1 libpve-access-control (5.1-6) unstable; urgency=medium
3 * more general 2FA configuration via priv/tfa.cfg
5 * add u2f api endpoints
7 * delete TFA entries when deleting a user
9 * allow users to change their TOTP settings
11 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
13 libpve-access-control (5.1-5) unstable; urgency=medium
15 * fix vnc ticket verification without authkey lifetime
17 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
19 libpve-access-control (5.1-4) unstable; urgency=medium
21 * fix #1891: Add zsh command completion for pveum
23 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
24 to avoid issues on upgrade, will be enabled with 6.0
26 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
28 libpve-access-control (5.1-3) unstable; urgency=medium
30 * api/ticket: move getting cluster name into an eval
32 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
34 libpve-access-control (5.1-2) unstable; urgency=medium
36 * fix #1998: correct return properties for read_role
38 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
40 libpve-access-control (5.1-1) unstable; urgency=medium
42 * pveum: introduce sub-commands
44 * register userid with completion
46 * fix #233: return cluster name on successful login
48 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
50 libpve-access-control (5.0-8) unstable; urgency=medium
52 * fix #1612: ldap: make 2nd server work with bind domains again
54 * fix an error message where passing a bad pool id to an API function would
55 make it complain about a wrong group name instead
57 * fix the API-returned permission list so that the GUI knows to show the
58 'Permissions' tab for a storage to an administrator apart from root@pam
60 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
62 libpve-access-control (5.0-7) unstable; urgency=medium
64 * VM.Snapshot.Rollback privilege added
66 * api: check for special roles before locking the usercfg
68 * fix #1501: pveum: die when deleting special role
70 * API/ticket: rework coarse grained permission computation
72 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
74 libpve-access-control (5.0-6) unstable; urgency=medium
76 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
77 'verify' option. For compatibility reasons this defaults to off for now,
78 but that might change with future updates.
80 * AD, LDAP: Add ability to specify a CA path or file, and a client
81 certificate via the 'capath', 'cert' and 'certkey' options.
83 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
85 libpve-access-control (5.0-5) unstable; urgency=medium
87 * change from dpkg-deb to dpkg-buildpackage
89 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
91 libpve-access-control (5.0-4) unstable; urgency=medium
93 * PVE/CLI/pveum.pm: call setup_default_cli_env()
95 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
97 * check_api2_permissions: avoid warning about uninitialized value
99 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
101 libpve-access-control (5.0-3) unstable; urgency=medium
103 * use new PVE::OTP class from pve-common
105 * use new PVE::Tools::encrypt_pw from pve-common
107 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
109 libpve-access-control (5.0-2) unstable; urgency=medium
111 * encrypt_pw: avoid '+' for crypt salt
113 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
115 libpve-access-control (5.0-1) unstable; urgency=medium
117 * rebuild for PVE 5.0
119 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
121 libpve-access-control (4.0-23) unstable; urgency=medium
123 * use new PVE::Ticket class
125 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
127 libpve-access-control (4.0-22) unstable; urgency=medium
129 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
130 (moved to PVE::Storage)
132 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
134 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
136 libpve-access-control (4.0-21) unstable; urgency=medium
138 * setup_default_cli_env: expect $class as first parameter
140 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
142 libpve-access-control (4.0-20) unstable; urgency=medium
144 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
146 * PVE/API2/Domains.pm: fix property description
148 * use new repoman for upload target
150 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
152 libpve-access-control (4.0-19) unstable; urgency=medium
154 * Close #833: ldap: non-anonymous bind support
156 * don't import 'RFC' from MIME::Base32
158 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
160 libpve-access-control (4.0-18) unstable; urgency=medium
162 * fix #1062: recognize base32 otp keys again
164 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
