1 libpve-access-control (6.0-5) pve; urgency=medium
3 * pveum: add list command for users, groups, ACLs and roles
5 * add initial permissions for experimental SDN integration
7 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
9 libpve-access-control (6.0-4) pve; urgency=medium
11 * ticket: use clinfo to get cluster name
13 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
16 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
18 libpve-access-control (6.0-3) pve; urgency=medium
20 * fix #2433: increase possible TFA secret length
22 * parse user configuration: correctly parse group names in ACLs, for users
23 which begin their name with an @
25 * sort user.cfg entries alphabetically
27 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
29 libpve-access-control (6.0-2) pve; urgency=medium
31 * improve CSRF verification compatibility with newer PVE
33 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
35 libpve-access-control (6.0-1) pve; urgency=medium
37 * ticket: properly verify exactly 5 minute old tickets
39 * use hmac_sha256 instead of sha1 for CSRF token generation
41 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
43 libpve-access-control (6.0-0+1) pve; urgency=medium
45 * bump for Debian buster
47 * fix #2079: add periodic auth key rotation
49 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
51 libpve-access-control (5.1-10) unstable; urgency=medium
53 * add /access/user/{id}/tfa api call to get tfa types
55 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
57 libpve-access-control (5.1-9) unstable; urgency=medium
59 * store the tfa type in user.cfg allowing to get it without proxying the call
60 to a higher priviledged daemon.
62 * tfa: realm required TFA should lock out users without TFA configured, as it
63 was done before Proxmox VE 5.4
65 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
67 libpve-access-control (5.1-8) unstable; urgency=medium
69 * U2F: ensure we save correct public key on registration
71 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
73 libpve-access-control (5.1-7) unstable; urgency=medium
75 * verify_ticket: allow general non-challenge tfa to be run as two step
78 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
80 libpve-access-control (5.1-6) unstable; urgency=medium
82 * more general 2FA configuration via priv/tfa.cfg
84 * add u2f api endpoints
86 * delete TFA entries when deleting a user
88 * allow users to change their TOTP settings
90 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
92 libpve-access-control (5.1-5) unstable; urgency=medium
94 * fix vnc ticket verification without authkey lifetime
96 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
98 libpve-access-control (5.1-4) unstable; urgency=medium
100 * fix #1891: Add zsh command completion for pveum
102 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
103 to avoid issues on upgrade, will be enabled with 6.0
105 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
107 libpve-access-control (5.1-3) unstable; urgency=medium
109 * api/ticket: move getting cluster name into an eval
111 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
113 libpve-access-control (5.1-2) unstable; urgency=medium
115 * fix #1998: correct return properties for read_role
117 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
119 libpve-access-control (5.1-1) unstable; urgency=medium
121 * pveum: introduce sub-commands
123 * register userid with completion
125 * fix #233: return cluster name on successful login
127 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
129 libpve-access-control (5.0-8) unstable; urgency=medium
131 * fix #1612: ldap: make 2nd server work with bind domains again
133 * fix an error message where passing a bad pool id to an API function would
134 make it complain about a wrong group name instead
136 * fix the API-returned permission list so that the GUI knows to show the
137 'Permissions' tab for a storage to an administrator apart from root@pam
139 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
141 libpve-access-control (5.0-7) unstable; urgency=medium
143 * VM.Snapshot.Rollback privilege added
145 * api: check for special roles before locking the usercfg
147 * fix #1501: pveum: die when deleting special role
149 * API/ticket: rework coarse grained permission computation
151 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
153 libpve-access-control (5.0-6) unstable; urgency=medium
155 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
156 'verify' option. For compatibility reasons this defaults to off for now,
157 but that might change with future updates.
159 * AD, LDAP: Add ability to specify a CA path or file, and a client
160 certificate via the 'capath', 'cert' and 'certkey' options.
