]> git.proxmox.com Git - pve-access-control.git/blob - debian/changelog
projects / pve-access-control.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
bump version to 7.3-2
[pve-access-control.git] / debian / changelog
1 libpve-access-control (7.3-2) bullseye; urgency=medium
2
3 * fix #4518: dramatically improve ACL computation performance
4
5 * userid format: clarify that this is the full name@realm in description
6
7 -- Proxmox Support Team <support@proxmox.com> Mon, 06 Mar 2023 11:40:11 +0100
8
9 libpve-access-control (7.3-1) bullseye; urgency=medium
10
11 * realm: sync: allow explicit 'none' for 'remove-vanished' option
12
13 -- Proxmox Support Team <support@proxmox.com> Fri, 16 Dec 2022 13:11:04 +0100
14
15 libpve-access-control (7.2-5) bullseye; urgency=medium
16
17 * api: realm sync: avoid separate log line for "remove-vanished" opt
18
19 * auth ldap/ad: compare group member dn case-insensitively
20
21 * two factor auth: only lock tfa config for recovery keys
22
23 * privs: add Sys.Incoming for guarding cross-cluster data streams like guest
24 migrations and storage migrations
25
26 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Nov 2022 13:09:17 +0100
27
28 libpve-access-control (7.2-4) bullseye; urgency=medium
29
30 * fix #4074: increase API OpenID code size limit to 2048
31
32 * auth key: protect against rare chance of a double rotation in clusters,
33 leaving the potential that some set of nodes have the earlier key cached,
34 that then got rotated out due to the race, resulting in a possible other
35 set of nodes having the newer key cached. This is a split view of the auth
36 key and may resulting in spurious failures if API requests are made to a
37 different node than the ticket was generated on.
38 In addition to that, the "keep validity of old tickets if signed in the
39 last two hours before rotation" logic was disabled too in such a case,
40 making such tickets invalid too early.
41 Note that both are cases where Proxmox VE was too strict, so while this
42 had no security implications it can be a nuisance, especially for
43 environments that use the API through an automated or scripted way
44
45 -- Proxmox Support Team <support@proxmox.com> Thu, 14 Jul 2022 08:36:51 +0200
46
47 libpve-access-control (7.2-3) bullseye; urgency=medium
48
49 * api: token: use userid-group as API perm check to avoid being overly
50 strict through a misguided use of user id for non-root users.
51
52 * perm check: forbid undefined/empty ACL path for future proofing of against
53 above issue
54
55 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Jun 2022 15:51:14 +0200
56
57 libpve-access-control (7.2-2) bullseye; urgency=medium
58
59 * permissions: merge propagation flag for multiple roles on a path that
60 share privilege in a deterministic way, to avoid that it gets lost
61 depending on perl's random sort, which would result in returing less
62 privileges than an auth-id actually had.
63
64 * permissions: avoid that token and user privilege intersection is to strict
65 for user permissions that have propagation disabled.
