debian/changelog

   1 libpve-access-control (7.1-1) bullseye; urgency=medium
   2
   3   * tfa: map HTTP 404 error in get_tfa_entry correctly
   4
   5  -- Proxmox Support Team <support@proxmox.com>  Mon, 15 Nov 2021 15:33:22 +0100
   6
   7 libpve-access-control (7.0-7) bullseye; urgency=medium
   8
   9   * fix #3513: pass configured proxy to OpenID
  10
  11   * use rust based parser for TFA config
  12
  13   * use PBS-like auth api call flow,
  14
  15   * merge old user.cfg keys to tfa config when adding entries
  16
  17   * implement version checks for new tfa config writer to ensure all
  18     cluster nodes are ready to avoid login issues
  19
  20   * tickets: add tunnel ticket
  21
  22  -- Proxmox Support Team <support@proxmox.com>  Thu, 11 Nov 2021 18:17:49 +0100
  23
  24 libpve-access-control (7.0-6) bullseye; urgency=medium
  25
  26   * fix regression in user deletion when realm does not enforce TFA
  27
  28  -- Proxmox Support Team <support@proxmox.com>  Thu, 21 Oct 2021 12:28:52 +0200
  29
  30 libpve-access-control (7.0-5) bullseye; urgency=medium
  31
  32   * acl: check path: add /sdn/vnets/* path
  33
  34   * fix #2302: allow deletion of users when realm enforces TFA
  35
  36   * api: delete user: disable user first to avoid surprise on error during the
  37     various cleanup action required for user deletion (e.g., TFA, ACL, group)
  38
  39  -- Proxmox Support Team <support@proxmox.com>  Mon, 27 Sep 2021 15:50:47 +0200
  40
  41 libpve-access-control (7.0-4) bullseye; urgency=medium
  42
  43   * realm: add OpenID configuration
  44
  45   * api: implement OpenID related endpoints
  46
  47   * implement opt-in OpenID autocreate user feature
  48
  49   * api: user: add 'realm-type' to user list response
  50
  51  -- Proxmox Support Team <support@proxmox.com>  Fri, 02 Jul 2021 13:45:46 +0200
  52
  53 libpve-access-control (7.0-3) bullseye; urgency=medium
  54
  55   * api: acl: add missing `/access/realm/<realm>`, `/access/group/<group>` and
  56     `/sdn/zones/<zone>` to allowed ACL paths
  57
  58  -- Proxmox Support Team <support@proxmox.com>  Mon, 21 Jun 2021 10:31:19 +0200
  59
  60 libpve-access-control (7.0-2) bullseye; urgency=medium
  61
  62   * fix #3402: add Pool.Audit privilege - custom roles containing
  63     Pool.Allocate must be updated to include the new privilege.
  64
  65  -- Proxmox Support Team <support@proxmox.com>  Tue, 1 Jun 2021 11:28:38 +0200
  66
  67 libpve-access-control (7.0-1) bullseye; urgency=medium
  68
  69   * re-build for Debian 11 Bullseye based releases
  70
  71  -- Proxmox Support Team <support@proxmox.com>  Sun, 09 May 2021 18:18:23 +0200
  72
  73 libpve-access-control (6.4-1) pve; urgency=medium
  74
  75   * fix #1670: change PAM service name to project specific name
  76
  77   * fix #1500: permission path syntax check for access control
  78
  79   * pveum: add resource pool CLI commands
  80
  81  -- Proxmox Support Team <support@proxmox.com>  Sat, 24 Apr 2021 19:48:21 +0200
  82
  83 libpve-access-control (6.1-3) pve; urgency=medium
  84
  85   * partially fix #2825: authkey: rotate if it was generated in the
  86     future
  87
  88   * fix #2947: add an option to LDAP or AD realm to switch user lookup to case
  89     insensitive
  90
  91  -- Proxmox Support Team <support@proxmox.com>  Tue, 29 Sep 2020 08:54:13 +0200
  92
  93 libpve-access-control (6.1-2) pve; urgency=medium
  94
  95   * also check SDN permission path when computing coarse permissions heuristic
  96     for UIs
  97
  98   * add SDN Permissions.Modify
  99
 100   * add VM.Config.Cloudinit
 101
