1 libpve-access-control (6.0-6) pve; urgency=medium
3 * API: add group members to group index
5 * implement API token support and management
7 * pveum: add 'pveum user token add/update/remove/list'
9 * pveum: add permissions sub-commands
11 * API: add 'permissions' API endpoint
13 * user.cfg: skip inexisting roles when parsing ACLs
15 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
17 libpve-access-control (6.0-5) pve; urgency=medium
19 * pveum: add list command for users, groups, ACLs and roles
21 * add initial permissions for experimental SDN integration
23 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
25 libpve-access-control (6.0-4) pve; urgency=medium
27 * ticket: use clinfo to get cluster name
29 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
32 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
34 libpve-access-control (6.0-3) pve; urgency=medium
36 * fix #2433: increase possible TFA secret length
38 * parse user configuration: correctly parse group names in ACLs, for users
39 which begin their name with an @
41 * sort user.cfg entries alphabetically
43 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
45 libpve-access-control (6.0-2) pve; urgency=medium
47 * improve CSRF verification compatibility with newer PVE
49 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
51 libpve-access-control (6.0-1) pve; urgency=medium
53 * ticket: properly verify exactly 5 minute old tickets
55 * use hmac_sha256 instead of sha1 for CSRF token generation
57 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
59 libpve-access-control (6.0-0+1) pve; urgency=medium
61 * bump for Debian buster
63 * fix #2079: add periodic auth key rotation
65 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
67 libpve-access-control (5.1-10) unstable; urgency=medium
69 * add /access/user/{id}/tfa api call to get tfa types
71 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
73 libpve-access-control (5.1-9) unstable; urgency=medium
75 * store the tfa type in user.cfg allowing to get it without proxying the call
76 to a higher priviledged daemon.
78 * tfa: realm required TFA should lock out users without TFA configured, as it
79 was done before Proxmox VE 5.4
81 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
83 libpve-access-control (5.1-8) unstable; urgency=medium
85 * U2F: ensure we save correct public key on registration
87 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
89 libpve-access-control (5.1-7) unstable; urgency=medium
91 * verify_ticket: allow general non-challenge tfa to be run as two step
94 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
96 libpve-access-control (5.1-6) unstable; urgency=medium
98 * more general 2FA configuration via priv/tfa.cfg
100 * add u2f api endpoints
102 * delete TFA entries when deleting a user
104 * allow users to change their TOTP settings
106 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
108 libpve-access-control (5.1-5) unstable; urgency=medium
110 * fix vnc ticket verification without authkey lifetime
112 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
114 libpve-access-control (5.1-4) unstable; urgency=medium
116 * fix #1891: Add zsh command completion for pveum
118 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
119 to avoid issues on upgrade, will be enabled with 6.0
121 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
123 libpve-access-control (5.1-3) unstable; urgency=medium
125 * api/ticket: move getting cluster name into an eval
127 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
129 libpve-access-control (5.1-2) unstable; urgency=medium
131 * fix #1998: correct return properties for read_role
133 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
135 libpve-access-control (5.1-1) unstable; urgency=medium
137 * pveum: introduce sub-commands
139 * register userid with completion
141 * fix #233: return cluster name on successful login
143 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
145 libpve-access-control (5.0-8) unstable; urgency=medium
147 * fix #1612: ldap: make 2nd server work with bind domains again
149 * fix an error message where passing a bad pool id to an API function would
150 make it complain about a wrong group name instead
152 * fix the API-returned permission list so that the GUI knows to show the
153 'Permissions' tab for a storage to an administrator apart from root@pam
155 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
157 libpve-access-control (5.0-7) unstable; urgency=medium
159 * VM.Snapshot.Rollback privilege added
161 * api: check for special roles before locking the usercfg
163 * fix #1501: pveum: die when deleting special role
165 * API/ticket: rework coarse grained permission computation
167 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
169 libpve-access-control (5.0-6) unstable; urgency=medium
171 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
172 'verify' option. For compatibility reasons this defaults to off for now,
173 but that might change with future updates.
175 * AD, LDAP: Add ability to specify a CA path or file, and a client
176 certificate via the 'capath', 'cert' and 'certkey' options.
