]> git.proxmox.com Git - pve-access-control.git/blame - debian/changelog
projects / pve-access-control.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
verify_ticket: allow general non-challenge tfa to be run as two step call
[pve-access-control.git] / debian / changelog
CommitLineData
a270d4e1
TL		 1libpve-access-control (5.1-6) unstable; urgency=medium
2
3 * more general 2FA configuration via priv/tfa.cfg
4
5 * add u2f api endpoints
6
7 * delete TFA entries when deleting a user
8
9 * allow users to change their TOTP settings
10
11 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
12
374647e8
TL		 13libpve-access-control (5.1-5) unstable; urgency=medium
14
15 * fix vnc ticket verification without authkey lifetime
16
17 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
18
7fb70c94
TL		 19libpve-access-control (5.1-4) unstable; urgency=medium
20
21 * fix #1891: Add zsh command completion for pveum
22
23 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
24 to avoid issues on upgrade, will be enabled with 6.0
25
26 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
27
6e010cde
TL		 28libpve-access-control (5.1-3) unstable; urgency=medium
29
30 * api/ticket: move getting cluster name into an eval
31
32 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
33
f5a9380a
TL		 34libpve-access-control (5.1-2) unstable; urgency=medium
35
36 * fix #1998: correct return properties for read_role
37
38 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
39
b54b7474
TL		 40libpve-access-control (5.1-1) unstable; urgency=medium
41
42 * pveum: introduce sub-commands
43
44 * register userid with completion
45
46 * fix #233: return cluster name on successful login
47
48 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
49
52192dd4
WB		 50libpve-access-control (5.0-8) unstable; urgency=medium
51
52 * fix #1612: ldap: make 2nd server work with bind domains again
53
54 * fix an error message where passing a bad pool id to an API function would
55 make it complain about a wrong group name instead
56
57 * fix the API-returned permission list so that the GUI knows to show the
58 'Permissions' tab for a storage to an administrator apart from root@pam
59
60 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
61
3dadf8cf
FG		 62libpve-access-control (5.0-7) unstable; urgency=medium
63
64 * VM.Snapshot.Rollback privilege added
65
66 * api: check for special roles before locking the usercfg
67
68 * fix #1501: pveum: die when deleting special role
69
70 * API/ticket: rework coarse grained permission computation
71
72 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
73
ec4141f4
WB		 74libpve-access-control (5.0-6) unstable; urgency=medium
75
76 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
77 'verify' option. For compatibility reasons this defaults to off for now,
78 but that might change with future updates.
79
80 * AD, LDAP: Add ability to specify a CA path or file, and a client
81 certificate via the 'capath', 'cert' and 'certkey' options.
82
83 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
84
63134bd4
DM		 85libpve-access-control (5.0-5) unstable; urgency=medium
86
87 * change from dpkg-deb to dpkg-buildpackage
88
89 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
90
868fb1ea
DM		 91libpve-access-control (5.0-4) unstable; urgency=medium
92
93 * PVE/CLI/pveum.pm: call setup_default_cli_env()
94
95 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
96
97 * check_api2_permissions: avoid warning about uninitialized value
98
99 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
100
63358f40
DM		 101libpve-access-control (5.0-3) unstable; urgency=medium
102
103 * use new PVE::OTP class from pve-common
104
105 * use new PVE::Tools::encrypt_pw from pve-common
106
107 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
108
05fd50af
DM		 109libpve-access-control (5.0-2) unstable; urgency=medium
110
111 * encrypt_pw: avoid '+' for crypt salt
112
113 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
114
0835385b
FG		 115libpve-access-control (5.0-1) unstable; urgency=medium
116
117 * rebuild for PVE 5.0
118
119 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
120
730f8863
DM		 121libpve-access-control (4.0-23) unstable; urgency=medium
122
123 * use new PVE::Ticket class
124
125 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
126
1f1c4593
DM		 127libpve-access-control (4.0-22) unstable; urgency=medium
128
129 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