162 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
164 libpve-access-control (5.0-5) unstable; urgency=medium
166 * change from dpkg-deb to dpkg-buildpackage
168 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
170 libpve-access-control (5.0-4) unstable; urgency=medium
172 * PVE/CLI/pveum.pm: call setup_default_cli_env()
174 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
176 * check_api2_permissions: avoid warning about uninitialized value
178 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
180 libpve-access-control (5.0-3) unstable; urgency=medium
182 * use new PVE::OTP class from pve-common
184 * use new PVE::Tools::encrypt_pw from pve-common
186 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
188 libpve-access-control (5.0-2) unstable; urgency=medium
190 * encrypt_pw: avoid '+' for crypt salt
192 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
194 libpve-access-control (5.0-1) unstable; urgency=medium
196 * rebuild for PVE 5.0
198 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
200 libpve-access-control (4.0-23) unstable; urgency=medium
202 * use new PVE::Ticket class
204 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
206 libpve-access-control (4.0-22) unstable; urgency=medium
208 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
209 (moved to PVE::Storage)
211 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
213 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
215 libpve-access-control (4.0-21) unstable; urgency=medium
217 * setup_default_cli_env: expect $class as first parameter
219 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
221 libpve-access-control (4.0-20) unstable; urgency=medium
223 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
225 * PVE/API2/Domains.pm: fix property description
227 * use new repoman for upload target
229 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
231 libpve-access-control (4.0-19) unstable; urgency=medium
233 * Close #833: ldap: non-anonymous bind support
235 * don't import 'RFC' from MIME::Base32
237 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
239 libpve-access-control (4.0-18) unstable; urgency=medium
241 * fix #1062: recognize base32 otp keys again
243 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
245 libpve-access-control (4.0-17) unstable; urgency=medium
247 * drop oathtool and libdigest-hmac-perl dependencies
249 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
251 libpve-access-control (4.0-16) unstable; urgency=medium
253 * use pve-doc-generator to generate man pages
255 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
257 libpve-access-control (4.0-15) unstable; urgency=medium
259 * Fix uninitialized warning when shadow.cfg does not exist
261 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
263 libpve-access-control (4.0-14) unstable; urgency=medium
265 * Add is_worker to RPCEnvironment
267 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
269 libpve-access-control (4.0-13) unstable; urgency=medium
271 * fix #916: allow HTTPS to access custom yubico url
273 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
275 libpve-access-control (4.0-12) unstable; urgency=medium
277 * Catch certificate errors instead of segfaulting
279 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
281 libpve-access-control (4.0-11) unstable; urgency=medium
283 * Fix #861: use safer sprintf formatting
285 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
287 libpve-access-control (4.0-10) unstable; urgency=medium
289 * Auth::LDAP, Auth::AD: ipv6 support
291 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
293 libpve-access-control (4.0-9) unstable; urgency=medium
295 * pveum: implement bash completion
297 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
299 libpve-access-control (4.0-8) unstable; urgency=medium
301 * remove_storage_access: cleanup of access permissions for removed storage
303 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
305 libpve-access-control (4.0-7) unstable; urgency=medium
307 * new helper to remove access permissions for removed VMs
309 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
311 libpve-access-control (4.0-6) unstable; urgency=medium
313 * improve parse_user_config, parse_shadow_config
315 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
317 libpve-access-control (4.0-5) unstable; urgency=medium
319 * pveum: check for $cmd being defined
321 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
323 libpve-access-control (4.0-4) unstable; urgency=medium
325 * use activate-noawait triggers
327 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
329 libpve-access-control (4.0-3) unstable; urgency=medium
335 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
337 libpve-access-control (4.0-2) unstable; urgency=medium
339 * trigger pve-api-updates event
341 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
343 libpve-access-control (4.0-1) unstable; urgency=medium
345 * bump version for Debian Jessie
347 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
349 libpve-access-control (3.0-16) unstable; urgency=low
351 * root@pam can now be disabled in GUI.
353 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
355 libpve-access-control (3.0-15) unstable; urgency=low
357 * oath: add 'step' and 'digits' option
359 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
361 libpve-access-control (3.0-14) unstable; urgency=low
363 * add oath two factor auth
365 * add oathkeygen binary to generate keys for oath
367 * add yubico two factor auth
371 * depend on libmime-base32-perl
373 * allow to write builtin auth domains config (comment/tfa/default)
375 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
377 libpve-access-control (3.0-13) unstable; urgency=low
379 * use correct connection string for AD auth
381 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
383 libpve-access-control (3.0-12) unstable; urgency=low
385 * add dummy API for GET /access/ticket (useful to generate login pages)
387 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
389 libpve-access-control (3.0-11) unstable; urgency=low
391 * Sets common hot keys for spice client
393 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
395 libpve-access-control (3.0-10) unstable; urgency=low
397 * implement helper to generate SPICE remote-viewer configuration
399 * depend on libnet-ssleay-perl
401 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
403 libpve-access-control (3.0-9) unstable; urgency=low
405 * prevent user enumeration attacks
407 * allow dots in access paths
409 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
411 libpve-access-control (3.0-8) unstable; urgency=low
413 * spice: use lowercase hostname in ticktet signature
415 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
417 libpve-access-control (3.0-7) unstable; urgency=low
419 * check_volume_access : use parse_volname instead of path, and remove
422 * use warnings instead of global -w flag.