66
67 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2022 14:02:30 +0200
68
69 libpve-access-control (7.2-1) bullseye; urgency=medium
70
71 * user check: fix expiration/enable order
72
73 -- Proxmox Support Team <support@proxmox.com> Tue, 31 May 2022 13:43:37 +0200
74
75 libpve-access-control (7.1-8) bullseye; urgency=medium
76
77 * fix #3668: realm-sync: replace 'full' & 'purge' with 'remove-
78 vanished'
79
80 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Apr 2022 17:02:46 +0200
81
82 libpve-access-control (7.1-7) bullseye; urgency=medium
83
84 * userid-group check: distinguish create and update
85
86 * api: get user: declare token schema
87
88 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Mar 2022 16:15:23 +0100
89
90 libpve-access-control (7.1-6) bullseye; urgency=medium
91
92 * fix #3768: warn on bad u2f or webauthn settings
93
94 * tfa: when modifying others, verify the current user's password
95
96 * tfa list: account for admin permissions
97
98 * fix realm sync permissions
99
100 * fix token permission display bug
101
102 * include SDN permissions in permission tree
103
104 -- Proxmox Support Team <support@proxmox.com> Fri, 21 Jan 2022 14:20:42 +0100
105
106 libpve-access-control (7.1-5) bullseye; urgency=medium
107
108 * openid: fix username-claim fallback
109
110 -- Proxmox Support Team <support@proxmox.com> Thu, 25 Nov 2021 07:57:38 +0100
111
112 libpve-access-control (7.1-4) bullseye; urgency=medium
113
114 * set current origin in the webauthn config if no fixed origin was
115 configured, to support webauthn via subdomains
116
117 -- Proxmox Support Team <support@proxmox.com> Mon, 22 Nov 2021 14:04:06 +0100
118
119 libpve-access-control (7.1-3) bullseye; urgency=medium
120
121 * openid: allow arbitrary username-claims
122
123 * openid: support configuring the prompt, scopes and ACR values
124
125 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Nov 2021 08:11:52 +0100
126
127 libpve-access-control (7.1-2) bullseye; urgency=medium
128
129 * catch incompatible tfa entries with a nice error
130
131 -- Proxmox Support Team <support@proxmox.com> Wed, 17 Nov 2021 13:44:45 +0100
132
133 libpve-access-control (7.1-1) bullseye; urgency=medium
134
135 * tfa: map HTTP 404 error in get_tfa_entry correctly
136
137 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Nov 2021 15:33:22 +0100
138
139 libpve-access-control (7.0-7) bullseye; urgency=medium
140
141 * fix #3513: pass configured proxy to OpenID
142
143 * use rust based parser for TFA config
144
145 * use PBS-like auth api call flow,
146
147 * merge old user.cfg keys to tfa config when adding entries
148
149 * implement version checks for new tfa config writer to ensure all
150 cluster nodes are ready to avoid login issues
151
152 * tickets: add tunnel ticket
153
154 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Nov 2021 18:17:49 +0100
155
156 libpve-access-control (7.0-6) bullseye; urgency=medium
157
158 * fix regression in user deletion when realm does not enforce TFA
159
160 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Oct 2021 12:28:52 +0200
161
162 libpve-access-control (7.0-5) bullseye; urgency=medium
163
164 * acl: check path: add /sdn/vnets/* path
165
166 * fix #2302: allow deletion of users when realm enforces TFA
167
168 * api: delete user: disable user first to avoid surprise on error during the
169 various cleanup action required for user deletion (e.g., TFA, ACL, group)
