1 libpve-access-control (7.4-1) bullseye; urgency=medium
3 * realm sync: refactor scope/remove-vanished into a standard option
5 * ldap: Allow quoted values for DN attribute values
7 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Mar 2023 17:16:11 +0100
9 libpve-access-control (7.3-2) bullseye; urgency=medium
11 * fix #4518: dramatically improve ACL computation performance
13 * userid format: clarify that this is the full name@realm in description
15 -- Proxmox Support Team <support@proxmox.com> Mon, 06 Mar 2023 11:40:11 +0100
17 libpve-access-control (7.3-1) bullseye; urgency=medium
19 * realm: sync: allow explicit 'none' for 'remove-vanished' option
21 -- Proxmox Support Team <support@proxmox.com> Fri, 16 Dec 2022 13:11:04 +0100
23 libpve-access-control (7.2-5) bullseye; urgency=medium
25 * api: realm sync: avoid separate log line for "remove-vanished" opt
27 * auth ldap/ad: compare group member dn case-insensitively
29 * two factor auth: only lock tfa config for recovery keys
31 * privs: add Sys.Incoming for guarding cross-cluster data streams like guest
32 migrations and storage migrations
34 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Nov 2022 13:09:17 +0100
36 libpve-access-control (7.2-4) bullseye; urgency=medium
38 * fix #4074: increase API OpenID code size limit to 2048
40 * auth key: protect against rare chance of a double rotation in clusters,
41 leaving the potential that some set of nodes have the earlier key cached,
42 that then got rotated out due to the race, resulting in a possible other
43 set of nodes having the newer key cached. This is a split view of the auth
44 key and may resulting in spurious failures if API requests are made to a
45 different node than the ticket was generated on.
46 In addition to that, the "keep validity of old tickets if signed in the
47 last two hours before rotation" logic was disabled too in such a case,
48 making such tickets invalid too early.
49 Note that both are cases where Proxmox VE was too strict, so while this
50 had no security implications it can be a nuisance, especially for
51 environments that use the API through an automated or scripted way
53 -- Proxmox Support Team <support@proxmox.com> Thu, 14 Jul 2022 08:36:51 +0200
55 libpve-access-control (7.2-3) bullseye; urgency=medium
57 * api: token: use userid-group as API perm check to avoid being overly
58 strict through a misguided use of user id for non-root users.
60 * perm check: forbid undefined/empty ACL path for future proofing of against
63 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Jun 2022 15:51:14 +0200
65 libpve-access-control (7.2-2) bullseye; urgency=medium
67 * permissions: merge propagation flag for multiple roles on a path that
68 share privilege in a deterministic way, to avoid that it gets lost
69 depending on perl's random sort, which would result in returing less
70 privileges than an auth-id actually had.
72 * permissions: avoid that token and user privilege intersection is to strict
73 for user permissions that have propagation disabled.
75 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2022 14:02:30 +0200
77 libpve-access-control (7.2-1) bullseye; urgency=medium
79 * user check: fix expiration/enable order
81 -- Proxmox Support Team <support@proxmox.com> Tue, 31 May 2022 13:43:37 +0200
83 libpve-access-control (7.1-8) bullseye; urgency=medium
85 * fix #3668: realm-sync: replace 'full' & 'purge' with 'remove-
88 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Apr 2022 17:02:46 +0200
90 libpve-access-control (7.1-7) bullseye; urgency=medium
92 * userid-group check: distinguish create and update
94 * api: get user: declare token schema
96 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Mar 2022 16:15:23 +0100
98 libpve-access-control (7.1-6) bullseye; urgency=medium
100 * fix #3768: warn on bad u2f or webauthn settings
102 * tfa: when modifying others, verify the current user's password
104 * tfa list: account for admin permissions
106 * fix realm sync permissions
108 * fix token permission display bug
110 * include SDN permissions in permission tree
112 -- Proxmox Support Team <support@proxmox.com> Fri, 21 Jan 2022 14:20:42 +0100
114 libpve-access-control (7.1-5) bullseye; urgency=medium
116 * openid: fix username-claim fallback
118 -- Proxmox Support Team <support@proxmox.com> Thu, 25 Nov 2021 07:57:38 +0100
120 libpve-access-control (7.1-4) bullseye; urgency=medium
122 * set current origin in the webauthn config if no fixed origin was
123 configured, to support webauthn via subdomains
125 -- Proxmox Support Team <support@proxmox.com> Mon, 22 Nov 2021 14:04:06 +0100
127 libpve-access-control (7.1-3) bullseye; urgency=medium
129 * openid: allow arbitrary username-claims
131 * openid: support configuring the prompt, scopes and ACR values
