]>
Commit | Line | Data |
---|---|---|
f4e68e49 TL |
1 | libpve-access-control (7.2-4) bullseye; urgency=medium |
2 | ||
3 | * fix #4074: increase API OpenID code size limit to 2048 | |
4 | ||
5 | * auth key: protect against rare chance of a double rotation in clusters, | |
6 | leaving the potential that some set of nodes have the earlier key cached, | |
7 | that then got rotated out due to the race, resulting in a possible other | |
8 | set of nodes having the newer key cached. This is a split view of the auth | |
9 | key and may resulting in spurious failures if API requests are made to a | |
10 | different node than the ticket was generated on. | |
11 | In addition to that, the "keep validity of old tickets if signed in the | |
12 | last two hours before rotation" logic was disabled too in such a case, | |
13 | making such tickets invalid too early. | |
14 | Note that both are cases where Proxmox VE was too strict, so while this | |
15 | had no security implications it can be a nuisance, especially for | |
16 | environments that use the API through an automated or scripted way | |
17 | ||
18 | -- Proxmox Support Team <support@proxmox.com> Thu, 14 Jul 2022 08:36:51 +0200 | |
19 | ||
26dde491 TL |
20 | libpve-access-control (7.2-3) bullseye; urgency=medium |
21 | ||
22 | * api: token: use userid-group as API perm check to avoid being overly | |
23 | strict through a misguided use of user id for non-root users. | |
24 | ||
25 | * perm check: forbid undefined/empty ACL path for future proofing of against | |
26 | above issue | |
27 | ||
28 | -- Proxmox Support Team <support@proxmox.com> Mon, 20 Jun 2022 15:51:14 +0200 | |
29 | ||
1cf4389b TL |
30 | libpve-access-control (7.2-2) bullseye; urgency=medium |
31 | ||
32 | * permissions: merge propagation flag for multiple roles on a path that | |
33 | share privilege in a deterministic way, to avoid that it gets lost | |
34 | depending on perl's random sort, which would result in returing less | |
35 | privileges than an auth-id actually had. | |
36 | ||
37 | * permissions: avoid that token and user privilege intersection is to strict | |
38 | for user permissions that have propagation disabled. | |
39 | ||
40 | -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2022 14:02:30 +0200 | |
41 | ||
e3604d48 TL |
42 | libpve-access-control (7.2-1) bullseye; urgency=medium |
43 | ||
44 | * user check: fix expiration/enable order | |
45 | ||
46 | -- Proxmox Support Team <support@proxmox.com> Tue, 31 May 2022 13:43:37 +0200 | |
47 | ||
79ae250f TL |
48 | libpve-access-control (7.1-8) bullseye; urgency=medium |
49 | ||
50 | * fix #3668: realm-sync: replace 'full' & 'purge' with 'remove- | |
51 | vanished' | |
52 | ||
53 | -- Proxmox Support Team <support@proxmox.com> Thu, 28 Apr 2022 17:02:46 +0200 | |
54 | ||
eed46286 TL |
55 | libpve-access-control (7.1-7) bullseye; urgency=medium |
56 | ||
57 | * userid-group check: distinguish create and update | |
58 | ||
59 | * api: get user: declare token schema | |
60 | ||
61 | -- Proxmox Support Team <support@proxmox.com> Mon, 21 Mar 2022 16:15:23 +0100 | |
62 | ||
cd78b295 FG |
63 | libpve-access-control (7.1-6) bullseye; urgency=medium |
64 | ||
65 | * fix #3768: warn on bad u2f or webauthn settings | |
66 | ||
67 | * tfa: when modifying others, verify the current user's password | |
68 | ||
69 | * tfa list: account for admin permissions | |
70 | ||
71 | * fix realm sync permissions | |
72 | ||
73 | * fix token permission display bug | |
74 | ||
75 | * include SDN permissions in permission tree | |
76 | ||
77 | -- Proxmox Support Team <support@proxmox.com> Fri, 21 Jan 2022 14:20:42 +0100 | |
78 | ||
118088d8 TL |
79 | libpve-access-control (7.1-5) bullseye; urgency=medium |
80 | ||
81 | * openid: fix username-claim fallback | |
82 | ||
83 | -- Proxmox Support Team <support@proxmox.com> Thu, 25 Nov 2021 07:57:38 +0100 | |
84 | ||
ebb14277 WB |
85 | libpve-access-control (7.1-4) bullseye; urgency=medium |
86 | ||
87 | * set current origin in the webauthn config if no fixed origin was | |
88 | configured, to support webauthn via subdomains | |
89 | ||
90 | -- Proxmox Support Team <support@proxmox.com> Mon, 22 Nov 2021 14:04:06 +0100 | |
91 | ||
44a55ff7 TL |
92 | libpve-access-control (7.1-3) bullseye; urgency=medium |
93 | ||
94 | * openid: allow arbitrary username-claims | |
