1 libpve-access-control (6.1-3) pve; urgency=medium
3 * partially fix #2825: authkey: rotate if it was generated in the
6 * fix #2947: add an option to LDAP or AD realm to switch user lookup to case
9 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Sep 2020 08:54:13 +0200
11 libpve-access-control (6.1-2) pve; urgency=medium
13 * also check SDN permission path when computing coarse permissions heuristic
16 * add SDN Permissions.Modify
18 * add VM.Config.Cloudinit
20 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Jun 2020 13:06:56 +0200
22 libpve-access-control (6.1-1) pve; urgency=medium
24 * pveum: add tfa delete subcommand for deleting user-TFA
26 * LDAP: don't complain about missing credentials on realm removal
28 * LDAP: skip anonymous bind when client certificate and key is configured
30 -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200
32 libpve-access-control (6.0-7) pve; urgency=medium
34 * fix #2575: die when trying to edit built-in roles
36 * add realm sub commands to pveum CLI tool
38 * api: domains: add user group sync API enpoint
40 * allow one to sync and import users and groups from LDAP/AD based realms
42 * realm: add default-sync-options to config for more convenient sync configuration
44 * api: token create: return also full token id for convenience
46 -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
48 libpve-access-control (6.0-6) pve; urgency=medium
50 * API: add group members to group index
52 * implement API token support and management
54 * pveum: add 'pveum user token add/update/remove/list'
56 * pveum: add permissions sub-commands
58 * API: add 'permissions' API endpoint
60 * user.cfg: skip inexisting roles when parsing ACLs
62 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
64 libpve-access-control (6.0-5) pve; urgency=medium
66 * pveum: add list command for users, groups, ACLs and roles
68 * add initial permissions for experimental SDN integration
70 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
72 libpve-access-control (6.0-4) pve; urgency=medium
74 * ticket: use clinfo to get cluster name
76 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
79 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
81 libpve-access-control (6.0-3) pve; urgency=medium
83 * fix #2433: increase possible TFA secret length
85 * parse user configuration: correctly parse group names in ACLs, for users
86 which begin their name with an @
88 * sort user.cfg entries alphabetically
90 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
92 libpve-access-control (6.0-2) pve; urgency=medium
94 * improve CSRF verification compatibility with newer PVE
96 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
98 libpve-access-control (6.0-1) pve; urgency=medium
100 * ticket: properly verify exactly 5 minute old tickets
102 * use hmac_sha256 instead of sha1 for CSRF token generation
104 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
106 libpve-access-control (6.0-0+1) pve; urgency=medium
108 * bump for Debian buster
110 * fix #2079: add periodic auth key rotation
112 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
114 libpve-access-control (5.1-10) unstable; urgency=medium
116 * add /access/user/{id}/tfa api call to get tfa types
118 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
120 libpve-access-control (5.1-9) unstable; urgency=medium
122 * store the tfa type in user.cfg allowing to get it without proxying the call
123 to a higher priviledged daemon.
125 * tfa: realm required TFA should lock out users without TFA configured, as it
126 was done before Proxmox VE 5.4
128 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
130 libpve-access-control (5.1-8) unstable; urgency=medium
132 * U2F: ensure we save correct public key on registration
134 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
136 libpve-access-control (5.1-7) unstable; urgency=medium
138 * verify_ticket: allow general non-challenge tfa to be run as two step
141 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
143 libpve-access-control (5.1-6) unstable; urgency=medium
145 * more general 2FA configuration via priv/tfa.cfg
147 * add u2f api endpoints
149 * delete TFA entries when deleting a user
151 * allow users to change their TOTP settings
153 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
155 libpve-access-control (5.1-5) unstable; urgency=medium
157 * fix vnc ticket verification without authkey lifetime
159 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
161 libpve-access-control (5.1-4) unstable; urgency=medium
163 * fix #1891: Add zsh command completion for pveum
165 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
166 to avoid issues on upgrade, will be enabled with 6.0
168 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
170 libpve-access-control (5.1-3) unstable; urgency=medium
172 * api/ticket: move getting cluster name into an eval
174 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
176 libpve-access-control (5.1-2) unstable; urgency=medium
178 * fix #1998: correct return properties for read_role
180 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
182 libpve-access-control (5.1-1) unstable; urgency=medium
184 * pveum: introduce sub-commands
186 * register userid with completion
188 * fix #233: return cluster name on successful login
190 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
192 libpve-access-control (5.0-8) unstable; urgency=medium
194 * fix #1612: ldap: make 2nd server work with bind domains again
196 * fix an error message where passing a bad pool id to an API function would
197 make it complain about a wrong group name instead
199 * fix the API-returned permission list so that the GUI knows to show the
200 'Permissions' tab for a storage to an administrator apart from root@pam
202 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
204 libpve-access-control (5.0-7) unstable; urgency=medium
206 * VM.Snapshot.Rollback privilege added
208 * api: check for special roles before locking the usercfg
210 * fix #1501: pveum: die when deleting special role
212 * API/ticket: rework coarse grained permission computation
214 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
216 libpve-access-control (5.0-6) unstable; urgency=medium
218 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
219 'verify' option. For compatibility reasons this defaults to off for now,
220 but that might change with future updates.