130 (moved to PVE::Storage)
131
132 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
133
134 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
135
f9105063
DM		 136libpve-access-control (4.0-21) unstable; urgency=medium
137
138 * setup_default_cli_env: expect $class as first parameter
139
140 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
141
9595066e
DM		 142libpve-access-control (4.0-20) unstable; urgency=medium
143
144 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
145
146 * PVE/API2/Domains.pm: fix property description
147
148 * use new repoman for upload target
149
150 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
151
2af5a793
DM		 152libpve-access-control (4.0-19) unstable; urgency=medium
153
154 * Close #833: ldap: non-anonymous bind support
155
156 * don't import 'RFC' from MIME::Base32
157
158 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
159
5d87bb77
WB		 160libpve-access-control (4.0-18) unstable; urgency=medium
161
162 * fix #1062: recognize base32 otp keys again
163
164 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
165
28ddf48b
WB		 166libpve-access-control (4.0-17) unstable; urgency=medium
167
168 * drop oathtool and libdigest-hmac-perl dependencies
169
170 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
171
15cebb28
DM		 172libpve-access-control (4.0-16) unstable; urgency=medium
173
174 * use pve-doc-generator to generate man pages
175
176 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
177
678df887
DM		 178libpve-access-control (4.0-15) unstable; urgency=medium
179
180 * Fix uninitialized warning when shadow.cfg does not exist
181
182 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
183
cca9761a
DM		 184libpve-access-control (4.0-14) unstable; urgency=medium
185
186 * Add is_worker to RPCEnvironment
187
188 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
189
8643c99d
DM		 190libpve-access-control (4.0-13) unstable; urgency=medium
191
192 * fix #916: allow HTTPS to access custom yubico url
193
194 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
195
ae2a6bf9
DM		 196libpve-access-control (4.0-12) unstable; urgency=medium
197
198 * Catch certificate errors instead of segfaulting
199
200 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
201
4836db5f
DM		 202libpve-access-control (4.0-11) unstable; urgency=medium
203
204 * Fix #861: use safer sprintf formatting
205
206 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
207
ccbe23dc
DM		 208libpve-access-control (4.0-10) unstable; urgency=medium
209
210 * Auth::LDAP, Auth::AD: ipv6 support
211
212 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
213
90399ca4
DM		 214libpve-access-control (4.0-9) unstable; urgency=medium
215
216 * pveum: implement bash completion
217
218 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
219
364ffc13
DM		 220libpve-access-control (4.0-8) unstable; urgency=medium
221
222 * remove_storage_access: cleanup of access permissions for removed storage
223
224 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
225
7c26cb4a
DM		 226libpve-access-control (4.0-7) unstable; urgency=medium
227
228 * new helper to remove access permissions for removed VMs
229
230 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
231
296afbd1
DM		 232libpve-access-control (4.0-6) unstable; urgency=medium
233
234 * improve parse_user_config, parse_shadow_config
235
236 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
237
7d2df2ef
DM		 238libpve-access-control (4.0-5) unstable; urgency=medium
239
240 * pveum: check for $cmd being defined
241
242 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
243
98a34e3f
DM		 244libpve-access-control (4.0-4) unstable; urgency=medium
245
246 * use activate-noawait triggers
247
248 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
249
15462727
DM		 250libpve-access-control (4.0-3) unstable; urgency=medium
251
252 * IPv6 fixes
253
254 * non-root buildfix
255
256 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
257
bbf4cc9a
DM		 258libpve-access-control (4.0-2) unstable; urgency=medium
259
260 * trigger pve-api-updates event
261
262 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
263
dfbcf6d3
DM		 264libpve-access-control (4.0-1) unstable; urgency=medium
265
266 * bump version for Debian Jessie
267
268 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
269
94971b3a
DM		 270libpve-access-control (3.0-16) unstable; urgency=low
271
272 * root@pam can now be disabled in GUI.
