1 libpve-access-control (5.1-8) unstable; urgency=medium
3 * U2F: ensure we save correct public key on registration
5 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
7 libpve-access-control (5.1-7) unstable; urgency=medium
9 * verify_ticket: allow general non-challenge tfa to be run as two step
12 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
14 libpve-access-control (5.1-6) unstable; urgency=medium
16 * more general 2FA configuration via priv/tfa.cfg
18 * add u2f api endpoints
20 * delete TFA entries when deleting a user
22 * allow users to change their TOTP settings
24 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
26 libpve-access-control (5.1-5) unstable; urgency=medium
28 * fix vnc ticket verification without authkey lifetime
30 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
32 libpve-access-control (5.1-4) unstable; urgency=medium
34 * fix #1891: Add zsh command completion for pveum
36 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
37 to avoid issues on upgrade, will be enabled with 6.0
39 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
41 libpve-access-control (5.1-3) unstable; urgency=medium
43 * api/ticket: move getting cluster name into an eval
45 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
47 libpve-access-control (5.1-2) unstable; urgency=medium
49 * fix #1998: correct return properties for read_role
51 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
53 libpve-access-control (5.1-1) unstable; urgency=medium
55 * pveum: introduce sub-commands
57 * register userid with completion
59 * fix #233: return cluster name on successful login
61 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
63 libpve-access-control (5.0-8) unstable; urgency=medium
65 * fix #1612: ldap: make 2nd server work with bind domains again
67 * fix an error message where passing a bad pool id to an API function would
68 make it complain about a wrong group name instead
70 * fix the API-returned permission list so that the GUI knows to show the
71 'Permissions' tab for a storage to an administrator apart from root@pam
73 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
75 libpve-access-control (5.0-7) unstable; urgency=medium
77 * VM.Snapshot.Rollback privilege added
79 * api: check for special roles before locking the usercfg
81 * fix #1501: pveum: die when deleting special role
83 * API/ticket: rework coarse grained permission computation
85 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
87 libpve-access-control (5.0-6) unstable; urgency=medium
89 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
90 'verify' option. For compatibility reasons this defaults to off for now,
91 but that might change with future updates.
93 * AD, LDAP: Add ability to specify a CA path or file, and a client
94 certificate via the 'capath', 'cert' and 'certkey' options.
96 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
98 libpve-access-control (5.0-5) unstable; urgency=medium
100 * change from dpkg-deb to dpkg-buildpackage
102 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
104 libpve-access-control (5.0-4) unstable; urgency=medium
106 * PVE/CLI/pveum.pm: call setup_default_cli_env()
108 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
110 * check_api2_permissions: avoid warning about uninitialized value
112 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
114 libpve-access-control (5.0-3) unstable; urgency=medium
116 * use new PVE::OTP class from pve-common
118 * use new PVE::Tools::encrypt_pw from pve-common
120 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
122 libpve-access-control (5.0-2) unstable; urgency=medium
124 * encrypt_pw: avoid '+' for crypt salt
126 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
128 libpve-access-control (5.0-1) unstable; urgency=medium
130 * rebuild for PVE 5.0
132 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
134 libpve-access-control (4.0-23) unstable; urgency=medium
136 * use new PVE::Ticket class
138 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
140 libpve-access-control (4.0-22) unstable; urgency=medium
142 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
143 (moved to PVE::Storage)
145 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
147 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
149 libpve-access-control (4.0-21) unstable; urgency=medium
151 * setup_default_cli_env: expect $class as first parameter
153 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
155 libpve-access-control (4.0-20) unstable; urgency=medium
157 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
159 * PVE/API2/Domains.pm: fix property description
161 * use new repoman for upload target
163 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
165 libpve-access-control (4.0-19) unstable; urgency=medium
167 * Close #833: ldap: non-anonymous bind support
169 * don't import 'RFC' from MIME::Base32
