1 libpve-access-control (5.1-7) unstable; urgency=medium
3 * verify_ticket: allow general non-challenge tfa to be run as two step
6 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
8 libpve-access-control (5.1-6) unstable; urgency=medium
10 * more general 2FA configuration via priv/tfa.cfg
12 * add u2f api endpoints
14 * delete TFA entries when deleting a user
16 * allow users to change their TOTP settings
18 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
20 libpve-access-control (5.1-5) unstable; urgency=medium
22 * fix vnc ticket verification without authkey lifetime
24 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
26 libpve-access-control (5.1-4) unstable; urgency=medium
28 * fix #1891: Add zsh command completion for pveum
30 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
31 to avoid issues on upgrade, will be enabled with 6.0
33 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
35 libpve-access-control (5.1-3) unstable; urgency=medium
37 * api/ticket: move getting cluster name into an eval
39 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
41 libpve-access-control (5.1-2) unstable; urgency=medium
43 * fix #1998: correct return properties for read_role
45 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
47 libpve-access-control (5.1-1) unstable; urgency=medium
49 * pveum: introduce sub-commands
51 * register userid with completion
53 * fix #233: return cluster name on successful login
55 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
57 libpve-access-control (5.0-8) unstable; urgency=medium
59 * fix #1612: ldap: make 2nd server work with bind domains again
61 * fix an error message where passing a bad pool id to an API function would
62 make it complain about a wrong group name instead
64 * fix the API-returned permission list so that the GUI knows to show the
65 'Permissions' tab for a storage to an administrator apart from root@pam
67 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
69 libpve-access-control (5.0-7) unstable; urgency=medium
71 * VM.Snapshot.Rollback privilege added
73 * api: check for special roles before locking the usercfg
75 * fix #1501: pveum: die when deleting special role
77 * API/ticket: rework coarse grained permission computation
79 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
81 libpve-access-control (5.0-6) unstable; urgency=medium
83 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
84 'verify' option. For compatibility reasons this defaults to off for now,
85 but that might change with future updates.
87 * AD, LDAP: Add ability to specify a CA path or file, and a client
88 certificate via the 'capath', 'cert' and 'certkey' options.
90 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
92 libpve-access-control (5.0-5) unstable; urgency=medium
94 * change from dpkg-deb to dpkg-buildpackage
96 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
98 libpve-access-control (5.0-4) unstable; urgency=medium
100 * PVE/CLI/pveum.pm: call setup_default_cli_env()
102 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
104 * check_api2_permissions: avoid warning about uninitialized value
106 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
108 libpve-access-control (5.0-3) unstable; urgency=medium
110 * use new PVE::OTP class from pve-common
112 * use new PVE::Tools::encrypt_pw from pve-common
114 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
116 libpve-access-control (5.0-2) unstable; urgency=medium
118 * encrypt_pw: avoid '+' for crypt salt
120 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
122 libpve-access-control (5.0-1) unstable; urgency=medium
124 * rebuild for PVE 5.0
126 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
128 libpve-access-control (4.0-23) unstable; urgency=medium
130 * use new PVE::Ticket class
132 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
134 libpve-access-control (4.0-22) unstable; urgency=medium
136 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
137 (moved to PVE::Storage)
139 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
141 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
143 libpve-access-control (4.0-21) unstable; urgency=medium
145 * setup_default_cli_env: expect $class as first parameter
147 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
149 libpve-access-control (4.0-20) unstable; urgency=medium
151 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
153 * PVE/API2/Domains.pm: fix property description
155 * use new repoman for upload target
157 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
159 libpve-access-control (4.0-19) unstable; urgency=medium
161 * Close #833: ldap: non-anonymous bind support
163 * don't import 'RFC' from MIME::Base32
165 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
167 libpve-access-control (4.0-18) unstable; urgency=medium