222 * AD, LDAP: Add ability to specify a CA path or file, and a client
223 certificate via the 'capath', 'cert' and 'certkey' options.
225 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
227 libpve-access-control (5.0-5) unstable; urgency=medium
229 * change from dpkg-deb to dpkg-buildpackage
231 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
233 libpve-access-control (5.0-4) unstable; urgency=medium
235 * PVE/CLI/pveum.pm: call setup_default_cli_env()
237 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
239 * check_api2_permissions: avoid warning about uninitialized value
241 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
243 libpve-access-control (5.0-3) unstable; urgency=medium
245 * use new PVE::OTP class from pve-common
247 * use new PVE::Tools::encrypt_pw from pve-common
249 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
251 libpve-access-control (5.0-2) unstable; urgency=medium
253 * encrypt_pw: avoid '+' for crypt salt
255 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
257 libpve-access-control (5.0-1) unstable; urgency=medium
259 * rebuild for PVE 5.0
261 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
263 libpve-access-control (4.0-23) unstable; urgency=medium
265 * use new PVE::Ticket class
267 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
269 libpve-access-control (4.0-22) unstable; urgency=medium
271 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
272 (moved to PVE::Storage)
274 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
276 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
278 libpve-access-control (4.0-21) unstable; urgency=medium
280 * setup_default_cli_env: expect $class as first parameter
282 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
284 libpve-access-control (4.0-20) unstable; urgency=medium
286 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
288 * PVE/API2/Domains.pm: fix property description
290 * use new repoman for upload target
292 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
294 libpve-access-control (4.0-19) unstable; urgency=medium
296 * Close #833: ldap: non-anonymous bind support
298 * don't import 'RFC' from MIME::Base32
300 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
302 libpve-access-control (4.0-18) unstable; urgency=medium
304 * fix #1062: recognize base32 otp keys again
306 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
308 libpve-access-control (4.0-17) unstable; urgency=medium
310 * drop oathtool and libdigest-hmac-perl dependencies
312 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
314 libpve-access-control (4.0-16) unstable; urgency=medium
316 * use pve-doc-generator to generate man pages
318 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
320 libpve-access-control (4.0-15) unstable; urgency=medium
322 * Fix uninitialized warning when shadow.cfg does not exist
324 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
326 libpve-access-control (4.0-14) unstable; urgency=medium
328 * Add is_worker to RPCEnvironment
330 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
332 libpve-access-control (4.0-13) unstable; urgency=medium
334 * fix #916: allow HTTPS to access custom yubico url
336 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
338 libpve-access-control (4.0-12) unstable; urgency=medium
340 * Catch certificate errors instead of segfaulting
342 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
344 libpve-access-control (4.0-11) unstable; urgency=medium
346 * Fix #861: use safer sprintf formatting
348 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
350 libpve-access-control (4.0-10) unstable; urgency=medium
352 * Auth::LDAP, Auth::AD: ipv6 support
354 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
356 libpve-access-control (4.0-9) unstable; urgency=medium
358 * pveum: implement bash completion
360 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
362 libpve-access-control (4.0-8) unstable; urgency=medium
364 * remove_storage_access: cleanup of access permissions for removed storage
366 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
368 libpve-access-control (4.0-7) unstable; urgency=medium
370 * new helper to remove access permissions for removed VMs
372 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
374 libpve-access-control (4.0-6) unstable; urgency=medium
376 * improve parse_user_config, parse_shadow_config
378 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
380 libpve-access-control (4.0-5) unstable; urgency=medium
382 * pveum: check for $cmd being defined
384 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
386 libpve-access-control (4.0-4) unstable; urgency=medium
388 * use activate-noawait triggers
390 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
392 libpve-access-control (4.0-3) unstable; urgency=medium
398 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
400 libpve-access-control (4.0-2) unstable; urgency=medium
402 * trigger pve-api-updates event
404 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
406 libpve-access-control (4.0-1) unstable; urgency=medium
408 * bump version for Debian Jessie
410 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
412 libpve-access-control (3.0-16) unstable; urgency=low
414 * root@pam can now be disabled in GUI.