95 | ||
96 | * openid: support configuring the prompt, scopes and ACR values | |
97 | ||
98 | -- Proxmox Support Team <support@proxmox.com> Fri, 19 Nov 2021 08:11:52 +0100 | |
99 | ||
6f643e79 TL |
100 | libpve-access-control (7.1-2) bullseye; urgency=medium |
101 | ||
102 | * catch incompatible tfa entries with a nice error | |
103 | ||
104 | -- Proxmox Support Team <support@proxmox.com> Wed, 17 Nov 2021 13:44:45 +0100 | |
105 | ||
92bca71e TL |
106 | libpve-access-control (7.1-1) bullseye; urgency=medium |
107 | ||
108 | * tfa: map HTTP 404 error in get_tfa_entry correctly | |
109 | ||
110 | -- Proxmox Support Team <support@proxmox.com> Mon, 15 Nov 2021 15:33:22 +0100 | |
111 | ||
1c9b6501 TL |
112 | libpve-access-control (7.0-7) bullseye; urgency=medium |
113 | ||
114 | * fix #3513: pass configured proxy to OpenID | |
115 | ||
116 | * use rust based parser for TFA config | |
117 | ||
118 | * use PBS-like auth api call flow, | |
119 | ||
120 | * merge old user.cfg keys to tfa config when adding entries | |
121 | ||
122 | * implement version checks for new tfa config writer to ensure all | |
123 | cluster nodes are ready to avoid login issues | |
124 | ||
125 | * tickets: add tunnel ticket | |
126 | ||
127 | -- Proxmox Support Team <support@proxmox.com> Thu, 11 Nov 2021 18:17:49 +0100 | |
128 | ||
cd46b379 TL |
129 | libpve-access-control (7.0-6) bullseye; urgency=medium |
130 | ||
131 | * fix regression in user deletion when realm does not enforce TFA | |
132 | ||
133 | -- Proxmox Support Team <support@proxmox.com> Thu, 21 Oct 2021 12:28:52 +0200 | |
134 | ||
52da88a8 TL |
135 | libpve-access-control (7.0-5) bullseye; urgency=medium |
136 | ||
137 | * acl: check path: add /sdn/vnets/* path | |
138 | ||
139 | * fix #2302: allow deletion of users when realm enforces TFA | |
140 | ||
141 | * api: delete user: disable user first to avoid surprise on error during the | |
142 | various cleanup action required for user deletion (e.g., TFA, ACL, group) | |
143 | ||
144 | -- Proxmox Support Team <support@proxmox.com> Mon, 27 Sep 2021 15:50:47 +0200 | |
145 | ||
543d646c TL |
146 | libpve-access-control (7.0-4) bullseye; urgency=medium |
147 | ||
148 | * realm: add OpenID configuration | |
149 | ||
150 | * api: implement OpenID related endpoints | |
151 | ||
152 | * implement opt-in OpenID autocreate user feature | |
153 | ||
154 | * api: user: add 'realm-type' to user list response | |
155 | ||
156 | -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jul 2021 13:45:46 +0200 | |
157 | ||
7a4c4fd8 TL |
158 | libpve-access-control (7.0-3) bullseye; urgency=medium |
159 | ||
160 | * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and | |
161 | `/sdn/zones/<zone>` to allowed ACL paths | |
162 | ||
163 | -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 10:31:19 +0200 | |
164 | ||
0902a936 FG |
165 | libpve-access-control (7.0-2) bullseye; urgency=medium |
166 | ||
167 | * fix #3402: add Pool.Audit privilege - custom roles containing | |
168 | Pool.Allocate must be updated to include the new privilege. | |
169 | ||
170 | -- Proxmox Support Team <support@proxmox.com> Tue, 1 Jun 2021 11:28:38 +0200 | |
171 | ||
67febb69 TL |
172 | libpve-access-control (7.0-1) bullseye; urgency=medium |
173 | ||
174 | * re-build for Debian 11 Bullseye based releases | |
175 | ||
176 | -- Proxmox Support Team <support@proxmox.com> Sun, 09 May 2021 18:18:23 +0200 | |
177 | ||
2942ba41 TL |
178 | libpve-access-control (6.4-1) pve; urgency=medium |
179 | ||
180 | * fix #1670: change PAM service name to project specific name | |
181 | ||
182 | * fix #1500: permission path syntax check for access control | |
183 | ||
184 | * pveum: add resource pool CLI commands | |
185 | ||
186 | -- Proxmox Support Team <support@proxmox.com> Sat, 24 Apr 2021 19:48:21 +0200 | |
187 | ||
54d312f3 TL |
188 | libpve-access-control (6.1-3) pve; urgency=medium |
189 | ||
190 | * partially fix #2825: authkey: rotate if it was generated in the | |
191 | future | |
192 | ||
193 | * fix #2947: add an option to LDAP or AD realm to switch user lookup to case | |
194 | insensitive | |
195 | ||
196 | -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200 | |
197 | ||
6a9be12f TL |
198 | libpve-access-control (6.1-2) pve; urgency=medium |
199 | ||
