1 libpve-access-control (6.0-2) pve; urgency=medium
3 * improve CSRF verification compatibility with newer PVE
5 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
7 libpve-access-control (6.0-1) pve; urgency=medium
9 * ticket: properly verify exactly 5 minute old tickets
11 * use hmac_sha256 instead of sha1 for CSRF token generation
13 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
15 libpve-access-control (6.0-0+1) pve; urgency=medium
17 * bump for Debian buster
19 * fix #2079: add periodic auth key rotation
21 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
23 libpve-access-control (5.1-10) unstable; urgency=medium
25 * add /access/user/{id}/tfa api call to get tfa types
27 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
29 libpve-access-control (5.1-9) unstable; urgency=medium
31 * store the tfa type in user.cfg allowing to get it without proxying the call
32 to a higher priviledged daemon.
34 * tfa: realm required TFA should lock out users without TFA configured, as it
35 was done before Proxmox VE 5.4
37 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
39 libpve-access-control (5.1-8) unstable; urgency=medium
41 * U2F: ensure we save correct public key on registration
43 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
45 libpve-access-control (5.1-7) unstable; urgency=medium
47 * verify_ticket: allow general non-challenge tfa to be run as two step
50 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
52 libpve-access-control (5.1-6) unstable; urgency=medium
54 * more general 2FA configuration via priv/tfa.cfg
56 * add u2f api endpoints
58 * delete TFA entries when deleting a user
60 * allow users to change their TOTP settings
62 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
64 libpve-access-control (5.1-5) unstable; urgency=medium
66 * fix vnc ticket verification without authkey lifetime
68 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
70 libpve-access-control (5.1-4) unstable; urgency=medium
72 * fix #1891: Add zsh command completion for pveum
74 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
75 to avoid issues on upgrade, will be enabled with 6.0
77 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
79 libpve-access-control (5.1-3) unstable; urgency=medium
81 * api/ticket: move getting cluster name into an eval
83 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
85 libpve-access-control (5.1-2) unstable; urgency=medium
87 * fix #1998: correct return properties for read_role
89 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
91 libpve-access-control (5.1-1) unstable; urgency=medium
93 * pveum: introduce sub-commands
95 * register userid with completion
97 * fix #233: return cluster name on successful login
99 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
101 libpve-access-control (5.0-8) unstable; urgency=medium
103 * fix #1612: ldap: make 2nd server work with bind domains again
105 * fix an error message where passing a bad pool id to an API function would
106 make it complain about a wrong group name instead
108 * fix the API-returned permission list so that the GUI knows to show the
109 'Permissions' tab for a storage to an administrator apart from root@pam
111 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
113 libpve-access-control (5.0-7) unstable; urgency=medium
115 * VM.Snapshot.Rollback privilege added
117 * api: check for special roles before locking the usercfg
119 * fix #1501: pveum: die when deleting special role
121 * API/ticket: rework coarse grained permission computation
123 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
125 libpve-access-control (5.0-6) unstable; urgency=medium
127 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
128 'verify' option. For compatibility reasons this defaults to off for now,
129 but that might change with future updates.
131 * AD, LDAP: Add ability to specify a CA path or file, and a client
132 certificate via the 'capath', 'cert' and 'certkey' options.
