1 libpve-access-control (7.2-4) bullseye; urgency=medium
3 * fix #4074: increase API OpenID code size limit to 2048
5 * auth key: protect against rare chance of a double rotation in clusters,
6 leaving the potential that some set of nodes have the earlier key cached,
7 that then got rotated out due to the race, resulting in a possible other
8 set of nodes having the newer key cached. This is a split view of the auth
9 key and may resulting in spurious failures if API requests are made to a
10 different node than the ticket was generated on.
11 In addition to that, the "keep validity of old tickets if signed in the
12 last two hours before rotation" logic was disabled too in such a case,
13 making such tickets invalid too early.
14 Note that both are cases where Proxmox VE was too strict, so while this
15 had no security implications it can be a nuisance, especially for
16 environments that use the API through an automated or scripted way
18 -- Proxmox Support Team <support@proxmox.com> Thu, 14 Jul 2022 08:36:51 +0200
20 libpve-access-control (7.2-3) bullseye; urgency=medium
22 * api: token: use userid-group as API perm check to avoid being overly
23 strict through a misguided use of user id for non-root users.
25 * perm check: forbid undefined/empty ACL path for future proofing of against
28 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Jun 2022 15:51:14 +0200
30 libpve-access-control (7.2-2) bullseye; urgency=medium
32 * permissions: merge propagation flag for multiple roles on a path that
33 share privilege in a deterministic way, to avoid that it gets lost
34 depending on perl's random sort, which would result in returing less
35 privileges than an auth-id actually had.
37 * permissions: avoid that token and user privilege intersection is to strict
38 for user permissions that have propagation disabled.
40 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2022 14:02:30 +0200
42 libpve-access-control (7.2-1) bullseye; urgency=medium
44 * user check: fix expiration/enable order
46 -- Proxmox Support Team <support@proxmox.com> Tue, 31 May 2022 13:43:37 +0200
48 libpve-access-control (7.1-8) bullseye; urgency=medium
50 * fix #3668: realm-sync: replace 'full' & 'purge' with 'remove-
53 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Apr 2022 17:02:46 +0200
55 libpve-access-control (7.1-7) bullseye; urgency=medium
57 * userid-group check: distinguish create and update
59 * api: get user: declare token schema
61 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Mar 2022 16:15:23 +0100
63 libpve-access-control (7.1-6) bullseye; urgency=medium
65 * fix #3768: warn on bad u2f or webauthn settings
67 * tfa: when modifying others, verify the current user's password
69 * tfa list: account for admin permissions
71 * fix realm sync permissions
73 * fix token permission display bug
75 * include SDN permissions in permission tree
77 -- Proxmox Support Team <support@proxmox.com> Fri, 21 Jan 2022 14:20:42 +0100
79 libpve-access-control (7.1-5) bullseye; urgency=medium
81 * openid: fix username-claim fallback
83 -- Proxmox Support Team <support@proxmox.com> Thu, 25 Nov 2021 07:57:38 +0100
85 libpve-access-control (7.1-4) bullseye; urgency=medium
87 * set current origin in the webauthn config if no fixed origin was
88 configured, to support webauthn via subdomains
90 -- Proxmox Support Team <support@proxmox.com> Mon, 22 Nov 2021 14:04:06 +0100
92 libpve-access-control (7.1-3) bullseye; urgency=medium
94 * openid: allow arbitrary username-claims
96 * openid: support configuring the prompt, scopes and ACR values
98 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Nov 2021 08:11:52 +0100
100 libpve-access-control (7.1-2) bullseye; urgency=medium
102 * catch incompatible tfa entries with a nice error
104 -- Proxmox Support Team <support@proxmox.com> Wed, 17 Nov 2021 13:44:45 +0100
106 libpve-access-control (7.1-1) bullseye; urgency=medium
108 * tfa: map HTTP 404 error in get_tfa_entry correctly
110 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Nov 2021 15:33:22 +0100
112 libpve-access-control (7.0-7) bullseye; urgency=medium
114 * fix #3513: pass configured proxy to OpenID
116 * use rust based parser for TFA config
118 * use PBS-like auth api call flow,
120 * merge old user.cfg keys to tfa config when adding entries
122 * implement version checks for new tfa config writer to ensure all
123 cluster nodes are ready to avoid login issues
125 * tickets: add tunnel ticket
127 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Nov 2021 18:17:49 +0100
129 libpve-access-control (7.0-6) bullseye; urgency=medium
131 * fix regression in user deletion when realm does not enforce TFA
133 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Oct 2021 12:28:52 +0200
135 libpve-access-control (7.0-5) bullseye; urgency=medium
137 * acl: check path: add /sdn/vnets/* path
139 * fix #2302: allow deletion of users when realm enforces TFA
141 * api: delete user: disable user first to avoid surprise on error during the
