]> git.proxmox.com Git - pve-access-control.git/blame - debian/changelog
projects / pve-access-control.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
bump version to 7.2-4
[pve-access-control.git] / debian / changelog
CommitLineData
f4e68e49
TL		 1libpve-access-control (7.2-4) bullseye; urgency=medium
2
3 * fix #4074: increase API OpenID code size limit to 2048
4
5 * auth key: protect against rare chance of a double rotation in clusters,
6 leaving the potential that some set of nodes have the earlier key cached,
7 that then got rotated out due to the race, resulting in a possible other
8 set of nodes having the newer key cached. This is a split view of the auth
9 key and may resulting in spurious failures if API requests are made to a
10 different node than the ticket was generated on.
11 In addition to that, the "keep validity of old tickets if signed in the
12 last two hours before rotation" logic was disabled too in such a case,
13 making such tickets invalid too early.
14 Note that both are cases where Proxmox VE was too strict, so while this
15 had no security implications it can be a nuisance, especially for
16 environments that use the API through an automated or scripted way
17
18 -- Proxmox Support Team <support@proxmox.com> Thu, 14 Jul 2022 08:36:51 +0200
19
26dde491
TL		 20libpve-access-control (7.2-3) bullseye; urgency=medium
21
22 * api: token: use userid-group as API perm check to avoid being overly
23 strict through a misguided use of user id for non-root users.
24
25 * perm check: forbid undefined/empty ACL path for future proofing of against
26 above issue
27
28 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Jun 2022 15:51:14 +0200
29
1cf4389b
TL		 30libpve-access-control (7.2-2) bullseye; urgency=medium
31
32 * permissions: merge propagation flag for multiple roles on a path that
33 share privilege in a deterministic way, to avoid that it gets lost
34 depending on perl's random sort, which would result in returing less
35 privileges than an auth-id actually had.
36
37 * permissions: avoid that token and user privilege intersection is to strict
38 for user permissions that have propagation disabled.
39
40 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2022 14:02:30 +0200
41
e3604d48
TL		 42libpve-access-control (7.2-1) bullseye; urgency=medium
43
44 * user check: fix expiration/enable order
45
46 -- Proxmox Support Team <support@proxmox.com> Tue, 31 May 2022 13:43:37 +0200
47
79ae250f
TL		 48libpve-access-control (7.1-8) bullseye; urgency=medium
49
50 * fix #3668: realm-sync: replace 'full' & 'purge' with 'remove-
51 vanished'
52
53 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Apr 2022 17:02:46 +0200
54
eed46286
TL		 55libpve-access-control (7.1-7) bullseye; urgency=medium
56
57 * userid-group check: distinguish create and update
58
59 * api: get user: declare token schema
60
61 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Mar 2022 16:15:23 +0100
62
cd78b295
FG		 63libpve-access-control (7.1-6) bullseye; urgency=medium
64
65 * fix #3768: warn on bad u2f or webauthn settings
66
67 * tfa: when modifying others, verify the current user's password
68
69 * tfa list: account for admin permissions
70
71 * fix realm sync permissions
72
73 * fix token permission display bug
74
75 * include SDN permissions in permission tree
76
77 -- Proxmox Support Team <support@proxmox.com> Fri, 21 Jan 2022 14:20:42 +0100
78
118088d8
TL		 79libpve-access-control (7.1-5) bullseye; urgency=medium
80
81 * openid: fix username-claim fallback
82
83 -- Proxmox Support Team <support@proxmox.com> Thu, 25 Nov 2021 07:57:38 +0100
84
ebb14277
WB		 85libpve-access-control (7.1-4) bullseye; urgency=medium
86
87 * set current origin in the webauthn config if no fixed origin was
88 configured, to support webauthn via subdomains
89
90 -- Proxmox Support Team <support@proxmox.com> Mon, 22 Nov 2021 14:04:06 +0100
91
44a55ff7
TL		 92libpve-access-control (7.1-3) bullseye; urgency=medium
93
94 * openid: allow arbitrary username-claims
95
96 * openid: support configuring the prompt, scopes and ACR values
97
98 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Nov 2021 08:11:52 +0100
99
6f643e79
TL		 100libpve-access-control (7.1-2) bullseye; urgency=medium
101
102 * catch incompatible tfa entries with a nice error
103
104 -- Proxmox Support Team <support@proxmox.com> Wed, 17 Nov 2021 13:44:45 +0100
105
92bca71e
TL		 106libpve-access-control (7.1-1) bullseye; urgency=medium
107
108 * tfa: map HTTP 404 error in get_tfa_entry correctly
109
110 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Nov 2021 15:33:22 +0100
111
1c9b6501
TL		 112libpve-access-control (7.0-7) bullseye; urgency=medium
113
114 * fix #3513: pass configured proxy to OpenID
115
116 * use rust based parser for TFA config
117
118 * use PBS-like auth api call flow,
119
