1 libpve-access-control (7.3-2) bullseye; urgency=medium
3 * fix #4518: dramatically improve ACL computation performance
5 * userid format: clarify that this is the full name@realm in description
7 -- Proxmox Support Team <support@proxmox.com> Mon, 06 Mar 2023 11:40:11 +0100
9 libpve-access-control (7.3-1) bullseye; urgency=medium
11 * realm: sync: allow explicit 'none' for 'remove-vanished' option
13 -- Proxmox Support Team <support@proxmox.com> Fri, 16 Dec 2022 13:11:04 +0100
15 libpve-access-control (7.2-5) bullseye; urgency=medium
17 * api: realm sync: avoid separate log line for "remove-vanished" opt
19 * auth ldap/ad: compare group member dn case-insensitively
21 * two factor auth: only lock tfa config for recovery keys
23 * privs: add Sys.Incoming for guarding cross-cluster data streams like guest
24 migrations and storage migrations
26 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Nov 2022 13:09:17 +0100
28 libpve-access-control (7.2-4) bullseye; urgency=medium
30 * fix #4074: increase API OpenID code size limit to 2048
32 * auth key: protect against rare chance of a double rotation in clusters,
33 leaving the potential that some set of nodes have the earlier key cached,
34 that then got rotated out due to the race, resulting in a possible other
35 set of nodes having the newer key cached. This is a split view of the auth
36 key and may resulting in spurious failures if API requests are made to a
37 different node than the ticket was generated on.
38 In addition to that, the "keep validity of old tickets if signed in the
39 last two hours before rotation" logic was disabled too in such a case,
40 making such tickets invalid too early.
41 Note that both are cases where Proxmox VE was too strict, so while this
42 had no security implications it can be a nuisance, especially for
43 environments that use the API through an automated or scripted way
45 -- Proxmox Support Team <support@proxmox.com> Thu, 14 Jul 2022 08:36:51 +0200
47 libpve-access-control (7.2-3) bullseye; urgency=medium
49 * api: token: use userid-group as API perm check to avoid being overly
50 strict through a misguided use of user id for non-root users.
52 * perm check: forbid undefined/empty ACL path for future proofing of against
55 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Jun 2022 15:51:14 +0200
57 libpve-access-control (7.2-2) bullseye; urgency=medium
59 * permissions: merge propagation flag for multiple roles on a path that
60 share privilege in a deterministic way, to avoid that it gets lost
61 depending on perl's random sort, which would result in returing less
62 privileges than an auth-id actually had.
64 * permissions: avoid that token and user privilege intersection is to strict
65 for user permissions that have propagation disabled.
67 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2022 14:02:30 +0200
69 libpve-access-control (7.2-1) bullseye; urgency=medium
71 * user check: fix expiration/enable order
73 -- Proxmox Support Team <support@proxmox.com> Tue, 31 May 2022 13:43:37 +0200
75 libpve-access-control (7.1-8) bullseye; urgency=medium
77 * fix #3668: realm-sync: replace 'full' & 'purge' with 'remove-
80 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Apr 2022 17:02:46 +0200
82 libpve-access-control (7.1-7) bullseye; urgency=medium
84 * userid-group check: distinguish create and update
86 * api: get user: declare token schema
88 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Mar 2022 16:15:23 +0100
90 libpve-access-control (7.1-6) bullseye; urgency=medium
92 * fix #3768: warn on bad u2f or webauthn settings
94 * tfa: when modifying others, verify the current user's password
96 * tfa list: account for admin permissions
98 * fix realm sync permissions
100 * fix token permission display bug
102 * include SDN permissions in permission tree
104 -- Proxmox Support Team <support@proxmox.com> Fri, 21 Jan 2022 14:20:42 +0100
106 libpve-access-control (7.1-5) bullseye; urgency=medium
108 * openid: fix username-claim fallback
110 -- Proxmox Support Team <support@proxmox.com> Thu, 25 Nov 2021 07:57:38 +0100
112 libpve-access-control (7.1-4) bullseye; urgency=medium
114 * set current origin in the webauthn config if no fixed origin was
115 configured, to support webauthn via subdomains
117 -- Proxmox Support Team <support@proxmox.com> Mon, 22 Nov 2021 14:04:06 +0100
119 libpve-access-control (7.1-3) bullseye; urgency=medium
121 * openid: allow arbitrary username-claims
123 * openid: support configuring the prompt, scopes and ACR values
125 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Nov 2021 08:11:52 +0100
127 libpve-access-control (7.1-2) bullseye; urgency=medium
129 * catch incompatible tfa entries with a nice error
131 -- Proxmox Support Team <support@proxmox.com> Wed, 17 Nov 2021 13:44:45 +0100
133 libpve-access-control (7.1-1) bullseye; urgency=medium
135 * tfa: map HTTP 404 error in get_tfa_entry correctly
137 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Nov 2021 15:33:22 +0100
139 libpve-access-control (7.0-7) bullseye; urgency=medium
141 * fix #3513: pass configured proxy to OpenID
143 * use rust based parser for TFA config
145 * use PBS-like auth api call flow,
147 * merge old user.cfg keys to tfa config when adding entries
149 * implement version checks for new tfa config writer to ensure all
150 cluster nodes are ready to avoid login issues
152 * tickets: add tunnel ticket
154 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Nov 2021 18:17:49 +0100
