support
526
527 * don't import 'RFC' from MIME::Base32
528
529 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
530
5d87bb77
WB		 531libpve-access-control (4.0-18) unstable; urgency=medium
532
533 * fix #1062: recognize base32 otp keys again
534
535 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
536
28ddf48b
WB		 537libpve-access-control (4.0-17) unstable; urgency=medium
538
539 * drop oathtool and libdigest-hmac-perl dependencies
540
541 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
542
15cebb28
DM		 543libpve-access-control (4.0-16) unstable; urgency=medium
544
545 * use pve-doc-generator to generate man pages
546
547 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
548
678df887
DM		 549libpve-access-control (4.0-15) unstable; urgency=medium
550
551 * Fix uninitialized warning when shadow.cfg does not exist
552
553 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
554
cca9761a
DM		 555libpve-access-control (4.0-14) unstable; urgency=medium
556
557 * Add is_worker to RPCEnvironment
558
559 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
560
8643c99d
DM		 561libpve-access-control (4.0-13) unstable; urgency=medium
562
563 * fix #916: allow HTTPS to access custom yubico url
564
565 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
566
ae2a6bf9
DM		 567libpve-access-control (4.0-12) unstable; urgency=medium
568
569 * Catch certificate errors instead of segfaulting
570
571 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
572
4836db5f
DM		 573libpve-access-control (4.0-11) unstable; urgency=medium
574
575 * Fix #861: use safer sprintf formatting
576
577 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
578
ccbe23dc
DM		 579libpve-access-control (4.0-10) unstable; urgency=medium
580
581 * Auth::LDAP, Auth::AD: ipv6 support
582
583 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
584
90399ca4
DM		 585libpve-access-control (4.0-9) unstable; urgency=medium
586
587 * pveum: implement bash completion
588
589 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
590
364ffc13
DM		 591libpve-access-control (4.0-8) unstable; urgency=medium
592
593 * remove_storage_access: cleanup of access permissions for removed storage
594
595 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
596
7c26cb4a
DM		 597libpve-access-control (4.0-7) unstable; urgency=medium
598
599 * new helper to remove access permissions for removed VMs
600
601 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
602
296afbd1
DM		 603libpve-access-control (4.0-6) unstable; urgency=medium
604
605 * improve parse_user_config, parse_shadow_config
606
607 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
608
7d2df2ef
DM		 609libpve-access-control (4.0-5) unstable; urgency=medium
610
611 * pveum: check for $cmd being defined
612
613 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
614
98a34e3f
DM		 615libpve-access-control (4.0-4) unstable; urgency=medium
616
617 * use activate-noawait triggers
618
619 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
620
15462727
DM		 621libpve-access-control (4.0-3) unstable; urgency=medium
622
623 * IPv6 fixes
624
625 * non-root buildfix
626
627 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
628
bbf4cc9a
DM		 629libpve-access-control (4.0-2) unstable; urgency=medium
630
631 * trigger pve-api-updates event
632
633 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
634
dfbcf6d3
DM		 635libpve-access-control (4.0-1) unstable; urgency=medium
636
637 * bump version for Debian Jessie
638
639 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
640
94971b3a
DM		 641libpve-access-control (3.0-16) unstable; urgency=low
642
643 * root@pam can now be disabled in GUI.
644
645 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
646
7b17c7cb
DM		 647libpve-access-control (3.0-15) unstable; urgency=low
648
649 * oath: add 'step' and 'digits' option
650
651 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
652
1abc2c0a
DM		 653libpve-access-control (3.0-14) unstable; urgency=low
654
655 * add oath two factor auth
656
657 * add oathkeygen binary to generate keys for oath
658
659 * add yubico two factor auth
660
661 * dedend on oathtool
662
663 * depend on libmime-base32-perl
30be0de9
DM		 664
665 * allow to write builtin auth domains config (comment/tfa/default)
1abc2c0a
DM		 666
667 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
668
298450ab
DM		 669libpve-access-control (3.0-13) unstable; urgency=low
670
671 * use correct connection string for AD auth
672
673 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
674
396034e4
DM		 675libpve-access-control (3.0-12) unstable; urgency=low
676
677 * add dummy API for GET /access/ticket (useful to generate login pages)
678
679 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
680
26361123
DM		 681libpve-access-control (3.0-11) unstable; urgency=low
682
683 * Sets common hot keys for spice client
684
685 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
686
3643383d
DM		 687libpve-access-control (3.0-10) unstable; urgency=low
688
689 * implement helper to generate SPICE remote-viewer configuration
690
691 * depend on libnet-ssleay-perl
692
693 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
694
0baedcf7
DM		 695libpve-access-control (3.0-9) unstable; urgency=low
696
697 * prevent user enumeration attacks
e4f8fc2e
DM		 698
699 * allow dots in access paths
0baedcf7
DM		 700
701 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
702
d4b63eae
DM		 703libpve-access-control (3.0-8) unstable; urgency=low
704
705 * spice: use lowercase hostname in ticktet signature
706
707 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
708
49594944
DM		 709libpve-access-control (3.0-7) unstable; urgency=low
710
711 * check_volume_access : use parse_volname instead of path, and remove
712 path related code.
7c410d63
DM		 713
714 * use warnings instead of global -w flag.