142 various cleanup action required for user deletion (e.g., TFA, ACL, group)
144 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Sep 2021 15:50:47 +0200
146 libpve-access-control (7.0-4) bullseye; urgency=medium
148 * realm: add OpenID configuration
150 * api: implement OpenID related endpoints
152 * implement opt-in OpenID autocreate user feature
154 * api: user: add 'realm-type' to user list response
156 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jul 2021 13:45:46 +0200
158 libpve-access-control (7.0-3) bullseye; urgency=medium
160 * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and
161 `/sdn/zones/<zone>` to allowed ACL paths
163 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 10:31:19 +0200
165 libpve-access-control (7.0-2) bullseye; urgency=medium
167 * fix #3402: add Pool.Audit privilege - custom roles containing
168 Pool.Allocate must be updated to include the new privilege.
170 -- Proxmox Support Team <support@proxmox.com> Tue, 1 Jun 2021 11:28:38 +0200
172 libpve-access-control (7.0-1) bullseye; urgency=medium
174 * re-build for Debian 11 Bullseye based releases
176 -- Proxmox Support Team <support@proxmox.com> Sun, 09 May 2021 18:18:23 +0200
178 libpve-access-control (6.4-1) pve; urgency=medium
180 * fix #1670: change PAM service name to project specific name
182 * fix #1500: permission path syntax check for access control
184 * pveum: add resource pool CLI commands
186 -- Proxmox Support Team <support@proxmox.com> Sat, 24 Apr 2021 19:48:21 +0200
188 libpve-access-control (6.1-3) pve; urgency=medium
190 * partially fix #2825: authkey: rotate if it was generated in the
193 * fix #2947: add an option to LDAP or AD realm to switch user lookup to case
196 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200
198 libpve-access-control (6.1-2) pve; urgency=medium
200 * also check SDN permission path when computing coarse permissions heuristic
203 * add SDN Permissions.Modify
205 * add VM.Config.Cloudinit
207 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200
209 libpve-access-control (6.1-1) pve; urgency=medium
211 * pveum: add tfa delete subcommand for deleting user-TFA
213 * LDAP: don't complain about missing credentials on realm removal
215 * LDAP: skip anonymous bind when client certificate and key is configured
217 -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200
219 libpve-access-control (6.0-7) pve; urgency=medium
221 * fix #2575: die when trying to edit built-in roles
223 * add realm sub commands to pveum CLI tool
225 * api: domains: add user group sync API endpoint
227 * allow one to sync and import users and groups from LDAP/AD based realms
229 * realm: add default-sync-options to config for more convenient sync configuration
231 * api: token create: return also full token id for convenience
233 -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
235 libpve-access-control (6.0-6) pve; urgency=medium
237 * API: add group members to group index
239 * implement API token support and management
241 * pveum: add 'pveum user token add/update/remove/list'
243 * pveum: add permissions sub-commands
245 * API: add 'permissions' API endpoint
247 * user.cfg: skip inexisting roles when parsing ACLs
249 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
251 libpve-access-control (6.0-5) pve; urgency=medium
253 * pveum: add list command for users, groups, ACLs and roles
255 * add initial permissions for experimental SDN integration
257 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
259 libpve-access-control (6.0-4) pve; urgency=medium
261 * ticket: use clinfo to get cluster name
263 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
266 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
268 libpve-access-control (6.0-3) pve; urgency=medium
270 * fix #2433: increase possible TFA secret length
272 * parse user configuration: correctly parse group names in ACLs, for users
273 which begin their name with an @
275 * sort user.cfg entries alphabetically
277 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
279 libpve-access-control (6.0-2) pve; urgency=medium
281 * improve CSRF verification compatibility with newer PVE
283 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
285 libpve-access-control (6.0-1) pve; urgency=medium
287 * ticket: properly verify exactly 5 minute old tickets
289 * use hmac_sha256 instead of sha1 for CSRF token generation
291 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
293 libpve-access-control (6.0-0+1) pve; urgency=medium
295 * bump for Debian buster
297 * fix #2079: add periodic auth key rotation
299 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
301 libpve-access-control (5.1-10) unstable; urgency=medium
303 * add /access/user/{id}/tfa api call to get tfa types
305 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
307 libpve-access-control (5.1-9) unstable; urgency=medium
309 * store the tfa type in user.cfg allowing to get it without proxying the call
310 to a higher privileged daemon.
