1 libpve-access-control (5.1-10) unstable; urgency=medium
3 * add /access/user/{id}/tfa api call to get tfa types
5 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
7 libpve-access-control (5.1-9) unstable; urgency=medium
9 * store the tfa type in user.cfg allowing to get it without proxying the call
10 to a higher priviledged daemon.
12 * tfa: realm required TFA should lock out users without TFA configured, as it
13 was done before Proxmox VE 5.4
15 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
17 libpve-access-control (5.1-8) unstable; urgency=medium
19 * U2F: ensure we save correct public key on registration
21 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
23 libpve-access-control (5.1-7) unstable; urgency=medium
25 * verify_ticket: allow general non-challenge tfa to be run as two step
28 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
30 libpve-access-control (5.1-6) unstable; urgency=medium
32 * more general 2FA configuration via priv/tfa.cfg
34 * add u2f api endpoints
36 * delete TFA entries when deleting a user
38 * allow users to change their TOTP settings
40 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
42 libpve-access-control (5.1-5) unstable; urgency=medium
44 * fix vnc ticket verification without authkey lifetime
46 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
48 libpve-access-control (5.1-4) unstable; urgency=medium
50 * fix #1891: Add zsh command completion for pveum
52 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
53 to avoid issues on upgrade, will be enabled with 6.0
55 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
57 libpve-access-control (5.1-3) unstable; urgency=medium
59 * api/ticket: move getting cluster name into an eval
61 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
63 libpve-access-control (5.1-2) unstable; urgency=medium
65 * fix #1998: correct return properties for read_role
67 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
69 libpve-access-control (5.1-1) unstable; urgency=medium
71 * pveum: introduce sub-commands
73 * register userid with completion
75 * fix #233: return cluster name on successful login
77 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
79 libpve-access-control (5.0-8) unstable; urgency=medium
81 * fix #1612: ldap: make 2nd server work with bind domains again
83 * fix an error message where passing a bad pool id to an API function would
84 make it complain about a wrong group name instead
86 * fix the API-returned permission list so that the GUI knows to show the
87 'Permissions' tab for a storage to an administrator apart from root@pam
89 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
91 libpve-access-control (5.0-7) unstable; urgency=medium
93 * VM.Snapshot.Rollback privilege added
95 * api: check for special roles before locking the usercfg
97 * fix #1501: pveum: die when deleting special role
99 * API/ticket: rework coarse grained permission computation
101 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
103 libpve-access-control (5.0-6) unstable; urgency=medium
105 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
106 'verify' option. For compatibility reasons this defaults to off for now,
107 but that might change with future updates.
109 * AD, LDAP: Add ability to specify a CA path or file, and a client
110 certificate via the 'capath', 'cert' and 'certkey' options.
112 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
114 libpve-access-control (5.0-5) unstable; urgency=medium
116 * change from dpkg-deb to dpkg-buildpackage
118 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
120 libpve-access-control (5.0-4) unstable; urgency=medium
122 * PVE/CLI/pveum.pm: call setup_default_cli_env()
124 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
126 * check_api2_permissions: avoid warning about uninitialized value
128 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
130 libpve-access-control (5.0-3) unstable; urgency=medium
132 * use new PVE::OTP class from pve-common
134 * use new PVE::Tools::encrypt_pw from pve-common
136 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
138 libpve-access-control (5.0-2) unstable; urgency=medium
140 * encrypt_pw: avoid '+' for crypt salt
142 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
144 libpve-access-control (5.0-1) unstable; urgency=medium
146 * rebuild for PVE 5.0
148 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
150 libpve-access-control (4.0-23) unstable; urgency=medium
152 * use new PVE::Ticket class
154 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
156 libpve-access-control (4.0-22) unstable; urgency=medium
158 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
159 (moved to PVE::Storage)
161 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
163 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
165 libpve-access-control (4.0-21) unstable; urgency=medium
167 * setup_default_cli_env: expect $class as first parameter
169 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
171 libpve-access-control (4.0-20) unstable; urgency=medium
173 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
175 * PVE/API2/Domains.pm: fix property description
177 * use new repoman for upload target
179 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
181 libpve-access-control (4.0-19) unstable; urgency=medium
183 * Close #833: ldap: non-anonymous bind support
185 * don't import 'RFC' from MIME::Base32
187 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
189 libpve-access-control (4.0-18) unstable; urgency=medium
191 * fix #1062: recognize base32 otp keys again
193 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
195 libpve-access-control (4.0-17) unstable; urgency=medium
197 * drop oathtool and libdigest-hmac-perl dependencies
199 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
201 libpve-access-control (4.0-16) unstable; urgency=medium
203 * use pve-doc-generator to generate man pages
205 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
207 libpve-access-control (4.0-15) unstable; urgency=medium
209 * Fix uninitialized warning when shadow.cfg does not exist
211 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
213 libpve-access-control (4.0-14) unstable; urgency=medium
215 * Add is_worker to RPCEnvironment
217 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
219 libpve-access-control (4.0-13) unstable; urgency=medium
221 * fix #916: allow HTTPS to access custom yubico url
223 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
225 libpve-access-control (4.0-12) unstable; urgency=medium
227 * Catch certificate errors instead of segfaulting