156 libpve-access-control (7.0-6) bullseye; urgency=medium
158 * fix regression in user deletion when realm does not enforce TFA
160 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Oct 2021 12:28:52 +0200
162 libpve-access-control (7.0-5) bullseye; urgency=medium
164 * acl: check path: add /sdn/vnets/* path
166 * fix #2302: allow deletion of users when realm enforces TFA
168 * api: delete user: disable user first to avoid surprise on error during the
169 various cleanup action required for user deletion (e.g., TFA, ACL, group)
171 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Sep 2021 15:50:47 +0200
173 libpve-access-control (7.0-4) bullseye; urgency=medium
175 * realm: add OpenID configuration
177 * api: implement OpenID related endpoints
179 * implement opt-in OpenID autocreate user feature
181 * api: user: add 'realm-type' to user list response
183 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jul 2021 13:45:46 +0200
185 libpve-access-control (7.0-3) bullseye; urgency=medium
187 * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and
188 `/sdn/zones/<zone>` to allowed ACL paths
190 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 10:31:19 +0200
192 libpve-access-control (7.0-2) bullseye; urgency=medium
194 * fix #3402: add Pool.Audit privilege - custom roles containing
195 Pool.Allocate must be updated to include the new privilege.
197 -- Proxmox Support Team <support@proxmox.com> Tue, 1 Jun 2021 11:28:38 +0200
199 libpve-access-control (7.0-1) bullseye; urgency=medium
201 * re-build for Debian 11 Bullseye based releases
203 -- Proxmox Support Team <support@proxmox.com> Sun, 09 May 2021 18:18:23 +0200
205 libpve-access-control (6.4-1) pve; urgency=medium
207 * fix #1670: change PAM service name to project specific name
209 * fix #1500: permission path syntax check for access control
211 * pveum: add resource pool CLI commands
213 -- Proxmox Support Team <support@proxmox.com> Sat, 24 Apr 2021 19:48:21 +0200
215 libpve-access-control (6.1-3) pve; urgency=medium
217 * partially fix #2825: authkey: rotate if it was generated in the
220 * fix #2947: add an option to LDAP or AD realm to switch user lookup to case
223 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200
225 libpve-access-control (6.1-2) pve; urgency=medium
227 * also check SDN permission path when computing coarse permissions heuristic
230 * add SDN Permissions.Modify
232 * add VM.Config.Cloudinit
234 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200
236 libpve-access-control (6.1-1) pve; urgency=medium
238 * pveum: add tfa delete subcommand for deleting user-TFA
240 * LDAP: don't complain about missing credentials on realm removal
242 * LDAP: skip anonymous bind when client certificate and key is configured
244 -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200
246 libpve-access-control (6.0-7) pve; urgency=medium
248 * fix #2575: die when trying to edit built-in roles
250 * add realm sub commands to pveum CLI tool
252 * api: domains: add user group sync API endpoint
254 * allow one to sync and import users and groups from LDAP/AD based realms
256 * realm: add default-sync-options to config for more convenient sync configuration
258 * api: token create: return also full token id for convenience
260 -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
262 libpve-access-control (6.0-6) pve; urgency=medium
264 * API: add group members to group index
266 * implement API token support and management
268 * pveum: add 'pveum user token add/update/remove/list'
270 * pveum: add permissions sub-commands
272 * API: add 'permissions' API endpoint
274 * user.cfg: skip inexisting roles when parsing ACLs
276 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
278 libpve-access-control (6.0-5) pve; urgency=medium
280 * pveum: add list command for users, groups, ACLs and roles
282 * add initial permissions for experimental SDN integration
284 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
286 libpve-access-control (6.0-4) pve; urgency=medium
288 * ticket: use clinfo to get cluster name
290 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
293 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
295 libpve-access-control (6.0-3) pve; urgency=medium
297 * fix #2433: increase possible TFA secret length
299 * parse user configuration: correctly parse group names in ACLs, for users
300 which begin their name with an @
302 * sort user.cfg entries alphabetically
304 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
306 libpve-access-control (6.0-2) pve; urgency=medium
308 * improve CSRF verification compatibility with newer PVE
310 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
312 libpve-access-control (6.0-1) pve; urgency=medium
314 * ticket: properly verify exactly 5 minute old tickets
316 * use hmac_sha256 instead of sha1 for CSRF token generation
318 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
320 libpve-access-control (6.0-0+1) pve; urgency=medium
322 * bump for Debian buster
324 * fix #2079: add periodic auth key rotation
326 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
328 libpve-access-control (5.1-10) unstable; urgency=medium
330 * add /access/user/{id}/tfa api call to get tfa types
332 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
334 libpve-access-control (5.1-9) unstable; urgency=medium
336 * store the tfa type in user.cfg allowing to get it without proxying the call
337 to a higher privileged daemon.