170
171 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Sep 2021 15:50:47 +0200
172
173 libpve-access-control (7.0-4) bullseye; urgency=medium
174
175 * realm: add OpenID configuration
176
177 * api: implement OpenID related endpoints
178
179 * implement opt-in OpenID autocreate user feature
180
181 * api: user: add 'realm-type' to user list response
182
183 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Jul 2021 13:45:46 +0200
184
185 libpve-access-control (7.0-3) bullseye; urgency=medium
186
187 * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and
188 `/sdn/zones/<zone>` to allowed ACL paths
189
190 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 10:31:19 +0200
191
192 libpve-access-control (7.0-2) bullseye; urgency=medium
193
194 * fix #3402: add Pool.Audit privilege - custom roles containing
195 Pool.Allocate must be updated to include the new privilege.
196
197 -- Proxmox Support Team <support@proxmox.com> Tue, 1 Jun 2021 11:28:38 +0200
198
199 libpve-access-control (7.0-1) bullseye; urgency=medium
200
201 * re-build for Debian 11 Bullseye based releases
202
203 -- Proxmox Support Team <support@proxmox.com> Sun, 09 May 2021 18:18:23 +0200
204
205 libpve-access-control (6.4-1) pve; urgency=medium
206
207 * fix #1670: change PAM service name to project specific name
208
209 * fix #1500: permission path syntax check for access control
210
211 * pveum: add resource pool CLI commands
212
213 -- Proxmox Support Team <support@proxmox.com> Sat, 24 Apr 2021 19:48:21 +0200
214
215 libpve-access-control (6.1-3) pve; urgency=medium
216
217 * partially fix #2825: authkey: rotate if it was generated in the
218 future
219
220 * fix #2947: add an option to LDAP or AD realm to switch user lookup to case
221 insensitive
222
223 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200
224
225 libpve-access-control (6.1-2) pve; urgency=medium
226
227 * also check SDN permission path when computing coarse permissions heuristic
228 for UIs
229
230 * add SDN Permissions.Modify
231
232 * add VM.Config.Cloudinit
233
234 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200
235
236 libpve-access-control (6.1-1) pve; urgency=medium
237
238 * pveum: add tfa delete subcommand for deleting user-TFA
239
240 * LDAP: don't complain about missing credentials on realm removal
241
242 * LDAP: skip anonymous bind when client certificate and key is configured
243
244 -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200
245
246 libpve-access-control (6.0-7) pve; urgency=medium
247
248 * fix #2575: die when trying to edit built-in roles
249
250 * add realm sub commands to pveum CLI tool
251
252 * api: domains: add user group sync API endpoint
253
254 * allow one to sync and import users and groups from LDAP/AD based realms
255
256 * realm: add default-sync-options to config for more convenient sync configuration
257
258 * api: token create: return also full token id for convenience
259
260 -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
261
262 libpve-access-control (6.0-6) pve; urgency=medium
263
264 * API: add group members to group index
265
266 * implement API token support and management
267
268 * pveum: add 'pveum user token add/update/remove/list'
269
270 * pveum: add permissions sub-commands
271
272 * API: add 'permissions' API endpoint
273
274 * user.cfg: skip inexisting roles when parsing ACLs
275
276 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
277
278 libpve-access-control (6.0-5) pve; urgency=medium
279
280 * pveum: add list command for users, groups, ACLs and roles
281
282 * add initial permissions for experimental SDN integration
283
284 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
285
286 libpve-access-control (6.0-4) pve; urgency=medium
287
288 * ticket: use clinfo to get cluster name
289
290 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
291 SSL version
292
293 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
294
295 libpve-access-control (6.0-3) pve; urgency=medium
296
297 * fix #2433: increase possible TFA secret length
298
299 * parse user configuration: correctly parse group names in ACLs, for users
300 which begin their name with an @
301
302 * sort user.cfg entries alphabetically
303
304 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
305
306 libpve-access-control (6.0-2) pve; urgency=medium
307
308 * improve CSRF verification compatibility with newer PVE
309
310 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
311
312 libpve-access-control (6.0-1) pve; urgency=medium
313
314 * ticket: properly verify exactly 5 minute old tickets
315
316 * use hmac_sha256 instead of sha1 for CSRF token generation
317
318 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
319
320 libpve-access-control (6.0-0+1) pve; urgency=medium
321
322 * bump for Debian buster
323
324 * fix #2079: add periodic auth key rotation
325
326 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
327
328 libpve-access-control (5.1-10) unstable; urgency=medium
329
330 * add /access/user/{id}/tfa api call to get tfa types
331
332 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
333
334 libpve-access-control (5.1-9) unstable; urgency=medium
335
336 * store the tfa type in user.cfg allowing to get it without proxying the call
337 to a higher privileged daemon.
