]> git.proxmox.com Git - pve-access-control.git/blob - debian/changelog
projects / pve-access-control.git / blob
? search:


712966d4116810336e1d58550b48aaa175766ece
[pve-access-control.git] / debian / changelog
1 libpve-access-control (6.0-1) pve; urgency=medium
2
3 * ticket: properly verify exactly 5 minute old tickets
4
5 * use hmac_sha256 instead of sha1 for CSRF token generation
6
7 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
8
9 libpve-access-control (6.0-0+1) pve; urgency=medium
10
11 * bump for Debian buster
12
13 * fix #2079: add periodic auth key rotation
14
15 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
16
17 libpve-access-control (5.1-10) unstable; urgency=medium
18
19 * add /access/user/{id}/tfa api call to get tfa types
20
21 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
22
23 libpve-access-control (5.1-9) unstable; urgency=medium
24
25 * store the tfa type in user.cfg allowing to get it without proxying the call
26 to a higher priviledged daemon.
27
28 * tfa: realm required TFA should lock out users without TFA configured, as it
29 was done before Proxmox VE 5.4
30
31 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
32
33 libpve-access-control (5.1-8) unstable; urgency=medium
34
35 * U2F: ensure we save correct public key on registration
36
37 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
38
39 libpve-access-control (5.1-7) unstable; urgency=medium
40
41 * verify_ticket: allow general non-challenge tfa to be run as two step
42 call
43
44 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
45
46 libpve-access-control (5.1-6) unstable; urgency=medium
47
48 * more general 2FA configuration via priv/tfa.cfg
49
50 * add u2f api endpoints
51
52 * delete TFA entries when deleting a user
53
54 * allow users to change their TOTP settings
55
56 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
57
58 libpve-access-control (5.1-5) unstable; urgency=medium
59
60 * fix vnc ticket verification without authkey lifetime
61
62 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
63
64 libpve-access-control (5.1-4) unstable; urgency=medium
65
66 * fix #1891: Add zsh command completion for pveum
67
68 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
69 to avoid issues on upgrade, will be enabled with 6.0
70
71 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
72
73 libpve-access-control (5.1-3) unstable; urgency=medium
74
75 * api/ticket: move getting cluster name into an eval
76
77 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
78
79 libpve-access-control (5.1-2) unstable; urgency=medium
80
81 * fix #1998: correct return properties for read_role
82
83 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
84
85 libpve-access-control (5.1-1) unstable; urgency=medium
86
87 * pveum: introduce sub-commands
88
89 * register userid with completion
90
91 * fix #233: return cluster name on successful login
92
93 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
94
95 libpve-access-control (5.0-8) unstable; urgency=medium
96
97 * fix #1612: ldap: make 2nd server work with bind domains again
98
99 * fix an error message where passing a bad pool id to an API function would
100 make it complain about a wrong group name instead
101
102 * fix the API-returned permission list so that the GUI knows to show the
103 'Permissions' tab for a storage to an administrator apart from root@pam
104
105 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
106
107 libpve-access-control (5.0-7) unstable; urgency=medium
108
109 * VM.Snapshot.Rollback privilege added
110
111 * api: check for special roles before locking the usercfg
112
113 * fix #1501: pveum: die when deleting special role
114
115 * API/ticket: rework coarse grained permission computation
116
117 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
118
119 libpve-access-control (5.0-6) unstable; urgency=medium
120
121 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
122 'verify' option. For compatibility reasons this defaults to off for now,
123 but that might change with future updates.
124
125 * AD, LDAP: Add ability to specify a CA path or file, and a client
126 certificate via the 'capath', 'cert' and 'certkey' options.
