1 libpve-access-control (6.1-2) pve; urgency=medium
3 * also check SDN permission path when computing coarse permissions heuristic
6 * add SDN Permissions.Modify
8 * add VM.Config.Cloudinit
10 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200
12 libpve-access-control (6.1-1) pve; urgency=medium
14 * pveum: add tfa delete subcommand for deleting user-TFA
16 * LDAP: don't complain about missing credentials on realm removal
18 * LDAP: skip anonymous bind when client certificate and key is configured
20 -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200
22 libpve-access-control (6.0-7) pve; urgency=medium
24 * fix #2575: die when trying to edit built-in roles
26 * add realm sub commands to pveum CLI tool
28 * api: domains: add user group sync API enpoint
30 * allow one to sync and import users and groups from LDAP/AD based realms
32 * realm: add default-sync-options to config for more convenient sync configuration
34 * api: token create: return also full token id for convenience
36 -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
38 libpve-access-control (6.0-6) pve; urgency=medium
40 * API: add group members to group index
42 * implement API token support and management
44 * pveum: add 'pveum user token add/update/remove/list'
46 * pveum: add permissions sub-commands
48 * API: add 'permissions' API endpoint
50 * user.cfg: skip inexisting roles when parsing ACLs
52 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
54 libpve-access-control (6.0-5) pve; urgency=medium
56 * pveum: add list command for users, groups, ACLs and roles
58 * add initial permissions for experimental SDN integration
60 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
62 libpve-access-control (6.0-4) pve; urgency=medium
64 * ticket: use clinfo to get cluster name
66 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
69 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
71 libpve-access-control (6.0-3) pve; urgency=medium
73 * fix #2433: increase possible TFA secret length
75 * parse user configuration: correctly parse group names in ACLs, for users
76 which begin their name with an @
78 * sort user.cfg entries alphabetically
80 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
82 libpve-access-control (6.0-2) pve; urgency=medium
84 * improve CSRF verification compatibility with newer PVE
86 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
88 libpve-access-control (6.0-1) pve; urgency=medium
90 * ticket: properly verify exactly 5 minute old tickets
92 * use hmac_sha256 instead of sha1 for CSRF token generation
94 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
96 libpve-access-control (6.0-0+1) pve; urgency=medium
98 * bump for Debian buster
100 * fix #2079: add periodic auth key rotation
102 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
104 libpve-access-control (5.1-10) unstable; urgency=medium
106 * add /access/user/{id}/tfa api call to get tfa types
108 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
110 libpve-access-control (5.1-9) unstable; urgency=medium
112 * store the tfa type in user.cfg allowing to get it without proxying the call
113 to a higher priviledged daemon.
115 * tfa: realm required TFA should lock out users without TFA configured, as it
116 was done before Proxmox VE 5.4
118 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
120 libpve-access-control (5.1-8) unstable; urgency=medium
122 * U2F: ensure we save correct public key on registration
124 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
126 libpve-access-control (5.1-7) unstable; urgency=medium
128 * verify_ticket: allow general non-challenge tfa to be run as two step
131 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
133 libpve-access-control (5.1-6) unstable; urgency=medium
135 * more general 2FA configuration via priv/tfa.cfg
137 * add u2f api endpoints
139 * delete TFA entries when deleting a user
141 * allow users to change their TOTP settings
143 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
145 libpve-access-control (5.1-5) unstable; urgency=medium
147 * fix vnc ticket verification without authkey lifetime
149 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
151 libpve-access-control (5.1-4) unstable; urgency=medium
153 * fix #1891: Add zsh command completion for pveum
155 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
156 to avoid issues on upgrade, will be enabled with 6.0
158 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
160 libpve-access-control (5.1-3) unstable; urgency=medium
162 * api/ticket: move getting cluster name into an eval
164 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
166 libpve-access-control (5.1-2) unstable; urgency=medium
168 * fix #1998: correct return properties for read_role
170 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
172 libpve-access-control (5.1-1) unstable; urgency=medium
174 * pveum: introduce sub-commands
176 * register userid with completion
178 * fix #233: return cluster name on successful login
180 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
182 libpve-access-control (5.0-8) unstable; urgency=medium
184 * fix #1612: ldap: make 2nd server work with bind domains again
186 * fix an error message where passing a bad pool id to an API function would
187 make it complain about a wrong group name instead
189 * fix the API-returned permission list so that the GUI knows to show the
190 'Permissions' tab for a storage to an administrator apart from root@pam
192 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
194 libpve-access-control (5.0-7) unstable; urgency=medium
196 * VM.Snapshot.Rollback privilege added
198 * api: check for special roles before locking the usercfg
200 * fix #1501: pveum: die when deleting special role
202 * API/ticket: rework coarse grained permission computation
204 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
206 libpve-access-control (5.0-6) unstable; urgency=medium
208 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
209 'verify' option. For compatibility reasons this defaults to off for now,
210 but that might change with future updates.