120 * merge old user.cfg keys to tfa config when adding entries
121
122 * implement version checks for new tfa config writer to ensure all
123 cluster nodes are ready to avoid login issues
124
125 * tickets: add tunnel ticket
126
127 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Nov 2021 18:17:49 +0100
128
cd46b379
TL		 129libpve-access-control (7.0-6) bullseye; urgency=medium
130
131 * fix regression in user deletion when realm does not enforce TFA
132
133 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Oct 2021 12:28:52 +0200
134
52da88a8
TL		 135libpve-access-control (7.0-5) bullseye; urgency=medium
136
137 * acl: check path: add /sdn/vnets/* path
138
139 * fix #2302: allow deletion of users when realm enforces TFA
140
141 * api: delete user: disable user first to avoid surprise on error during the
142 various cleanup action required for user deletion (e.g., TFA, ACL, group)
143
144 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Sep 2021 15:50:47 +0200
145
543d646c
TL		 146libpve-access-control (7.0-4) bullseye; urgency=medium
147
148 * realm: add OpenID configuration
149
150 * api: implement OpenID related endpoints
151
152 * implement opt-in OpenID autocreate user feature
153
154 * api: user: add 'realm-type' to user list response
155
156 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jul 2021 13:45:46 +0200
157
7a4c4fd8
TL		 158libpve-access-control (7.0-3) bullseye; urgency=medium
159
160 * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and
161 `/sdn/zones/<zone>` to allowed ACL paths
162
163 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 10:31:19 +0200
164
0902a936
FG		 165libpve-access-control (7.0-2) bullseye; urgency=medium
166
167 * fix #3402: add Pool.Audit privilege - custom roles containing
168 Pool.Allocate must be updated to include the new privilege.
169
170 -- Proxmox Support Team <support@proxmox.com> Tue, 1 Jun 2021 11:28:38 +0200
171
67febb69
TL		 172libpve-access-control (7.0-1) bullseye; urgency=medium
173
174 * re-build for Debian 11 Bullseye based releases
175
176 -- Proxmox Support Team <support@proxmox.com> Sun, 09 May 2021 18:18:23 +0200
177
2942ba41
TL		 178libpve-access-control (6.4-1) pve; urgency=medium
179
180 * fix #1670: change PAM service name to project specific name
181
182 * fix #1500: permission path syntax check for access control
183
184 * pveum: add resource pool CLI commands
185
186 -- Proxmox Support Team <support@proxmox.com> Sat, 24 Apr 2021 19:48:21 +0200
187
54d312f3
TL		 188libpve-access-control (6.1-3) pve; urgency=medium
189
190 * partially fix #2825: authkey: rotate if it was generated in the
191 future
192
193 * fix #2947: add an option to LDAP or AD realm to switch user lookup to case
194 insensitive
195
196 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200
197
6a9be12f
TL		 198libpve-access-control (6.1-2) pve; urgency=medium
199
200 * also check SDN permission path when computing coarse permissions heuristic
201 for UIs
202
203 * add SDN Permissions.Modify
204
205 * add VM.Config.Cloudinit
206
207 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200
208
e6624f50
TL		 209libpve-access-control (6.1-1) pve; urgency=medium
210
211 * pveum: add tfa delete subcommand for deleting user-TFA
212
213 * LDAP: don't complain about missing credentials on realm removal
214
215 * LDAP: skip anonymous bind when client certificate and key is configured
216
217 -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200
218
8f4a522f
TL		 219libpve-access-control (6.0-7) pve; urgency=medium
220
221 * fix #2575: die when trying to edit built-in roles
222
223 * add realm sub commands to pveum CLI tool
224
7d23b7ca 225 * api: domains: add user group sync API endpoint
8f4a522f
TL		 226
227 * allow one to sync and import users and groups from LDAP/AD based realms
228
229 * realm: add default-sync-options to config for more convenient sync configuration
230
231 * api: token create: return also full token id for convenience
232
233 -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
234
23059f35
TL		 235libpve-access-control (6.0-6) pve; urgency=medium
236
237 * API: add group members to group index
238
239 * implement API token support and management
240
241 * pveum: add 'pveum user token add/update/remove/list'
242
243 * pveum: add permissions sub-commands
244
245 * API: add 'permissions' API endpoint
246
247 * user.cfg: skip inexisting roles when parsing ACLs
248
249 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
250
3dd692e9
TL		 251libpve-access-control (6.0-5) pve; urgency=medium
252
253 * pveum: add list command for users, groups, ACLs and roles
254
255 * add initial permissions for experimental SDN integration
256
257 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
258
4ef92d0d
FG		 259libpve-access-control (6.0-4) pve; urgency=medium
260
261 * ticket: use clinfo to get cluster name
262