339 * tfa: realm required TFA should lock out users without TFA configured, as it
340 was done before Proxmox VE 5.4
342 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
344 libpve-access-control (5.1-8) unstable; urgency=medium
346 * U2F: ensure we save correct public key on registration
348 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
350 libpve-access-control (5.1-7) unstable; urgency=medium
352 * verify_ticket: allow general non-challenge tfa to be run as two step
355 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
357 libpve-access-control (5.1-6) unstable; urgency=medium
359 * more general 2FA configuration via priv/tfa.cfg
361 * add u2f api endpoints
363 * delete TFA entries when deleting a user
365 * allow users to change their TOTP settings
367 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
369 libpve-access-control (5.1-5) unstable; urgency=medium
371 * fix vnc ticket verification without authkey lifetime
373 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
375 libpve-access-control (5.1-4) unstable; urgency=medium
377 * fix #1891: Add zsh command completion for pveum
379 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
380 to avoid issues on upgrade, will be enabled with 6.0
382 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
384 libpve-access-control (5.1-3) unstable; urgency=medium
386 * api/ticket: move getting cluster name into an eval
388 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
390 libpve-access-control (5.1-2) unstable; urgency=medium
392 * fix #1998: correct return properties for read_role
394 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
396 libpve-access-control (5.1-1) unstable; urgency=medium
398 * pveum: introduce sub-commands
400 * register userid with completion
402 * fix #233: return cluster name on successful login
404 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
406 libpve-access-control (5.0-8) unstable; urgency=medium
408 * fix #1612: ldap: make 2nd server work with bind domains again
410 * fix an error message where passing a bad pool id to an API function would
411 make it complain about a wrong group name instead
413 * fix the API-returned permission list so that the GUI knows to show the
414 'Permissions' tab for a storage to an administrator apart from root@pam
416 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
418 libpve-access-control (5.0-7) unstable; urgency=medium
420 * VM.Snapshot.Rollback privilege added
422 * api: check for special roles before locking the usercfg
424 * fix #1501: pveum: die when deleting special role
426 * API/ticket: rework coarse grained permission computation
428 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
430 libpve-access-control (5.0-6) unstable; urgency=medium
432 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
433 'verify' option. For compatibility reasons this defaults to off for now,
434 but that might change with future updates.
436 * AD, LDAP: Add ability to specify a CA path or file, and a client
437 certificate via the 'capath', 'cert' and 'certkey' options.
