1 libpve-access-control (6.0-4) pve; urgency=medium
3 * ticket: use clinfo to get cluster name
5 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
8 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
10 libpve-access-control (6.0-3) pve; urgency=medium
12 * fix #2433: increase possible TFA secret length
14 * parse user configuration: correctly parse group names in ACLs, for users
15 which begin their name with an @
17 * sort user.cfg entries alphabetically
19 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
21 libpve-access-control (6.0-2) pve; urgency=medium
23 * improve CSRF verification compatibility with newer PVE
25 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
27 libpve-access-control (6.0-1) pve; urgency=medium
29 * ticket: properly verify exactly 5 minute old tickets
31 * use hmac_sha256 instead of sha1 for CSRF token generation
33 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
35 libpve-access-control (6.0-0+1) pve; urgency=medium
37 * bump for Debian buster
39 * fix #2079: add periodic auth key rotation
41 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
43 libpve-access-control (5.1-10) unstable; urgency=medium
45 * add /access/user/{id}/tfa api call to get tfa types
47 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
49 libpve-access-control (5.1-9) unstable; urgency=medium
51 * store the tfa type in user.cfg allowing to get it without proxying the call
52 to a higher priviledged daemon.
54 * tfa: realm required TFA should lock out users without TFA configured, as it
55 was done before Proxmox VE 5.4
57 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
59 libpve-access-control (5.1-8) unstable; urgency=medium
61 * U2F: ensure we save correct public key on registration
63 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
65 libpve-access-control (5.1-7) unstable; urgency=medium
67 * verify_ticket: allow general non-challenge tfa to be run as two step
70 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
72 libpve-access-control (5.1-6) unstable; urgency=medium
74 * more general 2FA configuration via priv/tfa.cfg
76 * add u2f api endpoints
78 * delete TFA entries when deleting a user
80 * allow users to change their TOTP settings
82 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
84 libpve-access-control (5.1-5) unstable; urgency=medium
86 * fix vnc ticket verification without authkey lifetime
88 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
90 libpve-access-control (5.1-4) unstable; urgency=medium
92 * fix #1891: Add zsh command completion for pveum
94 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
95 to avoid issues on upgrade, will be enabled with 6.0
97 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
99 libpve-access-control (5.1-3) unstable; urgency=medium
101 * api/ticket: move getting cluster name into an eval
103 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
105 libpve-access-control (5.1-2) unstable; urgency=medium
107 * fix #1998: correct return properties for read_role
109 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
111 libpve-access-control (5.1-1) unstable; urgency=medium
113 * pveum: introduce sub-commands
115 * register userid with completion
117 * fix #233: return cluster name on successful login
119 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
121 libpve-access-control (5.0-8) unstable; urgency=medium
123 * fix #1612: ldap: make 2nd server work with bind domains again
125 * fix an error message where passing a bad pool id to an API function would
126 make it complain about a wrong group name instead
128 * fix the API-returned permission list so that the GUI knows to show the
129 'Permissions' tab for a storage to an administrator apart from root@pam
131 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
133 libpve-access-control (5.0-7) unstable; urgency=medium
135 * VM.Snapshot.Rollback privilege added
137 * api: check for special roles before locking the usercfg
139 * fix #1501: pveum: die when deleting special role
141 * API/ticket: rework coarse grained permission computation
143 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
145 libpve-access-control (5.0-6) unstable; urgency=medium
147 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
148 'verify' option. For compatibility reasons this defaults to off for now,
149 but that might change with future updates.
151 * AD, LDAP: Add ability to specify a CA path or file, and a client
152 certificate via the 'capath', 'cert' and 'certkey' options.