169 * fix #1062: recognize base32 otp keys again
171 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
173 libpve-access-control (4.0-17) unstable; urgency=medium
175 * drop oathtool and libdigest-hmac-perl dependencies
177 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
179 libpve-access-control (4.0-16) unstable; urgency=medium
181 * use pve-doc-generator to generate man pages
183 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
185 libpve-access-control (4.0-15) unstable; urgency=medium
187 * Fix uninitialized warning when shadow.cfg does not exist
189 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
191 libpve-access-control (4.0-14) unstable; urgency=medium
193 * Add is_worker to RPCEnvironment
195 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
197 libpve-access-control (4.0-13) unstable; urgency=medium
199 * fix #916: allow HTTPS to access custom yubico url
201 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
203 libpve-access-control (4.0-12) unstable; urgency=medium
205 * Catch certificate errors instead of segfaulting
207 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
209 libpve-access-control (4.0-11) unstable; urgency=medium
211 * Fix #861: use safer sprintf formatting
213 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
215 libpve-access-control (4.0-10) unstable; urgency=medium
217 * Auth::LDAP, Auth::AD: ipv6 support
219 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
221 libpve-access-control (4.0-9) unstable; urgency=medium
223 * pveum: implement bash completion
225 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
227 libpve-access-control (4.0-8) unstable; urgency=medium
229 * remove_storage_access: cleanup of access permissions for removed storage
231 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
233 libpve-access-control (4.0-7) unstable; urgency=medium
235 * new helper to remove access permissions for removed VMs
237 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
239 libpve-access-control (4.0-6) unstable; urgency=medium
241 * improve parse_user_config, parse_shadow_config
243 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
245 libpve-access-control (4.0-5) unstable; urgency=medium
247 * pveum: check for $cmd being defined
249 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
251 libpve-access-control (4.0-4) unstable; urgency=medium
253 * use activate-noawait triggers
255 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
257 libpve-access-control (4.0-3) unstable; urgency=medium
263 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
265 libpve-access-control (4.0-2) unstable; urgency=medium
267 * trigger pve-api-updates event
269 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
271 libpve-access-control (4.0-1) unstable; urgency=medium
273 * bump version for Debian Jessie
275 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
277 libpve-access-control (3.0-16) unstable; urgency=low
279 * root@pam can now be disabled in GUI.
281 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
283 libpve-access-control (3.0-15) unstable; urgency=low
285 * oath: add 'step' and 'digits' option
287 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
289 libpve-access-control (3.0-14) unstable; urgency=low
291 * add oath two factor auth
293 * add oathkeygen binary to generate keys for oath
295 * add yubico two factor auth
299 * depend on libmime-base32-perl
301 * allow to write builtin auth domains config (comment/tfa/default)
303 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
305 libpve-access-control (3.0-13) unstable; urgency=low
307 * use correct connection string for AD auth
309 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
311 libpve-access-control (3.0-12) unstable; urgency=low
313 * add dummy API for GET /access/ticket (useful to generate login pages)
315 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
317 libpve-access-control (3.0-11) unstable; urgency=low
319 * Sets common hot keys for spice client
321 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
323 libpve-access-control (3.0-10) unstable; urgency=low
325 * implement helper to generate SPICE remote-viewer configuration
327 * depend on libnet-ssleay-perl
329 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
331 libpve-access-control (3.0-9) unstable; urgency=low
333 * prevent user enumeration attacks
335 * allow dots in access paths
337 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
339 libpve-access-control (3.0-8) unstable; urgency=low
341 * spice: use lowercase hostname in ticktet signature
343 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
345 libpve-access-control (3.0-7) unstable; urgency=low
347 * check_volume_access : use parse_volname instead of path, and remove
350 * use warnings instead of global -w flag.