 102  -- Proxmox Support Team <support@proxmox.com>  Tue, 30 Jun 2020 13:06:56 +0200
 103
 104 libpve-access-control (6.1-1) pve; urgency=medium
 105
 106   * pveum: add tfa delete subcommand for deleting user-TFA
 107
 108   * LDAP: don't complain about missing credentials on realm removal
 109
 110   * LDAP: skip anonymous bind when client certificate and key is configured
 111
 112  -- Proxmox Support Team <support@proxmox.com>  Fri, 08 May 2020 17:47:41 +0200
 113
 114 libpve-access-control (6.0-7) pve; urgency=medium
 115
 116   * fix #2575: die when trying to edit built-in roles
 117
 118   * add realm sub commands to pveum CLI tool
 119
 120   * api: domains: add user group sync API enpoint
 121
 122   * allow one to sync and import users and groups from LDAP/AD based realms
 123
 124   * realm: add default-sync-options to config for more convenient sync configuration
 125
 126   * api: token create: return also full token id for convenience
 127
 128  -- Proxmox Support Team <support@proxmox.com>  Sat, 25 Apr 2020 19:35:17 +0200
 129
 130 libpve-access-control (6.0-6) pve; urgency=medium
 131
 132   * API: add group members to group index
 133
 134   * implement API token support and management
 135
 136   * pveum: add 'pveum user token add/update/remove/list'
 137
 138   * pveum: add permissions sub-commands
 139
 140   * API: add 'permissions' API endpoint
 141
 142   * user.cfg: skip inexisting roles when parsing ACLs
 143
 144  -- Proxmox Support Team <support@proxmox.com>  Wed, 29 Jan 2020 10:17:27 +0100
 145
 146 libpve-access-control (6.0-5) pve; urgency=medium
 147
 148   * pveum: add list command for users, groups, ACLs and roles
 149
 150   * add initial permissions for experimental SDN integration
 151
 152  -- Proxmox Support Team <support@proxmox.com>  Tue, 26 Nov 2019 17:56:37 +0100
 153
 154 libpve-access-control (6.0-4) pve; urgency=medium
 155
 156   * ticket: use clinfo to get cluster name
 157
 158   * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
 159     SSL version
 160
 161  -- Proxmox Support Team <support@proxmox.com>  Mon, 18 Nov 2019 11:55:11 +0100
 162
 163 libpve-access-control (6.0-3) pve; urgency=medium
 164
 165   * fix #2433: increase possible TFA secret length
 166
 167   * parse user configuration: correctly parse group names in ACLs, for users
 168     which begin their name with an @
 169
 170   * sort user.cfg entries alphabetically
 171
 172  -- Proxmox Support Team <support@proxmox.com>  Tue, 29 Oct 2019 08:52:23 +0100
 173
 174 libpve-access-control (6.0-2) pve; urgency=medium
 175
 176   * improve CSRF verification compatibility with newer PVE
 177
 178  -- Proxmox Support Team <support@proxmox.com>  Wed, 26 Jun 2019 20:24:35 +0200
 179
 180 libpve-access-control (6.0-1) pve; urgency=medium
 181
 182   * ticket: properly verify exactly 5 minute old tickets
 183
 184   * use hmac_sha256 instead of sha1 for CSRF token generation
 185
 186  -- Proxmox Support Team <support@proxmox.com>  Mon, 24 Jun 2019 18:14:45 +0200
 187
 188 libpve-access-control (6.0-0+1) pve; urgency=medium
 189
 190   * bump for Debian buster
 191
 192   * fix #2079: add periodic auth key rotation
 193
 194  -- Proxmox Support Team <support@proxmox.com>  Tue, 21 May 2019 21:31:15 +0200
 195
 196 libpve-access-control (5.1-10) unstable; urgency=medium
 197
 198   * add /access/user/{id}/tfa api call to get tfa types
 199
 200  -- Proxmox Support Team <support@proxmox.com>  Wed, 15 May 2019 16:21:10 +0200
 201
 202 libpve-access-control (5.1-9) unstable; urgency=medium
 203
 204   * store the tfa type in user.cfg allowing to get it without proxying the call
 205     to a higher priviledged daemon.