212 * AD, LDAP: Add ability to specify a CA path or file, and a client
213 certificate via the 'capath', 'cert' and 'certkey' options.
215 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
217 libpve-access-control (5.0-5) unstable; urgency=medium
219 * change from dpkg-deb to dpkg-buildpackage
221 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
223 libpve-access-control (5.0-4) unstable; urgency=medium
225 * PVE/CLI/pveum.pm: call setup_default_cli_env()
227 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
229 * check_api2_permissions: avoid warning about uninitialized value
231 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
233 libpve-access-control (5.0-3) unstable; urgency=medium
235 * use new PVE::OTP class from pve-common
237 * use new PVE::Tools::encrypt_pw from pve-common
239 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
241 libpve-access-control (5.0-2) unstable; urgency=medium
243 * encrypt_pw: avoid '+' for crypt salt
245 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
247 libpve-access-control (5.0-1) unstable; urgency=medium
249 * rebuild for PVE 5.0
251 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
253 libpve-access-control (4.0-23) unstable; urgency=medium
255 * use new PVE::Ticket class
257 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
259 libpve-access-control (4.0-22) unstable; urgency=medium
261 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
262 (moved to PVE::Storage)
264 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
266 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
268 libpve-access-control (4.0-21) unstable; urgency=medium
270 * setup_default_cli_env: expect $class as first parameter
272 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
274 libpve-access-control (4.0-20) unstable; urgency=medium
276 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
278 * PVE/API2/Domains.pm: fix property description
280 * use new repoman for upload target
282 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
284 libpve-access-control (4.0-19) unstable; urgency=medium
286 * Close #833: ldap: non-anonymous bind support
288 * don't import 'RFC' from MIME::Base32
290 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
292 libpve-access-control (4.0-18) unstable; urgency=medium
294 * fix #1062: recognize base32 otp keys again
296 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
298 libpve-access-control (4.0-17) unstable; urgency=medium
300 * drop oathtool and libdigest-hmac-perl dependencies
302 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
304 libpve-access-control (4.0-16) unstable; urgency=medium
306 * use pve-doc-generator to generate man pages
308 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
310 libpve-access-control (4.0-15) unstable; urgency=medium
312 * Fix uninitialized warning when shadow.cfg does not exist
314 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
316 libpve-access-control (4.0-14) unstable; urgency=medium
318 * Add is_worker to RPCEnvironment
320 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
322 libpve-access-control (4.0-13) unstable; urgency=medium
324 * fix #916: allow HTTPS to access custom yubico url
326 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
328 libpve-access-control (4.0-12) unstable; urgency=medium
330 * Catch certificate errors instead of segfaulting
332 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
334 libpve-access-control (4.0-11) unstable; urgency=medium
336 * Fix #861: use safer sprintf formatting
338 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
340 libpve-access-control (4.0-10) unstable; urgency=medium
342 * Auth::LDAP, Auth::AD: ipv6 support
344 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
346 libpve-access-control (4.0-9) unstable; urgency=medium
348 * pveum: implement bash completion
350 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
352 libpve-access-control (4.0-8) unstable; urgency=medium
354 * remove_storage_access: cleanup of access permissions for removed storage
356 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
358 libpve-access-control (4.0-7) unstable; urgency=medium
360 * new helper to remove access permissions for removed VMs
362 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
364 libpve-access-control (4.0-6) unstable; urgency=medium
366 * improve parse_user_config, parse_shadow_config
368 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
370 libpve-access-control (4.0-5) unstable; urgency=medium
372 * pveum: check for $cmd being defined
374 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
376 libpve-access-control (4.0-4) unstable; urgency=medium
378 * use activate-noawait triggers
380 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
382 libpve-access-control (4.0-3) unstable; urgency=medium
388 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
390 libpve-access-control (4.0-2) unstable; urgency=medium
392 * trigger pve-api-updates event
394 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
396 libpve-access-control (4.0-1) unstable; urgency=medium
398 * bump version for Debian Jessie
400 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
402 libpve-access-control (3.0-16) unstable; urgency=low
404 * root@pam can now be disabled in GUI.
406 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
408 libpve-access-control (3.0-15) unstable; urgency=low
410 * oath: add 'step' and 'digits' option
412 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
414 libpve-access-control (3.0-14) unstable; urgency=low
416 * add oath two factor auth
418 * add oathkeygen binary to generate keys for oath
420 * add yubico two factor auth
424 * depend on libmime-base32-perl
426 * allow to write builtin auth domains config (comment/tfa/default)
428 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
430 libpve-access-control (3.0-13) unstable; urgency=low
432 * use correct connection string for AD auth
434 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
436 libpve-access-control (3.0-12) unstable; urgency=low
438 * add dummy API for GET /access/ticket (useful to generate login pages)
440 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
442 libpve-access-control (3.0-11) unstable; urgency=low
444 * Sets common hot keys for spice client
446 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
448 libpve-access-control (3.0-10) unstable; urgency=low
450 * implement helper to generate SPICE remote-viewer configuration
452 * depend on libnet-ssleay-perl
454 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
456 libpve-access-control (3.0-9) unstable; urgency=low
458 * prevent user enumeration attacks
460 * allow dots in access paths
462 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
464 libpve-access-control (3.0-8) unstable; urgency=low
466 * spice: use lowercase hostname in ticktet signature
468 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
470 libpve-access-control (3.0-7) unstable; urgency=low
472 * check_volume_access : use parse_volname instead of path, and remove
475 * use warnings instead of global -w flag.
