1 libpve-access-control (7.3-1) bullseye; urgency=medium
3 * realm: sync: allow explicit 'none' for 'remove-vanished' option
5 -- Proxmox Support Team <support@proxmox.com> Fri, 16 Dec 2022 13:11:04 +0100
7 libpve-access-control (7.2-5) bullseye; urgency=medium
9 * api: realm sync: avoid separate log line for "remove-vanished" opt
11 * auth ldap/ad: compare group member dn case-insensitively
13 * two factor auth: only lock tfa config for recovery keys
15 * privs: add Sys.Incoming for guarding cross-cluster data streams like guest
16 migrations and storage migrations
18 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Nov 2022 13:09:17 +0100
20 libpve-access-control (7.2-4) bullseye; urgency=medium
22 * fix #4074: increase API OpenID code size limit to 2048
24 * auth key: protect against rare chance of a double rotation in clusters,
25 leaving the potential that some set of nodes have the earlier key cached,
26 that then got rotated out due to the race, resulting in a possible other
27 set of nodes having the newer key cached. This is a split view of the auth
28 key and may resulting in spurious failures if API requests are made to a
29 different node than the ticket was generated on.
30 In addition to that, the "keep validity of old tickets if signed in the
31 last two hours before rotation" logic was disabled too in such a case,
32 making such tickets invalid too early.
33 Note that both are cases where Proxmox VE was too strict, so while this
34 had no security implications it can be a nuisance, especially for
35 environments that use the API through an automated or scripted way
37 -- Proxmox Support Team <support@proxmox.com> Thu, 14 Jul 2022 08:36:51 +0200
39 libpve-access-control (7.2-3) bullseye; urgency=medium
41 * api: token: use userid-group as API perm check to avoid being overly
42 strict through a misguided use of user id for non-root users.
44 * perm check: forbid undefined/empty ACL path for future proofing of against
47 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Jun 2022 15:51:14 +0200
49 libpve-access-control (7.2-2) bullseye; urgency=medium
51 * permissions: merge propagation flag for multiple roles on a path that
52 share privilege in a deterministic way, to avoid that it gets lost
53 depending on perl's random sort, which would result in returing less
54 privileges than an auth-id actually had.
56 * permissions: avoid that token and user privilege intersection is to strict
57 for user permissions that have propagation disabled.
59 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2022 14:02:30 +0200
61 libpve-access-control (7.2-1) bullseye; urgency=medium
63 * user check: fix expiration/enable order
65 -- Proxmox Support Team <support@proxmox.com> Tue, 31 May 2022 13:43:37 +0200
67 libpve-access-control (7.1-8) bullseye; urgency=medium
69 * fix #3668: realm-sync: replace 'full' & 'purge' with 'remove-
72 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Apr 2022 17:02:46 +0200
74 libpve-access-control (7.1-7) bullseye; urgency=medium
76 * userid-group check: distinguish create and update
78 * api: get user: declare token schema
80 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Mar 2022 16:15:23 +0100
82 libpve-access-control (7.1-6) bullseye; urgency=medium
84 * fix #3768: warn on bad u2f or webauthn settings
86 * tfa: when modifying others, verify the current user's password
88 * tfa list: account for admin permissions
90 * fix realm sync permissions
92 * fix token permission display bug
94 * include SDN permissions in permission tree
96 -- Proxmox Support Team <support@proxmox.com> Fri, 21 Jan 2022 14:20:42 +0100
98 libpve-access-control (7.1-5) bullseye; urgency=medium
100 * openid: fix username-claim fallback
102 -- Proxmox Support Team <support@proxmox.com> Thu, 25 Nov 2021 07:57:38 +0100
104 libpve-access-control (7.1-4) bullseye; urgency=medium
106 * set current origin in the webauthn config if no fixed origin was
107 configured, to support webauthn via subdomains
109 -- Proxmox Support Team <support@proxmox.com> Mon, 22 Nov 2021 14:04:06 +0100
111 libpve-access-control (7.1-3) bullseye; urgency=medium
113 * openid: allow arbitrary username-claims
115 * openid: support configuring the prompt, scopes and ACR values
117 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Nov 2021 08:11:52 +0100
119 libpve-access-control (7.1-2) bullseye; urgency=medium
121 * catch incompatible tfa entries with a nice error
123 -- Proxmox Support Team <support@proxmox.com> Wed, 17 Nov 2021 13:44:45 +0100
125 libpve-access-control (7.1-1) bullseye; urgency=medium
127 * tfa: map HTTP 404 error in get_tfa_entry correctly
129 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Nov 2021 15:33:22 +0100
131 libpve-access-control (7.0-7) bullseye; urgency=medium
133 * fix #3513: pass configured proxy to OpenID
135 * use rust based parser for TFA config
137 * use PBS-like auth api call flow,
139 * merge old user.cfg keys to tfa config when adding entries
141 * implement version checks for new tfa config writer to ensure all
142 cluster nodes are ready to avoid login issues
144 * tickets: add tunnel ticket
146 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Nov 2021 18:17:49 +0100
148 libpve-access-control (7.0-6) bullseye; urgency=medium
150 * fix regression in user deletion when realm does not enforce TFA