154 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
156 libpve-access-control (5.0-5) unstable; urgency=medium
158 * change from dpkg-deb to dpkg-buildpackage
160 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
162 libpve-access-control (5.0-4) unstable; urgency=medium
164 * PVE/CLI/pveum.pm: call setup_default_cli_env()
166 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
168 * check_api2_permissions: avoid warning about uninitialized value
170 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
172 libpve-access-control (5.0-3) unstable; urgency=medium
174 * use new PVE::OTP class from pve-common
176 * use new PVE::Tools::encrypt_pw from pve-common
178 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
180 libpve-access-control (5.0-2) unstable; urgency=medium
182 * encrypt_pw: avoid '+' for crypt salt
184 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
186 libpve-access-control (5.0-1) unstable; urgency=medium
188 * rebuild for PVE 5.0
190 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
192 libpve-access-control (4.0-23) unstable; urgency=medium
194 * use new PVE::Ticket class
196 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
198 libpve-access-control (4.0-22) unstable; urgency=medium
200 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
201 (moved to PVE::Storage)
203 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
205 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
207 libpve-access-control (4.0-21) unstable; urgency=medium
209 * setup_default_cli_env: expect $class as first parameter
211 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
213 libpve-access-control (4.0-20) unstable; urgency=medium
215 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
217 * PVE/API2/Domains.pm: fix property description
219 * use new repoman for upload target
221 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
223 libpve-access-control (4.0-19) unstable; urgency=medium
225 * Close #833: ldap: non-anonymous bind support
227 * don't import 'RFC' from MIME::Base32
229 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
231 libpve-access-control (4.0-18) unstable; urgency=medium
233 * fix #1062: recognize base32 otp keys again
235 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
237 libpve-access-control (4.0-17) unstable; urgency=medium
239 * drop oathtool and libdigest-hmac-perl dependencies
241 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
243 libpve-access-control (4.0-16) unstable; urgency=medium
245 * use pve-doc-generator to generate man pages
247 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
249 libpve-access-control (4.0-15) unstable; urgency=medium
251 * Fix uninitialized warning when shadow.cfg does not exist
253 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
255 libpve-access-control (4.0-14) unstable; urgency=medium
257 * Add is_worker to RPCEnvironment
259 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
261 libpve-access-control (4.0-13) unstable; urgency=medium
263 * fix #916: allow HTTPS to access custom yubico url
265 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
267 libpve-access-control (4.0-12) unstable; urgency=medium
269 * Catch certificate errors instead of segfaulting
271 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
273 libpve-access-control (4.0-11) unstable; urgency=medium
275 * Fix #861: use safer sprintf formatting
277 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
279 libpve-access-control (4.0-10) unstable; urgency=medium
281 * Auth::LDAP, Auth::AD: ipv6 support
283 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
285 libpve-access-control (4.0-9) unstable; urgency=medium
287 * pveum: implement bash completion
289 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
291 libpve-access-control (4.0-8) unstable; urgency=medium
293 * remove_storage_access: cleanup of access permissions for removed storage
295 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
297 libpve-access-control (4.0-7) unstable; urgency=medium
299 * new helper to remove access permissions for removed VMs
301 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
303 libpve-access-control (4.0-6) unstable; urgency=medium
305 * improve parse_user_config, parse_shadow_config
307 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
309 libpve-access-control (4.0-5) unstable; urgency=medium
311 * pveum: check for $cmd being defined
313 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
315 libpve-access-control (4.0-4) unstable; urgency=medium
317 * use activate-noawait triggers
319 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
321 libpve-access-control (4.0-3) unstable; urgency=medium
327 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
329 libpve-access-control (4.0-2) unstable; urgency=medium
331 * trigger pve-api-updates event
333 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
335 libpve-access-control (4.0-1) unstable; urgency=medium
337 * bump version for Debian Jessie
339 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
341 libpve-access-control (3.0-16) unstable; urgency=low
343 * root@pam can now be disabled in GUI.
345 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
347 libpve-access-control (3.0-15) unstable; urgency=low
349 * oath: add 'step' and 'digits' option
351 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
353 libpve-access-control (3.0-14) unstable; urgency=low
355 * add oath two factor auth
357 * add oathkeygen binary to generate keys for oath
359 * add yubico two factor auth
363 * depend on libmime-base32-perl
365 * allow to write builtin auth domains config (comment/tfa/default)
367 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
369 libpve-access-control (3.0-13) unstable; urgency=low
371 * use correct connection string for AD auth
373 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
375 libpve-access-control (3.0-12) unstable; urgency=low
377 * add dummy API for GET /access/ticket (useful to generate login pages)
379 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
381 libpve-access-control (3.0-11) unstable; urgency=low
383 * Sets common hot keys for spice client
385 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
387 libpve-access-control (3.0-10) unstable; urgency=low
389 * implement helper to generate SPICE remote-viewer configuration
391 * depend on libnet-ssleay-perl
393 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
395 libpve-access-control (3.0-9) unstable; urgency=low
397 * prevent user enumeration attacks
399 * allow dots in access paths
401 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
403 libpve-access-control (3.0-8) unstable; urgency=low
405 * spice: use lowercase hostname in ticktet signature
407 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
409 libpve-access-control (3.0-7) unstable; urgency=low
411 * check_volume_access : use parse_volname instead of path, and remove
414 * use warnings instead of global -w flag.