200 | * also check SDN permission path when computing coarse permissions heuristic | |
201 | for UIs | |
202 | ||
203 | * add SDN Permissions.Modify | |
204 | ||
205 | * add VM.Config.Cloudinit | |
206 | ||
207 | -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200 | |
208 | ||
e6624f50 TL |
209 | libpve-access-control (6.1-1) pve; urgency=medium |
210 | ||
211 | * pveum: add tfa delete subcommand for deleting user-TFA | |
212 | ||
213 | * LDAP: don't complain about missing credentials on realm removal | |
214 | ||
215 | * LDAP: skip anonymous bind when client certificate and key is configured | |
216 | ||
217 | -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200 | |
218 | ||
8f4a522f TL |
219 | libpve-access-control (6.0-7) pve; urgency=medium |
220 | ||
221 | * fix #2575: die when trying to edit built-in roles | |
222 | ||
223 | * add realm sub commands to pveum CLI tool | |
224 | ||
7d23b7ca | 225 | * api: domains: add user group sync API endpoint |
8f4a522f TL |
226 | |
227 | * allow one to sync and import users and groups from LDAP/AD based realms | |
228 | ||
229 | * realm: add default-sync-options to config for more convenient sync configuration | |
230 | ||
231 | * api: token create: return also full token id for convenience | |
232 | ||
233 | -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200 | |
234 | ||
23059f35 TL |
235 | libpve-access-control (6.0-6) pve; urgency=medium |
236 | ||
237 | * API: add group members to group index | |
238 | ||
239 | * implement API token support and management | |
240 | ||
241 | * pveum: add 'pveum user token add/update/remove/list' | |
242 | ||
243 | * pveum: add permissions sub-commands | |
244 | ||
245 | * API: add 'permissions' API endpoint | |
246 | ||
247 | * user.cfg: skip inexisting roles when parsing ACLs | |
248 | ||
249 | -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100 | |
250 | ||
3dd692e9 TL |
251 | libpve-access-control (6.0-5) pve; urgency=medium |
252 | ||
253 | * pveum: add list command for users, groups, ACLs and roles | |
254 | ||
255 | * add initial permissions for experimental SDN integration | |
256 | ||
257 | -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100 | |
258 | ||
4ef92d0d FG |
259 | libpve-access-control (6.0-4) pve; urgency=medium |
260 | ||
261 | * ticket: use clinfo to get cluster name | |
262 | ||
263 | * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as | |
264 | SSL version | |
265 | ||
266 | -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100 | |
267 | ||
6e5bbca4 TL |
268 | libpve-access-control (6.0-3) pve; urgency=medium |
269 | ||
270 | * fix #2433: increase possible TFA secret length | |
271 | ||
272 | * parse user configuration: correctly parse group names in ACLs, for users | |
273 | which begin their name with an @ | |
274 | ||
275 | * sort user.cfg entries alphabetically | |
276 | ||
277 | -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100 | |
278 | ||
e073493c TL |
279 | libpve-access-control (6.0-2) pve; urgency=medium |
280 | ||
281 | * improve CSRF verification compatibility with newer PVE | |
282 | ||
283 | -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200 | |
284 | ||
a237dc2e TL |
285 | libpve-access-control (6.0-1) pve; urgency=medium |
286 | ||
287 | * ticket: properly verify exactly 5 minute old tickets | |
288 | ||
289 | * use hmac_sha256 instead of sha1 for CSRF token generation | |
290 | ||
291 | -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200 | |
292 | ||
f1531f22 TL |
293 | libpve-access-control (6.0-0+1) pve; urgency=medium |
294 | ||
295 | * bump for Debian buster | |
296 | ||
297 | * fix #2079: add periodic auth key rotation | |
298 | ||
299 | -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200 | |
300 | ||
ef761f51 TL |
301 | libpve-access-control (5.1-10) unstable; urgency=medium |
302 | ||
303 | * add /access/user/{id}/tfa api call to get tfa types | |
304 | ||
305 | -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200 | |
306 | ||
860ddcba TL |
307 | libpve-access-control (5.1-9) unstable; urgency=medium |
308 | ||
309 | * store the tfa type in user.cfg allowing to get it without proxying the call | |
7d23b7ca | 310 | to a higher privileged daemon. |
860ddcba TL |
311 | |
312 | * tfa: realm required TFA should lock out users without TFA configured, as it | |
