1 libpve-access-control (6.0-7) pve; urgency=medium
3 * fix #2575: die when trying to edit built-in roles
5 * add realm sub commands to pveum CLI tool
7 * api: domains: add user group sync API enpoint
9 * allow one to sync and import users and groups from LDAP/AD based realms
11 * realm: add default-sync-options to config for more convenient sync configuration
13 * api: token create: return also full token id for convenience
15 -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
17 libpve-access-control (6.0-6) pve; urgency=medium
19 * API: add group members to group index
21 * implement API token support and management
23 * pveum: add 'pveum user token add/update/remove/list'
25 * pveum: add permissions sub-commands
27 * API: add 'permissions' API endpoint
29 * user.cfg: skip inexisting roles when parsing ACLs
31 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
33 libpve-access-control (6.0-5) pve; urgency=medium
35 * pveum: add list command for users, groups, ACLs and roles
37 * add initial permissions for experimental SDN integration
39 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
41 libpve-access-control (6.0-4) pve; urgency=medium
43 * ticket: use clinfo to get cluster name
45 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
48 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
50 libpve-access-control (6.0-3) pve; urgency=medium
52 * fix #2433: increase possible TFA secret length
54 * parse user configuration: correctly parse group names in ACLs, for users
55 which begin their name with an @
57 * sort user.cfg entries alphabetically
59 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
61 libpve-access-control (6.0-2) pve; urgency=medium
63 * improve CSRF verification compatibility with newer PVE
65 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
67 libpve-access-control (6.0-1) pve; urgency=medium
69 * ticket: properly verify exactly 5 minute old tickets
71 * use hmac_sha256 instead of sha1 for CSRF token generation
73 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
75 libpve-access-control (6.0-0+1) pve; urgency=medium
77 * bump for Debian buster
79 * fix #2079: add periodic auth key rotation
81 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
83 libpve-access-control (5.1-10) unstable; urgency=medium
85 * add /access/user/{id}/tfa api call to get tfa types
87 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
89 libpve-access-control (5.1-9) unstable; urgency=medium
91 * store the tfa type in user.cfg allowing to get it without proxying the call
92 to a higher priviledged daemon.
94 * tfa: realm required TFA should lock out users without TFA configured, as it
95 was done before Proxmox VE 5.4
97 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
99 libpve-access-control (5.1-8) unstable; urgency=medium
101 * U2F: ensure we save correct public key on registration
103 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
105 libpve-access-control (5.1-7) unstable; urgency=medium
107 * verify_ticket: allow general non-challenge tfa to be run as two step
110 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
112 libpve-access-control (5.1-6) unstable; urgency=medium
114 * more general 2FA configuration via priv/tfa.cfg
116 * add u2f api endpoints
118 * delete TFA entries when deleting a user
120 * allow users to change their TOTP settings
122 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
124 libpve-access-control (5.1-5) unstable; urgency=medium
126 * fix vnc ticket verification without authkey lifetime
128 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
130 libpve-access-control (5.1-4) unstable; urgency=medium
132 * fix #1891: Add zsh command completion for pveum
134 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
135 to avoid issues on upgrade, will be enabled with 6.0
137 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
139 libpve-access-control (5.1-3) unstable; urgency=medium
141 * api/ticket: move getting cluster name into an eval
143 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
145 libpve-access-control (5.1-2) unstable; urgency=medium
147 * fix #1998: correct return properties for read_role
149 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
151 libpve-access-control (5.1-1) unstable; urgency=medium
153 * pveum: introduce sub-commands
155 * register userid with completion
157 * fix #233: return cluster name on successful login
159 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
161 libpve-access-control (5.0-8) unstable; urgency=medium
163 * fix #1612: ldap: make 2nd server work with bind domains again
165 * fix an error message where passing a bad pool id to an API function would
166 make it complain about a wrong group name instead
168 * fix the API-returned permission list so that the GUI knows to show the
169 'Permissions' tab for a storage to an administrator apart from root@pam
171 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
173 libpve-access-control (5.0-7) unstable; urgency=medium
175 * VM.Snapshot.Rollback privilege added
177 * api: check for special roles before locking the usercfg
179 * fix #1501: pveum: die when deleting special role
181 * API/ticket: rework coarse grained permission computation
183 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
185 libpve-access-control (5.0-6) unstable; urgency=medium
187 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
188 'verify' option. For compatibility reasons this defaults to off for now,
189 but that might change with future updates.
191 * AD, LDAP: Add ability to specify a CA path or file, and a client
192 certificate via the 'capath', 'cert' and 'certkey' options.