49594944
DM		 715
716 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
717
fe7de5d0
DM		 718libpve-access-control (3.0-6) unstable; urgency=low
719
720 * use shorter spiceproxy tickets
721
722 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
723
4cdd9507
DM		 724libpve-access-control (3.0-5) unstable; urgency=low
725
726 * add code to generate tickets for SPICE
727
728 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
729
677f9ab0
DM		 730libpve-access-control (3.0-4) unstable; urgency=low
731
732 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
733
734 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
735
139a8ecf
DM		 736libpve-access-control (3.0-3) unstable; urgency=low
737
7d23b7ca 738 * Add new role PVETemplateUser (and VM.Clone privilege)
139a8ecf
DM		 739
740 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
741
b78ce7c2
DM		 742libpve-access-control (3.0-2) unstable; urgency=low
743
744 * remove CGI.pm related code (pveproxy does not need that)
745
746 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
747
786820f9
DM		 748libpve-access-control (3.0-1) unstable; urgency=low
749
750 * bump version for wheezy release
751
752 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
753
e5ae5487
DM		 754libpve-access-control (1.0-26) unstable; urgency=low
755
756 * check_volume_access: fix access permissions for backup files
757
758 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
759
e3e6510c
DM		 760libpve-access-control (1.0-25) unstable; urgency=low
761
762 * add VM.Snapshot permission
763
764 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
765
1e15ebe7
DM		 766libpve-access-control (1.0-24) unstable; urgency=low
767
768 * untaint path (allow root to restore arbitrary paths)
769
770 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
771
437be042
DM		 772libpve-access-control (1.0-23) unstable; urgency=low
773
774 * correctly compute GUI capabilities (consider pools)
775
776 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
777
5bb4e06a
DM		 778libpve-access-control (1.0-22) unstable; urgency=low
779
780 * new plugin architecture for Auth modules, minor API change for Auth
781 domains (new 'delete' parameter)
782
783 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
784
3030a176
DM		 785libpve-access-control (1.0-21) unstable; urgency=low
786
787 * do not allow user names including slash
788
789 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
790
791libpve-access-control (1.0-20) unstable; urgency=low
792
793 * add ability to fork cli workers in background
794
795 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
796
dd2cfee0
DM		 797libpve-access-control (1.0-19) unstable; urgency=low
798
799 * return set of privileges on login - can be used to adopt GUI
800
801 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
802
1cf154b7
DM		 803libpve-access-control (1.0-18) unstable; urgency=low
804
7d23b7ca 805 * fix bug #151: correctly parse username inside ticket
533219a1
DM		 806
807 * fix bug #152: allow user to change his own password
1cf154b7
DM		 808
809 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
810
2de14407
DM		 811libpve-access-control (1.0-17) unstable; urgency=low
812
813 * set propagate flag by default
814
815 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
816
bdc61d7a
DM		 817libpve-access-control (1.0-16) unstable; urgency=low
818
819 * add 'pveum passwd' method
820
821 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
822
cc7bdf33
DM		 823libpve-access-control (1.0-15) unstable; urgency=low
824
825 * Add VM.Config.CDROM privilege to PVEVMUser rule
826
827 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
828
a69bbe2e
DM		 829libpve-access-control (1.0-14) unstable; urgency=low
830
831 * fix buf in userid-param permission check
832
833 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
834
d9483d94
DM		 835libpve-access-control (1.0-13) unstable; urgency=low
836
837 * allow more characters in ldap base_dn attribute
838
839 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
840
84619607
DM		 841libpve-access-control (1.0-12) unstable; urgency=low
842
843 * allow more characters with realm IDs
844
845 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
846
09d27058
DM		 847libpve-access-control (1.0-11) unstable; urgency=low
848
849 * fix bug in exec_api2_perm_check
850
851 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
852
7a4c849e
DM		 853libpve-access-control (1.0-10) unstable; urgency=low
854
855 * fix ACL group name parser
856
857 * changed 'pveum aclmod' command line arguments
858
859 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
860
3eac4e35
DM		 861libpve-access-control (1.0-9) unstable; urgency=low
862
863 * fix bug in check_volume_access (fixes vzrestore)
864
865 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
866
4384e19e
DM		 867libpve-access-control (1.0-8) unstable; urgency=low
868
869 * fix return value for empty ACL list.
870
871 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
872
d8a56966
DM		 873libpve-access-control (1.0-7) unstable; urgency=low
874
875 * fix bug #85: allow root@pam to generate tickets for other users
876
877 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
878
cb6f2f93
DM		 879libpve-access-control (1.0-6) unstable; urgency=low
880
881 * API change: allow to filter enabled/disabled users.
882
883 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
884
272fe9ff
DM		 885libpve-access-control (1.0-5) unstable; urgency=low
886
887 * add a way to return file changes (diffs): set_result_changes()
888
889 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
890
e42eedbc
DM		 891libpve-access-control (1.0-4) unstable; urgency=low
892
893 * new environment type for ha agents
894
895 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
896
1fba27e0
DM		 897libpve-access-control (1.0-3) unstable; urgency=low
898
899 * add support for delayed parameter parsing - We need that to disable
7d23b7ca 900 file upload for normal API request (avoid DOS attacks)
1fba27e0
DM		 901
902 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
903
5bf71a96
DM		 904libpve-access-control (1.0-2) unstable; urgency=low
905
906 * fix bug in fork_worker
907
908 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
909
2c3a6c0a
DM		 910libpve-access-control (1.0-1) unstable; urgency=low
911
912 * allow '-' in permission paths
913
914 * bump version to 1.0
915
916 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
917
918libpve-access-control (0.1) unstable; urgency=low
919
920 * first dummy package - no functionality
921
922 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200
923
Access control framework