313 | was done before Proxmox VE 5.4 | |
314 | ||
315 | -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000 | |
316 | ||
9fbad012 TL |
317 | libpve-access-control (5.1-8) unstable; urgency=medium |
318 | ||
319 | * U2F: ensure we save correct public key on registration | |
320 | ||
321 | -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200 | |
322 | ||
4473c96c TL |
323 | libpve-access-control (5.1-7) unstable; urgency=medium |
324 | ||
325 | * verify_ticket: allow general non-challenge tfa to be run as two step | |
326 | call | |
327 | ||
328 | -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200 | |
329 | ||
a270d4e1 TL |
330 | libpve-access-control (5.1-6) unstable; urgency=medium |
331 | ||
332 | * more general 2FA configuration via priv/tfa.cfg | |
333 | ||
334 | * add u2f api endpoints | |
335 | ||
336 | * delete TFA entries when deleting a user | |
337 | ||
338 | * allow users to change their TOTP settings | |
339 | ||
340 | -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200 | |
341 | ||
374647e8 TL |
342 | libpve-access-control (5.1-5) unstable; urgency=medium |
343 | ||
344 | * fix vnc ticket verification without authkey lifetime | |
345 | ||
346 | -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100 | |
347 | ||
7fb70c94 TL |
348 | libpve-access-control (5.1-4) unstable; urgency=medium |
349 | ||
350 | * fix #1891: Add zsh command completion for pveum | |
351 | ||
352 | * ground work to fix #2079: add periodic auth key rotation. Not yet enabled | |
353 | to avoid issues on upgrade, will be enabled with 6.0 | |
354 | ||
355 | -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100 | |
356 | ||
6e010cde TL |
357 | libpve-access-control (5.1-3) unstable; urgency=medium |
358 | ||
359 | * api/ticket: move getting cluster name into an eval | |
360 | ||
361 | -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100 | |
362 | ||
f5a9380a TL |
363 | libpve-access-control (5.1-2) unstable; urgency=medium |
364 | ||
365 | * fix #1998: correct return properties for read_role | |
366 | ||
367 | -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100 | |
368 | ||
b54b7474 TL |
369 | libpve-access-control (5.1-1) unstable; urgency=medium |
370 | ||
371 | * pveum: introduce sub-commands | |
372 | ||
373 | * register userid with completion | |
374 | ||
375 | * fix #233: return cluster name on successful login | |
376 | ||
377 | -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100 | |
378 | ||
52192dd4 WB |
379 | libpve-access-control (5.0-8) unstable; urgency=medium |
380 | ||
381 | * fix #1612: ldap: make 2nd server work with bind domains again | |
382 | ||
383 | * fix an error message where passing a bad pool id to an API function would | |
384 | make it complain about a wrong group name instead | |
385 | ||
386 | * fix the API-returned permission list so that the GUI knows to show the | |
387 | 'Permissions' tab for a storage to an administrator apart from root@pam | |
388 | ||
389 | -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100 | |
390 | ||
3dadf8cf FG |
391 | libpve-access-control (5.0-7) unstable; urgency=medium |
392 | ||
393 | * VM.Snapshot.Rollback privilege added | |
394 | ||
395 | * api: check for special roles before locking the usercfg | |
396 | ||
397 | * fix #1501: pveum: die when deleting special role | |
398 | ||
399 | * API/ticket: rework coarse grained permission computation | |
400 | ||
401 | -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200 | |
402 | ||
ec4141f4 WB |
403 | libpve-access-control (5.0-6) unstable; urgency=medium |
404 | ||
405 | * Close #1470: Add server ceritifcate verification for AD and LDAP via the | |
406 | 'verify' option. For compatibility reasons this defaults to off for now, | |
407 | but that might change with future updates. | |
408 | ||
409 | * AD, LDAP: Add ability to specify a CA path or file, and a client | |
410 | certificate via the 'capath', 'cert' and 'certkey' options. | |
411 | ||
412 | -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200 | |
413 | ||
63134bd4 DM |
414 | libpve-access-control (5.0-5) unstable; urgency=medium |
415 | ||
416 | * change from dpkg-deb to dpkg-buildpackage | |
417 | ||
418 | -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200 | |
419 | ||
868fb1ea DM |
420 | libpve-access-control (5.0-4) unstable; urgency=medium |