194 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
196 libpve-access-control (5.0-5) unstable; urgency=medium
198 * change from dpkg-deb to dpkg-buildpackage
200 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
202 libpve-access-control (5.0-4) unstable; urgency=medium
204 * PVE/CLI/pveum.pm: call setup_default_cli_env()
206 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
208 * check_api2_permissions: avoid warning about uninitialized value
210 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
212 libpve-access-control (5.0-3) unstable; urgency=medium
214 * use new PVE::OTP class from pve-common
216 * use new PVE::Tools::encrypt_pw from pve-common
218 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
220 libpve-access-control (5.0-2) unstable; urgency=medium
222 * encrypt_pw: avoid '+' for crypt salt
224 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
226 libpve-access-control (5.0-1) unstable; urgency=medium
228 * rebuild for PVE 5.0
230 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
232 libpve-access-control (4.0-23) unstable; urgency=medium
234 * use new PVE::Ticket class
236 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
238 libpve-access-control (4.0-22) unstable; urgency=medium
240 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
241 (moved to PVE::Storage)
243 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
245 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
247 libpve-access-control (4.0-21) unstable; urgency=medium
249 * setup_default_cli_env: expect $class as first parameter
251 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
253 libpve-access-control (4.0-20) unstable; urgency=medium
255 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
257 * PVE/API2/Domains.pm: fix property description
259 * use new repoman for upload target
261 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
263 libpve-access-control (4.0-19) unstable; urgency=medium
265 * Close #833: ldap: non-anonymous bind support
267 * don't import 'RFC' from MIME::Base32
269 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
271 libpve-access-control (4.0-18) unstable; urgency=medium
273 * fix #1062: recognize base32 otp keys again
275 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
277 libpve-access-control (4.0-17) unstable; urgency=medium
279 * drop oathtool and libdigest-hmac-perl dependencies
281 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
283 libpve-access-control (4.0-16) unstable; urgency=medium
285 * use pve-doc-generator to generate man pages
287 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
289 libpve-access-control (4.0-15) unstable; urgency=medium
291 * Fix uninitialized warning when shadow.cfg does not exist
293 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
295 libpve-access-control (4.0-14) unstable; urgency=medium
297 * Add is_worker to RPCEnvironment
299 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
301 libpve-access-control (4.0-13) unstable; urgency=medium
303 * fix #916: allow HTTPS to access custom yubico url
305 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
307 libpve-access-control (4.0-12) unstable; urgency=medium
309 * Catch certificate errors instead of segfaulting
311 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
313 libpve-access-control (4.0-11) unstable; urgency=medium
315 * Fix #861: use safer sprintf formatting
317 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
319 libpve-access-control (4.0-10) unstable; urgency=medium
321 * Auth::LDAP, Auth::AD: ipv6 support
323 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
325 libpve-access-control (4.0-9) unstable; urgency=medium
327 * pveum: implement bash completion
329 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
331 libpve-access-control (4.0-8) unstable; urgency=medium
333 * remove_storage_access: cleanup of access permissions for removed storage
335 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
337 libpve-access-control (4.0-7) unstable; urgency=medium
339 * new helper to remove access permissions for removed VMs
341 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
343 libpve-access-control (4.0-6) unstable; urgency=medium
345 * improve parse_user_config, parse_shadow_config
347 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
349 libpve-access-control (4.0-5) unstable; urgency=medium
351 * pveum: check for $cmd being defined
353 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
355 libpve-access-control (4.0-4) unstable; urgency=medium
357 * use activate-noawait triggers
359 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
361 libpve-access-control (4.0-3) unstable; urgency=medium
367 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
369 libpve-access-control (4.0-2) unstable; urgency=medium
371 * trigger pve-api-updates event
373 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
375 libpve-access-control (4.0-1) unstable; urgency=medium
377 * bump version for Debian Jessie
379 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
381 libpve-access-control (3.0-16) unstable; urgency=low
383 * root@pam can now be disabled in GUI.
385 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
387 libpve-access-control (3.0-15) unstable; urgency=low
389 * oath: add 'step' and 'digits' option
391 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
393 libpve-access-control (3.0-14) unstable; urgency=low
395 * add oath two factor auth
397 * add oathkeygen binary to generate keys for oath
399 * add yubico two factor auth
403 * depend on libmime-base32-perl
405 * allow to write builtin auth domains config (comment/tfa/default)
407 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
409 libpve-access-control (3.0-13) unstable; urgency=low
411 * use correct connection string for AD auth
413 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
415 libpve-access-control (3.0-12) unstable; urgency=low
417 * add dummy API for GET /access/ticket (useful to generate login pages)
419 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
421 libpve-access-control (3.0-11) unstable; urgency=low
423 * Sets common hot keys for spice client
425 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
427 libpve-access-control (3.0-10) unstable; urgency=low
429 * implement helper to generate SPICE remote-viewer configuration
431 * depend on libnet-ssleay-perl
433 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
435 libpve-access-control (3.0-9) unstable; urgency=low
437 * prevent user enumeration attacks
439 * allow dots in access paths
441 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
443 libpve-access-control (3.0-8) unstable; urgency=low
445 * spice: use lowercase hostname in ticktet signature
447 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
449 libpve-access-control (3.0-7) unstable; urgency=low
451 * check_volume_access : use parse_volname instead of path, and remove
454 * use warnings instead of global -w flag.