178 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
180 libpve-access-control (5.0-5) unstable; urgency=medium
182 * change from dpkg-deb to dpkg-buildpackage
184 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
186 libpve-access-control (5.0-4) unstable; urgency=medium
188 * PVE/CLI/pveum.pm: call setup_default_cli_env()
190 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
192 * check_api2_permissions: avoid warning about uninitialized value
194 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
196 libpve-access-control (5.0-3) unstable; urgency=medium
198 * use new PVE::OTP class from pve-common
200 * use new PVE::Tools::encrypt_pw from pve-common
202 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
204 libpve-access-control (5.0-2) unstable; urgency=medium
206 * encrypt_pw: avoid '+' for crypt salt
208 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
210 libpve-access-control (5.0-1) unstable; urgency=medium
212 * rebuild for PVE 5.0
214 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
216 libpve-access-control (4.0-23) unstable; urgency=medium
218 * use new PVE::Ticket class
220 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
222 libpve-access-control (4.0-22) unstable; urgency=medium
224 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
225 (moved to PVE::Storage)
227 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
229 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
231 libpve-access-control (4.0-21) unstable; urgency=medium
233 * setup_default_cli_env: expect $class as first parameter
235 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
237 libpve-access-control (4.0-20) unstable; urgency=medium
239 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
241 * PVE/API2/Domains.pm: fix property description
243 * use new repoman for upload target
245 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
247 libpve-access-control (4.0-19) unstable; urgency=medium
249 * Close #833: ldap: non-anonymous bind support
251 * don't import 'RFC' from MIME::Base32
253 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
255 libpve-access-control (4.0-18) unstable; urgency=medium
257 * fix #1062: recognize base32 otp keys again
259 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
261 libpve-access-control (4.0-17) unstable; urgency=medium
263 * drop oathtool and libdigest-hmac-perl dependencies
265 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
267 libpve-access-control (4.0-16) unstable; urgency=medium
269 * use pve-doc-generator to generate man pages
271 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
273 libpve-access-control (4.0-15) unstable; urgency=medium
275 * Fix uninitialized warning when shadow.cfg does not exist
277 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
279 libpve-access-control (4.0-14) unstable; urgency=medium
281 * Add is_worker to RPCEnvironment
283 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
285 libpve-access-control (4.0-13) unstable; urgency=medium
287 * fix #916: allow HTTPS to access custom yubico url
289 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
291 libpve-access-control (4.0-12) unstable; urgency=medium
293 * Catch certificate errors instead of segfaulting
295 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
297 libpve-access-control (4.0-11) unstable; urgency=medium
299 * Fix #861: use safer sprintf formatting
301 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
303 libpve-access-control (4.0-10) unstable; urgency=medium
305 * Auth::LDAP, Auth::AD: ipv6 support
307 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
309 libpve-access-control (4.0-9) unstable; urgency=medium
311 * pveum: implement bash completion
313 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
315 libpve-access-control (4.0-8) unstable; urgency=medium
317 * remove_storage_access: cleanup of access permissions for removed storage
319 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
321 libpve-access-control (4.0-7) unstable; urgency=medium
323 * new helper to remove access permissions for removed VMs
325 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
327 libpve-access-control (4.0-6) unstable; urgency=medium
329 * improve parse_user_config, parse_shadow_config
331 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
333 libpve-access-control (4.0-5) unstable; urgency=medium
335 * pveum: check for $cmd being defined
337 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
339 libpve-access-control (4.0-4) unstable; urgency=medium
341 * use activate-noawait triggers
343 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
345 libpve-access-control (4.0-3) unstable; urgency=medium
351 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
353 libpve-access-control (4.0-2) unstable; urgency=medium
355 * trigger pve-api-updates event
357 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
359 libpve-access-control (4.0-1) unstable; urgency=medium
361 * bump version for Debian Jessie
363 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
365 libpve-access-control (3.0-16) unstable; urgency=low
367 * root@pam can now be disabled in GUI.
369 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
371 libpve-access-control (3.0-15) unstable; urgency=low
373 * oath: add 'step' and 'digits' option
375 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
377 libpve-access-control (3.0-14) unstable; urgency=low
379 * add oath two factor auth
381 * add oathkeygen binary to generate keys for oath
383 * add yubico two factor auth
387 * depend on libmime-base32-perl
389 * allow to write builtin auth domains config (comment/tfa/default)
391 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
393 libpve-access-control (3.0-13) unstable; urgency=low
395 * use correct connection string for AD auth
397 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
399 libpve-access-control (3.0-12) unstable; urgency=low
401 * add dummy API for GET /access/ticket (useful to generate login pages)
403 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
405 libpve-access-control (3.0-11) unstable; urgency=low
407 * Sets common hot keys for spice client
409 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
411 libpve-access-control (3.0-10) unstable; urgency=low
413 * implement helper to generate SPICE remote-viewer configuration
415 * depend on libnet-ssleay-perl
417 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
419 libpve-access-control (3.0-9) unstable; urgency=low
421 * prevent user enumeration attacks
423 * allow dots in access paths
425 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
427 libpve-access-control (3.0-8) unstable; urgency=low
429 * spice: use lowercase hostname in ticktet signature
431 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
433 libpve-access-control (3.0-7) unstable; urgency=low
435 * check_volume_access : use parse_volname instead of path, and remove
438 * use warnings instead of global -w flag.