134 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
136 libpve-access-control (5.0-5) unstable; urgency=medium
138 * change from dpkg-deb to dpkg-buildpackage
140 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
142 libpve-access-control (5.0-4) unstable; urgency=medium
144 * PVE/CLI/pveum.pm: call setup_default_cli_env()
146 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
148 * check_api2_permissions: avoid warning about uninitialized value
150 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
152 libpve-access-control (5.0-3) unstable; urgency=medium
154 * use new PVE::OTP class from pve-common
156 * use new PVE::Tools::encrypt_pw from pve-common
158 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
160 libpve-access-control (5.0-2) unstable; urgency=medium
162 * encrypt_pw: avoid '+' for crypt salt
164 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
166 libpve-access-control (5.0-1) unstable; urgency=medium
168 * rebuild for PVE 5.0
170 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
172 libpve-access-control (4.0-23) unstable; urgency=medium
174 * use new PVE::Ticket class
176 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
178 libpve-access-control (4.0-22) unstable; urgency=medium
180 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
181 (moved to PVE::Storage)
183 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
185 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
187 libpve-access-control (4.0-21) unstable; urgency=medium
189 * setup_default_cli_env: expect $class as first parameter
191 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
193 libpve-access-control (4.0-20) unstable; urgency=medium
195 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
197 * PVE/API2/Domains.pm: fix property description
199 * use new repoman for upload target
201 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
203 libpve-access-control (4.0-19) unstable; urgency=medium
205 * Close #833: ldap: non-anonymous bind support
207 * don't import 'RFC' from MIME::Base32
209 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
211 libpve-access-control (4.0-18) unstable; urgency=medium
213 * fix #1062: recognize base32 otp keys again
215 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
217 libpve-access-control (4.0-17) unstable; urgency=medium
219 * drop oathtool and libdigest-hmac-perl dependencies
221 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
223 libpve-access-control (4.0-16) unstable; urgency=medium
225 * use pve-doc-generator to generate man pages
227 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
229 libpve-access-control (4.0-15) unstable; urgency=medium
231 * Fix uninitialized warning when shadow.cfg does not exist
233 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
235 libpve-access-control (4.0-14) unstable; urgency=medium
237 * Add is_worker to RPCEnvironment
239 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
241 libpve-access-control (4.0-13) unstable; urgency=medium
243 * fix #916: allow HTTPS to access custom yubico url
245 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
247 libpve-access-control (4.0-12) unstable; urgency=medium
249 * Catch certificate errors instead of segfaulting
251 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
253 libpve-access-control (4.0-11) unstable; urgency=medium
255 * Fix #861: use safer sprintf formatting
257 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
259 libpve-access-control (4.0-10) unstable; urgency=medium
261 * Auth::LDAP, Auth::AD: ipv6 support
263 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
265 libpve-access-control (4.0-9) unstable; urgency=medium
267 * pveum: implement bash completion
269 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
271 libpve-access-control (4.0-8) unstable; urgency=medium
273 * remove_storage_access: cleanup of access permissions for removed storage
275 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
277 libpve-access-control (4.0-7) unstable; urgency=medium
279 * new helper to remove access permissions for removed VMs
281 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
283 libpve-access-control (4.0-6) unstable; urgency=medium
285 * improve parse_user_config, parse_shadow_config
287 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
289 libpve-access-control (4.0-5) unstable; urgency=medium
291 * pveum: check for $cmd being defined
293 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
295 libpve-access-control (4.0-4) unstable; urgency=medium
297 * use activate-noawait triggers
299 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
301 libpve-access-control (4.0-3) unstable; urgency=medium
307 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
309 libpve-access-control (4.0-2) unstable; urgency=medium
311 * trigger pve-api-updates event
313 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
315 libpve-access-control (4.0-1) unstable; urgency=medium
317 * bump version for Debian Jessie
319 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
321 libpve-access-control (3.0-16) unstable; urgency=low
323 * root@pam can now be disabled in GUI.
325 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
327 libpve-access-control (3.0-15) unstable; urgency=low
329 * oath: add 'step' and 'digits' option
331 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
333 libpve-access-control (3.0-14) unstable; urgency=low
335 * add oath two factor auth
337 * add oathkeygen binary to generate keys for oath
339 * add yubico two factor auth
343 * depend on libmime-base32-perl
345 * allow to write builtin auth domains config (comment/tfa/default)
347 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
349 libpve-access-control (3.0-13) unstable; urgency=low
351 * use correct connection string for AD auth
353 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
355 libpve-access-control (3.0-12) unstable; urgency=low
357 * add dummy API for GET /access/ticket (useful to generate login pages)
359 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
361 libpve-access-control (3.0-11) unstable; urgency=low
363 * Sets common hot keys for spice client
365 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
367 libpve-access-control (3.0-10) unstable; urgency=low
369 * implement helper to generate SPICE remote-viewer configuration
371 * depend on libnet-ssleay-perl
373 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
375 libpve-access-control (3.0-9) unstable; urgency=low
377 * prevent user enumeration attacks
379 * allow dots in access paths
381 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
383 libpve-access-control (3.0-8) unstable; urgency=low
385 * spice: use lowercase hostname in ticktet signature
387 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
389 libpve-access-control (3.0-7) unstable; urgency=low
391 * check_volume_access : use parse_volname instead of path, and remove
394 * use warnings instead of global -w flag.