456 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
458 libpve-access-control (3.0-6) unstable; urgency=low
460 * use shorter spiceproxy tickets
462 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
464 libpve-access-control (3.0-5) unstable; urgency=low
466 * add code to generate tickets for SPICE
468 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
470 libpve-access-control (3.0-4) unstable; urgency=low
472 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
474 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
476 libpve-access-control (3.0-3) unstable; urgency=low
478 * Add new role PVETemplateUser (and VM.Clone priviledge)
480 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
482 libpve-access-control (3.0-2) unstable; urgency=low
484 * remove CGI.pm related code (pveproxy does not need that)
486 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
488 libpve-access-control (3.0-1) unstable; urgency=low
490 * bump version for wheezy release
492 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
494 libpve-access-control (1.0-26) unstable; urgency=low
496 * check_volume_access: fix access permissions for backup files
498 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
500 libpve-access-control (1.0-25) unstable; urgency=low
502 * add VM.Snapshot permission
504 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
506 libpve-access-control (1.0-24) unstable; urgency=low
508 * untaint path (allow root to restore arbitrary paths)
510 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
512 libpve-access-control (1.0-23) unstable; urgency=low
514 * correctly compute GUI capabilities (consider pools)
516 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
518 libpve-access-control (1.0-22) unstable; urgency=low
520 * new plugin architecture for Auth modules, minor API change for Auth
521 domains (new 'delete' parameter)
523 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
525 libpve-access-control (1.0-21) unstable; urgency=low
527 * do not allow user names including slash
529 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
531 libpve-access-control (1.0-20) unstable; urgency=low
533 * add ability to fork cli workers in background
535 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
537 libpve-access-control (1.0-19) unstable; urgency=low
539 * return set of privileges on login - can be used to adopt GUI
541 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
543 libpve-access-control (1.0-18) unstable; urgency=low
545 * fix bug #151: corretly parse username inside ticket
547 * fix bug #152: allow user to change his own password
549 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
551 libpve-access-control (1.0-17) unstable; urgency=low
553 * set propagate flag by default
555 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
557 libpve-access-control (1.0-16) unstable; urgency=low
559 * add 'pveum passwd' method
561 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
563 libpve-access-control (1.0-15) unstable; urgency=low
565 * Add VM.Config.CDROM privilege to PVEVMUser rule
567 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
569 libpve-access-control (1.0-14) unstable; urgency=low
571 * fix buf in userid-param permission check
573 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
575 libpve-access-control (1.0-13) unstable; urgency=low
577 * allow more characters in ldap base_dn attribute
579 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
581 libpve-access-control (1.0-12) unstable; urgency=low
583 * allow more characters with realm IDs
585 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
587 libpve-access-control (1.0-11) unstable; urgency=low
589 * fix bug in exec_api2_perm_check
591 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
593 libpve-access-control (1.0-10) unstable; urgency=low
595 * fix ACL group name parser
597 * changed 'pveum aclmod' command line arguments
599 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
601 libpve-access-control (1.0-9) unstable; urgency=low
603 * fix bug in check_volume_access (fixes vzrestore)
605 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
607 libpve-access-control (1.0-8) unstable; urgency=low
609 * fix return value for empty ACL list.
611 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
613 libpve-access-control (1.0-7) unstable; urgency=low
615 * fix bug #85: allow root@pam to generate tickets for other users
617 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
619 libpve-access-control (1.0-6) unstable; urgency=low
621 * API change: allow to filter enabled/disabled users.
623 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
625 libpve-access-control (1.0-5) unstable; urgency=low
627 * add a way to return file changes (diffs): set_result_changes()
629 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
631 libpve-access-control (1.0-4) unstable; urgency=low
633 * new environment type for ha agents
635 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
637 libpve-access-control (1.0-3) unstable; urgency=low
639 * add support for delayed parameter parsing - We need that to disable
640 file upload for normal API request (avoid DOS attacs)
642 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
644 libpve-access-control (1.0-2) unstable; urgency=low
646 * fix bug in fork_worker
648 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
650 libpve-access-control (1.0-1) unstable; urgency=low
652 * allow '-' in permission paths
654 * bump version to 1.0
656 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
658 libpve-access-control (0.1) unstable; urgency=low
660 * first dummy package - no functionality
662 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200