263 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
264 SSL version
265
266 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
267
6e5bbca4
TL		 268libpve-access-control (6.0-3) pve; urgency=medium
269
270 * fix #2433: increase possible TFA secret length
271
272 * parse user configuration: correctly parse group names in ACLs, for users
273 which begin their name with an @
274
275 * sort user.cfg entries alphabetically
276
277 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
278
e073493c
TL		 279libpve-access-control (6.0-2) pve; urgency=medium
280
281 * improve CSRF verification compatibility with newer PVE
282
283 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
284
a237dc2e
TL		 285libpve-access-control (6.0-1) pve; urgency=medium
286
287 * ticket: properly verify exactly 5 minute old tickets
288
289 * use hmac_sha256 instead of sha1 for CSRF token generation
290
291 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
292
f1531f22
TL		 293libpve-access-control (6.0-0+1) pve; urgency=medium
294
295 * bump for Debian buster
296
297 * fix #2079: add periodic auth key rotation
298
299 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
300
ef761f51
TL		 301libpve-access-control (5.1-10) unstable; urgency=medium
302
303 * add /access/user/{id}/tfa api call to get tfa types
304
305 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
306
860ddcba
TL		 307libpve-access-control (5.1-9) unstable; urgency=medium
308
309 * store the tfa type in user.cfg allowing to get it without proxying the call
7d23b7ca 310 to a higher privileged daemon.
860ddcba
TL		 311
312 * tfa: realm required TFA should lock out users without TFA configured, as it
313 was done before Proxmox VE 5.4
314
315 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
316
9fbad012
TL		 317libpve-access-control (5.1-8) unstable; urgency=medium
318
319 * U2F: ensure we save correct public key on registration
320
321 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
322
4473c96c
TL		 323libpve-access-control (5.1-7) unstable; urgency=medium
324
325 * verify_ticket: allow general non-challenge tfa to be run as two step
326 call
327
328 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
329
a270d4e1
TL		 330libpve-access-control (5.1-6) unstable; urgency=medium
331
332 * more general 2FA configuration via priv/tfa.cfg
333
334 * add u2f api endpoints
335
336 * delete TFA entries when deleting a user
337
338 * allow users to change their TOTP settings
339
340 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
341
374647e8
TL		 342libpve-access-control (5.1-5) unstable; urgency=medium
343
344 * fix vnc ticket verification without authkey lifetime
345
346 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
347
7fb70c94
TL		 348libpve-access-control (5.1-4) unstable; urgency=medium
349
350 * fix #1891: Add zsh command completion for pveum
351
352 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
353 to avoid issues on upgrade, will be enabled with 6.0
354
355 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
356
6e010cde
TL		 357libpve-access-control (5.1-3) unstable; urgency=medium
358
359 * api/ticket: move getting cluster name into an eval
360
361 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
362
f5a9380a
TL		 363libpve-access-control (5.1-2) unstable; urgency=medium
364
365 * fix #1998: correct return properties for read_role
366
367 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
368
b54b7474
TL		 369libpve-access-control (5.1-1) unstable; urgency=medium
370
371 * pveum: introduce sub-commands
372
373 * register userid with completion
374
375 * fix #233: return cluster name on successful login
376
377 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
378
52192dd4
WB		 379libpve-access-control (5.0-8) unstable; urgency=medium
380
381 * fix #1612: ldap: make 2nd server work with bind domains again
382
383 * fix an error message where passing a bad pool id to an API function would
384 make it complain about a wrong group name instead
385
386 * fix the API-returned permission list so that the GUI knows to show the
387 'Permissions' tab for a storage to an administrator apart from root@pam
388
389 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
390
3dadf8cf
FG		 391libpve-access-control (5.0-7) unstable; urgency=medium
392
393 * VM.Snapshot.Rollback privilege added
394
395 * api: check for special roles before locking the usercfg
396
397 * fix #1501: pveum: die when deleting special role
398
399 * API/ticket: rework coarse grained permission computation
400
401 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
402
ec4141f4
WB		 403libpve-access-control (5.0-6) unstable; urgency=medium
404
405 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
406 'verify' option. For compatibility reasons this defaults to off for now,
407 but that might change with future updates.