127
128 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
129
130 libpve-access-control (5.0-5) unstable; urgency=medium
131
132 * change from dpkg-deb to dpkg-buildpackage
133
134 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
135
136 libpve-access-control (5.0-4) unstable; urgency=medium
137
138 * PVE/CLI/pveum.pm: call setup_default_cli_env()
139
140 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
141
142 * check_api2_permissions: avoid warning about uninitialized value
143
144 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
145
146 libpve-access-control (5.0-3) unstable; urgency=medium
147
148 * use new PVE::OTP class from pve-common
149
150 * use new PVE::Tools::encrypt_pw from pve-common
151
152 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
153
154 libpve-access-control (5.0-2) unstable; urgency=medium
155
156 * encrypt_pw: avoid '+' for crypt salt
157
158 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
159
160 libpve-access-control (5.0-1) unstable; urgency=medium
161
162 * rebuild for PVE 5.0
163
164 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
165
166 libpve-access-control (4.0-23) unstable; urgency=medium
167
168 * use new PVE::Ticket class
169
170 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
171
172 libpve-access-control (4.0-22) unstable; urgency=medium
173
174 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
175 (moved to PVE::Storage)
176
177 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
178
179 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
180
181 libpve-access-control (4.0-21) unstable; urgency=medium
182
183 * setup_default_cli_env: expect $class as first parameter
184
185 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
186
187 libpve-access-control (4.0-20) unstable; urgency=medium
188
189 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
190
191 * PVE/API2/Domains.pm: fix property description
192
193 * use new repoman for upload target
194
195 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
196
197 libpve-access-control (4.0-19) unstable; urgency=medium
198
199 * Close #833: ldap: non-anonymous bind support
200
201 * don't import 'RFC' from MIME::Base32
202
203 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
204
205 libpve-access-control (4.0-18) unstable; urgency=medium
206
207 * fix #1062: recognize base32 otp keys again
208
209 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
210
211 libpve-access-control (4.0-17) unstable; urgency=medium
212
213 * drop oathtool and libdigest-hmac-perl dependencies
214
215 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
216
217 libpve-access-control (4.0-16) unstable; urgency=medium
218
219 * use pve-doc-generator to generate man pages
220
221 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
222
223 libpve-access-control (4.0-15) unstable; urgency=medium
224
225 * Fix uninitialized warning when shadow.cfg does not exist
226
227 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
228
229 libpve-access-control (4.0-14) unstable; urgency=medium
230
231 * Add is_worker to RPCEnvironment
232
233 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
234
235 libpve-access-control (4.0-13) unstable; urgency=medium
236
237 * fix #916: allow HTTPS to access custom yubico url
238
239 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
240
241 libpve-access-control (4.0-12) unstable; urgency=medium
242
243 * Catch certificate errors instead of segfaulting
244
245 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
246
247 libpve-access-control (4.0-11) unstable; urgency=medium
248
249 * Fix #861: use safer sprintf formatting
250
251 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
252
253 libpve-access-control (4.0-10) unstable; urgency=medium
254
255 * Auth::LDAP, Auth::AD: ipv6 support
256
257 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
258
259 libpve-access-control (4.0-9) unstable; urgency=medium
260
261 * pveum: implement bash completion
262
263 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
264
265 libpve-access-control (4.0-8) unstable; urgency=medium
266
267 * remove_storage_access: cleanup of access permissions for removed storage
268
269 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
270
271 libpve-access-control (4.0-7) unstable; urgency=medium
272
273 * new helper to remove access permissions for removed VMs
274
275 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
276
277 libpve-access-control (4.0-6) unstable; urgency=medium
278
279 * improve parse_user_config, parse_shadow_config
280
281 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
282
283 libpve-access-control (4.0-5) unstable; urgency=medium
284
285 * pveum: check for $cmd being defined
286
287 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
288
289 libpve-access-control (4.0-4) unstable; urgency=medium
290
291 * use activate-noawait triggers
292
293 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
294
295 libpve-access-control (4.0-3) unstable; urgency=medium
296
297 * IPv6 fixes
298
299 * non-root buildfix
300
301 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
302
303 libpve-access-control (4.0-2) unstable; urgency=medium
304
305 * trigger pve-api-updates event
306
307 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
308
309 libpve-access-control (4.0-1) unstable; urgency=medium
310
311 * bump version for Debian Jessie
312
313 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
314
315 libpve-access-control (3.0-16) unstable; urgency=low
316
317 * root@pam can now be disabled in GUI.
318
319 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
320
321 libpve-access-control (3.0-15) unstable; urgency=low
322
323 * oath: add 'step' and 'digits' option
324
325 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
326
327 libpve-access-control (3.0-14) unstable; urgency=low
328
329 * add oath two factor auth
330
331 * add oathkeygen binary to generate keys for oath
332
333 * add yubico two factor auth
334
335 * dedend on oathtool
336
337 * depend on libmime-base32-perl
338
339 * allow to write builtin auth domains config (comment/tfa/default)
340
341 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
342
343 libpve-access-control (3.0-13) unstable; urgency=low
344
345 * use correct connection string for AD auth
346
347 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
348
349 libpve-access-control (3.0-12) unstable; urgency=low
350
351 * add dummy API for GET /access/ticket (useful to generate login pages)
352
353 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
354
355 libpve-access-control (3.0-11) unstable; urgency=low
356
357 * Sets common hot keys for spice client
358
359 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
360
361 libpve-access-control (3.0-10) unstable; urgency=low
362
363 * implement helper to generate SPICE remote-viewer configuration
364
365 * depend on libnet-ssleay-perl
366
367 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
368
369 libpve-access-control (3.0-9) unstable; urgency=low
370
371 * prevent user enumeration attacks
372
373 * allow dots in access paths
374
375 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
376
377 libpve-access-control (3.0-8) unstable; urgency=low
378
379 * spice: use lowercase hostname in ticktet signature
380
381 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
382
383 libpve-access-control (3.0-7) unstable; urgency=low
384
385 * check_volume_access : use parse_volname instead of path, and remove
386 path related code.