439 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
441 libpve-access-control (5.0-5) unstable; urgency=medium
443 * change from dpkg-deb to dpkg-buildpackage
445 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
447 libpve-access-control (5.0-4) unstable; urgency=medium
449 * PVE/CLI/pveum.pm: call setup_default_cli_env()
451 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
453 * check_api2_permissions: avoid warning about uninitialized value
455 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
457 libpve-access-control (5.0-3) unstable; urgency=medium
459 * use new PVE::OTP class from pve-common
461 * use new PVE::Tools::encrypt_pw from pve-common
463 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
465 libpve-access-control (5.0-2) unstable; urgency=medium
467 * encrypt_pw: avoid '+' for crypt salt
469 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
471 libpve-access-control (5.0-1) unstable; urgency=medium
473 * rebuild for PVE 5.0
475 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
477 libpve-access-control (4.0-23) unstable; urgency=medium
479 * use new PVE::Ticket class
481 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
483 libpve-access-control (4.0-22) unstable; urgency=medium
485 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
486 (moved to PVE::Storage)
488 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
490 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
492 libpve-access-control (4.0-21) unstable; urgency=medium
494 * setup_default_cli_env: expect $class as first parameter
496 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
498 libpve-access-control (4.0-20) unstable; urgency=medium
500 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
502 * PVE/API2/Domains.pm: fix property description
504 * use new repoman for upload target
506 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
508 libpve-access-control (4.0-19) unstable; urgency=medium
510 * Close #833: ldap: non-anonymous bind support
512 * don't import 'RFC' from MIME::Base32
514 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
516 libpve-access-control (4.0-18) unstable; urgency=medium
518 * fix #1062: recognize base32 otp keys again
520 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
522 libpve-access-control (4.0-17) unstable; urgency=medium
524 * drop oathtool and libdigest-hmac-perl dependencies
526 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
528 libpve-access-control (4.0-16) unstable; urgency=medium
530 * use pve-doc-generator to generate man pages
532 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
534 libpve-access-control (4.0-15) unstable; urgency=medium
536 * Fix uninitialized warning when shadow.cfg does not exist
538 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
540 libpve-access-control (4.0-14) unstable; urgency=medium
542 * Add is_worker to RPCEnvironment
544 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
546 libpve-access-control (4.0-13) unstable; urgency=medium
548 * fix #916: allow HTTPS to access custom yubico url
550 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
552 libpve-access-control (4.0-12) unstable; urgency=medium
554 * Catch certificate errors instead of segfaulting
556 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
558 libpve-access-control (4.0-11) unstable; urgency=medium
560 * Fix #861: use safer sprintf formatting
562 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
564 libpve-access-control (4.0-10) unstable; urgency=medium
566 * Auth::LDAP, Auth::AD: ipv6 support
568 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
570 libpve-access-control (4.0-9) unstable; urgency=medium
572 * pveum: implement bash completion
574 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
576 libpve-access-control (4.0-8) unstable; urgency=medium
578 * remove_storage_access: cleanup of access permissions for removed storage
580 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
582 libpve-access-control (4.0-7) unstable; urgency=medium
584 * new helper to remove access permissions for removed VMs
586 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
588 libpve-access-control (4.0-6) unstable; urgency=medium
590 * improve parse_user_config, parse_shadow_config
592 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
594 libpve-access-control (4.0-5) unstable; urgency=medium
596 * pveum: check for $cmd being defined
598 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
600 libpve-access-control (4.0-4) unstable; urgency=medium
602 * use activate-noawait triggers
604 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
606 libpve-access-control (4.0-3) unstable; urgency=medium
612 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
614 libpve-access-control (4.0-2) unstable; urgency=medium
616 * trigger pve-api-updates event
618 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
620 libpve-access-control (4.0-1) unstable; urgency=medium
622 * bump version for Debian Jessie
624 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
626 libpve-access-control (3.0-16) unstable; urgency=low
628 * root@pam can now be disabled in GUI.
630 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
632 libpve-access-control (3.0-15) unstable; urgency=low
634 * oath: add 'step' and 'digits' option
636 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
638 libpve-access-control (3.0-14) unstable; urgency=low
640 * add oath two factor auth
642 * add oathkeygen binary to generate keys for oath
644 * add yubico two factor auth
648 * depend on libmime-base32-perl
650 * allow to write builtin auth domains config (comment/tfa/default)
652 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
654 libpve-access-control (3.0-13) unstable; urgency=low
656 * use correct connection string for AD auth
658 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
660 libpve-access-control (3.0-12) unstable; urgency=low
662 * add dummy API for GET /access/ticket (useful to generate login pages)
664 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
666 libpve-access-control (3.0-11) unstable; urgency=low
668 * Sets common hot keys for spice client
670 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
672 libpve-access-control (3.0-10) unstable; urgency=low
674 * implement helper to generate SPICE remote-viewer configuration
676 * depend on libnet-ssleay-perl
678 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
680 libpve-access-control (3.0-9) unstable; urgency=low
682 * prevent user enumeration attacks
684 * allow dots in access paths
686 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
688 libpve-access-control (3.0-8) unstable; urgency=low
690 * spice: use lowercase hostname in ticktet signature
692 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
694 libpve-access-control (3.0-7) unstable; urgency=low
696 * check_volume_access : use parse_volname instead of path, and remove
699 * use warnings instead of global -w flag.
