1 libpve-access-control (6.0-3) pve; urgency=medium
3 * fix #2433: increase possible TFA secret length
5 * parse user configuration: correctly parse group names in ACLs, for users
6 which begin their name with an @
8 * sort user.cfg entries alphabetically
10 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
12 libpve-access-control (6.0-2) pve; urgency=medium
14 * improve CSRF verification compatibility with newer PVE
16 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
18 libpve-access-control (6.0-1) pve; urgency=medium
20 * ticket: properly verify exactly 5 minute old tickets
22 * use hmac_sha256 instead of sha1 for CSRF token generation
24 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
26 libpve-access-control (6.0-0+1) pve; urgency=medium
28 * bump for Debian buster
30 * fix #2079: add periodic auth key rotation
32 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
34 libpve-access-control (5.1-10) unstable; urgency=medium
36 * add /access/user/{id}/tfa api call to get tfa types
38 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
40 libpve-access-control (5.1-9) unstable; urgency=medium
42 * store the tfa type in user.cfg allowing to get it without proxying the call
43 to a higher priviledged daemon.
45 * tfa: realm required TFA should lock out users without TFA configured, as it
46 was done before Proxmox VE 5.4
48 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
50 libpve-access-control (5.1-8) unstable; urgency=medium
52 * U2F: ensure we save correct public key on registration
54 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
56 libpve-access-control (5.1-7) unstable; urgency=medium
58 * verify_ticket: allow general non-challenge tfa to be run as two step
61 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
63 libpve-access-control (5.1-6) unstable; urgency=medium
65 * more general 2FA configuration via priv/tfa.cfg
67 * add u2f api endpoints
69 * delete TFA entries when deleting a user
71 * allow users to change their TOTP settings
73 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
75 libpve-access-control (5.1-5) unstable; urgency=medium
77 * fix vnc ticket verification without authkey lifetime
79 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
81 libpve-access-control (5.1-4) unstable; urgency=medium
83 * fix #1891: Add zsh command completion for pveum
85 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
86 to avoid issues on upgrade, will be enabled with 6.0
88 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
90 libpve-access-control (5.1-3) unstable; urgency=medium
92 * api/ticket: move getting cluster name into an eval
94 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
96 libpve-access-control (5.1-2) unstable; urgency=medium
98 * fix #1998: correct return properties for read_role
100 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
102 libpve-access-control (5.1-1) unstable; urgency=medium
104 * pveum: introduce sub-commands
106 * register userid with completion
108 * fix #233: return cluster name on successful login
110 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
112 libpve-access-control (5.0-8) unstable; urgency=medium
114 * fix #1612: ldap: make 2nd server work with bind domains again
116 * fix an error message where passing a bad pool id to an API function would
117 make it complain about a wrong group name instead
119 * fix the API-returned permission list so that the GUI knows to show the
120 'Permissions' tab for a storage to an administrator apart from root@pam
122 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
124 libpve-access-control (5.0-7) unstable; urgency=medium
126 * VM.Snapshot.Rollback privilege added
128 * api: check for special roles before locking the usercfg
130 * fix #1501: pveum: die when deleting special role
132 * API/ticket: rework coarse grained permission computation
134 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
136 libpve-access-control (5.0-6) unstable; urgency=medium
138 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
139 'verify' option. For compatibility reasons this defaults to off for now,
140 but that might change with future updates.
142 * AD, LDAP: Add ability to specify a CA path or file, and a client
143 certificate via the 'capath', 'cert' and 'certkey' options.