424 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
426 libpve-access-control (3.0-6) unstable; urgency=low
428 * use shorter spiceproxy tickets
430 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
432 libpve-access-control (3.0-5) unstable; urgency=low
434 * add code to generate tickets for SPICE
436 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
438 libpve-access-control (3.0-4) unstable; urgency=low
440 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
442 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
444 libpve-access-control (3.0-3) unstable; urgency=low
446 * Add new role PVETemplateUser (and VM.Clone priviledge)
448 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
450 libpve-access-control (3.0-2) unstable; urgency=low
452 * remove CGI.pm related code (pveproxy does not need that)
454 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
456 libpve-access-control (3.0-1) unstable; urgency=low
458 * bump version for wheezy release
460 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
462 libpve-access-control (1.0-26) unstable; urgency=low
464 * check_volume_access: fix access permissions for backup files
466 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
468 libpve-access-control (1.0-25) unstable; urgency=low
470 * add VM.Snapshot permission
472 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
474 libpve-access-control (1.0-24) unstable; urgency=low
476 * untaint path (allow root to restore arbitrary paths)
478 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
480 libpve-access-control (1.0-23) unstable; urgency=low
482 * correctly compute GUI capabilities (consider pools)
484 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
486 libpve-access-control (1.0-22) unstable; urgency=low
488 * new plugin architecture for Auth modules, minor API change for Auth
489 domains (new 'delete' parameter)
491 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
493 libpve-access-control (1.0-21) unstable; urgency=low
495 * do not allow user names including slash
497 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
499 libpve-access-control (1.0-20) unstable; urgency=low
501 * add ability to fork cli workers in background
503 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
505 libpve-access-control (1.0-19) unstable; urgency=low
507 * return set of privileges on login - can be used to adopt GUI
509 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
511 libpve-access-control (1.0-18) unstable; urgency=low
513 * fix bug #151: corretly parse username inside ticket
515 * fix bug #152: allow user to change his own password
517 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
519 libpve-access-control (1.0-17) unstable; urgency=low
521 * set propagate flag by default
523 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
525 libpve-access-control (1.0-16) unstable; urgency=low
527 * add 'pveum passwd' method
529 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
531 libpve-access-control (1.0-15) unstable; urgency=low
533 * Add VM.Config.CDROM privilege to PVEVMUser rule
535 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
537 libpve-access-control (1.0-14) unstable; urgency=low
539 * fix buf in userid-param permission check
541 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
543 libpve-access-control (1.0-13) unstable; urgency=low
545 * allow more characters in ldap base_dn attribute
547 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
549 libpve-access-control (1.0-12) unstable; urgency=low
551 * allow more characters with realm IDs
553 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
555 libpve-access-control (1.0-11) unstable; urgency=low
557 * fix bug in exec_api2_perm_check
559 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
561 libpve-access-control (1.0-10) unstable; urgency=low
563 * fix ACL group name parser
565 * changed 'pveum aclmod' command line arguments
567 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
569 libpve-access-control (1.0-9) unstable; urgency=low
571 * fix bug in check_volume_access (fixes vzrestore)
573 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
575 libpve-access-control (1.0-8) unstable; urgency=low
577 * fix return value for empty ACL list.
579 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
581 libpve-access-control (1.0-7) unstable; urgency=low
583 * fix bug #85: allow root@pam to generate tickets for other users
585 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
587 libpve-access-control (1.0-6) unstable; urgency=low
589 * API change: allow to filter enabled/disabled users.
591 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
593 libpve-access-control (1.0-5) unstable; urgency=low
595 * add a way to return file changes (diffs): set_result_changes()
597 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
599 libpve-access-control (1.0-4) unstable; urgency=low
601 * new environment type for ha agents
603 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
605 libpve-access-control (1.0-3) unstable; urgency=low
607 * add support for delayed parameter parsing - We need that to disable
608 file upload for normal API request (avoid DOS attacs)
610 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
612 libpve-access-control (1.0-2) unstable; urgency=low
614 * fix bug in fork_worker
616 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
618 libpve-access-control (1.0-1) unstable; urgency=low
620 * allow '-' in permission paths
622 * bump version to 1.0
624 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
626 libpve-access-control (0.1) unstable; urgency=low
628 * first dummy package - no functionality
630 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200
projects / pve-access-control.git / blob