421 | ||
422 | * PVE/CLI/pveum.pm: call setup_default_cli_env() | |
423 | ||
424 | * PVE/Auth/PVE.pm: encode uft8 password before calling crypt | |
425 | ||
426 | * check_api2_permissions: avoid warning about uninitialized value | |
427 | ||
428 | -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200 | |
429 | ||
63358f40 DM |
430 | libpve-access-control (5.0-3) unstable; urgency=medium |
431 | ||
432 | * use new PVE::OTP class from pve-common | |
433 | ||
434 | * use new PVE::Tools::encrypt_pw from pve-common | |
435 | ||
436 | -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200 | |
437 | ||
05fd50af DM |
438 | libpve-access-control (5.0-2) unstable; urgency=medium |
439 | ||
440 | * encrypt_pw: avoid '+' for crypt salt | |
441 | ||
442 | -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200 | |
443 | ||
0835385b FG |
444 | libpve-access-control (5.0-1) unstable; urgency=medium |
445 | ||
446 | * rebuild for PVE 5.0 | |
447 | ||
448 | -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100 | |
449 | ||
730f8863 DM |
450 | libpve-access-control (4.0-23) unstable; urgency=medium |
451 | ||
452 | * use new PVE::Ticket class | |
453 | ||
454 | -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100 | |
455 | ||
1f1c4593 DM |
456 | libpve-access-control (4.0-22) unstable; urgency=medium |
457 | ||
458 | * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency | |
459 | (moved to PVE::Storage) | |
460 | ||
461 | * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class | |
462 | ||
463 | -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100 | |
464 | ||
f9105063 DM |
465 | libpve-access-control (4.0-21) unstable; urgency=medium |
466 | ||
467 | * setup_default_cli_env: expect $class as first parameter | |
468 | ||
469 | -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100 | |
470 | ||
9595066e DM |
471 | libpve-access-control (4.0-20) unstable; urgency=medium |
472 | ||
473 | * PVE/RPCEnvironment.pm: new function setup_default_cli_env | |
474 | ||
475 | * PVE/API2/Domains.pm: fix property description | |
476 | ||
477 | * use new repoman for upload target | |
478 | ||
479 | -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100 | |
480 | ||
2af5a793 DM |
481 | libpve-access-control (4.0-19) unstable; urgency=medium |
482 | ||
483 | * Close #833: ldap: non-anonymous bind support | |
484 | ||
485 | * don't import 'RFC' from MIME::Base32 | |
486 | ||
487 | -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200 | |
488 | ||
5d87bb77 WB |
489 | libpve-access-control (4.0-18) unstable; urgency=medium |
490 | ||
491 | * fix #1062: recognize base32 otp keys again | |
492 | ||
493 | -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200 | |
494 | ||
28ddf48b WB |
495 | libpve-access-control (4.0-17) unstable; urgency=medium |
496 | ||
497 | * drop oathtool and libdigest-hmac-perl dependencies | |
498 | ||
499 | -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200 | |
500 | ||
15cebb28 DM |
501 | libpve-access-control (4.0-16) unstable; urgency=medium |
502 | ||
503 | * use pve-doc-generator to generate man pages | |
504 | ||
505 | -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200 | |
506 | ||
678df887 DM |
507 | libpve-access-control (4.0-15) unstable; urgency=medium |
508 | ||
509 | * Fix uninitialized warning when shadow.cfg does not exist | |
510 | ||
511 | -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200 | |
512 | ||
cca9761a DM |
513 | libpve-access-control (4.0-14) unstable; urgency=medium |
514 | ||
515 | * Add is_worker to RPCEnvironment | |
516 | ||
517 | -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100 | |
518 | ||
8643c99d DM |
519 | libpve-access-control (4.0-13) unstable; urgency=medium |
520 | ||
521 | * fix #916: allow HTTPS to access custom yubico url | |
522 | ||
523 | -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100 | |
524 | ||
ae2a6bf9 DM |
525 | libpve-access-control (4.0-12) unstable; urgency=medium |
526 | ||
527 | * Catch certificate errors instead of segfaulting | |
528 | ||
529 | -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100 | |
530 | ||
4836db5f DM |
531 | libpve-access-control (4.0-11) unstable; urgency=medium |
532 | ||
533 | * Fix #861: use safer sprintf formatting | |
534 | ||
535 | -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100 | |