133 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Nov 2021 08:11:52 +0100
135 libpve-access-control (7.1-2) bullseye; urgency=medium
137 * catch incompatible tfa entries with a nice error
139 -- Proxmox Support Team <support@proxmox.com> Wed, 17 Nov 2021 13:44:45 +0100
141 libpve-access-control (7.1-1) bullseye; urgency=medium
143 * tfa: map HTTP 404 error in get_tfa_entry correctly
145 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Nov 2021 15:33:22 +0100
147 libpve-access-control (7.0-7) bullseye; urgency=medium
149 * fix #3513: pass configured proxy to OpenID
151 * use rust based parser for TFA config
153 * use PBS-like auth api call flow,
155 * merge old user.cfg keys to tfa config when adding entries
157 * implement version checks for new tfa config writer to ensure all
158 cluster nodes are ready to avoid login issues
160 * tickets: add tunnel ticket
162 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Nov 2021 18:17:49 +0100
164 libpve-access-control (7.0-6) bullseye; urgency=medium
166 * fix regression in user deletion when realm does not enforce TFA
168 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Oct 2021 12:28:52 +0200
170 libpve-access-control (7.0-5) bullseye; urgency=medium
172 * acl: check path: add /sdn/vnets/* path
174 * fix #2302: allow deletion of users when realm enforces TFA
176 * api: delete user: disable user first to avoid surprise on error during the
177 various cleanup action required for user deletion (e.g., TFA, ACL, group)
179 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Sep 2021 15:50:47 +0200
181 libpve-access-control (7.0-4) bullseye; urgency=medium
183 * realm: add OpenID configuration
185 * api: implement OpenID related endpoints
187 * implement opt-in OpenID autocreate user feature
189 * api: user: add 'realm-type' to user list response
191 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jul 2021 13:45:46 +0200
193 libpve-access-control (7.0-3) bullseye; urgency=medium
195 * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and
196 `/sdn/zones/<zone>` to allowed ACL paths
198 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 10:31:19 +0200
200 libpve-access-control (7.0-2) bullseye; urgency=medium
202 * fix #3402: add Pool.Audit privilege - custom roles containing
203 Pool.Allocate must be updated to include the new privilege.
205 -- Proxmox Support Team <support@proxmox.com> Tue, 1 Jun 2021 11:28:38 +0200
207 libpve-access-control (7.0-1) bullseye; urgency=medium
209 * re-build for Debian 11 Bullseye based releases
211 -- Proxmox Support Team <support@proxmox.com> Sun, 09 May 2021 18:18:23 +0200
213 libpve-access-control (6.4-1) pve; urgency=medium
215 * fix #1670: change PAM service name to project specific name
217 * fix #1500: permission path syntax check for access control
219 * pveum: add resource pool CLI commands
221 -- Proxmox Support Team <support@proxmox.com> Sat, 24 Apr 2021 19:48:21 +0200
223 libpve-access-control (6.1-3) pve; urgency=medium
225 * partially fix #2825: authkey: rotate if it was generated in the
228 * fix #2947: add an option to LDAP or AD realm to switch user lookup to case
231 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200
233 libpve-access-control (6.1-2) pve; urgency=medium
235 * also check SDN permission path when computing coarse permissions heuristic
238 * add SDN Permissions.Modify
240 * add VM.Config.Cloudinit
242 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200
244 libpve-access-control (6.1-1) pve; urgency=medium
246 * pveum: add tfa delete subcommand for deleting user-TFA
248 * LDAP: don't complain about missing credentials on realm removal
250 * LDAP: skip anonymous bind when client certificate and key is configured
252 -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200
254 libpve-access-control (6.0-7) pve; urgency=medium
256 * fix #2575: die when trying to edit built-in roles
258 * add realm sub commands to pveum CLI tool
260 * api: domains: add user group sync API endpoint
262 * allow one to sync and import users and groups from LDAP/AD based realms
264 * realm: add default-sync-options to config for more convenient sync configuration
266 * api: token create: return also full token id for convenience
268 -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
270 libpve-access-control (6.0-6) pve; urgency=medium
272 * API: add group members to group index
274 * implement API token support and management
276 * pveum: add 'pveum user token add/update/remove/list'
278 * pveum: add permissions sub-commands
280 * API: add 'permissions' API endpoint
282 * user.cfg: skip inexisting roles when parsing ACLs
284 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
286 libpve-access-control (6.0-5) pve; urgency=medium
