1 libpve-access-control (5.1-1) unstable; urgency=medium
3 * pveum: introduce sub-commands
5 * register userid with completion
7 * fix #233: return cluster name on successful login
9 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
11 libpve-access-control (5.0-8) unstable; urgency=medium
13 * fix #1612: ldap: make 2nd server work with bind domains again
15 * fix an error message where passing a bad pool id to an API function would
16 make it complain about a wrong group name instead
18 * fix the API-returned permission list so that the GUI knows to show the
19 'Permissions' tab for a storage to an administrator apart from root@pam
21 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
23 libpve-access-control (5.0-7) unstable; urgency=medium
25 * VM.Snapshot.Rollback privilege added
27 * api: check for special roles before locking the usercfg
29 * fix #1501: pveum: die when deleting special role
31 * API/ticket: rework coarse grained permission computation
33 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
35 libpve-access-control (5.0-6) unstable; urgency=medium
37 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
38 'verify' option. For compatibility reasons this defaults to off for now,
39 but that might change with future updates.
41 * AD, LDAP: Add ability to specify a CA path or file, and a client
42 certificate via the 'capath', 'cert' and 'certkey' options.
44 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
46 libpve-access-control (5.0-5) unstable; urgency=medium
48 * change from dpkg-deb to dpkg-buildpackage
50 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
52 libpve-access-control (5.0-4) unstable; urgency=medium
54 * PVE/CLI/pveum.pm: call setup_default_cli_env()
56 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
58 * check_api2_permissions: avoid warning about uninitialized value
60 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
62 libpve-access-control (5.0-3) unstable; urgency=medium
64 * use new PVE::OTP class from pve-common
66 * use new PVE::Tools::encrypt_pw from pve-common
68 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
70 libpve-access-control (5.0-2) unstable; urgency=medium
72 * encrypt_pw: avoid '+' for crypt salt
74 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
76 libpve-access-control (5.0-1) unstable; urgency=medium
80 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
82 libpve-access-control (4.0-23) unstable; urgency=medium
84 * use new PVE::Ticket class
86 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
88 libpve-access-control (4.0-22) unstable; urgency=medium
90 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
91 (moved to PVE::Storage)
93 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
95 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
97 libpve-access-control (4.0-21) unstable; urgency=medium
99 * setup_default_cli_env: expect $class as first parameter
101 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
103 libpve-access-control (4.0-20) unstable; urgency=medium
105 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
107 * PVE/API2/Domains.pm: fix property description
109 * use new repoman for upload target
111 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
113 libpve-access-control (4.0-19) unstable; urgency=medium
115 * Close #833: ldap: non-anonymous bind support
117 * don't import 'RFC' from MIME::Base32
119 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
121 libpve-access-control (4.0-18) unstable; urgency=medium
123 * fix #1062: recognize base32 otp keys again
125 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
127 libpve-access-control (4.0-17) unstable; urgency=medium
129 * drop oathtool and libdigest-hmac-perl dependencies
131 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
133 libpve-access-control (4.0-16) unstable; urgency=medium
135 * use pve-doc-generator to generate man pages
137 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
139 libpve-access-control (4.0-15) unstable; urgency=medium
141 * Fix uninitialized warning when shadow.cfg does not exist
143 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
145 libpve-access-control (4.0-14) unstable; urgency=medium
147 * Add is_worker to RPCEnvironment
149 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
151 libpve-access-control (4.0-13) unstable; urgency=medium
153 * fix #916: allow HTTPS to access custom yubico url
155 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
157 libpve-access-control (4.0-12) unstable; urgency=medium
159 * Catch certificate errors instead of segfaulting
161 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
163 libpve-access-control (4.0-11) unstable; urgency=medium
165 * Fix #861: use safer sprintf formatting
167 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
169 libpve-access-control (4.0-10) unstable; urgency=medium
171 * Auth::LDAP, Auth::AD: ipv6 support
173 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
175 libpve-access-control (4.0-9) unstable; urgency=medium
177 * pveum: implement bash completion
179 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
181 libpve-access-control (4.0-8) unstable; urgency=medium
183 * remove_storage_access: cleanup of access permissions for removed storage
185 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
187 libpve-access-control (4.0-7) unstable; urgency=medium
189 * new helper to remove access permissions for removed VMs
191 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
193 libpve-access-control (4.0-6) unstable; urgency=medium
195 * improve parse_user_config, parse_shadow_config
197 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
199 libpve-access-control (4.0-5) unstable; urgency=medium
201 * pveum: check for $cmd being defined
203 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
205 libpve-access-control (4.0-4) unstable; urgency=medium
207 * use activate-noawait triggers
209 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
211 libpve-access-control (4.0-3) unstable; urgency=medium
217 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
219 libpve-access-control (4.0-2) unstable; urgency=medium
221 * trigger pve-api-updates event
223 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
225 libpve-access-control (4.0-1) unstable; urgency=medium
227 * bump version for Debian Jessie
229 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
231 libpve-access-control (3.0-16) unstable; urgency=low
233 * root@pam can now be disabled in GUI.