152 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Oct 2021 12:28:52 +0200
154 libpve-access-control (7.0-5) bullseye; urgency=medium
156 * acl: check path: add /sdn/vnets/* path
158 * fix #2302: allow deletion of users when realm enforces TFA
160 * api: delete user: disable user first to avoid surprise on error during the
161 various cleanup action required for user deletion (e.g., TFA, ACL, group)
163 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Sep 2021 15:50:47 +0200
165 libpve-access-control (7.0-4) bullseye; urgency=medium
167 * realm: add OpenID configuration
169 * api: implement OpenID related endpoints
171 * implement opt-in OpenID autocreate user feature
173 * api: user: add 'realm-type' to user list response
175 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jul 2021 13:45:46 +0200
177 libpve-access-control (7.0-3) bullseye; urgency=medium
179 * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and
180 `/sdn/zones/<zone>` to allowed ACL paths
182 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 10:31:19 +0200
184 libpve-access-control (7.0-2) bullseye; urgency=medium
186 * fix #3402: add Pool.Audit privilege - custom roles containing
187 Pool.Allocate must be updated to include the new privilege.
189 -- Proxmox Support Team <support@proxmox.com> Tue, 1 Jun 2021 11:28:38 +0200
191 libpve-access-control (7.0-1) bullseye; urgency=medium
193 * re-build for Debian 11 Bullseye based releases
195 -- Proxmox Support Team <support@proxmox.com> Sun, 09 May 2021 18:18:23 +0200
197 libpve-access-control (6.4-1) pve; urgency=medium
199 * fix #1670: change PAM service name to project specific name
201 * fix #1500: permission path syntax check for access control
203 * pveum: add resource pool CLI commands
205 -- Proxmox Support Team <support@proxmox.com> Sat, 24 Apr 2021 19:48:21 +0200
207 libpve-access-control (6.1-3) pve; urgency=medium
209 * partially fix #2825: authkey: rotate if it was generated in the
212 * fix #2947: add an option to LDAP or AD realm to switch user lookup to case
215 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200
217 libpve-access-control (6.1-2) pve; urgency=medium
219 * also check SDN permission path when computing coarse permissions heuristic
222 * add SDN Permissions.Modify
224 * add VM.Config.Cloudinit
226 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200
228 libpve-access-control (6.1-1) pve; urgency=medium
230 * pveum: add tfa delete subcommand for deleting user-TFA
232 * LDAP: don't complain about missing credentials on realm removal
234 * LDAP: skip anonymous bind when client certificate and key is configured
236 -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200
238 libpve-access-control (6.0-7) pve; urgency=medium
240 * fix #2575: die when trying to edit built-in roles
242 * add realm sub commands to pveum CLI tool
244 * api: domains: add user group sync API endpoint
246 * allow one to sync and import users and groups from LDAP/AD based realms
248 * realm: add default-sync-options to config for more convenient sync configuration
250 * api: token create: return also full token id for convenience
252 -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
254 libpve-access-control (6.0-6) pve; urgency=medium
256 * API: add group members to group index
258 * implement API token support and management
260 * pveum: add 'pveum user token add/update/remove/list'
262 * pveum: add permissions sub-commands
264 * API: add 'permissions' API endpoint
266 * user.cfg: skip inexisting roles when parsing ACLs
268 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
270 libpve-access-control (6.0-5) pve; urgency=medium
272 * pveum: add list command for users, groups, ACLs and roles
274 * add initial permissions for experimental SDN integration
276 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
278 libpve-access-control (6.0-4) pve; urgency=medium
280 * ticket: use clinfo to get cluster name
282 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
285 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
287 libpve-access-control (6.0-3) pve; urgency=medium
289 * fix #2433: increase possible TFA secret length
291 * parse user configuration: correctly parse group names in ACLs, for users
292 which begin their name with an @
294 * sort user.cfg entries alphabetically
296 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
298 libpve-access-control (6.0-2) pve; urgency=medium
300 * improve CSRF verification compatibility with newer PVE
302 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
304 libpve-access-control (6.0-1) pve; urgency=medium
306 * ticket: properly verify exactly 5 minute old tickets
308 * use hmac_sha256 instead of sha1 for CSRF token generation
310 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
312 libpve-access-control (6.0-0+1) pve; urgency=medium
314 * bump for Debian buster
316 * fix #2079: add periodic auth key rotation
318 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
320 libpve-access-control (5.1-10) unstable; urgency=medium
322 * add /access/user/{id}/tfa api call to get tfa types
324 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
326 libpve-access-control (5.1-9) unstable; urgency=medium
328 * store the tfa type in user.cfg allowing to get it without proxying the call
329 to a higher privileged daemon.