145 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
147 libpve-access-control (5.0-5) unstable; urgency=medium
149 * change from dpkg-deb to dpkg-buildpackage
151 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
153 libpve-access-control (5.0-4) unstable; urgency=medium
155 * PVE/CLI/pveum.pm: call setup_default_cli_env()
157 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
159 * check_api2_permissions: avoid warning about uninitialized value
161 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
163 libpve-access-control (5.0-3) unstable; urgency=medium
165 * use new PVE::OTP class from pve-common
167 * use new PVE::Tools::encrypt_pw from pve-common
169 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
171 libpve-access-control (5.0-2) unstable; urgency=medium
173 * encrypt_pw: avoid '+' for crypt salt
175 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
177 libpve-access-control (5.0-1) unstable; urgency=medium
179 * rebuild for PVE 5.0
181 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
183 libpve-access-control (4.0-23) unstable; urgency=medium
185 * use new PVE::Ticket class
187 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
189 libpve-access-control (4.0-22) unstable; urgency=medium
191 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
192 (moved to PVE::Storage)
194 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
196 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
198 libpve-access-control (4.0-21) unstable; urgency=medium
200 * setup_default_cli_env: expect $class as first parameter
202 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
204 libpve-access-control (4.0-20) unstable; urgency=medium
206 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
208 * PVE/API2/Domains.pm: fix property description
210 * use new repoman for upload target
212 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
214 libpve-access-control (4.0-19) unstable; urgency=medium
216 * Close #833: ldap: non-anonymous bind support
218 * don't import 'RFC' from MIME::Base32
220 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
222 libpve-access-control (4.0-18) unstable; urgency=medium
224 * fix #1062: recognize base32 otp keys again
226 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
228 libpve-access-control (4.0-17) unstable; urgency=medium
230 * drop oathtool and libdigest-hmac-perl dependencies
232 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
234 libpve-access-control (4.0-16) unstable; urgency=medium
236 * use pve-doc-generator to generate man pages
238 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
240 libpve-access-control (4.0-15) unstable; urgency=medium
242 * Fix uninitialized warning when shadow.cfg does not exist
244 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
246 libpve-access-control (4.0-14) unstable; urgency=medium
248 * Add is_worker to RPCEnvironment
250 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
252 libpve-access-control (4.0-13) unstable; urgency=medium
254 * fix #916: allow HTTPS to access custom yubico url
256 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
258 libpve-access-control (4.0-12) unstable; urgency=medium
260 * Catch certificate errors instead of segfaulting
262 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
264 libpve-access-control (4.0-11) unstable; urgency=medium
266 * Fix #861: use safer sprintf formatting
268 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
270 libpve-access-control (4.0-10) unstable; urgency=medium
272 * Auth::LDAP, Auth::AD: ipv6 support
274 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
276 libpve-access-control (4.0-9) unstable; urgency=medium
278 * pveum: implement bash completion
280 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
282 libpve-access-control (4.0-8) unstable; urgency=medium
284 * remove_storage_access: cleanup of access permissions for removed storage
286 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
288 libpve-access-control (4.0-7) unstable; urgency=medium
290 * new helper to remove access permissions for removed VMs
292 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
294 libpve-access-control (4.0-6) unstable; urgency=medium
296 * improve parse_user_config, parse_shadow_config
298 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
300 libpve-access-control (4.0-5) unstable; urgency=medium
302 * pveum: check for $cmd being defined
304 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
306 libpve-access-control (4.0-4) unstable; urgency=medium
308 * use activate-noawait triggers
310 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
312 libpve-access-control (4.0-3) unstable; urgency=medium
318 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
320 libpve-access-control (4.0-2) unstable; urgency=medium
322 * trigger pve-api-updates event
324 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
326 libpve-access-control (4.0-1) unstable; urgency=medium
328 * bump version for Debian Jessie
330 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
332 libpve-access-control (3.0-16) unstable; urgency=low
334 * root@pam can now be disabled in GUI.
336 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
338 libpve-access-control (3.0-15) unstable; urgency=low
340 * oath: add 'step' and 'digits' option
342 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
344 libpve-access-control (3.0-14) unstable; urgency=low
346 * add oath two factor auth
348 * add oathkeygen binary to generate keys for oath
350 * add yubico two factor auth
354 * depend on libmime-base32-perl
356 * allow to write builtin auth domains config (comment/tfa/default)
358 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
360 libpve-access-control (3.0-13) unstable; urgency=low
362 * use correct connection string for AD auth
364 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
366 libpve-access-control (3.0-12) unstable; urgency=low
368 * add dummy API for GET /access/ticket (useful to generate login pages)
370 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
372 libpve-access-control (3.0-11) unstable; urgency=low
374 * Sets common hot keys for spice client
376 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
378 libpve-access-control (3.0-10) unstable; urgency=low
380 * implement helper to generate SPICE remote-viewer configuration
382 * depend on libnet-ssleay-perl
384 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
386 libpve-access-control (3.0-9) unstable; urgency=low
388 * prevent user enumeration attacks
390 * allow dots in access paths
392 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
394 libpve-access-control (3.0-8) unstable; urgency=low
396 * spice: use lowercase hostname in ticktet signature
398 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
400 libpve-access-control (3.0-7) unstable; urgency=low
402 * check_volume_access : use parse_volname instead of path, and remove
405 * use warnings instead of global -w flag.