701 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
703 libpve-access-control (3.0-6) unstable; urgency=low
705 * use shorter spiceproxy tickets
707 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
709 libpve-access-control (3.0-5) unstable; urgency=low
711 * add code to generate tickets for SPICE
713 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
715 libpve-access-control (3.0-4) unstable; urgency=low
717 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
719 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
721 libpve-access-control (3.0-3) unstable; urgency=low
723 * Add new role PVETemplateUser (and VM.Clone privilege)
725 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
727 libpve-access-control (3.0-2) unstable; urgency=low
729 * remove CGI.pm related code (pveproxy does not need that)
731 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
733 libpve-access-control (3.0-1) unstable; urgency=low
735 * bump version for wheezy release
737 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
739 libpve-access-control (1.0-26) unstable; urgency=low
741 * check_volume_access: fix access permissions for backup files
743 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
745 libpve-access-control (1.0-25) unstable; urgency=low
747 * add VM.Snapshot permission
749 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
751 libpve-access-control (1.0-24) unstable; urgency=low
753 * untaint path (allow root to restore arbitrary paths)
755 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
757 libpve-access-control (1.0-23) unstable; urgency=low
759 * correctly compute GUI capabilities (consider pools)
761 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
763 libpve-access-control (1.0-22) unstable; urgency=low
765 * new plugin architecture for Auth modules, minor API change for Auth
766 domains (new 'delete' parameter)
768 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
770 libpve-access-control (1.0-21) unstable; urgency=low
772 * do not allow user names including slash
774 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
776 libpve-access-control (1.0-20) unstable; urgency=low
778 * add ability to fork cli workers in background
780 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
782 libpve-access-control (1.0-19) unstable; urgency=low
784 * return set of privileges on login - can be used to adopt GUI
786 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
788 libpve-access-control (1.0-18) unstable; urgency=low
790 * fix bug #151: correctly parse username inside ticket
792 * fix bug #152: allow user to change his own password
794 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
796 libpve-access-control (1.0-17) unstable; urgency=low
798 * set propagate flag by default
800 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
802 libpve-access-control (1.0-16) unstable; urgency=low
804 * add 'pveum passwd' method
806 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
808 libpve-access-control (1.0-15) unstable; urgency=low
810 * Add VM.Config.CDROM privilege to PVEVMUser rule
812 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
814 libpve-access-control (1.0-14) unstable; urgency=low
816 * fix buf in userid-param permission check
818 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
820 libpve-access-control (1.0-13) unstable; urgency=low
822 * allow more characters in ldap base_dn attribute
824 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
826 libpve-access-control (1.0-12) unstable; urgency=low
828 * allow more characters with realm IDs
830 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
832 libpve-access-control (1.0-11) unstable; urgency=low
834 * fix bug in exec_api2_perm_check
836 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
838 libpve-access-control (1.0-10) unstable; urgency=low
840 * fix ACL group name parser
842 * changed 'pveum aclmod' command line arguments
844 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
846 libpve-access-control (1.0-9) unstable; urgency=low
848 * fix bug in check_volume_access (fixes vzrestore)
850 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
852 libpve-access-control (1.0-8) unstable; urgency=low
854 * fix return value for empty ACL list.
856 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
858 libpve-access-control (1.0-7) unstable; urgency=low
860 * fix bug #85: allow root@pam to generate tickets for other users
862 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
864 libpve-access-control (1.0-6) unstable; urgency=low
866 * API change: allow to filter enabled/disabled users.
868 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
870 libpve-access-control (1.0-5) unstable; urgency=low
872 * add a way to return file changes (diffs): set_result_changes()
874 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
876 libpve-access-control (1.0-4) unstable; urgency=low
878 * new environment type for ha agents
880 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
882 libpve-access-control (1.0-3) unstable; urgency=low
884 * add support for delayed parameter parsing - We need that to disable
885 file upload for normal API request (avoid DOS attacks)
887 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
889 libpve-access-control (1.0-2) unstable; urgency=low
891 * fix bug in fork_worker
893 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
895 libpve-access-control (1.0-1) unstable; urgency=low
897 * allow '-' in permission paths
899 * bump version to 1.0
901 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
903 libpve-access-control (0.1) unstable; urgency=low
905 * first dummy package - no functionality
907 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200