235 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
237 libpve-access-control (3.0-15) unstable; urgency=low
239 * oath: add 'step' and 'digits' option
241 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
243 libpve-access-control (3.0-14) unstable; urgency=low
245 * add oath two factor auth
247 * add oathkeygen binary to generate keys for oath
249 * add yubico two factor auth
253 * depend on libmime-base32-perl
255 * allow to write builtin auth domains config (comment/tfa/default)
257 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
259 libpve-access-control (3.0-13) unstable; urgency=low
261 * use correct connection string for AD auth
263 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
265 libpve-access-control (3.0-12) unstable; urgency=low
267 * add dummy API for GET /access/ticket (useful to generate login pages)
269 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
271 libpve-access-control (3.0-11) unstable; urgency=low
273 * Sets common hot keys for spice client
275 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
277 libpve-access-control (3.0-10) unstable; urgency=low
279 * implement helper to generate SPICE remote-viewer configuration
281 * depend on libnet-ssleay-perl
283 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
285 libpve-access-control (3.0-9) unstable; urgency=low
287 * prevent user enumeration attacks
289 * allow dots in access paths
291 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
293 libpve-access-control (3.0-8) unstable; urgency=low
295 * spice: use lowercase hostname in ticktet signature
297 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
299 libpve-access-control (3.0-7) unstable; urgency=low
301 * check_volume_access : use parse_volname instead of path, and remove
304 * use warnings instead of global -w flag.
306 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
308 libpve-access-control (3.0-6) unstable; urgency=low
310 * use shorter spiceproxy tickets
312 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
314 libpve-access-control (3.0-5) unstable; urgency=low
316 * add code to generate tickets for SPICE
318 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
320 libpve-access-control (3.0-4) unstable; urgency=low
322 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
324 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
326 libpve-access-control (3.0-3) unstable; urgency=low
328 * Add new role PVETemplateUser (and VM.Clone priviledge)
330 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
332 libpve-access-control (3.0-2) unstable; urgency=low
334 * remove CGI.pm related code (pveproxy does not need that)
336 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
338 libpve-access-control (3.0-1) unstable; urgency=low
340 * bump version for wheezy release
342 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
344 libpve-access-control (1.0-26) unstable; urgency=low
346 * check_volume_access: fix access permissions for backup files
348 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
350 libpve-access-control (1.0-25) unstable; urgency=low
352 * add VM.Snapshot permission
354 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
356 libpve-access-control (1.0-24) unstable; urgency=low
358 * untaint path (allow root to restore arbitrary paths)
360 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
362 libpve-access-control (1.0-23) unstable; urgency=low
364 * correctly compute GUI capabilities (consider pools)
366 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
368 libpve-access-control (1.0-22) unstable; urgency=low
370 * new plugin architecture for Auth modules, minor API change for Auth
371 domains (new 'delete' parameter)
373 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
375 libpve-access-control (1.0-21) unstable; urgency=low
377 * do not allow user names including slash
379 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
381 libpve-access-control (1.0-20) unstable; urgency=low
383 * add ability to fork cli workers in background
385 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
387 libpve-access-control (1.0-19) unstable; urgency=low
389 * return set of privileges on login - can be used to adopt GUI
391 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
393 libpve-access-control (1.0-18) unstable; urgency=low
395 * fix bug #151: corretly parse username inside ticket
397 * fix bug #152: allow user to change his own password
399 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
401 libpve-access-control (1.0-17) unstable; urgency=low
403 * set propagate flag by default
405 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
407 libpve-access-control (1.0-16) unstable; urgency=low
409 * add 'pveum passwd' method
411 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
413 libpve-access-control (1.0-15) unstable; urgency=low
415 * Add VM.Config.CDROM privilege to PVEVMUser rule
417 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
419 libpve-access-control (1.0-14) unstable; urgency=low
421 * fix buf in userid-param permission check
423 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
425 libpve-access-control (1.0-13) unstable; urgency=low
427 * allow more characters in ldap base_dn attribute
429 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
431 libpve-access-control (1.0-12) unstable; urgency=low
433 * allow more characters with realm IDs
435 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
437 libpve-access-control (1.0-11) unstable; urgency=low
439 * fix bug in exec_api2_perm_check
441 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
443 libpve-access-control (1.0-10) unstable; urgency=low
445 * fix ACL group name parser
447 * changed 'pveum aclmod' command line arguments
449 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
451 libpve-access-control (1.0-9) unstable; urgency=low
453 * fix bug in check_volume_access (fixes vzrestore)
455 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
457 libpve-access-control (1.0-8) unstable; urgency=low
459 * fix return value for empty ACL list.
461 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
463 libpve-access-control (1.0-7) unstable; urgency=low
465 * fix bug #85: allow root@pam to generate tickets for other users
467 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
469 libpve-access-control (1.0-6) unstable; urgency=low
471 * API change: allow to filter enabled/disabled users.
473 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
475 libpve-access-control (1.0-5) unstable; urgency=low
477 * add a way to return file changes (diffs): set_result_changes()
479 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
481 libpve-access-control (1.0-4) unstable; urgency=low
483 * new environment type for ha agents
485 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
487 libpve-access-control (1.0-3) unstable; urgency=low
489 * add support for delayed parameter parsing - We need that to disable
490 file upload for normal API request (avoid DOS attacs)
492 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
494 libpve-access-control (1.0-2) unstable; urgency=low
496 * fix bug in fork_worker
498 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
500 libpve-access-control (1.0-1) unstable; urgency=low
502 * allow '-' in permission paths
504 * bump version to 1.0
506 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
508 libpve-access-control (0.1) unstable; urgency=low
510 * first dummy package - no functionality
512 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200