331 * tfa: realm required TFA should lock out users without TFA configured, as it
332 was done before Proxmox VE 5.4
334 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
336 libpve-access-control (5.1-8) unstable; urgency=medium
338 * U2F: ensure we save correct public key on registration
340 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
342 libpve-access-control (5.1-7) unstable; urgency=medium
344 * verify_ticket: allow general non-challenge tfa to be run as two step
347 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
349 libpve-access-control (5.1-6) unstable; urgency=medium
351 * more general 2FA configuration via priv/tfa.cfg
353 * add u2f api endpoints
355 * delete TFA entries when deleting a user
357 * allow users to change their TOTP settings
359 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
361 libpve-access-control (5.1-5) unstable; urgency=medium
363 * fix vnc ticket verification without authkey lifetime
365 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
367 libpve-access-control (5.1-4) unstable; urgency=medium
369 * fix #1891: Add zsh command completion for pveum
371 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
372 to avoid issues on upgrade, will be enabled with 6.0
374 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
376 libpve-access-control (5.1-3) unstable; urgency=medium
378 * api/ticket: move getting cluster name into an eval
380 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
382 libpve-access-control (5.1-2) unstable; urgency=medium
384 * fix #1998: correct return properties for read_role
386 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
388 libpve-access-control (5.1-1) unstable; urgency=medium
390 * pveum: introduce sub-commands
392 * register userid with completion
394 * fix #233: return cluster name on successful login
396 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
398 libpve-access-control (5.0-8) unstable; urgency=medium
400 * fix #1612: ldap: make 2nd server work with bind domains again
402 * fix an error message where passing a bad pool id to an API function would
403 make it complain about a wrong group name instead
405 * fix the API-returned permission list so that the GUI knows to show the
406 'Permissions' tab for a storage to an administrator apart from root@pam
408 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
410 libpve-access-control (5.0-7) unstable; urgency=medium
412 * VM.Snapshot.Rollback privilege added
414 * api: check for special roles before locking the usercfg
416 * fix #1501: pveum: die when deleting special role
418 * API/ticket: rework coarse grained permission computation
420 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
422 libpve-access-control (5.0-6) unstable; urgency=medium
424 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
425 'verify' option. For compatibility reasons this defaults to off for now,
426 but that might change with future updates.
428 * AD, LDAP: Add ability to specify a CA path or file, and a client
429 certificate via the 'capath', 'cert' and 'certkey' options.