312 * tfa: realm required TFA should lock out users without TFA configured, as it
313 was done before Proxmox VE 5.4
315 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
317 libpve-access-control (5.1-8) unstable; urgency=medium
319 * U2F: ensure we save correct public key on registration
321 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
323 libpve-access-control (5.1-7) unstable; urgency=medium
325 * verify_ticket: allow general non-challenge tfa to be run as two step
328 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
330 libpve-access-control (5.1-6) unstable; urgency=medium
332 * more general 2FA configuration via priv/tfa.cfg
334 * add u2f api endpoints
336 * delete TFA entries when deleting a user
338 * allow users to change their TOTP settings
340 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
342 libpve-access-control (5.1-5) unstable; urgency=medium
344 * fix vnc ticket verification without authkey lifetime
346 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
348 libpve-access-control (5.1-4) unstable; urgency=medium
350 * fix #1891: Add zsh command completion for pveum
352 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
353 to avoid issues on upgrade, will be enabled with 6.0
355 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
357 libpve-access-control (5.1-3) unstable; urgency=medium
359 * api/ticket: move getting cluster name into an eval
361 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
363 libpve-access-control (5.1-2) unstable; urgency=medium
365 * fix #1998: correct return properties for read_role
367 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
369 libpve-access-control (5.1-1) unstable; urgency=medium
371 * pveum: introduce sub-commands
373 * register userid with completion
375 * fix #233: return cluster name on successful login
377 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
379 libpve-access-control (5.0-8) unstable; urgency=medium
381 * fix #1612: ldap: make 2nd server work with bind domains again
383 * fix an error message where passing a bad pool id to an API function would
384 make it complain about a wrong group name instead
386 * fix the API-returned permission list so that the GUI knows to show the
387 'Permissions' tab for a storage to an administrator apart from root@pam
389 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
391 libpve-access-control (5.0-7) unstable; urgency=medium
393 * VM.Snapshot.Rollback privilege added
395 * api: check for special roles before locking the usercfg
397 * fix #1501: pveum: die when deleting special role
399 * API/ticket: rework coarse grained permission computation
401 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
403 libpve-access-control (5.0-6) unstable; urgency=medium
405 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
406 'verify' option. For compatibility reasons this defaults to off for now,
407 but that might change with future updates.
409 * AD, LDAP: Add ability to specify a CA path or file, and a client
410 certificate via the 'capath', 'cert' and 'certkey' options.