352 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
354 libpve-access-control (3.0-6) unstable; urgency=low
356 * use shorter spiceproxy tickets
358 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
360 libpve-access-control (3.0-5) unstable; urgency=low
362 * add code to generate tickets for SPICE
364 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
366 libpve-access-control (3.0-4) unstable; urgency=low
368 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
370 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
372 libpve-access-control (3.0-3) unstable; urgency=low
374 * Add new role PVETemplateUser (and VM.Clone priviledge)
376 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
378 libpve-access-control (3.0-2) unstable; urgency=low
380 * remove CGI.pm related code (pveproxy does not need that)
382 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
384 libpve-access-control (3.0-1) unstable; urgency=low
386 * bump version for wheezy release
388 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
390 libpve-access-control (1.0-26) unstable; urgency=low
392 * check_volume_access: fix access permissions for backup files
394 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
396 libpve-access-control (1.0-25) unstable; urgency=low
398 * add VM.Snapshot permission
400 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
402 libpve-access-control (1.0-24) unstable; urgency=low
404 * untaint path (allow root to restore arbitrary paths)
406 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
408 libpve-access-control (1.0-23) unstable; urgency=low
410 * correctly compute GUI capabilities (consider pools)
412 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
414 libpve-access-control (1.0-22) unstable; urgency=low
416 * new plugin architecture for Auth modules, minor API change for Auth
417 domains (new 'delete' parameter)
419 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
421 libpve-access-control (1.0-21) unstable; urgency=low
423 * do not allow user names including slash
425 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
427 libpve-access-control (1.0-20) unstable; urgency=low
429 * add ability to fork cli workers in background
431 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
433 libpve-access-control (1.0-19) unstable; urgency=low
435 * return set of privileges on login - can be used to adopt GUI
437 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
439 libpve-access-control (1.0-18) unstable; urgency=low
441 * fix bug #151: corretly parse username inside ticket
443 * fix bug #152: allow user to change his own password
445 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
447 libpve-access-control (1.0-17) unstable; urgency=low
449 * set propagate flag by default
451 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
453 libpve-access-control (1.0-16) unstable; urgency=low
455 * add 'pveum passwd' method
457 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
459 libpve-access-control (1.0-15) unstable; urgency=low
461 * Add VM.Config.CDROM privilege to PVEVMUser rule
463 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
465 libpve-access-control (1.0-14) unstable; urgency=low
467 * fix buf in userid-param permission check
469 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
471 libpve-access-control (1.0-13) unstable; urgency=low
473 * allow more characters in ldap base_dn attribute
475 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
477 libpve-access-control (1.0-12) unstable; urgency=low
479 * allow more characters with realm IDs
481 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
483 libpve-access-control (1.0-11) unstable; urgency=low
485 * fix bug in exec_api2_perm_check
487 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
489 libpve-access-control (1.0-10) unstable; urgency=low
491 * fix ACL group name parser
493 * changed 'pveum aclmod' command line arguments
495 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
497 libpve-access-control (1.0-9) unstable; urgency=low
499 * fix bug in check_volume_access (fixes vzrestore)
501 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
503 libpve-access-control (1.0-8) unstable; urgency=low
505 * fix return value for empty ACL list.
507 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
509 libpve-access-control (1.0-7) unstable; urgency=low
511 * fix bug #85: allow root@pam to generate tickets for other users
513 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
515 libpve-access-control (1.0-6) unstable; urgency=low
517 * API change: allow to filter enabled/disabled users.
519 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
521 libpve-access-control (1.0-5) unstable; urgency=low
523 * add a way to return file changes (diffs): set_result_changes()
525 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
527 libpve-access-control (1.0-4) unstable; urgency=low
529 * new environment type for ha agents
531 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
533 libpve-access-control (1.0-3) unstable; urgency=low
535 * add support for delayed parameter parsing - We need that to disable
536 file upload for normal API request (avoid DOS attacs)
538 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
540 libpve-access-control (1.0-2) unstable; urgency=low
542 * fix bug in fork_worker
544 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
546 libpve-access-control (1.0-1) unstable; urgency=low
548 * allow '-' in permission paths
550 * bump version to 1.0
552 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
554 libpve-access-control (0.1) unstable; urgency=low
556 * first dummy package - no functionality
558 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200