288 * pveum: add list command for users, groups, ACLs and roles
290 * add initial permissions for experimental SDN integration
292 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
294 libpve-access-control (6.0-4) pve; urgency=medium
296 * ticket: use clinfo to get cluster name
298 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
301 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
303 libpve-access-control (6.0-3) pve; urgency=medium
305 * fix #2433: increase possible TFA secret length
307 * parse user configuration: correctly parse group names in ACLs, for users
308 which begin their name with an @
310 * sort user.cfg entries alphabetically
312 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
314 libpve-access-control (6.0-2) pve; urgency=medium
316 * improve CSRF verification compatibility with newer PVE
318 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
320 libpve-access-control (6.0-1) pve; urgency=medium
322 * ticket: properly verify exactly 5 minute old tickets
324 * use hmac_sha256 instead of sha1 for CSRF token generation
326 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
328 libpve-access-control (6.0-0+1) pve; urgency=medium
330 * bump for Debian buster
332 * fix #2079: add periodic auth key rotation
334 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
336 libpve-access-control (5.1-10) unstable; urgency=medium
338 * add /access/user/{id}/tfa api call to get tfa types
340 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
342 libpve-access-control (5.1-9) unstable; urgency=medium
344 * store the tfa type in user.cfg allowing to get it without proxying the call
345 to a higher privileged daemon.
347 * tfa: realm required TFA should lock out users without TFA configured, as it
348 was done before Proxmox VE 5.4
350 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
352 libpve-access-control (5.1-8) unstable; urgency=medium
354 * U2F: ensure we save correct public key on registration
356 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
358 libpve-access-control (5.1-7) unstable; urgency=medium
360 * verify_ticket: allow general non-challenge tfa to be run as two step
363 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
365 libpve-access-control (5.1-6) unstable; urgency=medium
367 * more general 2FA configuration via priv/tfa.cfg
369 * add u2f api endpoints
371 * delete TFA entries when deleting a user
373 * allow users to change their TOTP settings
375 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
377 libpve-access-control (5.1-5) unstable; urgency=medium
379 * fix vnc ticket verification without authkey lifetime
381 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
383 libpve-access-control (5.1-4) unstable; urgency=medium
385 * fix #1891: Add zsh command completion for pveum
387 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
388 to avoid issues on upgrade, will be enabled with 6.0
390 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
392 libpve-access-control (5.1-3) unstable; urgency=medium
394 * api/ticket: move getting cluster name into an eval
396 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
398 libpve-access-control (5.1-2) unstable; urgency=medium
400 * fix #1998: correct return properties for read_role
402 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
404 libpve-access-control (5.1-1) unstable; urgency=medium
406 * pveum: introduce sub-commands
408 * register userid with completion
410 * fix #233: return cluster name on successful login
412 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
414 libpve-access-control (5.0-8) unstable; urgency=medium
416 * fix #1612: ldap: make 2nd server work with bind domains again
418 * fix an error message where passing a bad pool id to an API function would
419 make it complain about a wrong group name instead
421 * fix the API-returned permission list so that the GUI knows to show the
422 'Permissions' tab for a storage to an administrator apart from root@pam
424 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
426 libpve-access-control (5.0-7) unstable; urgency=medium
428 * VM.Snapshot.Rollback privilege added
430 * api: check for special roles before locking the usercfg
432 * fix #1501: pveum: die when deleting special role
434 * API/ticket: rework coarse grained permission computation
436 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
438 libpve-access-control (5.0-6) unstable; urgency=medium
440 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
441 'verify' option. For compatibility reasons this defaults to off for now,
442 but that might change with future updates.
444 * AD, LDAP: Add ability to specify a CA path or file, and a client
445 certificate via the 'capath', 'cert' and 'certkey' options.