396 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
398 libpve-access-control (3.0-6) unstable; urgency=low
400 * use shorter spiceproxy tickets
402 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
404 libpve-access-control (3.0-5) unstable; urgency=low
406 * add code to generate tickets for SPICE
408 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
410 libpve-access-control (3.0-4) unstable; urgency=low
412 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
414 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
416 libpve-access-control (3.0-3) unstable; urgency=low
418 * Add new role PVETemplateUser (and VM.Clone priviledge)
420 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
422 libpve-access-control (3.0-2) unstable; urgency=low
424 * remove CGI.pm related code (pveproxy does not need that)
426 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
428 libpve-access-control (3.0-1) unstable; urgency=low
430 * bump version for wheezy release
432 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
434 libpve-access-control (1.0-26) unstable; urgency=low
436 * check_volume_access: fix access permissions for backup files
438 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
440 libpve-access-control (1.0-25) unstable; urgency=low
442 * add VM.Snapshot permission
444 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
446 libpve-access-control (1.0-24) unstable; urgency=low
448 * untaint path (allow root to restore arbitrary paths)
450 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
452 libpve-access-control (1.0-23) unstable; urgency=low
454 * correctly compute GUI capabilities (consider pools)
456 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
458 libpve-access-control (1.0-22) unstable; urgency=low
460 * new plugin architecture for Auth modules, minor API change for Auth
461 domains (new 'delete' parameter)
463 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
465 libpve-access-control (1.0-21) unstable; urgency=low
467 * do not allow user names including slash
469 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
471 libpve-access-control (1.0-20) unstable; urgency=low
473 * add ability to fork cli workers in background
475 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
477 libpve-access-control (1.0-19) unstable; urgency=low
479 * return set of privileges on login - can be used to adopt GUI
481 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
483 libpve-access-control (1.0-18) unstable; urgency=low
485 * fix bug #151: corretly parse username inside ticket
487 * fix bug #152: allow user to change his own password
489 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
491 libpve-access-control (1.0-17) unstable; urgency=low
493 * set propagate flag by default
495 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
497 libpve-access-control (1.0-16) unstable; urgency=low
499 * add 'pveum passwd' method
501 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
503 libpve-access-control (1.0-15) unstable; urgency=low
505 * Add VM.Config.CDROM privilege to PVEVMUser rule
507 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
509 libpve-access-control (1.0-14) unstable; urgency=low
511 * fix buf in userid-param permission check
513 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
515 libpve-access-control (1.0-13) unstable; urgency=low
517 * allow more characters in ldap base_dn attribute
519 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
521 libpve-access-control (1.0-12) unstable; urgency=low
523 * allow more characters with realm IDs
525 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
527 libpve-access-control (1.0-11) unstable; urgency=low
529 * fix bug in exec_api2_perm_check
531 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
533 libpve-access-control (1.0-10) unstable; urgency=low
535 * fix ACL group name parser
537 * changed 'pveum aclmod' command line arguments
539 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
541 libpve-access-control (1.0-9) unstable; urgency=low
543 * fix bug in check_volume_access (fixes vzrestore)
545 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
547 libpve-access-control (1.0-8) unstable; urgency=low
549 * fix return value for empty ACL list.
551 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
553 libpve-access-control (1.0-7) unstable; urgency=low
555 * fix bug #85: allow root@pam to generate tickets for other users
557 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
559 libpve-access-control (1.0-6) unstable; urgency=low
561 * API change: allow to filter enabled/disabled users.
563 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
565 libpve-access-control (1.0-5) unstable; urgency=low
567 * add a way to return file changes (diffs): set_result_changes()
569 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
571 libpve-access-control (1.0-4) unstable; urgency=low
573 * new environment type for ha agents
575 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
577 libpve-access-control (1.0-3) unstable; urgency=low
579 * add support for delayed parameter parsing - We need that to disable
580 file upload for normal API request (avoid DOS attacs)
582 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
584 libpve-access-control (1.0-2) unstable; urgency=low
586 * fix bug in fork_worker
588 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
590 libpve-access-control (1.0-1) unstable; urgency=low
592 * allow '-' in permission paths
594 * bump version to 1.0
596 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
598 libpve-access-control (0.1) unstable; urgency=low
600 * first dummy package - no functionality
602 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200