387
388 * use warnings instead of global -w flag.
389
390 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
391
392 libpve-access-control (3.0-6) unstable; urgency=low
393
394 * use shorter spiceproxy tickets
395
396 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
397
398 libpve-access-control (3.0-5) unstable; urgency=low
399
400 * add code to generate tickets for SPICE
401
402 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
403
404 libpve-access-control (3.0-4) unstable; urgency=low
405
406 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
407
408 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
409
410 libpve-access-control (3.0-3) unstable; urgency=low
411
412 * Add new role PVETemplateUser (and VM.Clone priviledge)
413
414 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
415
416 libpve-access-control (3.0-2) unstable; urgency=low
417
418 * remove CGI.pm related code (pveproxy does not need that)
419
420 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
421
422 libpve-access-control (3.0-1) unstable; urgency=low
423
424 * bump version for wheezy release
425
426 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
427
428 libpve-access-control (1.0-26) unstable; urgency=low
429
430 * check_volume_access: fix access permissions for backup files
431
432 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
433
434 libpve-access-control (1.0-25) unstable; urgency=low
435
436 * add VM.Snapshot permission
437
438 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
439
440 libpve-access-control (1.0-24) unstable; urgency=low
441
442 * untaint path (allow root to restore arbitrary paths)
443
444 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
445
446 libpve-access-control (1.0-23) unstable; urgency=low
447
448 * correctly compute GUI capabilities (consider pools)
449
450 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
451
452 libpve-access-control (1.0-22) unstable; urgency=low
453
454 * new plugin architecture for Auth modules, minor API change for Auth
455 domains (new 'delete' parameter)
456
457 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
458
459 libpve-access-control (1.0-21) unstable; urgency=low
460
461 * do not allow user names including slash
462
463 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
464
465 libpve-access-control (1.0-20) unstable; urgency=low
466
467 * add ability to fork cli workers in background
468
469 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
470
471 libpve-access-control (1.0-19) unstable; urgency=low
472
473 * return set of privileges on login - can be used to adopt GUI
474
475 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
476
477 libpve-access-control (1.0-18) unstable; urgency=low
478
479 * fix bug #151: corretly parse username inside ticket
480
481 * fix bug #152: allow user to change his own password
482
483 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
484
485 libpve-access-control (1.0-17) unstable; urgency=low
486
487 * set propagate flag by default
488
489 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
490
491 libpve-access-control (1.0-16) unstable; urgency=low
492
493 * add 'pveum passwd' method
494
495 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
496
497 libpve-access-control (1.0-15) unstable; urgency=low
498
499 * Add VM.Config.CDROM privilege to PVEVMUser rule
500
501 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
502
503 libpve-access-control (1.0-14) unstable; urgency=low
504
505 * fix buf in userid-param permission check
506
507 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
508
509 libpve-access-control (1.0-13) unstable; urgency=low
510
511 * allow more characters in ldap base_dn attribute
512
513 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
514
515 libpve-access-control (1.0-12) unstable; urgency=low
516
517 * allow more characters with realm IDs
518
519 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
520
521 libpve-access-control (1.0-11) unstable; urgency=low
522
523 * fix bug in exec_api2_perm_check
524
525 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
526
527 libpve-access-control (1.0-10) unstable; urgency=low
528
529 * fix ACL group name parser
530
531 * changed 'pveum aclmod' command line arguments
532
533 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
534
535 libpve-access-control (1.0-9) unstable; urgency=low
536
537 * fix bug in check_volume_access (fixes vzrestore)
538
539 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
540
541 libpve-access-control (1.0-8) unstable; urgency=low
542
543 * fix return value for empty ACL list.
544
545 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
546
547 libpve-access-control (1.0-7) unstable; urgency=low
548
549 * fix bug #85: allow root@pam to generate tickets for other users
550
551 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
552
553 libpve-access-control (1.0-6) unstable; urgency=low
554
555 * API change: allow to filter enabled/disabled users.
556
557 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
558
559 libpve-access-control (1.0-5) unstable; urgency=low
560
561 * add a way to return file changes (diffs): set_result_changes()
562
563 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
564
565 libpve-access-control (1.0-4) unstable; urgency=low
566
567 * new environment type for ha agents
568
569 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
570
571 libpve-access-control (1.0-3) unstable; urgency=low
572
573 * add support for delayed parameter parsing - We need that to disable
574 file upload for normal API request (avoid DOS attacs)
575
576 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
577
578 libpve-access-control (1.0-2) unstable; urgency=low
579
580 * fix bug in fork_worker
581
582 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
583
584 libpve-access-control (1.0-1) unstable; urgency=low
585
586 * allow '-' in permission paths
587
588 * bump version to 1.0
589
590 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
591
592 libpve-access-control (0.1) unstable; urgency=low
593
594 * first dummy package - no functionality
595
596 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200
597
Access control framework