338
339 * tfa: realm required TFA should lock out users without TFA configured, as it
340 was done before Proxmox VE 5.4
341
342 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
343
344 libpve-access-control (5.1-8) unstable; urgency=medium
345
346 * U2F: ensure we save correct public key on registration
347
348 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
349
350 libpve-access-control (5.1-7) unstable; urgency=medium
351
352 * verify_ticket: allow general non-challenge tfa to be run as two step
353 call
354
355 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
356
357 libpve-access-control (5.1-6) unstable; urgency=medium
358
359 * more general 2FA configuration via priv/tfa.cfg
360
361 * add u2f api endpoints
362
363 * delete TFA entries when deleting a user
364
365 * allow users to change their TOTP settings
366
367 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
368
369 libpve-access-control (5.1-5) unstable; urgency=medium
370
371 * fix vnc ticket verification without authkey lifetime
372
373 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
374
375 libpve-access-control (5.1-4) unstable; urgency=medium
376
377 * fix #1891: Add zsh command completion for pveum
378
379 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
380 to avoid issues on upgrade, will be enabled with 6.0
381
382 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
383
384 libpve-access-control (5.1-3) unstable; urgency=medium
385
386 * api/ticket: move getting cluster name into an eval
387
388 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
389
390 libpve-access-control (5.1-2) unstable; urgency=medium
391
392 * fix #1998: correct return properties for read_role
393
394 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
395
396 libpve-access-control (5.1-1) unstable; urgency=medium
397
398 * pveum: introduce sub-commands
399
400 * register userid with completion
401
402 * fix #233: return cluster name on successful login
403
404 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
405
406 libpve-access-control (5.0-8) unstable; urgency=medium
407
408 * fix #1612: ldap: make 2nd server work with bind domains again
409
410 * fix an error message where passing a bad pool id to an API function would
411 make it complain about a wrong group name instead
412
413 * fix the API-returned permission list so that the GUI knows to show the
414 'Permissions' tab for a storage to an administrator apart from root@pam
415
416 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
417
418 libpve-access-control (5.0-7) unstable; urgency=medium
419
420 * VM.Snapshot.Rollback privilege added
421
422 * api: check for special roles before locking the usercfg
423
424 * fix #1501: pveum: die when deleting special role
425
426 * API/ticket: rework coarse grained permission computation
427
428 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
429
430 libpve-access-control (5.0-6) unstable; urgency=medium
431
432 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
433 'verify' option. For compatibility reasons this defaults to off for now,
434 but that might change with future updates.
435
436 * AD, LDAP: Add ability to specify a CA path or file, and a client
437 certificate via the 'capath', 'cert' and 'certkey' options.
438
439 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
440
441 libpve-access-control (5.0-5) unstable; urgency=medium
442
443 * change from dpkg-deb to dpkg-buildpackage
444
445 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
446
447 libpve-access-control (5.0-4) unstable; urgency=medium
448
449 * PVE/CLI/pveum.pm: call setup_default_cli_env()
450
451 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
452
453 * check_api2_permissions: avoid warning about uninitialized value
454
455 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
456
457 libpve-access-control (5.0-3) unstable; urgency=medium
458
459 * use new PVE::OTP class from pve-common
460
461 * use new PVE::Tools::encrypt_pw from pve-common
462
463 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
464
465 libpve-access-control (5.0-2) unstable; urgency=medium
466
467 * encrypt_pw: avoid '+' for crypt salt
468
469 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
470
471 libpve-access-control (5.0-1) unstable; urgency=medium
472
473 * rebuild for PVE 5.0
474
475 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
476
477 libpve-access-control (4.0-23) unstable; urgency=medium
478
479 * use new PVE::Ticket class
480
481 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
482
483 libpve-access-control (4.0-22) unstable; urgency=medium
484
485 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
486 (moved to PVE::Storage)
487
488 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
489
490 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
491
492 libpve-access-control (4.0-21) unstable; urgency=medium
493
494 * setup_default_cli_env: expect $class as first parameter
495
496 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
497
498 libpve-access-control (4.0-20) unstable; urgency=medium
499
500 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
501
502 * PVE/API2/Domains.pm: fix property description
503
504 * use new repoman for upload target
505
506 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
507
508 libpve-access-control (4.0-19) unstable; urgency=medium
509
510 * Close #833: ldap: non-anonymous bind support
511