171 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
173 libpve-access-control (4.0-18) unstable; urgency=medium
175 * fix #1062: recognize base32 otp keys again
177 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
179 libpve-access-control (4.0-17) unstable; urgency=medium
181 * drop oathtool and libdigest-hmac-perl dependencies
183 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
185 libpve-access-control (4.0-16) unstable; urgency=medium
187 * use pve-doc-generator to generate man pages
189 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
191 libpve-access-control (4.0-15) unstable; urgency=medium
193 * Fix uninitialized warning when shadow.cfg does not exist
195 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
197 libpve-access-control (4.0-14) unstable; urgency=medium
199 * Add is_worker to RPCEnvironment
201 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
203 libpve-access-control (4.0-13) unstable; urgency=medium
205 * fix #916: allow HTTPS to access custom yubico url
207 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
209 libpve-access-control (4.0-12) unstable; urgency=medium
211 * Catch certificate errors instead of segfaulting
213 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
215 libpve-access-control (4.0-11) unstable; urgency=medium
217 * Fix #861: use safer sprintf formatting
219 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
221 libpve-access-control (4.0-10) unstable; urgency=medium
223 * Auth::LDAP, Auth::AD: ipv6 support
225 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
227 libpve-access-control (4.0-9) unstable; urgency=medium
229 * pveum: implement bash completion
231 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
233 libpve-access-control (4.0-8) unstable; urgency=medium
235 * remove_storage_access: cleanup of access permissions for removed storage
237 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
239 libpve-access-control (4.0-7) unstable; urgency=medium
241 * new helper to remove access permissions for removed VMs
243 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
245 libpve-access-control (4.0-6) unstable; urgency=medium
247 * improve parse_user_config, parse_shadow_config
249 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
251 libpve-access-control (4.0-5) unstable; urgency=medium
253 * pveum: check for $cmd being defined
255 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
257 libpve-access-control (4.0-4) unstable; urgency=medium
259 * use activate-noawait triggers
261 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
263 libpve-access-control (4.0-3) unstable; urgency=medium
269 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
271 libpve-access-control (4.0-2) unstable; urgency=medium
273 * trigger pve-api-updates event
275 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
277 libpve-access-control (4.0-1) unstable; urgency=medium
279 * bump version for Debian Jessie
281 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
283 libpve-access-control (3.0-16) unstable; urgency=low
285 * root@pam can now be disabled in GUI.
287 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
289 libpve-access-control (3.0-15) unstable; urgency=low
291 * oath: add 'step' and 'digits' option
293 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
295 libpve-access-control (3.0-14) unstable; urgency=low
297 * add oath two factor auth
299 * add oathkeygen binary to generate keys for oath
301 * add yubico two factor auth
305 * depend on libmime-base32-perl
307 * allow to write builtin auth domains config (comment/tfa/default)
309 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
311 libpve-access-control (3.0-13) unstable; urgency=low
313 * use correct connection string for AD auth
315 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
317 libpve-access-control (3.0-12) unstable; urgency=low
319 * add dummy API for GET /access/ticket (useful to generate login pages)
321 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
323 libpve-access-control (3.0-11) unstable; urgency=low
325 * Sets common hot keys for spice client
327 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
329 libpve-access-control (3.0-10) unstable; urgency=low
331 * implement helper to generate SPICE remote-viewer configuration
333 * depend on libnet-ssleay-perl
335 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
337 libpve-access-control (3.0-9) unstable; urgency=low
339 * prevent user enumeration attacks
341 * allow dots in access paths
343 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
345 libpve-access-control (3.0-8) unstable; urgency=low
347 * spice: use lowercase hostname in ticktet signature
349 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
351 libpve-access-control (3.0-7) unstable; urgency=low
353 * check_volume_access : use parse_volname instead of path, and remove
356 * use warnings instead of global -w flag.