 206
 207   * tfa: realm required TFA should lock out users without TFA configured, as it
 208     was done before Proxmox VE 5.4
 209
 210  -- Proxmox Support Team <support@proxmox.com>  Tue, 30 Apr 2019 14:01:00 +0000
 211
 212 libpve-access-control (5.1-8) unstable; urgency=medium
 213
 214   * U2F: ensure we save correct public key on registration
 215
 216  -- Proxmox Support Team <support@proxmox.com>  Tue, 09 Apr 2019 12:47:12 +0200
 217
 218 libpve-access-control (5.1-7) unstable; urgency=medium
 219
 220   * verify_ticket: allow general non-challenge tfa to be run as two step
 221     call
 222
 223  -- Proxmox Support Team <support@proxmox.com>  Mon, 08 Apr 2019 16:56:14 +0200
 224
 225 libpve-access-control (5.1-6) unstable; urgency=medium
 226
 227   * more general 2FA configuration via priv/tfa.cfg
 228
 229   * add u2f api endpoints
 230
 231   * delete TFA entries when deleting a user
 232
 233   * allow users to change their TOTP settings
 234
 235  -- Proxmox Support Team <support@proxmox.com>  Wed, 03 Apr 2019 13:40:26 +0200
 236
 237 libpve-access-control (5.1-5) unstable; urgency=medium
 238
 239   * fix vnc ticket verification without authkey lifetime
 240
 241  -- Proxmox Support Team <support@proxmox.com>  Mon, 18 Mar 2019 10:43:17 +0100
 242
 243 libpve-access-control (5.1-4) unstable; urgency=medium
 244
 245   * fix #1891: Add zsh command completion for pveum
 246
 247   * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
 248     to avoid issues on upgrade, will be enabled with 6.0
 249
 250  -- Proxmox Support Team <support@proxmox.com>  Mon, 18 Mar 2019 09:12:05 +0100
 251
 252 libpve-access-control (5.1-3) unstable; urgency=medium
 253
 254   * api/ticket: move getting cluster name into an eval
 255
 256  -- Proxmox Support Team <support@proxmox.com>  Thu, 29 Nov 2018 12:59:36 +0100
 257
 258 libpve-access-control (5.1-2) unstable; urgency=medium
 259
 260   * fix #1998: correct return properties for read_role
 261
 262  -- Proxmox Support Team <support@proxmox.com>  Fri, 23 Nov 2018 14:22:40 +0100
 263
 264 libpve-access-control (5.1-1) unstable; urgency=medium
 265
 266   * pveum: introduce sub-commands
 267
 268   * register userid with completion
 269
 270   * fix #233: return cluster name on successful login
 271
 272  -- Proxmox Support Team <support@proxmox.com>  Thu, 15 Nov 2018 09:34:47 +0100
 273
 274 libpve-access-control (5.0-8) unstable; urgency=medium
 275
 276   * fix #1612: ldap: make 2nd server work with bind domains again
 277
 278   * fix an error message where passing a bad pool id to an API function would
 279     make it complain about a wrong group name instead
 280
 281   * fix the API-returned permission list so that the GUI knows to show the
 282     'Permissions' tab for a storage to an administrator apart from root@pam
 283
 284  -- Proxmox Support Team <support@proxmox.com>  Thu, 18 Jan 2018 13:34:50 +0100
 285
 286 libpve-access-control (5.0-7) unstable; urgency=medium
 287
 288   * VM.Snapshot.Rollback privilege added
 289
 290   * api: check for special roles before locking the usercfg
 291
 292   * fix #1501: pveum: die when deleting special role
 293
 294   * API/ticket: rework coarse grained permission computation
 295
 296  -- Proxmox Support Team <support@proxmox.com>  Thu, 5 Oct 2017 11:27:48 +0200
 297
 298 libpve-access-control (5.0-6) unstable; urgency=medium
 299
 300   * Close #1470: Add server ceritifcate verification for AD and LDAP via the
 301     'verify' option. For compatibility reasons this defaults to off for now,
 302     but that might change with future updates.