412 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
414 libpve-access-control (5.0-5) unstable; urgency=medium
416 * change from dpkg-deb to dpkg-buildpackage
418 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
420 libpve-access-control (5.0-4) unstable; urgency=medium
422 * PVE/CLI/pveum.pm: call setup_default_cli_env()
424 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
426 * check_api2_permissions: avoid warning about uninitialized value
428 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
430 libpve-access-control (5.0-3) unstable; urgency=medium
432 * use new PVE::OTP class from pve-common
434 * use new PVE::Tools::encrypt_pw from pve-common
436 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
438 libpve-access-control (5.0-2) unstable; urgency=medium
440 * encrypt_pw: avoid '+' for crypt salt
442 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
444 libpve-access-control (5.0-1) unstable; urgency=medium
446 * rebuild for PVE 5.0
448 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
450 libpve-access-control (4.0-23) unstable; urgency=medium
452 * use new PVE::Ticket class
454 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
456 libpve-access-control (4.0-22) unstable; urgency=medium
458 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
459 (moved to PVE::Storage)
461 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
463 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
465 libpve-access-control (4.0-21) unstable; urgency=medium
467 * setup_default_cli_env: expect $class as first parameter
469 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
471 libpve-access-control (4.0-20) unstable; urgency=medium
473 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
475 * PVE/API2/Domains.pm: fix property description
477 * use new repoman for upload target
479 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
481 libpve-access-control (4.0-19) unstable; urgency=medium
483 * Close #833: ldap: non-anonymous bind support
485 * don't import 'RFC' from MIME::Base32
487 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
489 libpve-access-control (4.0-18) unstable; urgency=medium
491 * fix #1062: recognize base32 otp keys again
493 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
495 libpve-access-control (4.0-17) unstable; urgency=medium
497 * drop oathtool and libdigest-hmac-perl dependencies
499 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
501 libpve-access-control (4.0-16) unstable; urgency=medium
503 * use pve-doc-generator to generate man pages
505 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
507 libpve-access-control (4.0-15) unstable; urgency=medium
509 * Fix uninitialized warning when shadow.cfg does not exist
511 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
513 libpve-access-control (4.0-14) unstable; urgency=medium
515 * Add is_worker to RPCEnvironment
517 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
519 libpve-access-control (4.0-13) unstable; urgency=medium
521 * fix #916: allow HTTPS to access custom yubico url
523 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
525 libpve-access-control (4.0-12) unstable; urgency=medium
527 * Catch certificate errors instead of segfaulting
529 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
531 libpve-access-control (4.0-11) unstable; urgency=medium
533 * Fix #861: use safer sprintf formatting
535 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
537 libpve-access-control (4.0-10) unstable; urgency=medium
539 * Auth::LDAP, Auth::AD: ipv6 support
541 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
543 libpve-access-control (4.0-9) unstable; urgency=medium
545 * pveum: implement bash completion
547 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
549 libpve-access-control (4.0-8) unstable; urgency=medium
551 * remove_storage_access: cleanup of access permissions for removed storage
553 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
555 libpve-access-control (4.0-7) unstable; urgency=medium
557 * new helper to remove access permissions for removed VMs
559 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
561 libpve-access-control (4.0-6) unstable; urgency=medium
563 * improve parse_user_config, parse_shadow_config
565 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
567 libpve-access-control (4.0-5) unstable; urgency=medium
569 * pveum: check for $cmd being defined
571 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
573 libpve-access-control (4.0-4) unstable; urgency=medium
575 * use activate-noawait triggers
577 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
579 libpve-access-control (4.0-3) unstable; urgency=medium
585 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
587 libpve-access-control (4.0-2) unstable; urgency=medium
589 * trigger pve-api-updates event
591 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
593 libpve-access-control (4.0-1) unstable; urgency=medium
595 * bump version for Debian Jessie
597 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
599 libpve-access-control (3.0-16) unstable; urgency=low
601 * root@pam can now be disabled in GUI.
603 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
605 libpve-access-control (3.0-15) unstable; urgency=low
607 * oath: add 'step' and 'digits' option
609 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
611 libpve-access-control (3.0-14) unstable; urgency=low
613 * add oath two factor auth
615 * add oathkeygen binary to generate keys for oath
617 * add yubico two factor auth
621 * depend on libmime-base32-perl
623 * allow to write builtin auth domains config (comment/tfa/default)
625 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
627 libpve-access-control (3.0-13) unstable; urgency=low
629 * use correct connection string for AD auth
631 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
633 libpve-access-control (3.0-12) unstable; urgency=low
635 * add dummy API for GET /access/ticket (useful to generate login pages)
637 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
639 libpve-access-control (3.0-11) unstable; urgency=low
641 * Sets common hot keys for spice client
643 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
645 libpve-access-control (3.0-10) unstable; urgency=low
647 * implement helper to generate SPICE remote-viewer configuration
649 * depend on libnet-ssleay-perl
651 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
653 libpve-access-control (3.0-9) unstable; urgency=low
655 * prevent user enumeration attacks
657 * allow dots in access paths
659 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
661 libpve-access-control (3.0-8) unstable; urgency=low
663 * spice: use lowercase hostname in ticktet signature
665 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
667 libpve-access-control (3.0-7) unstable; urgency=low
669 * check_volume_access : use parse_volname instead of path, and remove
672 * use warnings instead of global -w flag.