536 | ||
ccbe23dc DM |
537 | libpve-access-control (4.0-10) unstable; urgency=medium |
538 | ||
539 | * Auth::LDAP, Auth::AD: ipv6 support | |
540 | ||
541 | -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100 | |
542 | ||
90399ca4 DM |
543 | libpve-access-control (4.0-9) unstable; urgency=medium |
544 | ||
545 | * pveum: implement bash completion | |
546 | ||
547 | -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200 | |
548 | ||
364ffc13 DM |
549 | libpve-access-control (4.0-8) unstable; urgency=medium |
550 | ||
551 | * remove_storage_access: cleanup of access permissions for removed storage | |
552 | ||
553 | -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200 | |
554 | ||
7c26cb4a DM |
555 | libpve-access-control (4.0-7) unstable; urgency=medium |
556 | ||
557 | * new helper to remove access permissions for removed VMs | |
558 | ||
559 | -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200 | |
560 | ||
296afbd1 DM |
561 | libpve-access-control (4.0-6) unstable; urgency=medium |
562 | ||
563 | * improve parse_user_config, parse_shadow_config | |
564 | ||
565 | -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200 | |
566 | ||
7d2df2ef DM |
567 | libpve-access-control (4.0-5) unstable; urgency=medium |
568 | ||
569 | * pveum: check for $cmd being defined | |
570 | ||
571 | -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200 | |
572 | ||
98a34e3f DM |
573 | libpve-access-control (4.0-4) unstable; urgency=medium |
574 | ||
575 | * use activate-noawait triggers | |
576 | ||
577 | -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200 | |
578 | ||
15462727 DM |
579 | libpve-access-control (4.0-3) unstable; urgency=medium |
580 | ||
581 | * IPv6 fixes | |
582 | ||
583 | * non-root buildfix | |
584 | ||
585 | -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200 | |
586 | ||
bbf4cc9a DM |
587 | libpve-access-control (4.0-2) unstable; urgency=medium |
588 | ||
589 | * trigger pve-api-updates event | |
590 | ||
591 | -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200 | |
592 | ||
dfbcf6d3 DM |
593 | libpve-access-control (4.0-1) unstable; urgency=medium |
594 | ||
595 | * bump version for Debian Jessie | |
596 | ||
597 | -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100 | |
598 | ||
94971b3a DM |
599 | libpve-access-control (3.0-16) unstable; urgency=low |
600 | ||
601 | * root@pam can now be disabled in GUI. | |
602 | ||
603 | -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100 | |
604 | ||
7b17c7cb DM |
605 | libpve-access-control (3.0-15) unstable; urgency=low |
606 | ||
607 | * oath: add 'step' and 'digits' option | |
608 | ||
609 | -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200 | |
610 | ||
1abc2c0a DM |
611 | libpve-access-control (3.0-14) unstable; urgency=low |
612 | ||
613 | * add oath two factor auth | |
614 | ||
615 | * add oathkeygen binary to generate keys for oath | |
616 | ||
617 | * add yubico two factor auth | |
618 | ||
619 | * dedend on oathtool | |
620 | ||
621 | * depend on libmime-base32-perl | |
30be0de9 DM |
622 | |
623 | * allow to write builtin auth domains config (comment/tfa/default) | |
1abc2c0a DM |
624 | |
625 | -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200 | |
626 | ||
298450ab DM |
627 | libpve-access-control (3.0-13) unstable; urgency=low |
628 | ||
629 | * use correct connection string for AD auth | |
630 | ||
631 | -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200 | |
632 | ||
396034e4 DM |
633 | libpve-access-control (3.0-12) unstable; urgency=low |
634 | ||
635 | * add dummy API for GET /access/ticket (useful to generate login pages) | |
636 | ||
637 | -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200 | |
638 | ||
26361123 DM |
639 | libpve-access-control (3.0-11) unstable; urgency=low |
640 | ||
641 | * Sets common hot keys for spice client | |
642 | ||
643 | -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100 | |
644 | ||
3643383d DM |
645 | libpve-access-control (3.0-10) unstable; urgency=low |
646 | ||
647 | * implement helper to generate SPICE remote-viewer configuration | |
648 | ||
649 | * depend on libnet-ssleay-perl | |
650 | ||
651 | -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100 | |
652 | ||
0baedcf7 DM |
653 | libpve-access-control (3.0-9) unstable; urgency=low |