431 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
433 libpve-access-control (5.0-5) unstable; urgency=medium
435 * change from dpkg-deb to dpkg-buildpackage
437 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
439 libpve-access-control (5.0-4) unstable; urgency=medium
441 * PVE/CLI/pveum.pm: call setup_default_cli_env()
443 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
445 * check_api2_permissions: avoid warning about uninitialized value
447 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
449 libpve-access-control (5.0-3) unstable; urgency=medium
451 * use new PVE::OTP class from pve-common
453 * use new PVE::Tools::encrypt_pw from pve-common
455 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
457 libpve-access-control (5.0-2) unstable; urgency=medium
459 * encrypt_pw: avoid '+' for crypt salt
461 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
463 libpve-access-control (5.0-1) unstable; urgency=medium
465 * rebuild for PVE 5.0
467 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
469 libpve-access-control (4.0-23) unstable; urgency=medium
471 * use new PVE::Ticket class
473 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
475 libpve-access-control (4.0-22) unstable; urgency=medium
477 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
478 (moved to PVE::Storage)
480 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
482 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
484 libpve-access-control (4.0-21) unstable; urgency=medium
486 * setup_default_cli_env: expect $class as first parameter
488 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
490 libpve-access-control (4.0-20) unstable; urgency=medium
492 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
494 * PVE/API2/Domains.pm: fix property description
496 * use new repoman for upload target
498 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
500 libpve-access-control (4.0-19) unstable; urgency=medium
502 * Close #833: ldap: non-anonymous bind support
504 * don't import 'RFC' from MIME::Base32
506 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
508 libpve-access-control (4.0-18) unstable; urgency=medium
510 * fix #1062: recognize base32 otp keys again
512 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
514 libpve-access-control (4.0-17) unstable; urgency=medium
516 * drop oathtool and libdigest-hmac-perl dependencies
518 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
520 libpve-access-control (4.0-16) unstable; urgency=medium
522 * use pve-doc-generator to generate man pages
524 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
526 libpve-access-control (4.0-15) unstable; urgency=medium
528 * Fix uninitialized warning when shadow.cfg does not exist
530 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
532 libpve-access-control (4.0-14) unstable; urgency=medium
534 * Add is_worker to RPCEnvironment
536 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
538 libpve-access-control (4.0-13) unstable; urgency=medium
540 * fix #916: allow HTTPS to access custom yubico url
542 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
544 libpve-access-control (4.0-12) unstable; urgency=medium
546 * Catch certificate errors instead of segfaulting
548 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
550 libpve-access-control (4.0-11) unstable; urgency=medium
552 * Fix #861: use safer sprintf formatting
554 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
556 libpve-access-control (4.0-10) unstable; urgency=medium
558 * Auth::LDAP, Auth::AD: ipv6 support
560 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
562 libpve-access-control (4.0-9) unstable; urgency=medium
564 * pveum: implement bash completion
566 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
568 libpve-access-control (4.0-8) unstable; urgency=medium
570 * remove_storage_access: cleanup of access permissions for removed storage
572 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
574 libpve-access-control (4.0-7) unstable; urgency=medium
576 * new helper to remove access permissions for removed VMs
578 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
580 libpve-access-control (4.0-6) unstable; urgency=medium
582 * improve parse_user_config, parse_shadow_config
584 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
586 libpve-access-control (4.0-5) unstable; urgency=medium
588 * pveum: check for $cmd being defined
590 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
592 libpve-access-control (4.0-4) unstable; urgency=medium
594 * use activate-noawait triggers
596 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
598 libpve-access-control (4.0-3) unstable; urgency=medium
604 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
606 libpve-access-control (4.0-2) unstable; urgency=medium
608 * trigger pve-api-updates event
610 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
612 libpve-access-control (4.0-1) unstable; urgency=medium
614 * bump version for Debian Jessie
616 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
618 libpve-access-control (3.0-16) unstable; urgency=low
620 * root@pam can now be disabled in GUI.
622 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
624 libpve-access-control (3.0-15) unstable; urgency=low
626 * oath: add 'step' and 'digits' option
628 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
630 libpve-access-control (3.0-14) unstable; urgency=low
632 * add oath two factor auth
634 * add oathkeygen binary to generate keys for oath
636 * add yubico two factor auth
640 * depend on libmime-base32-perl
642 * allow to write builtin auth domains config (comment/tfa/default)
644 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
646 libpve-access-control (3.0-13) unstable; urgency=low
648 * use correct connection string for AD auth
650 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
652 libpve-access-control (3.0-12) unstable; urgency=low
654 * add dummy API for GET /access/ticket (useful to generate login pages)
656 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
658 libpve-access-control (3.0-11) unstable; urgency=low
660 * Sets common hot keys for spice client
662 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
664 libpve-access-control (3.0-10) unstable; urgency=low
666 * implement helper to generate SPICE remote-viewer configuration
668 * depend on libnet-ssleay-perl
670 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
672 libpve-access-control (3.0-9) unstable; urgency=low
674 * prevent user enumeration attacks
676 * allow dots in access paths
678 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
680 libpve-access-control (3.0-8) unstable; urgency=low
682 * spice: use lowercase hostname in ticktet signature
684 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
686 libpve-access-control (3.0-7) unstable; urgency=low
688 * check_volume_access : use parse_volname instead of path, and remove
691 * use warnings instead of global -w flag.