 303
 304   * AD, LDAP: Add ability to specify a CA path or file, and a client
 305     certificate via the 'capath', 'cert' and 'certkey' options.
 306
 307  -- Proxmox Support Team <support@proxmox.com>  Tue, 08 Aug 2017 11:56:38 +0200
 308
 309 libpve-access-control (5.0-5) unstable; urgency=medium
 310
 311   * change from dpkg-deb to dpkg-buildpackage
 312
 313  -- Proxmox Support Team <support@proxmox.com>  Thu, 22 Jun 2017 09:12:37 +0200
 314
 315 libpve-access-control (5.0-4) unstable; urgency=medium
 316
 317   * PVE/CLI/pveum.pm: call setup_default_cli_env()
 318
 319   * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
 320
 321   * check_api2_permissions: avoid warning about uninitialized value
 322
 323  -- Proxmox Support Team <support@proxmox.com>  Tue, 02 May 2017 11:58:15 +0200
 324
 325 libpve-access-control (5.0-3) unstable; urgency=medium
 326
 327   * use new PVE::OTP class from pve-common
 328
 329   * use new PVE::Tools::encrypt_pw from pve-common
 330
 331  -- Proxmox Support Team <support@proxmox.com>  Thu, 30 Mar 2017 17:45:55 +0200
 332
 333 libpve-access-control (5.0-2) unstable; urgency=medium
 334
 335   * encrypt_pw: avoid '+' for crypt salt
 336
 337  -- Proxmox Support Team <support@proxmox.com>  Thu, 30 Mar 2017 08:54:10 +0200
 338
 339 libpve-access-control (5.0-1) unstable; urgency=medium
 340
 341   * rebuild for PVE 5.0
 342
 343  -- Proxmox Support Team <support@proxmox.com>  Mon, 6 Mar 2017 13:42:01 +0100
 344
 345 libpve-access-control (4.0-23) unstable; urgency=medium
 346
 347   * use new PVE::Ticket class
 348
 349  -- Proxmox Support Team <support@proxmox.com>  Thu, 19 Jan 2017 13:42:06 +0100
 350
 351 libpve-access-control (4.0-22) unstable; urgency=medium
 352
 353   * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
 354     (moved to PVE::Storage)
 355
 356   * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
 357
 358  -- Proxmox Support Team <support@proxmox.com>  Thu, 19 Jan 2017 09:12:04 +0100
 359
 360 libpve-access-control (4.0-21) unstable; urgency=medium
 361
 362   * setup_default_cli_env: expect $class as first parameter
 363
 364  -- Proxmox Support Team <support@proxmox.com>  Thu, 12 Jan 2017 13:54:27 +0100
 365
 366 libpve-access-control (4.0-20) unstable; urgency=medium
 367
 368   * PVE/RPCEnvironment.pm: new function setup_default_cli_env
 369
 370   * PVE/API2/Domains.pm: fix property description
 371
 372   * use new repoman for upload target
 373
 374  -- Proxmox Support Team <support@proxmox.com>  Wed, 11 Jan 2017 12:13:26 +0100
 375
 376 libpve-access-control (4.0-19) unstable; urgency=medium
 377
 378   * Close #833: ldap: non-anonymous bind support
 379
 380   * don't import 'RFC' from MIME::Base32
 381
 382  -- Proxmox Support Team <support@proxmox.com>  Fri, 05 Aug 2016 13:09:08 +0200
 383
 384 libpve-access-control (4.0-18) unstable; urgency=medium
 385
 386   * fix #1062: recognize base32 otp keys again
 387
 388  -- Proxmox Support Team <support@proxmox.com>  Thu, 21 Jul 2016 08:43:18 +0200
 389
 390 libpve-access-control (4.0-17) unstable; urgency=medium
 391
 392   * drop oathtool and libdigest-hmac-perl dependencies
 393
 394  -- Proxmox Support Team <support@proxmox.com>  Mon, 11 Jul 2016 12:03:22 +0200
 395
 396 libpve-access-control (4.0-16) unstable; urgency=medium
 397
 398   * use pve-doc-generator to generate man pages
 399