416 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
418 libpve-access-control (3.0-6) unstable; urgency=low
420 * use shorter spiceproxy tickets
422 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
424 libpve-access-control (3.0-5) unstable; urgency=low
426 * add code to generate tickets for SPICE
428 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
430 libpve-access-control (3.0-4) unstable; urgency=low
432 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
434 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
436 libpve-access-control (3.0-3) unstable; urgency=low
438 * Add new role PVETemplateUser (and VM.Clone priviledge)
440 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
442 libpve-access-control (3.0-2) unstable; urgency=low
444 * remove CGI.pm related code (pveproxy does not need that)
446 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
448 libpve-access-control (3.0-1) unstable; urgency=low
450 * bump version for wheezy release
452 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
454 libpve-access-control (1.0-26) unstable; urgency=low
456 * check_volume_access: fix access permissions for backup files
458 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
460 libpve-access-control (1.0-25) unstable; urgency=low
462 * add VM.Snapshot permission
464 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
466 libpve-access-control (1.0-24) unstable; urgency=low
468 * untaint path (allow root to restore arbitrary paths)
470 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
472 libpve-access-control (1.0-23) unstable; urgency=low
474 * correctly compute GUI capabilities (consider pools)
476 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
478 libpve-access-control (1.0-22) unstable; urgency=low
480 * new plugin architecture for Auth modules, minor API change for Auth
481 domains (new 'delete' parameter)
483 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
485 libpve-access-control (1.0-21) unstable; urgency=low
487 * do not allow user names including slash
489 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
491 libpve-access-control (1.0-20) unstable; urgency=low
493 * add ability to fork cli workers in background
495 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
497 libpve-access-control (1.0-19) unstable; urgency=low
499 * return set of privileges on login - can be used to adopt GUI
501 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
503 libpve-access-control (1.0-18) unstable; urgency=low
505 * fix bug #151: corretly parse username inside ticket
507 * fix bug #152: allow user to change his own password
509 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
511 libpve-access-control (1.0-17) unstable; urgency=low
513 * set propagate flag by default
515 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
517 libpve-access-control (1.0-16) unstable; urgency=low
519 * add 'pveum passwd' method
521 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
523 libpve-access-control (1.0-15) unstable; urgency=low
525 * Add VM.Config.CDROM privilege to PVEVMUser rule
527 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
529 libpve-access-control (1.0-14) unstable; urgency=low
531 * fix buf in userid-param permission check
533 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
535 libpve-access-control (1.0-13) unstable; urgency=low
537 * allow more characters in ldap base_dn attribute
539 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
541 libpve-access-control (1.0-12) unstable; urgency=low
543 * allow more characters with realm IDs
545 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
547 libpve-access-control (1.0-11) unstable; urgency=low
549 * fix bug in exec_api2_perm_check
551 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
553 libpve-access-control (1.0-10) unstable; urgency=low
555 * fix ACL group name parser
557 * changed 'pveum aclmod' command line arguments
559 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
561 libpve-access-control (1.0-9) unstable; urgency=low
563 * fix bug in check_volume_access (fixes vzrestore)
565 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
567 libpve-access-control (1.0-8) unstable; urgency=low
569 * fix return value for empty ACL list.
571 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
573 libpve-access-control (1.0-7) unstable; urgency=low
575 * fix bug #85: allow root@pam to generate tickets for other users
577 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
579 libpve-access-control (1.0-6) unstable; urgency=low
581 * API change: allow to filter enabled/disabled users.
583 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
585 libpve-access-control (1.0-5) unstable; urgency=low
587 * add a way to return file changes (diffs): set_result_changes()
589 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
591 libpve-access-control (1.0-4) unstable; urgency=low
593 * new environment type for ha agents
595 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
597 libpve-access-control (1.0-3) unstable; urgency=low
599 * add support for delayed parameter parsing - We need that to disable
600 file upload for normal API request (avoid DOS attacs)
602 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
604 libpve-access-control (1.0-2) unstable; urgency=low
606 * fix bug in fork_worker
608 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
610 libpve-access-control (1.0-1) unstable; urgency=low
612 * allow '-' in permission paths
614 * bump version to 1.0
616 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
618 libpve-access-control (0.1) unstable; urgency=low
620 * first dummy package - no functionality
622 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200