166 libpve-access-control (4.0-17) unstable; urgency=medium
168 * drop oathtool and libdigest-hmac-perl dependencies
170 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
172 libpve-access-control (4.0-16) unstable; urgency=medium
174 * use pve-doc-generator to generate man pages
176 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
178 libpve-access-control (4.0-15) unstable; urgency=medium
180 * Fix uninitialized warning when shadow.cfg does not exist
182 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
184 libpve-access-control (4.0-14) unstable; urgency=medium
186 * Add is_worker to RPCEnvironment
188 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
190 libpve-access-control (4.0-13) unstable; urgency=medium
192 * fix #916: allow HTTPS to access custom yubico url
194 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
196 libpve-access-control (4.0-12) unstable; urgency=medium
198 * Catch certificate errors instead of segfaulting
200 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
202 libpve-access-control (4.0-11) unstable; urgency=medium
204 * Fix #861: use safer sprintf formatting
206 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
208 libpve-access-control (4.0-10) unstable; urgency=medium
210 * Auth::LDAP, Auth::AD: ipv6 support
212 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
214 libpve-access-control (4.0-9) unstable; urgency=medium
216 * pveum: implement bash completion
218 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
220 libpve-access-control (4.0-8) unstable; urgency=medium
222 * remove_storage_access: cleanup of access permissions for removed storage
224 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
226 libpve-access-control (4.0-7) unstable; urgency=medium
228 * new helper to remove access permissions for removed VMs
230 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
232 libpve-access-control (4.0-6) unstable; urgency=medium
234 * improve parse_user_config, parse_shadow_config
236 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
238 libpve-access-control (4.0-5) unstable; urgency=medium
240 * pveum: check for $cmd being defined
242 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
244 libpve-access-control (4.0-4) unstable; urgency=medium
246 * use activate-noawait triggers
248 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
250 libpve-access-control (4.0-3) unstable; urgency=medium
256 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
258 libpve-access-control (4.0-2) unstable; urgency=medium
260 * trigger pve-api-updates event
262 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
264 libpve-access-control (4.0-1) unstable; urgency=medium
266 * bump version for Debian Jessie
268 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
270 libpve-access-control (3.0-16) unstable; urgency=low
272 * root@pam can now be disabled in GUI.
274 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
276 libpve-access-control (3.0-15) unstable; urgency=low
278 * oath: add 'step' and 'digits' option
280 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
282 libpve-access-control (3.0-14) unstable; urgency=low
284 * add oath two factor auth
286 * add oathkeygen binary to generate keys for oath
288 * add yubico two factor auth
292 * depend on libmime-base32-perl
294 * allow to write builtin auth domains config (comment/tfa/default)
296 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
298 libpve-access-control (3.0-13) unstable; urgency=low
300 * use correct connection string for AD auth
302 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
304 libpve-access-control (3.0-12) unstable; urgency=low
306 * add dummy API for GET /access/ticket (useful to generate login pages)
308 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
310 libpve-access-control (3.0-11) unstable; urgency=low
312 * Sets common hot keys for spice client
314 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
316 libpve-access-control (3.0-10) unstable; urgency=low
318 * implement helper to generate SPICE remote-viewer configuration
320 * depend on libnet-ssleay-perl
322 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
324 libpve-access-control (3.0-9) unstable; urgency=low
326 * prevent user enumeration attacks
328 * allow dots in access paths
330 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
332 libpve-access-control (3.0-8) unstable; urgency=low
334 * spice: use lowercase hostname in ticktet signature
336 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
338 libpve-access-control (3.0-7) unstable; urgency=low
340 * check_volume_access : use parse_volname instead of path, and remove
343 * use warnings instead of global -w flag.