447 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
449 libpve-access-control (5.0-5) unstable; urgency=medium
451 * change from dpkg-deb to dpkg-buildpackage
453 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
455 libpve-access-control (5.0-4) unstable; urgency=medium
457 * PVE/CLI/pveum.pm: call setup_default_cli_env()
459 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
461 * check_api2_permissions: avoid warning about uninitialized value
463 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
465 libpve-access-control (5.0-3) unstable; urgency=medium
467 * use new PVE::OTP class from pve-common
469 * use new PVE::Tools::encrypt_pw from pve-common
471 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
473 libpve-access-control (5.0-2) unstable; urgency=medium
475 * encrypt_pw: avoid '+' for crypt salt
477 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
479 libpve-access-control (5.0-1) unstable; urgency=medium
481 * rebuild for PVE 5.0
483 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
485 libpve-access-control (4.0-23) unstable; urgency=medium
487 * use new PVE::Ticket class
489 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
491 libpve-access-control (4.0-22) unstable; urgency=medium
493 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
494 (moved to PVE::Storage)
496 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
498 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
500 libpve-access-control (4.0-21) unstable; urgency=medium
502 * setup_default_cli_env: expect $class as first parameter
504 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
506 libpve-access-control (4.0-20) unstable; urgency=medium
508 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
510 * PVE/API2/Domains.pm: fix property description
512 * use new repoman for upload target
514 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
516 libpve-access-control (4.0-19) unstable; urgency=medium
518 * Close #833: ldap: non-anonymous bind support
520 * don't import 'RFC' from MIME::Base32
522 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
524 libpve-access-control (4.0-18) unstable; urgency=medium
526 * fix #1062: recognize base32 otp keys again
528 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
530 libpve-access-control (4.0-17) unstable; urgency=medium
532 * drop oathtool and libdigest-hmac-perl dependencies
534 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
536 libpve-access-control (4.0-16) unstable; urgency=medium
538 * use pve-doc-generator to generate man pages
540 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
542 libpve-access-control (4.0-15) unstable; urgency=medium
544 * Fix uninitialized warning when shadow.cfg does not exist
546 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
548 libpve-access-control (4.0-14) unstable; urgency=medium
550 * Add is_worker to RPCEnvironment
552 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
554 libpve-access-control (4.0-13) unstable; urgency=medium
556 * fix #916: allow HTTPS to access custom yubico url
558 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
560 libpve-access-control (4.0-12) unstable; urgency=medium
562 * Catch certificate errors instead of segfaulting
564 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
566 libpve-access-control (4.0-11) unstable; urgency=medium
568 * Fix #861: use safer sprintf formatting
570 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
572 libpve-access-control (4.0-10) unstable; urgency=medium
574 * Auth::LDAP, Auth::AD: ipv6 support
576 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
578 libpve-access-control (4.0-9) unstable; urgency=medium
580 * pveum: implement bash completion
582 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
584 libpve-access-control (4.0-8) unstable; urgency=medium
586 * remove_storage_access: cleanup of access permissions for removed storage
588 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
590 libpve-access-control (4.0-7) unstable; urgency=medium
592 * new helper to remove access permissions for removed VMs
594 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
596 libpve-access-control (4.0-6) unstable; urgency=medium
598 * improve parse_user_config, parse_shadow_config
600 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
602 libpve-access-control (4.0-5) unstable; urgency=medium
604 * pveum: check for $cmd being defined
606 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
608 libpve-access-control (4.0-4) unstable; urgency=medium
610 * use activate-noawait triggers
612 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
614 libpve-access-control (4.0-3) unstable; urgency=medium
620 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
622 libpve-access-control (4.0-2) unstable; urgency=medium
624 * trigger pve-api-updates event
626 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
628 libpve-access-control (4.0-1) unstable; urgency=medium
630 * bump version for Debian Jessie
632 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
634 libpve-access-control (3.0-16) unstable; urgency=low
636 * root@pam can now be disabled in GUI.
638 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
640 libpve-access-control (3.0-15) unstable; urgency=low
642 * oath: add 'step' and 'digits' option
644 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
646 libpve-access-control (3.0-14) unstable; urgency=low
648 * add oath two factor auth
650 * add oathkeygen binary to generate keys for oath
652 * add yubico two factor auth
656 * depend on libmime-base32-perl
658 * allow to write builtin auth domains config (comment/tfa/default)
660 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
662 libpve-access-control (3.0-13) unstable; urgency=low
664 * use correct connection string for AD auth
666 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
668 libpve-access-control (3.0-12) unstable; urgency=low
670 * add dummy API for GET /access/ticket (useful to generate login pages)
672 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
674 libpve-access-control (3.0-11) unstable; urgency=low
676 * Sets common hot keys for spice client
678 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
680 libpve-access-control (3.0-10) unstable; urgency=low
682 * implement helper to generate SPICE remote-viewer configuration
684 * depend on libnet-ssleay-perl
686 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
688 libpve-access-control (3.0-9) unstable; urgency=low
690 * prevent user enumeration attacks
692 * allow dots in access paths
694 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
696 libpve-access-control (3.0-8) unstable; urgency=low
698 * spice: use lowercase hostname in ticktet signature
700 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
702 libpve-access-control (3.0-7) unstable; urgency=low
704 * check_volume_access : use parse_volname instead of path, and remove
707 * use warnings instead of global -w flag.