408
409 * AD, LDAP: Add ability to specify a CA path or file, and a client
410 certificate via the 'capath', 'cert' and 'certkey' options.
411
412 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
413
63134bd4
DM		 414libpve-access-control (5.0-5) unstable; urgency=medium
415
416 * change from dpkg-deb to dpkg-buildpackage
417
418 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
419
868fb1ea
DM		 420libpve-access-control (5.0-4) unstable; urgency=medium
421
422 * PVE/CLI/pveum.pm: call setup_default_cli_env()
423
424 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
425
426 * check_api2_permissions: avoid warning about uninitialized value
427
428 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
429
63358f40
DM		 430libpve-access-control (5.0-3) unstable; urgency=medium
431
432 * use new PVE::OTP class from pve-common
433
434 * use new PVE::Tools::encrypt_pw from pve-common
435
436 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
437
05fd50af
DM		 438libpve-access-control (5.0-2) unstable; urgency=medium
439
440 * encrypt_pw: avoid '+' for crypt salt
441
442 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
443
0835385b
FG		 444libpve-access-control (5.0-1) unstable; urgency=medium
445
446 * rebuild for PVE 5.0
447
448 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
449
730f8863
DM		 450libpve-access-control (4.0-23) unstable; urgency=medium
451
452 * use new PVE::Ticket class
453
454 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
455
1f1c4593
DM		 456libpve-access-control (4.0-22) unstable; urgency=medium
457
458 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
459 (moved to PVE::Storage)
460
461 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
462
463 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
464
f9105063
DM		 465libpve-access-control (4.0-21) unstable; urgency=medium
466
467 * setup_default_cli_env: expect $class as first parameter
468
469 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
470
9595066e
DM		 471libpve-access-control (4.0-20) unstable; urgency=medium
472
473 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
474
475 * PVE/API2/Domains.pm: fix property description
476
477 * use new repoman for upload target
478
479 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
480
2af5a793
DM		 481libpve-access-control (4.0-19) unstable; urgency=medium
482
483 * Close #833: ldap: non-anonymous bind support
484
485 * don't import 'RFC' from MIME::Base32
486
487 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
488
5d87bb77
WB		 489libpve-access-control (4.0-18) unstable; urgency=medium
490
491 * fix #1062: recognize base32 otp keys again
492
493 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
494
28ddf48b
WB		 495libpve-access-control (4.0-17) unstable; urgency=medium
496
497 * drop oathtool and libdigest-hmac-perl dependencies
498
499 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
500
15cebb28
DM		 501libpve-access-control (4.0-16) unstable; urgency=medium
502
503 * use pve-doc-generator to generate man pages
504
505 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
506
678df887
DM		 507libpve-access-control (4.0-15) unstable; urgency=medium
508
509 * Fix uninitialized warning when shadow.cfg does not exist
510
511 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
512
cca9761a
DM		 513libpve-access-control (4.0-14) unstable; urgency=medium
514
515 * Add is_worker to RPCEnvironment
516
517 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
518
8643c99d
DM		 519libpve-access-control (4.0-13) unstable; urgency=medium
520
521 * fix #916: allow HTTPS to access custom yubico url
522
523 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
524
ae2a6bf9
DM		 525libpve-access-control (4.0-12) unstable; urgency=medium
526
527 * Catch certificate errors instead of segfaulting
528
529 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
530
4836db5f
DM		 531libpve-access-control (4.0-11) unstable; urgency=medium
532
533 * Fix #861: use safer sprintf formatting
534
535 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
536
ccbe23dc
DM		 537libpve-access-control (4.0-10) unstable; urgency=medium
538
539 * Auth::LDAP, Auth::AD: ipv6 support
540
541 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
542
90399ca4
DM		 543libpve-access-control (4.0-9) unstable; urgency=medium
544
545 * pveum: implement bash completion
546
547 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
548
364ffc13
DM		 549libpve-access-control (4.0-8) unstable; urgency=medium
550
551 * remove_storage_access: cleanup of access permissions for removed storage
552
553 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
554
7c26cb4a
DM		 555libpve-access-control (4.0-7) unstable; urgency=medium
556
557 * new helper to remove access permissions for removed VMs
558
559 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
560
296afbd1
DM		 561libpve-access-control (4.0-6) unstable; urgency=medium
562
563 * improve parse_user_config, parse_shadow_config
564
565 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
566
7d2df2ef
DM		 567libpve-access-control (4.0-5) unstable; urgency=medium
568
569 * pveum: check for $cmd being defined
570
571 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
572
98a34e3f
DM		 573libpve-access-control (4.0-4) unstable; urgency=medium
574
575 * use activate-noawait triggers
576
577 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
578
15462727
DM		 579libpve-access-control (4.0-3) unstable; urgency=medium
580
581 * IPv6 fixes
582
583 * non-root buildfix
584
585 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
586
bbf4cc9a
DM		 587libpve-access-control (4.0-2) unstable; urgency=medium
588
589 * trigger pve-api-updates event
590
591 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
592
dfbcf6d3
DM		 593libpve-access-control (4.0-1) unstable; urgency=medium
594
595 * bump version for Debian Jessie
596
597 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
598
94971b3a
DM		 599libpve-access-control (3.0-16) unstable; urgency=low
600
601 * root@pam can now be disabled in GUI.