407 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
409 libpve-access-control (3.0-6) unstable; urgency=low
411 * use shorter spiceproxy tickets
413 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
415 libpve-access-control (3.0-5) unstable; urgency=low
417 * add code to generate tickets for SPICE
419 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
421 libpve-access-control (3.0-4) unstable; urgency=low
423 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
425 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
427 libpve-access-control (3.0-3) unstable; urgency=low
429 * Add new role PVETemplateUser (and VM.Clone priviledge)
431 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
433 libpve-access-control (3.0-2) unstable; urgency=low
435 * remove CGI.pm related code (pveproxy does not need that)
437 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
439 libpve-access-control (3.0-1) unstable; urgency=low
441 * bump version for wheezy release
443 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
445 libpve-access-control (1.0-26) unstable; urgency=low
447 * check_volume_access: fix access permissions for backup files
449 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
451 libpve-access-control (1.0-25) unstable; urgency=low
453 * add VM.Snapshot permission
455 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
457 libpve-access-control (1.0-24) unstable; urgency=low
459 * untaint path (allow root to restore arbitrary paths)
461 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
463 libpve-access-control (1.0-23) unstable; urgency=low
465 * correctly compute GUI capabilities (consider pools)
467 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
469 libpve-access-control (1.0-22) unstable; urgency=low
471 * new plugin architecture for Auth modules, minor API change for Auth
472 domains (new 'delete' parameter)
474 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
476 libpve-access-control (1.0-21) unstable; urgency=low
478 * do not allow user names including slash
480 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
482 libpve-access-control (1.0-20) unstable; urgency=low
484 * add ability to fork cli workers in background
486 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
488 libpve-access-control (1.0-19) unstable; urgency=low
490 * return set of privileges on login - can be used to adopt GUI
492 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
494 libpve-access-control (1.0-18) unstable; urgency=low
496 * fix bug #151: corretly parse username inside ticket
498 * fix bug #152: allow user to change his own password
500 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
502 libpve-access-control (1.0-17) unstable; urgency=low
504 * set propagate flag by default
506 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
508 libpve-access-control (1.0-16) unstable; urgency=low
510 * add 'pveum passwd' method
512 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
514 libpve-access-control (1.0-15) unstable; urgency=low
516 * Add VM.Config.CDROM privilege to PVEVMUser rule
518 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
520 libpve-access-control (1.0-14) unstable; urgency=low
522 * fix buf in userid-param permission check
524 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
526 libpve-access-control (1.0-13) unstable; urgency=low
528 * allow more characters in ldap base_dn attribute
530 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
532 libpve-access-control (1.0-12) unstable; urgency=low
534 * allow more characters with realm IDs
536 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
538 libpve-access-control (1.0-11) unstable; urgency=low
540 * fix bug in exec_api2_perm_check
542 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
544 libpve-access-control (1.0-10) unstable; urgency=low
546 * fix ACL group name parser
548 * changed 'pveum aclmod' command line arguments
550 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
552 libpve-access-control (1.0-9) unstable; urgency=low
554 * fix bug in check_volume_access (fixes vzrestore)
556 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
558 libpve-access-control (1.0-8) unstable; urgency=low
560 * fix return value for empty ACL list.
562 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
564 libpve-access-control (1.0-7) unstable; urgency=low
566 * fix bug #85: allow root@pam to generate tickets for other users
568 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
570 libpve-access-control (1.0-6) unstable; urgency=low
572 * API change: allow to filter enabled/disabled users.
574 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
576 libpve-access-control (1.0-5) unstable; urgency=low
578 * add a way to return file changes (diffs): set_result_changes()
580 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
582 libpve-access-control (1.0-4) unstable; urgency=low
584 * new environment type for ha agents
586 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
588 libpve-access-control (1.0-3) unstable; urgency=low
590 * add support for delayed parameter parsing - We need that to disable
591 file upload for normal API request (avoid DOS attacs)
593 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
595 libpve-access-control (1.0-2) unstable; urgency=low
597 * fix bug in fork_worker
599 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
601 libpve-access-control (1.0-1) unstable; urgency=low
603 * allow '-' in permission paths
605 * bump version to 1.0
607 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
609 libpve-access-control (0.1) unstable; urgency=low
611 * first dummy package - no functionality
613 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200