416 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
418 libpve-access-control (3.0-15) unstable; urgency=low
420 * oath: add 'step' and 'digits' option
422 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
424 libpve-access-control (3.0-14) unstable; urgency=low
426 * add oath two factor auth
428 * add oathkeygen binary to generate keys for oath
430 * add yubico two factor auth
434 * depend on libmime-base32-perl
436 * allow to write builtin auth domains config (comment/tfa/default)
438 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
440 libpve-access-control (3.0-13) unstable; urgency=low
442 * use correct connection string for AD auth
444 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
446 libpve-access-control (3.0-12) unstable; urgency=low
448 * add dummy API for GET /access/ticket (useful to generate login pages)
450 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
452 libpve-access-control (3.0-11) unstable; urgency=low
454 * Sets common hot keys for spice client
456 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
458 libpve-access-control (3.0-10) unstable; urgency=low
460 * implement helper to generate SPICE remote-viewer configuration
462 * depend on libnet-ssleay-perl
464 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
466 libpve-access-control (3.0-9) unstable; urgency=low
468 * prevent user enumeration attacks
470 * allow dots in access paths
472 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
474 libpve-access-control (3.0-8) unstable; urgency=low
476 * spice: use lowercase hostname in ticktet signature
478 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
480 libpve-access-control (3.0-7) unstable; urgency=low
482 * check_volume_access : use parse_volname instead of path, and remove
485 * use warnings instead of global -w flag.
487 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
489 libpve-access-control (3.0-6) unstable; urgency=low
491 * use shorter spiceproxy tickets
493 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
495 libpve-access-control (3.0-5) unstable; urgency=low
497 * add code to generate tickets for SPICE
499 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
501 libpve-access-control (3.0-4) unstable; urgency=low
503 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
505 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
507 libpve-access-control (3.0-3) unstable; urgency=low
509 * Add new role PVETemplateUser (and VM.Clone priviledge)
511 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
513 libpve-access-control (3.0-2) unstable; urgency=low
515 * remove CGI.pm related code (pveproxy does not need that)
517 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
519 libpve-access-control (3.0-1) unstable; urgency=low
521 * bump version for wheezy release
523 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
525 libpve-access-control (1.0-26) unstable; urgency=low
527 * check_volume_access: fix access permissions for backup files
529 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
531 libpve-access-control (1.0-25) unstable; urgency=low
533 * add VM.Snapshot permission
535 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
537 libpve-access-control (1.0-24) unstable; urgency=low
539 * untaint path (allow root to restore arbitrary paths)
541 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
543 libpve-access-control (1.0-23) unstable; urgency=low
545 * correctly compute GUI capabilities (consider pools)
547 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
549 libpve-access-control (1.0-22) unstable; urgency=low
551 * new plugin architecture for Auth modules, minor API change for Auth
552 domains (new 'delete' parameter)
554 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
556 libpve-access-control (1.0-21) unstable; urgency=low
558 * do not allow user names including slash
560 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
562 libpve-access-control (1.0-20) unstable; urgency=low
564 * add ability to fork cli workers in background
566 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
568 libpve-access-control (1.0-19) unstable; urgency=low
570 * return set of privileges on login - can be used to adopt GUI
572 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
574 libpve-access-control (1.0-18) unstable; urgency=low
576 * fix bug #151: corretly parse username inside ticket
578 * fix bug #152: allow user to change his own password
580 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
582 libpve-access-control (1.0-17) unstable; urgency=low
584 * set propagate flag by default
586 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
588 libpve-access-control (1.0-16) unstable; urgency=low
590 * add 'pveum passwd' method
592 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
594 libpve-access-control (1.0-15) unstable; urgency=low
596 * Add VM.Config.CDROM privilege to PVEVMUser rule
598 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
600 libpve-access-control (1.0-14) unstable; urgency=low
602 * fix buf in userid-param permission check
604 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
606 libpve-access-control (1.0-13) unstable; urgency=low
608 * allow more characters in ldap base_dn attribute
610 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
612 libpve-access-control (1.0-12) unstable; urgency=low
614 * allow more characters with realm IDs
616 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
618 libpve-access-control (1.0-11) unstable; urgency=low
620 * fix bug in exec_api2_perm_check
622 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
624 libpve-access-control (1.0-10) unstable; urgency=low
626 * fix ACL group name parser
628 * changed 'pveum aclmod' command line arguments
630 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
632 libpve-access-control (1.0-9) unstable; urgency=low
634 * fix bug in check_volume_access (fixes vzrestore)
636 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
638 libpve-access-control (1.0-8) unstable; urgency=low
640 * fix return value for empty ACL list.
642 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
644 libpve-access-control (1.0-7) unstable; urgency=low
646 * fix bug #85: allow root@pam to generate tickets for other users
648 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
650 libpve-access-control (1.0-6) unstable; urgency=low
652 * API change: allow to filter enabled/disabled users.
654 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
656 libpve-access-control (1.0-5) unstable; urgency=low
658 * add a way to return file changes (diffs): set_result_changes()
660 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
662 libpve-access-control (1.0-4) unstable; urgency=low
664 * new environment type for ha agents
666 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
668 libpve-access-control (1.0-3) unstable; urgency=low
670 * add support for delayed parameter parsing - We need that to disable
671 file upload for normal API request (avoid DOS attacs)
673 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
675 libpve-access-control (1.0-2) unstable; urgency=low
677 * fix bug in fork_worker
679 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
681 libpve-access-control (1.0-1) unstable; urgency=low
683 * allow '-' in permission paths
685 * bump version to 1.0
687 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
689 libpve-access-control (0.1) unstable; urgency=low
691 * first dummy package - no functionality
693 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200