602
603 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
604
7b17c7cb
DM		 605libpve-access-control (3.0-15) unstable; urgency=low
606
607 * oath: add 'step' and 'digits' option
608
609 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
610
1abc2c0a
DM		 611libpve-access-control (3.0-14) unstable; urgency=low
612
613 * add oath two factor auth
614
615 * add oathkeygen binary to generate keys for oath
616
617 * add yubico two factor auth
618
619 * dedend on oathtool
620
621 * depend on libmime-base32-perl
30be0de9
DM		 622
623 * allow to write builtin auth domains config (comment/tfa/default)
1abc2c0a
DM		 624
625 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
626
298450ab
DM		 627libpve-access-control (3.0-13) unstable; urgency=low
628
629 * use correct connection string for AD auth
630
631 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
632
396034e4
DM		 633libpve-access-control (3.0-12) unstable; urgency=low
634
635 * add dummy API for GET /access/ticket (useful to generate login pages)
636
637 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
638
26361123
DM		 639libpve-access-control (3.0-11) unstable; urgency=low
640
641 * Sets common hot keys for spice client
642
643 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
644
3643383d
DM		 645libpve-access-control (3.0-10) unstable; urgency=low
646
647 * implement helper to generate SPICE remote-viewer configuration
648
649 * depend on libnet-ssleay-perl
650
651 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
652
0baedcf7
DM		 653libpve-access-control (3.0-9) unstable; urgency=low
654
655 * prevent user enumeration attacks
e4f8fc2e
DM		 656
657 * allow dots in access paths
0baedcf7
DM		 658
659 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
660
d4b63eae
DM		 661libpve-access-control (3.0-8) unstable; urgency=low
662
663 * spice: use lowercase hostname in ticktet signature
664
665 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
666
49594944
DM		 667libpve-access-control (3.0-7) unstable; urgency=low
668
669 * check_volume_access : use parse_volname instead of path, and remove
670 path related code.
7c410d63
DM		 671
672 * use warnings instead of global -w flag.