512 * don't import 'RFC' from MIME::Base32
513
514 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
515
516 libpve-access-control (4.0-18) unstable; urgency=medium
517
518 * fix #1062: recognize base32 otp keys again
519
520 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
521
522 libpve-access-control (4.0-17) unstable; urgency=medium
523
524 * drop oathtool and libdigest-hmac-perl dependencies
525
526 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
527
528 libpve-access-control (4.0-16) unstable; urgency=medium
529
530 * use pve-doc-generator to generate man pages
531
532 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
533
534 libpve-access-control (4.0-15) unstable; urgency=medium
535
536 * Fix uninitialized warning when shadow.cfg does not exist
537
538 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
539
540 libpve-access-control (4.0-14) unstable; urgency=medium
541
542 * Add is_worker to RPCEnvironment
543
544 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
545
546 libpve-access-control (4.0-13) unstable; urgency=medium
547
548 * fix #916: allow HTTPS to access custom yubico url
549
550 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
551
552 libpve-access-control (4.0-12) unstable; urgency=medium
553
554 * Catch certificate errors instead of segfaulting
555
556 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
557
558 libpve-access-control (4.0-11) unstable; urgency=medium
559
560 * Fix #861: use safer sprintf formatting
561
562 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
563
564 libpve-access-control (4.0-10) unstable; urgency=medium
565
566 * Auth::LDAP, Auth::AD: ipv6 support
567
568 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
569
570 libpve-access-control (4.0-9) unstable; urgency=medium
571
572 * pveum: implement bash completion
573
574 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
575
576 libpve-access-control (4.0-8) unstable; urgency=medium
577
578 * remove_storage_access: cleanup of access permissions for removed storage
579
580 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
581
582 libpve-access-control (4.0-7) unstable; urgency=medium
583
584 * new helper to remove access permissions for removed VMs
585
586 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
587
588 libpve-access-control (4.0-6) unstable; urgency=medium
589
590 * improve parse_user_config, parse_shadow_config
591
592 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
593
594 libpve-access-control (4.0-5) unstable; urgency=medium
595
596 * pveum: check for $cmd being defined
597
598 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
599
600 libpve-access-control (4.0-4) unstable; urgency=medium
601
602 * use activate-noawait triggers
603
604 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
605
606 libpve-access-control (4.0-3) unstable; urgency=medium
607
608 * IPv6 fixes
609
610 * non-root buildfix
611
612 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
613
614 libpve-access-control (4.0-2) unstable; urgency=medium
615
616 * trigger pve-api-updates event
617
618 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
619
620 libpve-access-control (4.0-1) unstable; urgency=medium
621
622 * bump version for Debian Jessie
623
624 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
625
626 libpve-access-control (3.0-16) unstable; urgency=low
627
628 * root@pam can now be disabled in GUI.
629
630 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
631
632 libpve-access-control (3.0-15) unstable; urgency=low
633
634 * oath: add 'step' and 'digits' option
635
636 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
637
638 libpve-access-control (3.0-14) unstable; urgency=low
639
640 * add oath two factor auth
641
642 * add oathkeygen binary to generate keys for oath
643
644 * add yubico two factor auth
645
646 * dedend on oathtool
647
648 * depend on libmime-base32-perl
649
650 * allow to write builtin auth domains config (comment/tfa/default)
651
652 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
653
654 libpve-access-control (3.0-13) unstable; urgency=low
655
656 * use correct connection string for AD auth
657
658 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
659
660 libpve-access-control (3.0-12) unstable; urgency=low
661
662 * add dummy API for GET /access/ticket (useful to generate login pages)
663
664 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
665
666 libpve-access-control (3.0-11) unstable; urgency=low
667
668 * Sets common hot keys for spice client
669
670 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
671
672 libpve-access-control (3.0-10) unstable; urgency=low
673
674 * implement helper to generate SPICE remote-viewer configuration
675
676 * depend on libnet-ssleay-perl
677
678 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
679
680 libpve-access-control (3.0-9) unstable; urgency=low
681
682 * prevent user enumeration attacks
683
684 * allow dots in access paths
685
686 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
687
688 libpve-access-control (3.0-8) unstable; urgency=low
689
690 * spice: use lowercase hostname in ticktet signature
691
692 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
693
694 libpve-access-control (3.0-7) unstable; urgency=low
695
696 * check_volume_access : use parse_volname instead of path, and remove
697 path related code.
698
699 * use warnings instead of global -w flag.