273
274 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
275
7b17c7cb
DM		 276libpve-access-control (3.0-15) unstable; urgency=low
277
278 * oath: add 'step' and 'digits' option
279
280 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
281
1abc2c0a
DM		 282libpve-access-control (3.0-14) unstable; urgency=low
283
284 * add oath two factor auth
285
286 * add oathkeygen binary to generate keys for oath
287
288 * add yubico two factor auth
289
290 * dedend on oathtool
291
292 * depend on libmime-base32-perl
30be0de9
DM		 293
294 * allow to write builtin auth domains config (comment/tfa/default)
1abc2c0a
DM		 295
296 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
297
298450ab
DM		 298libpve-access-control (3.0-13) unstable; urgency=low
299
300 * use correct connection string for AD auth
301
302 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
303
396034e4
DM		 304libpve-access-control (3.0-12) unstable; urgency=low
305
306 * add dummy API for GET /access/ticket (useful to generate login pages)
307
308 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
309
26361123
DM		 310libpve-access-control (3.0-11) unstable; urgency=low
311
312 * Sets common hot keys for spice client
313
314 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
315
3643383d
DM		 316libpve-access-control (3.0-10) unstable; urgency=low
317
318 * implement helper to generate SPICE remote-viewer configuration
319
320 * depend on libnet-ssleay-perl
321
322 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
323
0baedcf7
DM		 324libpve-access-control (3.0-9) unstable; urgency=low
325
326 * prevent user enumeration attacks
e4f8fc2e
DM		 327
328 * allow dots in access paths
0baedcf7
DM		 329
330 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
331
d4b63eae
DM		 332libpve-access-control (3.0-8) unstable; urgency=low
333
334 * spice: use lowercase hostname in ticktet signature
335
336 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
337
49594944
DM		 338libpve-access-control (3.0-7) unstable; urgency=low
339
340 * check_volume_access : use parse_volname instead of path, and remove
341 path related code.
7c410d63
DM		 342
343 * use warnings instead of global -w flag.
49594944
DM		 344
345 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
346
fe7de5d0
DM		 347libpve-access-control (3.0-6) unstable; urgency=low
348
349 * use shorter spiceproxy tickets
350
351 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
352
4cdd9507
DM		 353libpve-access-control (3.0-5) unstable; urgency=low
354
355 * add code to generate tickets for SPICE
356
357 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
358
677f9ab0
DM		 359libpve-access-control (3.0-4) unstable; urgency=low
360
361 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
362
363 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
364
139a8ecf
DM		 365libpve-access-control (3.0-3) unstable; urgency=low
366
7b395f99 367 * Add new role PVETemplateUser (and VM.Clone priviledge)
139a8ecf
DM		 368
369 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
370
b78ce7c2
DM		 371libpve-access-control (3.0-2) unstable; urgency=low
372
373 * remove CGI.pm related code (pveproxy does not need that)
374
375 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
376
786820f9
DM		 377libpve-access-control (3.0-1) unstable; urgency=low
378
379 * bump version for wheezy release
380
381 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
382
e5ae5487
DM		 383libpve-access-control (1.0-26) unstable; urgency=low
384
385 * check_volume_access: fix access permissions for backup files
386
387 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
388
e3e6510c
DM		 389libpve-access-control (1.0-25) unstable; urgency=low
390
391 * add VM.Snapshot permission
392
393 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
394
1e15ebe7
DM		 395libpve-access-control (1.0-24) unstable; urgency=low
396
397 * untaint path (allow root to restore arbitrary paths)
398
399 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
400
437be042
DM		 401libpve-access-control (1.0-23) unstable; urgency=low
402
403 * correctly compute GUI capabilities (consider pools)
404
405 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
406
5bb4e06a
DM		 407libpve-access-control (1.0-22) unstable; urgency=low
408
409 * new plugin architecture for Auth modules, minor API change for Auth
410 domains (new 'delete' parameter)
411