693 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
695 libpve-access-control (3.0-6) unstable; urgency=low
697 * use shorter spiceproxy tickets
699 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
701 libpve-access-control (3.0-5) unstable; urgency=low
703 * add code to generate tickets for SPICE
705 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
707 libpve-access-control (3.0-4) unstable; urgency=low
709 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
711 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
713 libpve-access-control (3.0-3) unstable; urgency=low
715 * Add new role PVETemplateUser (and VM.Clone privilege)
717 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
719 libpve-access-control (3.0-2) unstable; urgency=low
721 * remove CGI.pm related code (pveproxy does not need that)
723 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
725 libpve-access-control (3.0-1) unstable; urgency=low
727 * bump version for wheezy release
729 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
731 libpve-access-control (1.0-26) unstable; urgency=low
733 * check_volume_access: fix access permissions for backup files
735 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
737 libpve-access-control (1.0-25) unstable; urgency=low
739 * add VM.Snapshot permission
741 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
743 libpve-access-control (1.0-24) unstable; urgency=low
745 * untaint path (allow root to restore arbitrary paths)
747 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
749 libpve-access-control (1.0-23) unstable; urgency=low
751 * correctly compute GUI capabilities (consider pools)
753 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
755 libpve-access-control (1.0-22) unstable; urgency=low
757 * new plugin architecture for Auth modules, minor API change for Auth
758 domains (new 'delete' parameter)
760 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
762 libpve-access-control (1.0-21) unstable; urgency=low
764 * do not allow user names including slash
766 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
768 libpve-access-control (1.0-20) unstable; urgency=low
770 * add ability to fork cli workers in background
772 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
774 libpve-access-control (1.0-19) unstable; urgency=low
776 * return set of privileges on login - can be used to adopt GUI
778 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
780 libpve-access-control (1.0-18) unstable; urgency=low
782 * fix bug #151: correctly parse username inside ticket
784 * fix bug #152: allow user to change his own password
786 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
788 libpve-access-control (1.0-17) unstable; urgency=low
790 * set propagate flag by default
792 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
794 libpve-access-control (1.0-16) unstable; urgency=low
796 * add 'pveum passwd' method
798 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
800 libpve-access-control (1.0-15) unstable; urgency=low
802 * Add VM.Config.CDROM privilege to PVEVMUser rule
804 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
806 libpve-access-control (1.0-14) unstable; urgency=low
808 * fix buf in userid-param permission check
810 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
812 libpve-access-control (1.0-13) unstable; urgency=low
814 * allow more characters in ldap base_dn attribute
816 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
818 libpve-access-control (1.0-12) unstable; urgency=low
820 * allow more characters with realm IDs
822 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
824 libpve-access-control (1.0-11) unstable; urgency=low
826 * fix bug in exec_api2_perm_check
828 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
830 libpve-access-control (1.0-10) unstable; urgency=low
832 * fix ACL group name parser
834 * changed 'pveum aclmod' command line arguments
836 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
838 libpve-access-control (1.0-9) unstable; urgency=low
840 * fix bug in check_volume_access (fixes vzrestore)
842 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
844 libpve-access-control (1.0-8) unstable; urgency=low
846 * fix return value for empty ACL list.
848 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
850 libpve-access-control (1.0-7) unstable; urgency=low
852 * fix bug #85: allow root@pam to generate tickets for other users
854 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
856 libpve-access-control (1.0-6) unstable; urgency=low
858 * API change: allow to filter enabled/disabled users.
860 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
862 libpve-access-control (1.0-5) unstable; urgency=low
864 * add a way to return file changes (diffs): set_result_changes()
866 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
868 libpve-access-control (1.0-4) unstable; urgency=low
870 * new environment type for ha agents
872 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
874 libpve-access-control (1.0-3) unstable; urgency=low
876 * add support for delayed parameter parsing - We need that to disable
877 file upload for normal API request (avoid DOS attacks)
879 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
881 libpve-access-control (1.0-2) unstable; urgency=low
883 * fix bug in fork_worker
885 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
887 libpve-access-control (1.0-1) unstable; urgency=low
889 * allow '-' in permission paths
891 * bump version to 1.0
893 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
895 libpve-access-control (0.1) unstable; urgency=low
897 * first dummy package - no functionality
899 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200