1 libpve-access-control (6.0-1) pve; urgency=medium
3 * ticket: properly verify exactly 5 minute old tickets
5 * use hmac_sha256 instead of sha1 for CSRF token generation
7 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
9 libpve-access-control (6.0-0+1) pve; urgency=medium
11 * bump for Debian buster
13 * fix #2079: add periodic auth key rotation
15 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
17 libpve-access-control (5.1-10) unstable; urgency=medium
19 * add /access/user/{id}/tfa api call to get tfa types
21 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
23 libpve-access-control (5.1-9) unstable; urgency=medium
25 * store the tfa type in user.cfg allowing to get it without proxying the call
26 to a higher priviledged daemon.
28 * tfa: realm required TFA should lock out users without TFA configured, as it
29 was done before Proxmox VE 5.4
31 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
33 libpve-access-control (5.1-8) unstable; urgency=medium
35 * U2F: ensure we save correct public key on registration
37 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
39 libpve-access-control (5.1-7) unstable; urgency=medium
41 * verify_ticket: allow general non-challenge tfa to be run as two step
44 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
46 libpve-access-control (5.1-6) unstable; urgency=medium
48 * more general 2FA configuration via priv/tfa.cfg
50 * add u2f api endpoints
52 * delete TFA entries when deleting a user
54 * allow users to change their TOTP settings
56 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
58 libpve-access-control (5.1-5) unstable; urgency=medium
60 * fix vnc ticket verification without authkey lifetime
62 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
64 libpve-access-control (5.1-4) unstable; urgency=medium
66 * fix #1891: Add zsh command completion for pveum
68 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
69 to avoid issues on upgrade, will be enabled with 6.0
71 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
73 libpve-access-control (5.1-3) unstable; urgency=medium
75 * api/ticket: move getting cluster name into an eval
77 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
79 libpve-access-control (5.1-2) unstable; urgency=medium
81 * fix #1998: correct return properties for read_role
83 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
85 libpve-access-control (5.1-1) unstable; urgency=medium
87 * pveum: introduce sub-commands
89 * register userid with completion
91 * fix #233: return cluster name on successful login
93 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
95 libpve-access-control (5.0-8) unstable; urgency=medium
97 * fix #1612: ldap: make 2nd server work with bind domains again
99 * fix an error message where passing a bad pool id to an API function would
100 make it complain about a wrong group name instead
102 * fix the API-returned permission list so that the GUI knows to show the
103 'Permissions' tab for a storage to an administrator apart from root@pam
105 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
107 libpve-access-control (5.0-7) unstable; urgency=medium
109 * VM.Snapshot.Rollback privilege added
111 * api: check for special roles before locking the usercfg
113 * fix #1501: pveum: die when deleting special role
115 * API/ticket: rework coarse grained permission computation
117 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
119 libpve-access-control (5.0-6) unstable; urgency=medium
121 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
122 'verify' option. For compatibility reasons this defaults to off for now,
123 but that might change with future updates.
125 * AD, LDAP: Add ability to specify a CA path or file, and a client
126 certificate via the 'capath', 'cert' and 'certkey' options.