412 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
413
3030a176
DM		 414libpve-access-control (1.0-21) unstable; urgency=low
415
416 * do not allow user names including slash
417
418 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
419
420libpve-access-control (1.0-20) unstable; urgency=low
421
422 * add ability to fork cli workers in background
423
424 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
425
dd2cfee0
DM		 426libpve-access-control (1.0-19) unstable; urgency=low
427
428 * return set of privileges on login - can be used to adopt GUI
429
430 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
431
1cf154b7
DM		 432libpve-access-control (1.0-18) unstable; urgency=low
433
533219a1
DM		 434 * fix bug #151: corretly parse username inside ticket
435
436 * fix bug #152: allow user to change his own password
1cf154b7
DM		 437
438 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
439
2de14407
DM		 440libpve-access-control (1.0-17) unstable; urgency=low
441
442 * set propagate flag by default
443
444 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
445
bdc61d7a
DM		 446libpve-access-control (1.0-16) unstable; urgency=low
447
448 * add 'pveum passwd' method
449
450 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
451
cc7bdf33
DM		 452libpve-access-control (1.0-15) unstable; urgency=low
453
454 * Add VM.Config.CDROM privilege to PVEVMUser rule
455
456 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
457
a69bbe2e
DM		 458libpve-access-control (1.0-14) unstable; urgency=low
459
460 * fix buf in userid-param permission check
461
462 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
463
d9483d94
DM		 464libpve-access-control (1.0-13) unstable; urgency=low
465
466 * allow more characters in ldap base_dn attribute
467
468 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
469
84619607
DM		 470libpve-access-control (1.0-12) unstable; urgency=low
471
472 * allow more characters with realm IDs
473
474 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
475
09d27058
DM		 476libpve-access-control (1.0-11) unstable; urgency=low
477
478 * fix bug in exec_api2_perm_check
479
480 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
481
7a4c849e
DM		 482libpve-access-control (1.0-10) unstable; urgency=low
483
484 * fix ACL group name parser
485
486 * changed 'pveum aclmod' command line arguments
487
488 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
489
3eac4e35
DM		 490libpve-access-control (1.0-9) unstable; urgency=low
491
492 * fix bug in check_volume_access (fixes vzrestore)
493
494 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
495
4384e19e
DM		 496libpve-access-control (1.0-8) unstable; urgency=low
497
498 * fix return value for empty ACL list.
499
500 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
501
d8a56966
DM		 502libpve-access-control (1.0-7) unstable; urgency=low
503
504 * fix bug #85: allow root@pam to generate tickets for other users
505
506 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
507
cb6f2f93
DM		 508libpve-access-control (1.0-6) unstable; urgency=low
509
510 * API change: allow to filter enabled/disabled users.
511
512 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
513
272fe9ff
DM		 514libpve-access-control (1.0-5) unstable; urgency=low
515
516 * add a way to return file changes (diffs): set_result_changes()
517
518 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
519
e42eedbc
DM		 520libpve-access-control (1.0-4) unstable; urgency=low
521
522 * new environment type for ha agents
523
524 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
525
1fba27e0
DM		 526libpve-access-control (1.0-3) unstable; urgency=low
527
528 * add support for delayed parameter parsing - We need that to disable
529 file upload for normal API request (avoid DOS attacs)
530
531 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
532
5bf71a96
DM		 533libpve-access-control (1.0-2) unstable; urgency=low
534
535 * fix bug in fork_worker
536
537 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
538
2c3a6c0a
DM		 539libpve-access-control (1.0-1) unstable; urgency=low
540
541 * allow '-' in permission paths
542
543 * bump version to 1.0
544
545 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
546
547libpve-access-control (0.1) unstable; urgency=low
548
549 * first dummy package - no functionality
550
551 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200
552
Access control framework