654 | ||
655 | * prevent user enumeration attacks | |
e4f8fc2e DM |
656 | |
657 | * allow dots in access paths | |
0baedcf7 DM |
658 | |
659 | -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100 | |
660 | ||
d4b63eae DM |
661 | libpve-access-control (3.0-8) unstable; urgency=low |
662 | ||
663 | * spice: use lowercase hostname in ticktet signature | |
664 | ||
665 | -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100 | |
666 | ||
49594944 DM |
667 | libpve-access-control (3.0-7) unstable; urgency=low |
668 | ||
669 | * check_volume_access : use parse_volname instead of path, and remove | |
670 | path related code. | |
7c410d63 DM |
671 | |
672 | * use warnings instead of global -w flag. | |
49594944 DM |
673 | |
674 | -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200 | |
675 | ||
fe7de5d0 DM |
676 | libpve-access-control (3.0-6) unstable; urgency=low |
677 | ||
678 | * use shorter spiceproxy tickets | |
679 | ||
680 | -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200 | |
681 | ||
4cdd9507 DM |
682 | libpve-access-control (3.0-5) unstable; urgency=low |
683 | ||
684 | * add code to generate tickets for SPICE | |
685 | ||
686 | -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200 | |
687 | ||
677f9ab0 DM |
688 | libpve-access-control (3.0-4) unstable; urgency=low |
689 | ||
690 | * moved add_vm_to_pool/remove_vm_from_pool from qemu-server | |
691 | ||
692 | -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200 | |
693 | ||
139a8ecf DM |
694 | libpve-access-control (3.0-3) unstable; urgency=low |
695 | ||
7d23b7ca | 696 | * Add new role PVETemplateUser (and VM.Clone privilege) |
139a8ecf DM |
697 | |
698 | -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200 | |
699 | ||
b78ce7c2 DM |
700 | libpve-access-control (3.0-2) unstable; urgency=low |
701 | ||
702 | * remove CGI.pm related code (pveproxy does not need that) | |
703 | ||
704 | -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200 | |
705 | ||
786820f9 DM |
706 | libpve-access-control (3.0-1) unstable; urgency=low |
707 | ||
708 | * bump version for wheezy release | |
709 | ||
710 | -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100 | |
711 | ||
e5ae5487 DM |
712 | libpve-access-control (1.0-26) unstable; urgency=low |
713 | ||
714 | * check_volume_access: fix access permissions for backup files | |
715 | ||
716 | -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100 | |
717 | ||
e3e6510c DM |
718 | libpve-access-control (1.0-25) unstable; urgency=low |
719 | ||
720 | * add VM.Snapshot permission | |
721 | ||
722 | -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200 | |
723 | ||
1e15ebe7 DM |
724 | libpve-access-control (1.0-24) unstable; urgency=low |
725 | ||
726 | * untaint path (allow root to restore arbitrary paths) | |
727 | ||
728 | -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200 | |
729 | ||
437be042 DM |
730 | libpve-access-control (1.0-23) unstable; urgency=low |
731 | ||
732 | * correctly compute GUI capabilities (consider pools) | |
733 | ||
734 | -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200 | |
735 | ||
5bb4e06a DM |
736 | libpve-access-control (1.0-22) unstable; urgency=low |
737 | ||
738 | * new plugin architecture for Auth modules, minor API change for Auth | |
739 | domains (new 'delete' parameter) | |
740 | ||
741 | -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200 | |
742 | ||
3030a176 DM |
743 | libpve-access-control (1.0-21) unstable; urgency=low |
744 | ||
745 | * do not allow user names including slash | |
746 | ||
747 | -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200 | |
748 | ||
749 | libpve-access-control (1.0-20) unstable; urgency=low | |
750 | ||
751 | * add ability to fork cli workers in background | |
752 | ||
753 | -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200 | |
754 | ||
dd2cfee0 DM |
755 | libpve-access-control (1.0-19) unstable; urgency=low |
756 | ||
757 | * return set of privileges on login - can be used to adopt GUI | |
758 | ||
759 | -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200 | |
760 | ||
1cf154b7 DM |
761 | libpve-access-control (1.0-18) unstable; urgency=low |
762 | ||
7d23b7ca | 763 | * fix bug #151: correctly parse username inside ticket |
533219a1 DM |
764 | |
765 | * fix bug #152: allow user to change his own password | |