709 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
711 libpve-access-control (3.0-6) unstable; urgency=low
713 * use shorter spiceproxy tickets
715 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
717 libpve-access-control (3.0-5) unstable; urgency=low
719 * add code to generate tickets for SPICE
721 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
723 libpve-access-control (3.0-4) unstable; urgency=low
725 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
727 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
729 libpve-access-control (3.0-3) unstable; urgency=low
731 * Add new role PVETemplateUser (and VM.Clone privilege)
733 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
735 libpve-access-control (3.0-2) unstable; urgency=low
737 * remove CGI.pm related code (pveproxy does not need that)
739 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
741 libpve-access-control (3.0-1) unstable; urgency=low
743 * bump version for wheezy release
745 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
747 libpve-access-control (1.0-26) unstable; urgency=low
749 * check_volume_access: fix access permissions for backup files
751 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
753 libpve-access-control (1.0-25) unstable; urgency=low
755 * add VM.Snapshot permission
757 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
759 libpve-access-control (1.0-24) unstable; urgency=low
761 * untaint path (allow root to restore arbitrary paths)
763 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
765 libpve-access-control (1.0-23) unstable; urgency=low
767 * correctly compute GUI capabilities (consider pools)
769 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
771 libpve-access-control (1.0-22) unstable; urgency=low
773 * new plugin architecture for Auth modules, minor API change for Auth
774 domains (new 'delete' parameter)
776 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
778 libpve-access-control (1.0-21) unstable; urgency=low
780 * do not allow user names including slash
782 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
784 libpve-access-control (1.0-20) unstable; urgency=low
786 * add ability to fork cli workers in background
788 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
790 libpve-access-control (1.0-19) unstable; urgency=low
792 * return set of privileges on login - can be used to adopt GUI
794 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
796 libpve-access-control (1.0-18) unstable; urgency=low
798 * fix bug #151: correctly parse username inside ticket
800 * fix bug #152: allow user to change his own password
802 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
804 libpve-access-control (1.0-17) unstable; urgency=low
806 * set propagate flag by default
808 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
810 libpve-access-control (1.0-16) unstable; urgency=low
812 * add 'pveum passwd' method
814 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
816 libpve-access-control (1.0-15) unstable; urgency=low
818 * Add VM.Config.CDROM privilege to PVEVMUser rule
820 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
822 libpve-access-control (1.0-14) unstable; urgency=low
824 * fix buf in userid-param permission check
826 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
828 libpve-access-control (1.0-13) unstable; urgency=low
830 * allow more characters in ldap base_dn attribute
832 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
834 libpve-access-control (1.0-12) unstable; urgency=low
836 * allow more characters with realm IDs
838 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
840 libpve-access-control (1.0-11) unstable; urgency=low
842 * fix bug in exec_api2_perm_check
844 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
846 libpve-access-control (1.0-10) unstable; urgency=low
848 * fix ACL group name parser
850 * changed 'pveum aclmod' command line arguments
852 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
854 libpve-access-control (1.0-9) unstable; urgency=low
856 * fix bug in check_volume_access (fixes vzrestore)
858 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
860 libpve-access-control (1.0-8) unstable; urgency=low
862 * fix return value for empty ACL list.
864 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
866 libpve-access-control (1.0-7) unstable; urgency=low
868 * fix bug #85: allow root@pam to generate tickets for other users
870 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
872 libpve-access-control (1.0-6) unstable; urgency=low
874 * API change: allow to filter enabled/disabled users.
876 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
878 libpve-access-control (1.0-5) unstable; urgency=low
880 * add a way to return file changes (diffs): set_result_changes()
882 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
884 libpve-access-control (1.0-4) unstable; urgency=low
886 * new environment type for ha agents
888 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
890 libpve-access-control (1.0-3) unstable; urgency=low
892 * add support for delayed parameter parsing - We need that to disable
893 file upload for normal API request (avoid DOS attacks)
895 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
897 libpve-access-control (1.0-2) unstable; urgency=low
899 * fix bug in fork_worker
901 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
903 libpve-access-control (1.0-1) unstable; urgency=low
905 * allow '-' in permission paths
907 * bump version to 1.0
909 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
911 libpve-access-control (0.1) unstable; urgency=low
913 * first dummy package - no functionality
915 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200