345 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
347 libpve-access-control (3.0-6) unstable; urgency=low
349 * use shorter spiceproxy tickets
351 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
353 libpve-access-control (3.0-5) unstable; urgency=low
355 * add code to generate tickets for SPICE
357 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
359 libpve-access-control (3.0-4) unstable; urgency=low
361 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
363 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
365 libpve-access-control (3.0-3) unstable; urgency=low
367 * Add new role PVETemplateUser (and VM.Clone priviledge)
369 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
371 libpve-access-control (3.0-2) unstable; urgency=low
373 * remove CGI.pm related code (pveproxy does not need that)
375 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
377 libpve-access-control (3.0-1) unstable; urgency=low
379 * bump version for wheezy release
381 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
383 libpve-access-control (1.0-26) unstable; urgency=low
385 * check_volume_access: fix access permissions for backup files
387 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
389 libpve-access-control (1.0-25) unstable; urgency=low
391 * add VM.Snapshot permission
393 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
395 libpve-access-control (1.0-24) unstable; urgency=low
397 * untaint path (allow root to restore arbitrary paths)
399 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
401 libpve-access-control (1.0-23) unstable; urgency=low
403 * correctly compute GUI capabilities (consider pools)
405 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
407 libpve-access-control (1.0-22) unstable; urgency=low
409 * new plugin architecture for Auth modules, minor API change for Auth
410 domains (new 'delete' parameter)
412 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
414 libpve-access-control (1.0-21) unstable; urgency=low
416 * do not allow user names including slash
418 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
420 libpve-access-control (1.0-20) unstable; urgency=low
422 * add ability to fork cli workers in background
424 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
426 libpve-access-control (1.0-19) unstable; urgency=low
428 * return set of privileges on login - can be used to adopt GUI
430 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
432 libpve-access-control (1.0-18) unstable; urgency=low
434 * fix bug #151: corretly parse username inside ticket
436 * fix bug #152: allow user to change his own password
438 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
440 libpve-access-control (1.0-17) unstable; urgency=low
442 * set propagate flag by default
444 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
446 libpve-access-control (1.0-16) unstable; urgency=low
448 * add 'pveum passwd' method
450 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
452 libpve-access-control (1.0-15) unstable; urgency=low
454 * Add VM.Config.CDROM privilege to PVEVMUser rule
456 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
458 libpve-access-control (1.0-14) unstable; urgency=low
460 * fix buf in userid-param permission check
462 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
464 libpve-access-control (1.0-13) unstable; urgency=low
466 * allow more characters in ldap base_dn attribute
468 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
470 libpve-access-control (1.0-12) unstable; urgency=low
472 * allow more characters with realm IDs
474 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
476 libpve-access-control (1.0-11) unstable; urgency=low
478 * fix bug in exec_api2_perm_check
480 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
482 libpve-access-control (1.0-10) unstable; urgency=low
484 * fix ACL group name parser
486 * changed 'pveum aclmod' command line arguments
488 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
490 libpve-access-control (1.0-9) unstable; urgency=low
492 * fix bug in check_volume_access (fixes vzrestore)
494 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
496 libpve-access-control (1.0-8) unstable; urgency=low
498 * fix return value for empty ACL list.
500 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
502 libpve-access-control (1.0-7) unstable; urgency=low
504 * fix bug #85: allow root@pam to generate tickets for other users
506 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
508 libpve-access-control (1.0-6) unstable; urgency=low
510 * API change: allow to filter enabled/disabled users.
512 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
514 libpve-access-control (1.0-5) unstable; urgency=low
516 * add a way to return file changes (diffs): set_result_changes()
518 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
520 libpve-access-control (1.0-4) unstable; urgency=low
522 * new environment type for ha agents
524 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
526 libpve-access-control (1.0-3) unstable; urgency=low
528 * add support for delayed parameter parsing - We need that to disable
529 file upload for normal API request (avoid DOS attacs)
531 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
533 libpve-access-control (1.0-2) unstable; urgency=low
535 * fix bug in fork_worker
537 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
539 libpve-access-control (1.0-1) unstable; urgency=low
541 * allow '-' in permission paths
543 * bump version to 1.0
545 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
547 libpve-access-control (0.1) unstable; urgency=low
549 * first dummy package - no functionality
551 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200