440 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
442 libpve-access-control (3.0-6) unstable; urgency=low
444 * use shorter spiceproxy tickets
446 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
448 libpve-access-control (3.0-5) unstable; urgency=low
450 * add code to generate tickets for SPICE
452 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
454 libpve-access-control (3.0-4) unstable; urgency=low
456 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
458 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
460 libpve-access-control (3.0-3) unstable; urgency=low
462 * Add new role PVETemplateUser (and VM.Clone priviledge)
464 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
466 libpve-access-control (3.0-2) unstable; urgency=low
468 * remove CGI.pm related code (pveproxy does not need that)
470 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
472 libpve-access-control (3.0-1) unstable; urgency=low
474 * bump version for wheezy release
476 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
478 libpve-access-control (1.0-26) unstable; urgency=low
480 * check_volume_access: fix access permissions for backup files
482 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
484 libpve-access-control (1.0-25) unstable; urgency=low
486 * add VM.Snapshot permission
488 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
490 libpve-access-control (1.0-24) unstable; urgency=low
492 * untaint path (allow root to restore arbitrary paths)
494 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
496 libpve-access-control (1.0-23) unstable; urgency=low
498 * correctly compute GUI capabilities (consider pools)
500 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
502 libpve-access-control (1.0-22) unstable; urgency=low
504 * new plugin architecture for Auth modules, minor API change for Auth
505 domains (new 'delete' parameter)
507 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
509 libpve-access-control (1.0-21) unstable; urgency=low
511 * do not allow user names including slash
513 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
515 libpve-access-control (1.0-20) unstable; urgency=low
517 * add ability to fork cli workers in background
519 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
521 libpve-access-control (1.0-19) unstable; urgency=low
523 * return set of privileges on login - can be used to adopt GUI
525 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
527 libpve-access-control (1.0-18) unstable; urgency=low
529 * fix bug #151: corretly parse username inside ticket
531 * fix bug #152: allow user to change his own password
533 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
535 libpve-access-control (1.0-17) unstable; urgency=low
537 * set propagate flag by default
539 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
541 libpve-access-control (1.0-16) unstable; urgency=low
543 * add 'pveum passwd' method
545 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
547 libpve-access-control (1.0-15) unstable; urgency=low
549 * Add VM.Config.CDROM privilege to PVEVMUser rule
551 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
553 libpve-access-control (1.0-14) unstable; urgency=low
555 * fix buf in userid-param permission check
557 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
559 libpve-access-control (1.0-13) unstable; urgency=low
561 * allow more characters in ldap base_dn attribute
563 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
565 libpve-access-control (1.0-12) unstable; urgency=low
567 * allow more characters with realm IDs
569 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
571 libpve-access-control (1.0-11) unstable; urgency=low
573 * fix bug in exec_api2_perm_check
575 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
577 libpve-access-control (1.0-10) unstable; urgency=low
579 * fix ACL group name parser
581 * changed 'pveum aclmod' command line arguments
583 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
585 libpve-access-control (1.0-9) unstable; urgency=low
587 * fix bug in check_volume_access (fixes vzrestore)
589 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
591 libpve-access-control (1.0-8) unstable; urgency=low
593 * fix return value for empty ACL list.
595 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
597 libpve-access-control (1.0-7) unstable; urgency=low
599 * fix bug #85: allow root@pam to generate tickets for other users
601 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
603 libpve-access-control (1.0-6) unstable; urgency=low
605 * API change: allow to filter enabled/disabled users.
607 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
609 libpve-access-control (1.0-5) unstable; urgency=low
611 * add a way to return file changes (diffs): set_result_changes()
613 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
615 libpve-access-control (1.0-4) unstable; urgency=low
617 * new environment type for ha agents
619 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
621 libpve-access-control (1.0-3) unstable; urgency=low
623 * add support for delayed parameter parsing - We need that to disable
624 file upload for normal API request (avoid DOS attacs)
626 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
628 libpve-access-control (1.0-2) unstable; urgency=low
630 * fix bug in fork_worker
632 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
634 libpve-access-control (1.0-1) unstable; urgency=low
636 * allow '-' in permission paths
638 * bump version to 1.0
640 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
642 libpve-access-control (0.1) unstable; urgency=low
644 * first dummy package - no functionality
646 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200
projects / pve-access-control.git / blob