477 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
479 libpve-access-control (3.0-6) unstable; urgency=low
481 * use shorter spiceproxy tickets
483 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
485 libpve-access-control (3.0-5) unstable; urgency=low
487 * add code to generate tickets for SPICE
489 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
491 libpve-access-control (3.0-4) unstable; urgency=low
493 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
495 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
497 libpve-access-control (3.0-3) unstable; urgency=low
499 * Add new role PVETemplateUser (and VM.Clone priviledge)
501 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
503 libpve-access-control (3.0-2) unstable; urgency=low
505 * remove CGI.pm related code (pveproxy does not need that)
507 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
509 libpve-access-control (3.0-1) unstable; urgency=low
511 * bump version for wheezy release
513 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
515 libpve-access-control (1.0-26) unstable; urgency=low
517 * check_volume_access: fix access permissions for backup files
519 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
521 libpve-access-control (1.0-25) unstable; urgency=low
523 * add VM.Snapshot permission
525 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
527 libpve-access-control (1.0-24) unstable; urgency=low
529 * untaint path (allow root to restore arbitrary paths)
531 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
533 libpve-access-control (1.0-23) unstable; urgency=low
535 * correctly compute GUI capabilities (consider pools)
537 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
539 libpve-access-control (1.0-22) unstable; urgency=low
541 * new plugin architecture for Auth modules, minor API change for Auth
542 domains (new 'delete' parameter)
544 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
546 libpve-access-control (1.0-21) unstable; urgency=low
548 * do not allow user names including slash
550 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
552 libpve-access-control (1.0-20) unstable; urgency=low
554 * add ability to fork cli workers in background
556 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
558 libpve-access-control (1.0-19) unstable; urgency=low
560 * return set of privileges on login - can be used to adopt GUI
562 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
564 libpve-access-control (1.0-18) unstable; urgency=low
566 * fix bug #151: corretly parse username inside ticket
568 * fix bug #152: allow user to change his own password
570 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
572 libpve-access-control (1.0-17) unstable; urgency=low
574 * set propagate flag by default
576 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
578 libpve-access-control (1.0-16) unstable; urgency=low
580 * add 'pveum passwd' method
582 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
584 libpve-access-control (1.0-15) unstable; urgency=low
586 * Add VM.Config.CDROM privilege to PVEVMUser rule
588 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
590 libpve-access-control (1.0-14) unstable; urgency=low
592 * fix buf in userid-param permission check
594 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
596 libpve-access-control (1.0-13) unstable; urgency=low
598 * allow more characters in ldap base_dn attribute
600 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
602 libpve-access-control (1.0-12) unstable; urgency=low
604 * allow more characters with realm IDs
606 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
608 libpve-access-control (1.0-11) unstable; urgency=low
610 * fix bug in exec_api2_perm_check
612 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
614 libpve-access-control (1.0-10) unstable; urgency=low
616 * fix ACL group name parser
618 * changed 'pveum aclmod' command line arguments
620 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
622 libpve-access-control (1.0-9) unstable; urgency=low
624 * fix bug in check_volume_access (fixes vzrestore)
626 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
628 libpve-access-control (1.0-8) unstable; urgency=low
630 * fix return value for empty ACL list.
632 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
634 libpve-access-control (1.0-7) unstable; urgency=low
636 * fix bug #85: allow root@pam to generate tickets for other users
638 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
640 libpve-access-control (1.0-6) unstable; urgency=low
642 * API change: allow to filter enabled/disabled users.
644 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
646 libpve-access-control (1.0-5) unstable; urgency=low
648 * add a way to return file changes (diffs): set_result_changes()
650 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
652 libpve-access-control (1.0-4) unstable; urgency=low
654 * new environment type for ha agents
656 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
658 libpve-access-control (1.0-3) unstable; urgency=low
660 * add support for delayed parameter parsing - We need that to disable
661 file upload for normal API request (avoid DOS attacs)
663 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
665 libpve-access-control (1.0-2) unstable; urgency=low
667 * fix bug in fork_worker
669 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
671 libpve-access-control (1.0-1) unstable; urgency=low
673 * allow '-' in permission paths
675 * bump version to 1.0
677 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
679 libpve-access-control (0.1) unstable; urgency=low
681 * first dummy package - no functionality
683 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200
projects / pve-access-control.git / blob