 400  -- Proxmox Support Team <support@proxmox.com>  Fri, 08 Apr 2016 07:06:05 +0200
 401
 402 libpve-access-control (4.0-15) unstable; urgency=medium
 403
 404   * Fix uninitialized warning when shadow.cfg does not exist
 405
 406  -- Proxmox Support Team <support@proxmox.com>  Fri, 01 Apr 2016 07:10:57 +0200
 407
 408 libpve-access-control (4.0-14) unstable; urgency=medium
 409
 410   * Add is_worker to RPCEnvironment
 411
 412  -- Proxmox Support Team <support@proxmox.com>  Tue, 15 Mar 2016 16:47:34 +0100
 413
 414 libpve-access-control (4.0-13) unstable; urgency=medium
 415
 416   * fix #916: allow HTTPS to access custom yubico url
 417
 418  -- Proxmox Support Team <support@proxmox.com>  Mon, 14 Mar 2016 11:39:23 +0100
 419
 420 libpve-access-control (4.0-12) unstable; urgency=medium
 421
 422   * Catch certificate errors instead of segfaulting
 423
 424  -- Proxmox Support Team <support@proxmox.com>  Wed, 09 Mar 2016 14:41:01 +0100
 425
 426 libpve-access-control (4.0-11) unstable; urgency=medium
 427
 428   * Fix #861: use safer sprintf formatting
 429
 430  -- Proxmox Support Team <support@proxmox.com>  Fri, 08 Jan 2016 12:52:39 +0100
 431
 432 libpve-access-control (4.0-10) unstable; urgency=medium
 433
 434   *  Auth::LDAP, Auth::AD: ipv6 support
 435
 436  -- Proxmox Support Team <support@proxmox.com>  Thu, 03 Dec 2015 12:09:32 +0100
 437
 438 libpve-access-control (4.0-9) unstable; urgency=medium
 439
 440   * pveum: implement bash completion
 441
 442  -- Proxmox Support Team <support@proxmox.com>  Thu, 01 Oct 2015 17:22:52 +0200
 443
 444 libpve-access-control (4.0-8) unstable; urgency=medium
 445
 446   * remove_storage_access: cleanup of access permissions for removed storage
 447
 448  -- Proxmox Support Team <support@proxmox.com>  Wed, 19 Aug 2015 15:39:15 +0200
 449
 450 libpve-access-control (4.0-7) unstable; urgency=medium
 451
 452   * new helper to remove access permissions for removed VMs
 453
 454  -- Proxmox Support Team <support@proxmox.com>  Fri, 14 Aug 2015 07:57:02 +0200
 455
 456 libpve-access-control (4.0-6) unstable; urgency=medium
 457
 458   * improve parse_user_config, parse_shadow_config
 459
 460  -- Proxmox Support Team <support@proxmox.com>  Mon, 27 Jul 2015 13:14:33 +0200
 461
 462 libpve-access-control (4.0-5) unstable; urgency=medium
 463
 464   * pveum: check for $cmd being defined
 465
 466  -- Proxmox Support Team <support@proxmox.com>  Wed, 10 Jun 2015 10:40:15 +0200
 467
 468 libpve-access-control (4.0-4) unstable; urgency=medium
 469
 470   * use activate-noawait triggers
 471
 472  -- Proxmox Support Team <support@proxmox.com>  Mon, 01 Jun 2015 12:25:31 +0200
 473
 474 libpve-access-control (4.0-3) unstable; urgency=medium
 475
 476   * IPv6 fixes
 477
 478   * non-root buildfix
 479
 480  -- Proxmox Support Team <support@proxmox.com>  Wed, 27 May 2015 11:15:44 +0200
 481
 482 libpve-access-control (4.0-2) unstable; urgency=medium
 483
 484   * trigger pve-api-updates event
 485
 486  -- Proxmox Support Team <support@proxmox.com>  Tue, 05 May 2015 15:06:38 +0200
 487
 488 libpve-access-control (4.0-1) unstable; urgency=medium
 489
 490   * bump version for Debian Jessie
 491
 492  -- Proxmox Support Team <support@proxmox.com>  Thu, 26 Feb 2015 11:22:01 +0100
 493
 494 libpve-access-control (3.0-16) unstable; urgency=low
 495
 496   * root@pam can now be disabled in GUI.