128 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
130 libpve-access-control (5.0-5) unstable; urgency=medium
132 * change from dpkg-deb to dpkg-buildpackage
134 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
136 libpve-access-control (5.0-4) unstable; urgency=medium
138 * PVE/CLI/pveum.pm: call setup_default_cli_env()
140 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
142 * check_api2_permissions: avoid warning about uninitialized value
144 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
146 libpve-access-control (5.0-3) unstable; urgency=medium
148 * use new PVE::OTP class from pve-common
150 * use new PVE::Tools::encrypt_pw from pve-common
152 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
154 libpve-access-control (5.0-2) unstable; urgency=medium
156 * encrypt_pw: avoid '+' for crypt salt
158 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
160 libpve-access-control (5.0-1) unstable; urgency=medium
162 * rebuild for PVE 5.0
164 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
166 libpve-access-control (4.0-23) unstable; urgency=medium
168 * use new PVE::Ticket class
170 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
172 libpve-access-control (4.0-22) unstable; urgency=medium
174 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
175 (moved to PVE::Storage)
177 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
179 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
181 libpve-access-control (4.0-21) unstable; urgency=medium
183 * setup_default_cli_env: expect $class as first parameter
185 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
187 libpve-access-control (4.0-20) unstable; urgency=medium
189 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
191 * PVE/API2/Domains.pm: fix property description
193 * use new repoman for upload target
195 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
197 libpve-access-control (4.0-19) unstable; urgency=medium
199 * Close #833: ldap: non-anonymous bind support
201 * don't import 'RFC' from MIME::Base32
203 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
205 libpve-access-control (4.0-18) unstable; urgency=medium
207 * fix #1062: recognize base32 otp keys again
209 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
211 libpve-access-control (4.0-17) unstable; urgency=medium
213 * drop oathtool and libdigest-hmac-perl dependencies
215 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
217 libpve-access-control (4.0-16) unstable; urgency=medium
219 * use pve-doc-generator to generate man pages
221 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
223 libpve-access-control (4.0-15) unstable; urgency=medium
225 * Fix uninitialized warning when shadow.cfg does not exist
227 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
229 libpve-access-control (4.0-14) unstable; urgency=medium
231 * Add is_worker to RPCEnvironment
233 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
235 libpve-access-control (4.0-13) unstable; urgency=medium
237 * fix #916: allow HTTPS to access custom yubico url
239 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
241 libpve-access-control (4.0-12) unstable; urgency=medium
243 * Catch certificate errors instead of segfaulting
245 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
247 libpve-access-control (4.0-11) unstable; urgency=medium
249 * Fix #861: use safer sprintf formatting
251 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
253 libpve-access-control (4.0-10) unstable; urgency=medium
255 * Auth::LDAP, Auth::AD: ipv6 support
257 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
259 libpve-access-control (4.0-9) unstable; urgency=medium
261 * pveum: implement bash completion
263 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
265 libpve-access-control (4.0-8) unstable; urgency=medium
267 * remove_storage_access: cleanup of access permissions for removed storage
269 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
271 libpve-access-control (4.0-7) unstable; urgency=medium
273 * new helper to remove access permissions for removed VMs
275 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
277 libpve-access-control (4.0-6) unstable; urgency=medium
279 * improve parse_user_config, parse_shadow_config
281 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
283 libpve-access-control (4.0-5) unstable; urgency=medium
285 * pveum: check for $cmd being defined
287 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
289 libpve-access-control (4.0-4) unstable; urgency=medium
291 * use activate-noawait triggers
293 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
295 libpve-access-control (4.0-3) unstable; urgency=medium
301 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
303 libpve-access-control (4.0-2) unstable; urgency=medium
305 * trigger pve-api-updates event
307 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
309 libpve-access-control (4.0-1) unstable; urgency=medium
311 * bump version for Debian Jessie
313 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
315 libpve-access-control (3.0-16) unstable; urgency=low
317 * root@pam can now be disabled in GUI.
319 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
321 libpve-access-control (3.0-15) unstable; urgency=low
323 * oath: add 'step' and 'digits' option
325 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
327 libpve-access-control (3.0-14) unstable; urgency=low
329 * add oath two factor auth
331 * add oathkeygen binary to generate keys for oath
333 * add yubico two factor auth
337 * depend on libmime-base32-perl
339 * allow to write builtin auth domains config (comment/tfa/default)
341 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
343 libpve-access-control (3.0-13) unstable; urgency=low
345 * use correct connection string for AD auth
347 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
349 libpve-access-control (3.0-12) unstable; urgency=low
351 * add dummy API for GET /access/ticket (useful to generate login pages)
353 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
355 libpve-access-control (3.0-11) unstable; urgency=low
357 * Sets common hot keys for spice client
359 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
361 libpve-access-control (3.0-10) unstable; urgency=low
363 * implement helper to generate SPICE remote-viewer configuration
365 * depend on libnet-ssleay-perl
367 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
369 libpve-access-control (3.0-9) unstable; urgency=low
371 * prevent user enumeration attacks
373 * allow dots in access paths
375 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
377 libpve-access-control (3.0-8) unstable; urgency=low
379 * spice: use lowercase hostname in ticktet signature
381 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
383 libpve-access-control (3.0-7) unstable; urgency=low
385 * check_volume_access : use parse_volname instead of path, and remove
388 * use warnings instead of global -w flag.