674 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
676 libpve-access-control (3.0-6) unstable; urgency=low
678 * use shorter spiceproxy tickets
680 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
682 libpve-access-control (3.0-5) unstable; urgency=low
684 * add code to generate tickets for SPICE
686 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
688 libpve-access-control (3.0-4) unstable; urgency=low
690 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
692 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
694 libpve-access-control (3.0-3) unstable; urgency=low
696 * Add new role PVETemplateUser (and VM.Clone privilege)
698 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
700 libpve-access-control (3.0-2) unstable; urgency=low
702 * remove CGI.pm related code (pveproxy does not need that)
704 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
706 libpve-access-control (3.0-1) unstable; urgency=low
708 * bump version for wheezy release
710 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
712 libpve-access-control (1.0-26) unstable; urgency=low
714 * check_volume_access: fix access permissions for backup files
716 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
718 libpve-access-control (1.0-25) unstable; urgency=low
720 * add VM.Snapshot permission
722 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
724 libpve-access-control (1.0-24) unstable; urgency=low
726 * untaint path (allow root to restore arbitrary paths)
728 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
730 libpve-access-control (1.0-23) unstable; urgency=low
732 * correctly compute GUI capabilities (consider pools)
734 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
736 libpve-access-control (1.0-22) unstable; urgency=low
738 * new plugin architecture for Auth modules, minor API change for Auth
739 domains (new 'delete' parameter)
741 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
743 libpve-access-control (1.0-21) unstable; urgency=low
745 * do not allow user names including slash
747 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
749 libpve-access-control (1.0-20) unstable; urgency=low
751 * add ability to fork cli workers in background
753 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
755 libpve-access-control (1.0-19) unstable; urgency=low
757 * return set of privileges on login - can be used to adopt GUI
759 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
761 libpve-access-control (1.0-18) unstable; urgency=low
763 * fix bug #151: correctly parse username inside ticket
765 * fix bug #152: allow user to change his own password
767 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
769 libpve-access-control (1.0-17) unstable; urgency=low
771 * set propagate flag by default
773 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
775 libpve-access-control (1.0-16) unstable; urgency=low
777 * add 'pveum passwd' method
779 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
781 libpve-access-control (1.0-15) unstable; urgency=low
783 * Add VM.Config.CDROM privilege to PVEVMUser rule
785 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
787 libpve-access-control (1.0-14) unstable; urgency=low
789 * fix buf in userid-param permission check
791 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
793 libpve-access-control (1.0-13) unstable; urgency=low
795 * allow more characters in ldap base_dn attribute
797 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
799 libpve-access-control (1.0-12) unstable; urgency=low
801 * allow more characters with realm IDs
803 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
805 libpve-access-control (1.0-11) unstable; urgency=low
807 * fix bug in exec_api2_perm_check
809 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
811 libpve-access-control (1.0-10) unstable; urgency=low
813 * fix ACL group name parser
815 * changed 'pveum aclmod' command line arguments
817 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
819 libpve-access-control (1.0-9) unstable; urgency=low
821 * fix bug in check_volume_access (fixes vzrestore)
823 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
825 libpve-access-control (1.0-8) unstable; urgency=low
827 * fix return value for empty ACL list.
829 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
831 libpve-access-control (1.0-7) unstable; urgency=low
833 * fix bug #85: allow root@pam to generate tickets for other users
835 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
837 libpve-access-control (1.0-6) unstable; urgency=low
839 * API change: allow to filter enabled/disabled users.
841 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
843 libpve-access-control (1.0-5) unstable; urgency=low
845 * add a way to return file changes (diffs): set_result_changes()
847 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
849 libpve-access-control (1.0-4) unstable; urgency=low
851 * new environment type for ha agents
853 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
855 libpve-access-control (1.0-3) unstable; urgency=low
857 * add support for delayed parameter parsing - We need that to disable
858 file upload for normal API request (avoid DOS attacks)
860 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
862 libpve-access-control (1.0-2) unstable; urgency=low
864 * fix bug in fork_worker
866 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
868 libpve-access-control (1.0-1) unstable; urgency=low
870 * allow '-' in permission paths
872 * bump version to 1.0
874 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
876 libpve-access-control (0.1) unstable; urgency=low
878 * first dummy package - no functionality
880 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200