358 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
360 libpve-access-control (3.0-6) unstable; urgency=low
362 * use shorter spiceproxy tickets
364 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
366 libpve-access-control (3.0-5) unstable; urgency=low
368 * add code to generate tickets for SPICE
370 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
372 libpve-access-control (3.0-4) unstable; urgency=low
374 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
376 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
378 libpve-access-control (3.0-3) unstable; urgency=low
380 * Add new role PVETemplateUser (and VM.Clone priviledge)
382 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
384 libpve-access-control (3.0-2) unstable; urgency=low
386 * remove CGI.pm related code (pveproxy does not need that)
388 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
390 libpve-access-control (3.0-1) unstable; urgency=low
392 * bump version for wheezy release
394 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
396 libpve-access-control (1.0-26) unstable; urgency=low
398 * check_volume_access: fix access permissions for backup files
400 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
402 libpve-access-control (1.0-25) unstable; urgency=low
404 * add VM.Snapshot permission
406 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
408 libpve-access-control (1.0-24) unstable; urgency=low
410 * untaint path (allow root to restore arbitrary paths)
412 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
414 libpve-access-control (1.0-23) unstable; urgency=low
416 * correctly compute GUI capabilities (consider pools)
418 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
420 libpve-access-control (1.0-22) unstable; urgency=low
422 * new plugin architecture for Auth modules, minor API change for Auth
423 domains (new 'delete' parameter)
425 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
427 libpve-access-control (1.0-21) unstable; urgency=low
429 * do not allow user names including slash
431 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
433 libpve-access-control (1.0-20) unstable; urgency=low
435 * add ability to fork cli workers in background
437 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
439 libpve-access-control (1.0-19) unstable; urgency=low
441 * return set of privileges on login - can be used to adopt GUI
443 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
445 libpve-access-control (1.0-18) unstable; urgency=low
447 * fix bug #151: corretly parse username inside ticket
449 * fix bug #152: allow user to change his own password
451 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
453 libpve-access-control (1.0-17) unstable; urgency=low
455 * set propagate flag by default
457 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
459 libpve-access-control (1.0-16) unstable; urgency=low
461 * add 'pveum passwd' method
463 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
465 libpve-access-control (1.0-15) unstable; urgency=low
467 * Add VM.Config.CDROM privilege to PVEVMUser rule
469 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
471 libpve-access-control (1.0-14) unstable; urgency=low
473 * fix buf in userid-param permission check
475 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
477 libpve-access-control (1.0-13) unstable; urgency=low
479 * allow more characters in ldap base_dn attribute
481 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
483 libpve-access-control (1.0-12) unstable; urgency=low
485 * allow more characters with realm IDs
487 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
489 libpve-access-control (1.0-11) unstable; urgency=low
491 * fix bug in exec_api2_perm_check
493 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
495 libpve-access-control (1.0-10) unstable; urgency=low
497 * fix ACL group name parser
499 * changed 'pveum aclmod' command line arguments
501 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
503 libpve-access-control (1.0-9) unstable; urgency=low
505 * fix bug in check_volume_access (fixes vzrestore)
507 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
509 libpve-access-control (1.0-8) unstable; urgency=low
511 * fix return value for empty ACL list.
513 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
515 libpve-access-control (1.0-7) unstable; urgency=low
517 * fix bug #85: allow root@pam to generate tickets for other users
519 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
521 libpve-access-control (1.0-6) unstable; urgency=low
523 * API change: allow to filter enabled/disabled users.
525 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
527 libpve-access-control (1.0-5) unstable; urgency=low
529 * add a way to return file changes (diffs): set_result_changes()
531 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
533 libpve-access-control (1.0-4) unstable; urgency=low
535 * new environment type for ha agents
537 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
539 libpve-access-control (1.0-3) unstable; urgency=low
541 * add support for delayed parameter parsing - We need that to disable
542 file upload for normal API request (avoid DOS attacs)
544 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
546 libpve-access-control (1.0-2) unstable; urgency=low
548 * fix bug in fork_worker
550 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
552 libpve-access-control (1.0-1) unstable; urgency=low
554 * allow '-' in permission paths
556 * bump version to 1.0
558 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
560 libpve-access-control (0.1) unstable; urgency=low
562 * first dummy package - no functionality
564 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200