390 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
392 libpve-access-control (3.0-6) unstable; urgency=low
394 * use shorter spiceproxy tickets
396 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
398 libpve-access-control (3.0-5) unstable; urgency=low
400 * add code to generate tickets for SPICE
402 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
404 libpve-access-control (3.0-4) unstable; urgency=low
406 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
408 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
410 libpve-access-control (3.0-3) unstable; urgency=low
412 * Add new role PVETemplateUser (and VM.Clone priviledge)
414 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
416 libpve-access-control (3.0-2) unstable; urgency=low
418 * remove CGI.pm related code (pveproxy does not need that)
420 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
422 libpve-access-control (3.0-1) unstable; urgency=low
424 * bump version for wheezy release
426 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
428 libpve-access-control (1.0-26) unstable; urgency=low
430 * check_volume_access: fix access permissions for backup files
432 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
434 libpve-access-control (1.0-25) unstable; urgency=low
436 * add VM.Snapshot permission
438 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
440 libpve-access-control (1.0-24) unstable; urgency=low
442 * untaint path (allow root to restore arbitrary paths)
444 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
446 libpve-access-control (1.0-23) unstable; urgency=low
448 * correctly compute GUI capabilities (consider pools)
450 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
452 libpve-access-control (1.0-22) unstable; urgency=low
454 * new plugin architecture for Auth modules, minor API change for Auth
455 domains (new 'delete' parameter)
457 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
459 libpve-access-control (1.0-21) unstable; urgency=low
461 * do not allow user names including slash
463 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
465 libpve-access-control (1.0-20) unstable; urgency=low
467 * add ability to fork cli workers in background
469 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
471 libpve-access-control (1.0-19) unstable; urgency=low
473 * return set of privileges on login - can be used to adopt GUI
475 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
477 libpve-access-control (1.0-18) unstable; urgency=low
479 * fix bug #151: corretly parse username inside ticket
481 * fix bug #152: allow user to change his own password
483 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
485 libpve-access-control (1.0-17) unstable; urgency=low
487 * set propagate flag by default
489 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
491 libpve-access-control (1.0-16) unstable; urgency=low
493 * add 'pveum passwd' method
495 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
497 libpve-access-control (1.0-15) unstable; urgency=low
499 * Add VM.Config.CDROM privilege to PVEVMUser rule
501 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
503 libpve-access-control (1.0-14) unstable; urgency=low
505 * fix buf in userid-param permission check
507 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
509 libpve-access-control (1.0-13) unstable; urgency=low
511 * allow more characters in ldap base_dn attribute
513 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
515 libpve-access-control (1.0-12) unstable; urgency=low
517 * allow more characters with realm IDs
519 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
521 libpve-access-control (1.0-11) unstable; urgency=low
523 * fix bug in exec_api2_perm_check
525 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
527 libpve-access-control (1.0-10) unstable; urgency=low
529 * fix ACL group name parser
531 * changed 'pveum aclmod' command line arguments
533 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
535 libpve-access-control (1.0-9) unstable; urgency=low
537 * fix bug in check_volume_access (fixes vzrestore)
539 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
541 libpve-access-control (1.0-8) unstable; urgency=low
543 * fix return value for empty ACL list.
545 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
547 libpve-access-control (1.0-7) unstable; urgency=low
549 * fix bug #85: allow root@pam to generate tickets for other users
551 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
553 libpve-access-control (1.0-6) unstable; urgency=low
555 * API change: allow to filter enabled/disabled users.
557 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
559 libpve-access-control (1.0-5) unstable; urgency=low
561 * add a way to return file changes (diffs): set_result_changes()
563 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
565 libpve-access-control (1.0-4) unstable; urgency=low
567 * new environment type for ha agents
569 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
571 libpve-access-control (1.0-3) unstable; urgency=low
573 * add support for delayed parameter parsing - We need that to disable
574 file upload for normal API request (avoid DOS attacs)
576 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
578 libpve-access-control (1.0-2) unstable; urgency=low
580 * fix bug in fork_worker
582 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
584 libpve-access-control (1.0-1) unstable; urgency=low
586 * allow '-' in permission paths
588 * bump version to 1.0
590 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
592 libpve-access-control (0.1) unstable; urgency=low
594 * first dummy package - no functionality
596 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200