49594944
DM		 673
674 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
675
fe7de5d0
DM		 676libpve-access-control (3.0-6) unstable; urgency=low
677
678 * use shorter spiceproxy tickets
679
680 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
681
4cdd9507
DM		 682libpve-access-control (3.0-5) unstable; urgency=low
683
684 * add code to generate tickets for SPICE
685
686 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
687
677f9ab0
DM		 688libpve-access-control (3.0-4) unstable; urgency=low
689
690 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
691
692 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
693
139a8ecf
DM		 694libpve-access-control (3.0-3) unstable; urgency=low
695
7d23b7ca 696 * Add new role PVETemplateUser (and VM.Clone privilege)
139a8ecf
DM		 697
698 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
699
b78ce7c2
DM		 700libpve-access-control (3.0-2) unstable; urgency=low
701
702 * remove CGI.pm related code (pveproxy does not need that)
703
704 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
705
786820f9
DM		 706libpve-access-control (3.0-1) unstable; urgency=low
707
708 * bump version for wheezy release
709
710 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
711
e5ae5487
DM		 712libpve-access-control (1.0-26) unstable; urgency=low
713
714 * check_volume_access: fix access permissions for backup files
715
716 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
717
e3e6510c
DM		 718libpve-access-control (1.0-25) unstable; urgency=low
719
720 * add VM.Snapshot permission
721
722 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
723
1e15ebe7
DM		 724libpve-access-control (1.0-24) unstable; urgency=low
725
726 * untaint path (allow root to restore arbitrary paths)
727
728 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
729
437be042
DM		 730libpve-access-control (1.0-23) unstable; urgency=low
731
732 * correctly compute GUI capabilities (consider pools)
733
734 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
735
5bb4e06a
DM		 736libpve-access-control (1.0-22) unstable; urgency=low
737
738 * new plugin architecture for Auth modules, minor API change for Auth
739 domains (new 'delete' parameter)
740
741 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
742
3030a176
DM		 743libpve-access-control (1.0-21) unstable; urgency=low
744
745 * do not allow user names including slash
746
747 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
748
749libpve-access-control (1.0-20) unstable; urgency=low
750
751 * add ability to fork cli workers in background
752
753 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
754
dd2cfee0
DM		 755libpve-access-control (1.0-19) unstable; urgency=low
756
757 * return set of privileges on login - can be used to adopt GUI
758
759 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
760
1cf154b7
DM		 761libpve-access-control (1.0-18) unstable; urgency=low
762
7d23b7ca 763 * fix bug #151: correctly parse username inside ticket
533219a1
DM		 764
765 * fix bug #152: allow user to change his own password
1cf154b7
DM		 766
767 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
768
2de14407
DM		 769libpve-access-control (1.0-17) unstable; urgency=low
770
771 * set propagate flag by default
772
773 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
774
bdc61d7a
DM		 775libpve-access-control (1.0-16) unstable; urgency=low
776
777 * add 'pveum passwd' method
778
779 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
780
cc7bdf33
DM		 781libpve-access-control (1.0-15) unstable; urgency=low
782
783 * Add VM.Config.CDROM privilege to PVEVMUser rule
784
785 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
786
a69bbe2e
DM		 787libpve-access-control (1.0-14) unstable; urgency=low
788
789 * fix buf in userid-param permission check
790
791 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
792
d9483d94
DM		 793libpve-access-control (1.0-13) unstable; urgency=low
794
795 * allow more characters in ldap base_dn attribute
796
797 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
798
84619607
DM		 799libpve-access-control (1.0-12) unstable; urgency=low
800
801 * allow more characters with realm IDs
802
803 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
804
09d27058
DM		 805libpve-access-control (1.0-11) unstable; urgency=low
806
807 * fix bug in exec_api2_perm_check
808
809 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
810
7a4c849e
DM		 811libpve-access-control (1.0-10) unstable; urgency=low
812
813 * fix ACL group name parser
814
815 * changed 'pveum aclmod' command line arguments
816
817 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
818
3eac4e35
DM		 819libpve-access-control (1.0-9) unstable; urgency=low
820
821 * fix bug in check_volume_access (fixes vzrestore)
822
823 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
824
4384e19e
DM		 825libpve-access-control (1.0-8) unstable; urgency=low
826
827 * fix return value for empty ACL list.
828
829 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
830
d8a56966
DM		 831libpve-access-control (1.0-7) unstable; urgency=low
832
833 * fix bug #85: allow root@pam to generate tickets for other users
834
835 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
836
cb6f2f93
DM		 837libpve-access-control (1.0-6) unstable; urgency=low
838
839 * API change: allow to filter enabled/disabled users.
840
841 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
842
272fe9ff
DM		 843libpve-access-control (1.0-5) unstable; urgency=low
844
845 * add a way to return file changes (diffs): set_result_changes()
846
847 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
848
e42eedbc
DM		 849libpve-access-control (1.0-4) unstable; urgency=low
850
851 * new environment type for ha agents
852
853 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
854
1fba27e0
DM		 855libpve-access-control (1.0-3) unstable; urgency=low
856
857 * add support for delayed parameter parsing - We need that to disable
7d23b7ca 858 file upload for normal API request (avoid DOS attacks)
1fba27e0
DM		 859
860 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
861
5bf71a96
DM		 862libpve-access-control (1.0-2) unstable; urgency=low
863
864 * fix bug in fork_worker
865
866 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
867
2c3a6c0a
DM		 868libpve-access-control (1.0-1) unstable; urgency=low
869
870 * allow '-' in permission paths
871
872 * bump version to 1.0
873
874 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
875
876libpve-access-control (0.1) unstable; urgency=low
877
878 * first dummy package - no functionality
879
880 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200
881
Access control framework