 497
 498  -- Proxmox Support Team <support@proxmox.com>  Fri, 30 Jan 2015 06:20:22 +0100
 499
 500 libpve-access-control (3.0-15) unstable; urgency=low
 501
 502   * oath: add 'step' and 'digits' option
 503
 504  -- Proxmox Support Team <support@proxmox.com>  Wed, 23 Jul 2014 06:59:52 +0200
 505
 506 libpve-access-control (3.0-14) unstable; urgency=low
 507
 508   * add oath two factor auth
 509
 510   * add oathkeygen binary to generate keys for oath
 511
 512   * add yubico two factor auth
 513
 514   * dedend on oathtool
 515
 516   * depend on libmime-base32-perl
 517
 518   * allow to write builtin auth domains config (comment/tfa/default)
 519
 520  -- Proxmox Support Team <support@proxmox.com>  Thu, 17 Jul 2014 13:09:56 +0200
 521
 522 libpve-access-control (3.0-13) unstable; urgency=low
 523
 524   * use correct connection string for AD auth
 525
 526  -- Proxmox Support Team <support@proxmox.com>  Thu, 22 May 2014 07:16:09 +0200
 527
 528 libpve-access-control (3.0-12) unstable; urgency=low
 529
 530   * add dummy API for GET /access/ticket (useful to generate login pages)
 531
 532  -- Proxmox Support Team <support@proxmox.com>  Wed, 30 Apr 2014 14:47:56 +0200
 533
 534 libpve-access-control (3.0-11) unstable; urgency=low
 535
 536   * Sets common hot keys for spice client
 537
 538  -- Proxmox Support Team <support@proxmox.com>  Fri, 31 Jan 2014 10:24:28 +0100
 539
 540 libpve-access-control (3.0-10) unstable; urgency=low
 541
 542   * implement helper to generate SPICE remote-viewer configuration
 543
 544   * depend on libnet-ssleay-perl
 545
 546  -- Proxmox Support Team <support@proxmox.com>  Tue, 10 Dec 2013 10:45:08 +0100
 547
 548 libpve-access-control (3.0-9) unstable; urgency=low
 549
 550   * prevent user enumeration attacks
 551
 552   * allow dots in access paths
 553
 554  -- Proxmox Support Team <support@proxmox.com>  Mon, 18 Nov 2013 09:06:38 +0100
 555
 556 libpve-access-control (3.0-8) unstable; urgency=low
 557
 558   * spice: use lowercase hostname in ticktet signature
 559
 560  -- Proxmox Support Team <support@proxmox.com>  Mon, 28 Oct 2013 08:11:57 +0100
 561
 562 libpve-access-control (3.0-7) unstable; urgency=low
 563
 564   * check_volume_access : use parse_volname instead of path, and remove
 565     path related code.
 566
 567   * use warnings instead of global -w flag.