1cf154b7 DM |
766 | |
767 | -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200 | |
768 | ||
2de14407 DM |
769 | libpve-access-control (1.0-17) unstable; urgency=low |
770 | ||
771 | * set propagate flag by default | |
772 | ||
773 | -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100 | |
774 | ||
bdc61d7a DM |
775 | libpve-access-control (1.0-16) unstable; urgency=low |
776 | ||
777 | * add 'pveum passwd' method | |
778 | ||
779 | -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100 | |
780 | ||
cc7bdf33 DM |
781 | libpve-access-control (1.0-15) unstable; urgency=low |
782 | ||
783 | * Add VM.Config.CDROM privilege to PVEVMUser rule | |
784 | ||
785 | -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100 | |
786 | ||
a69bbe2e DM |
787 | libpve-access-control (1.0-14) unstable; urgency=low |
788 | ||
789 | * fix buf in userid-param permission check | |
790 | ||
791 | -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100 | |
792 | ||
d9483d94 DM |
793 | libpve-access-control (1.0-13) unstable; urgency=low |
794 | ||
795 | * allow more characters in ldap base_dn attribute | |
796 | ||
797 | -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100 | |
798 | ||
84619607 DM |
799 | libpve-access-control (1.0-12) unstable; urgency=low |
800 | ||
801 | * allow more characters with realm IDs | |
802 | ||
803 | -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100 | |
804 | ||
09d27058 DM |
805 | libpve-access-control (1.0-11) unstable; urgency=low |
806 | ||
807 | * fix bug in exec_api2_perm_check | |
808 | ||
809 | -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100 | |
810 | ||
7a4c849e DM |
811 | libpve-access-control (1.0-10) unstable; urgency=low |
812 | ||
813 | * fix ACL group name parser | |
814 | ||
815 | * changed 'pveum aclmod' command line arguments | |
816 | ||
817 | -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100 | |
818 | ||
3eac4e35 DM |
819 | libpve-access-control (1.0-9) unstable; urgency=low |
820 | ||
821 | * fix bug in check_volume_access (fixes vzrestore) | |
822 | ||
823 | -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100 | |
824 | ||
4384e19e DM |
825 | libpve-access-control (1.0-8) unstable; urgency=low |
826 | ||
827 | * fix return value for empty ACL list. | |
828 | ||
829 | -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100 | |
830 | ||
d8a56966 DM |
831 | libpve-access-control (1.0-7) unstable; urgency=low |
832 | ||
833 | * fix bug #85: allow root@pam to generate tickets for other users | |
834 | ||
835 | -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100 | |
836 | ||
cb6f2f93 DM |
837 | libpve-access-control (1.0-6) unstable; urgency=low |
838 | ||
839 | * API change: allow to filter enabled/disabled users. | |
840 | ||
841 | -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100 | |
842 | ||
272fe9ff DM |
843 | libpve-access-control (1.0-5) unstable; urgency=low |
844 | ||
845 | * add a way to return file changes (diffs): set_result_changes() | |
846 | ||
847 | -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100 | |
848 | ||
e42eedbc DM |
849 | libpve-access-control (1.0-4) unstable; urgency=low |
850 | ||
851 | * new environment type for ha agents | |
852 | ||
853 | -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100 | |
854 | ||
1fba27e0 DM |
855 | libpve-access-control (1.0-3) unstable; urgency=low |
856 | ||
857 | * add support for delayed parameter parsing - We need that to disable | |
7d23b7ca | 858 | file upload for normal API request (avoid DOS attacks) |
1fba27e0 DM |
859 | |
860 | -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100 | |
861 | ||
5bf71a96 DM |
862 | libpve-access-control (1.0-2) unstable; urgency=low |
863 | ||
864 | * fix bug in fork_worker | |
865 | ||
866 | -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200 | |
867 | ||
2c3a6c0a DM |
868 | libpve-access-control (1.0-1) unstable; urgency=low |
869 | ||
870 | * allow '-' in permission paths | |
871 | ||
872 | * bump version to 1.0 | |
873 | ||
874 | -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200 | |
875 | ||
876 | libpve-access-control (0.1) unstable; urgency=low | |
877 | ||
878 | * first dummy package - no functionality | |
879 | ||
880 | -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200 | |
881 |