700
701 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
702
703 libpve-access-control (3.0-6) unstable; urgency=low
704
705 * use shorter spiceproxy tickets
706
707 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
708
709 libpve-access-control (3.0-5) unstable; urgency=low
710
711 * add code to generate tickets for SPICE
712
713 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
714
715 libpve-access-control (3.0-4) unstable; urgency=low
716
717 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
718
719 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
720
721 libpve-access-control (3.0-3) unstable; urgency=low
722
723 * Add new role PVETemplateUser (and VM.Clone privilege)
724
725 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
726
727 libpve-access-control (3.0-2) unstable; urgency=low
728
729 * remove CGI.pm related code (pveproxy does not need that)
730
731 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
732
733 libpve-access-control (3.0-1) unstable; urgency=low
734
735 * bump version for wheezy release
736
737 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
738
739 libpve-access-control (1.0-26) unstable; urgency=low
740
741 * check_volume_access: fix access permissions for backup files
742
743 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
744
745 libpve-access-control (1.0-25) unstable; urgency=low
746
747 * add VM.Snapshot permission
748
749 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
750
751 libpve-access-control (1.0-24) unstable; urgency=low
752
753 * untaint path (allow root to restore arbitrary paths)
754
755 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
756
757 libpve-access-control (1.0-23) unstable; urgency=low
758
759 * correctly compute GUI capabilities (consider pools)
760
761 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
762
763 libpve-access-control (1.0-22) unstable; urgency=low
764
765 * new plugin architecture for Auth modules, minor API change for Auth
766 domains (new 'delete' parameter)
767
768 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
769
770 libpve-access-control (1.0-21) unstable; urgency=low
771
772 * do not allow user names including slash
773
774 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
775
776 libpve-access-control (1.0-20) unstable; urgency=low
777
778 * add ability to fork cli workers in background
779
780 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
781
782 libpve-access-control (1.0-19) unstable; urgency=low
783
784 * return set of privileges on login - can be used to adopt GUI
785
786 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
787
788 libpve-access-control (1.0-18) unstable; urgency=low
789
790 * fix bug #151: correctly parse username inside ticket
791
792 * fix bug #152: allow user to change his own password
793
794 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
795
796 libpve-access-control (1.0-17) unstable; urgency=low
797
798 * set propagate flag by default
799
800 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
801
802 libpve-access-control (1.0-16) unstable; urgency=low
803
804 * add 'pveum passwd' method
805
806 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
807
808 libpve-access-control (1.0-15) unstable; urgency=low
809
810 * Add VM.Config.CDROM privilege to PVEVMUser rule
811
812 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
813
814 libpve-access-control (1.0-14) unstable; urgency=low
815
816 * fix buf in userid-param permission check
817
818 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
819
820 libpve-access-control (1.0-13) unstable; urgency=low
821
822 * allow more characters in ldap base_dn attribute
823
824 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
825
826 libpve-access-control (1.0-12) unstable; urgency=low
827
828 * allow more characters with realm IDs
829
830 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
831
832 libpve-access-control (1.0-11) unstable; urgency=low
833
834 * fix bug in exec_api2_perm_check
835
836 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
837
838 libpve-access-control (1.0-10) unstable; urgency=low
839
840 * fix ACL group name parser
841
842 * changed 'pveum aclmod' command line arguments
843
844 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
845
846 libpve-access-control (1.0-9) unstable; urgency=low
847
848 * fix bug in check_volume_access (fixes vzrestore)
849
850 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
851
852 libpve-access-control (1.0-8) unstable; urgency=low
853
854 * fix return value for empty ACL list.
855
856 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
857
858 libpve-access-control (1.0-7) unstable; urgency=low
859
860 * fix bug #85: allow root@pam to generate tickets for other users
861
862 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
863
864 libpve-access-control (1.0-6) unstable; urgency=low
865
866 * API change: allow to filter enabled/disabled users.
867
868 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
869
870 libpve-access-control (1.0-5) unstable; urgency=low
871
872 * add a way to return file changes (diffs): set_result_changes()
873
874 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
875
876 libpve-access-control (1.0-4) unstable; urgency=low
877
878 * new environment type for ha agents
879
880 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
881
882 libpve-access-control (1.0-3) unstable; urgency=low
883
884 * add support for delayed parameter parsing - We need that to disable
885 file upload for normal API request (avoid DOS attacks)
886
887 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
888
889 libpve-access-control (1.0-2) unstable; urgency=low
890
891 * fix bug in fork_worker
892
893 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
894
895 libpve-access-control (1.0-1) unstable; urgency=low
896
897 * allow '-' in permission paths
898
899 * bump version to 1.0
900
901 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
902
903 libpve-access-control (0.1) unstable; urgency=low
904
905 * first dummy package - no functionality
906
907 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200
908
Access control framework