 568
 569  -- Proxmox Support Team <support@proxmox.com>  Tue, 01 Oct 2013 12:35:53 +0200
 570
 571 libpve-access-control (3.0-6) unstable; urgency=low
 572
 573   * use shorter spiceproxy tickets
 574
 575  -- Proxmox Support Team <support@proxmox.com>  Fri, 19 Jul 2013 12:39:09 +0200
 576
 577 libpve-access-control (3.0-5) unstable; urgency=low
 578
 579   * add code to generate tickets for SPICE
 580
 581  -- Proxmox Support Team <support@proxmox.com>  Wed, 26 Jun 2013 13:08:32 +0200
 582
 583 libpve-access-control (3.0-4) unstable; urgency=low
 584
 585   * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
 586
 587  -- Proxmox Support Team <support@proxmox.com>  Tue, 14 May 2013 11:56:54 +0200
 588
 589 libpve-access-control (3.0-3) unstable; urgency=low
 590
 591   * Add new role PVETemplateUser (and VM.Clone priviledge)
 592
 593  -- Proxmox Support Team <support@proxmox.com>  Mon, 29 Apr 2013 11:42:15 +0200
 594
 595 libpve-access-control (3.0-2) unstable; urgency=low
 596
 597   * remove CGI.pm related code (pveproxy does not need that)
 598
 599  -- Proxmox Support Team <support@proxmox.com>  Mon, 15 Apr 2013 12:34:23 +0200
 600
 601 libpve-access-control (3.0-1) unstable; urgency=low
 602
 603   * bump version for wheezy release
 604
 605  -- Proxmox Support Team <support@proxmox.com>  Fri, 15 Mar 2013 08:07:06 +0100
 606
 607 libpve-access-control (1.0-26) unstable; urgency=low
 608
 609   * check_volume_access: fix access permissions for backup files
 610
 611  -- Proxmox Support Team <support@proxmox.com>  Thu, 28 Feb 2013 10:00:14 +0100
 612
 613 libpve-access-control (1.0-25) unstable; urgency=low
 614
 615   * add VM.Snapshot permission
 616
 617  -- Proxmox Support Team <support@proxmox.com>  Mon, 10 Sep 2012 09:23:32 +0200
 618
 619 libpve-access-control (1.0-24) unstable; urgency=low
 620
 621   * untaint path (allow root to restore arbitrary paths)
 622
 623  -- Proxmox Support Team <support@proxmox.com>  Wed, 06 Jun 2012 13:06:34 +0200
 624
 625 libpve-access-control (1.0-23) unstable; urgency=low
 626
 627   * correctly compute GUI capabilities (consider pools)
 628
 629  -- Proxmox Support Team <support@proxmox.com>  Wed, 30 May 2012 08:47:23 +0200
 630
 631 libpve-access-control (1.0-22) unstable; urgency=low
 632
 633   * new plugin architecture for Auth modules, minor API change for Auth
 634     domains (new 'delete' parameter)
 635
 636  -- Proxmox Support Team <support@proxmox.com>  Wed, 16 May 2012 07:21:44 +0200
 637
 638 libpve-access-control (1.0-21) unstable; urgency=low
 639
 640   * do not allow user names including slash
 641
 642  -- Proxmox Support Team <support@proxmox.com>  Tue, 24 Apr 2012 10:07:47 +0200
 643
 644 libpve-access-control (1.0-20) unstable; urgency=low
 645
 646   * add ability to fork cli workers in background
 647
 648  -- Proxmox Support Team <support@proxmox.com>  Wed, 18 Apr 2012 08:28:20 +0200
 649
 650 libpve-access-control (1.0-19) unstable; urgency=low
 651
 652   * return set of privileges on login - can be used to adopt GUI
 653
 654  -- Proxmox Support Team <support@proxmox.com>  Tue, 17 Apr 2012 10:25:10 +0200
 655
 656 libpve-access-control (1.0-18) unstable; urgency=low
 657
 658   * fix bug #151: corretly parse username inside ticket
 659
 660   * fix bug #152: allow user to change his own password
 661
 662  -- Proxmox Support Team <support@proxmox.com>  Wed, 11 Apr 2012 09:40:15 +0200
 663
 664 libpve-access-control (1.0-17) unstable; urgency=low
 665
 666   * set propagate flag by default
 667
 668  -- Proxmox Support Team <support@proxmox.com>  Thu, 01 Mar 2012 12:40:19 +0100
 669
 670 libpve-access-control (1.0-16) unstable; urgency=low
 671
 672   * add 'pveum passwd' method
 673
 674  -- Proxmox Support Team <support@proxmox.com>  Thu, 23 Feb 2012 12:05:25 +0100
 675
 676 libpve-access-control (1.0-15) unstable; urgency=low
 677
 678   * Add VM.Config.CDROM privilege to PVEVMUser rule
 679
 680  -- Proxmox Support Team <support@proxmox.com>  Wed, 22 Feb 2012 11:44:23 +0100
 681
 682 libpve-access-control (1.0-14) unstable; urgency=low
 683
 684   * fix buf in userid-param permission check
 685
 686  -- Proxmox Support Team <support@proxmox.com>  Wed, 22 Feb 2012 10:52:35 +0100
 687
 688 libpve-access-control (1.0-13) unstable; urgency=low
 689
 690   * allow more characters in ldap base_dn attribute
 691
 692  -- Proxmox Support Team <support@proxmox.com>  Wed, 22 Feb 2012 06:17:02 +0100
 693
 694 libpve-access-control (1.0-12) unstable; urgency=low
 695
 696   * allow more characters with realm IDs
 697
 698  -- Proxmox Support Team <support@proxmox.com>  Mon, 20 Feb 2012 08:50:33 +0100
 699
 700 libpve-access-control (1.0-11) unstable; urgency=low
 701
 702   * fix bug in exec_api2_perm_check
 703
 704  -- Proxmox Support Team <support@proxmox.com>  Wed, 15 Feb 2012 07:06:30 +0100
 705
 706 libpve-access-control (1.0-10) unstable; urgency=low
 707
 708   * fix ACL group name parser
 709
 710   * changed 'pveum aclmod' command line arguments
 711
 712  -- Proxmox Support Team <support@proxmox.com>  Tue, 14 Feb 2012 12:08:02 +0100
 713
 714 libpve-access-control (1.0-9) unstable; urgency=low
 715
 716   * fix bug in check_volume_access (fixes vzrestore)
 717
 718  -- Proxmox Support Team <support@proxmox.com>  Mon, 13 Feb 2012 09:56:37 +0100
 719
 720 libpve-access-control (1.0-8) unstable; urgency=low
 721
 722   * fix return value for empty ACL list.
 723
 724  -- Proxmox Support Team <support@proxmox.com>  Fri, 10 Feb 2012 11:25:04 +0100
 725
 726 libpve-access-control (1.0-7) unstable; urgency=low
 727
 728   * fix bug #85: allow root@pam to generate tickets for other users
 729
 730  -- Proxmox Support Team <support@proxmox.com>  Tue, 17 Jan 2012 06:40:18 +0100
 731
 732 libpve-access-control (1.0-6) unstable; urgency=low
 733
 734   * API change: allow to filter enabled/disabled users.
 735
 736  -- Proxmox Support Team <support@proxmox.com>  Wed, 11 Jan 2012 12:30:37 +0100
 737
 738 libpve-access-control (1.0-5) unstable; urgency=low
 739
 740   * add a way to return file changes (diffs): set_result_changes()
 741
 742  -- Proxmox Support Team <support@proxmox.com>  Tue, 20 Dec 2011 11:18:48 +0100
 743
 744 libpve-access-control (1.0-4) unstable; urgency=low
 745
 746   * new environment type for ha agents
 747
 748  -- Proxmox Support Team <support@proxmox.com>  Tue, 13 Dec 2011 10:08:53 +0100
 749
 750 libpve-access-control (1.0-3) unstable; urgency=low
 751
 752   * add support for delayed parameter parsing - We need that to disable
 753     file upload for normal API request (avoid DOS attacs)
 754
 755  -- Proxmox Support Team <support@proxmox.com>  Fri, 02 Dec 2011 09:56:10 +0100
 756
 757 libpve-access-control (1.0-2) unstable; urgency=low
 758
 759   * fix bug in fork_worker
 760
 761  -- Proxmox Support Team <support@proxmox.com>  Tue, 11 Oct 2011 08:37:05 +0200
 762
 763 libpve-access-control (1.0-1) unstable; urgency=low
 764
 765   * allow '-' in permission paths
 766
 767   * bump version to 1.0
 768
 769  -- Proxmox Support Team <support@proxmox.com>  Mon, 27 Jun 2011 13:51:48 +0200
 770
 771 libpve-access-control (0.1) unstable; urgency=low
 772
 773   * first dummy package - no functionality
 774
 775  -- Proxmox Support Team <support@proxmox.com>  Thu, 09 Jul 2009 16:03:00 +0200
 776