229 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
231 libpve-access-control (4.0-11) unstable; urgency=medium
233 * Fix #861: use safer sprintf formatting
235 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
237 libpve-access-control (4.0-10) unstable; urgency=medium
239 * Auth::LDAP, Auth::AD: ipv6 support
241 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
243 libpve-access-control (4.0-9) unstable; urgency=medium
245 * pveum: implement bash completion
247 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
249 libpve-access-control (4.0-8) unstable; urgency=medium
251 * remove_storage_access: cleanup of access permissions for removed storage
253 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
255 libpve-access-control (4.0-7) unstable; urgency=medium
257 * new helper to remove access permissions for removed VMs
259 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
261 libpve-access-control (4.0-6) unstable; urgency=medium
263 * improve parse_user_config, parse_shadow_config
265 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
267 libpve-access-control (4.0-5) unstable; urgency=medium
269 * pveum: check for $cmd being defined
271 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
273 libpve-access-control (4.0-4) unstable; urgency=medium
275 * use activate-noawait triggers
277 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
279 libpve-access-control (4.0-3) unstable; urgency=medium
285 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
287 libpve-access-control (4.0-2) unstable; urgency=medium
289 * trigger pve-api-updates event
291 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
293 libpve-access-control (4.0-1) unstable; urgency=medium
295 * bump version for Debian Jessie
297 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
299 libpve-access-control (3.0-16) unstable; urgency=low
301 * root@pam can now be disabled in GUI.
303 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
305 libpve-access-control (3.0-15) unstable; urgency=low
307 * oath: add 'step' and 'digits' option
309 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
311 libpve-access-control (3.0-14) unstable; urgency=low
313 * add oath two factor auth
315 * add oathkeygen binary to generate keys for oath
317 * add yubico two factor auth
321 * depend on libmime-base32-perl
323 * allow to write builtin auth domains config (comment/tfa/default)
325 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
327 libpve-access-control (3.0-13) unstable; urgency=low
329 * use correct connection string for AD auth
331 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
333 libpve-access-control (3.0-12) unstable; urgency=low
335 * add dummy API for GET /access/ticket (useful to generate login pages)
337 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
339 libpve-access-control (3.0-11) unstable; urgency=low
341 * Sets common hot keys for spice client
343 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
345 libpve-access-control (3.0-10) unstable; urgency=low
347 * implement helper to generate SPICE remote-viewer configuration
349 * depend on libnet-ssleay-perl
351 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
353 libpve-access-control (3.0-9) unstable; urgency=low
355 * prevent user enumeration attacks
357 * allow dots in access paths
359 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
361 libpve-access-control (3.0-8) unstable; urgency=low
363 * spice: use lowercase hostname in ticktet signature
365 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
367 libpve-access-control (3.0-7) unstable; urgency=low
369 * check_volume_access : use parse_volname instead of path, and remove
372 * use warnings instead of global -w flag.
374 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
376 libpve-access-control (3.0-6) unstable; urgency=low
378 * use shorter spiceproxy tickets
380 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
382 libpve-access-control (3.0-5) unstable; urgency=low
384 * add code to generate tickets for SPICE
386 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
388 libpve-access-control (3.0-4) unstable; urgency=low
390 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
392 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
394 libpve-access-control (3.0-3) unstable; urgency=low
396 * Add new role PVETemplateUser (and VM.Clone priviledge)
398 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
400 libpve-access-control (3.0-2) unstable; urgency=low
402 * remove CGI.pm related code (pveproxy does not need that)
404 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
406 libpve-access-control (3.0-1) unstable; urgency=low
408 * bump version for wheezy release
410 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
412 libpve-access-control (1.0-26) unstable; urgency=low
414 * check_volume_access: fix access permissions for backup files
416 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
418 libpve-access-control (1.0-25) unstable; urgency=low
420 * add VM.Snapshot permission
422 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
424 libpve-access-control (1.0-24) unstable; urgency=low
426 * untaint path (allow root to restore arbitrary paths)
428 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
430 libpve-access-control (1.0-23) unstable; urgency=low
432 * correctly compute GUI capabilities (consider pools)
434 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
436 libpve-access-control (1.0-22) unstable; urgency=low
438 * new plugin architecture for Auth modules, minor API change for Auth
439 domains (new 'delete' parameter)
441 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
443 libpve-access-control (1.0-21) unstable; urgency=low
445 * do not allow user names including slash
447 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
449 libpve-access-control (1.0-20) unstable; urgency=low
451 * add ability to fork cli workers in background
453 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
455 libpve-access-control (1.0-19) unstable; urgency=low
457 * return set of privileges on login - can be used to adopt GUI
459 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
461 libpve-access-control (1.0-18) unstable; urgency=low
463 * fix bug #151: corretly parse username inside ticket
465 * fix bug #152: allow user to change his own password
467 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
469 libpve-access-control (1.0-17) unstable; urgency=low
471 * set propagate flag by default
473 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
475 libpve-access-control (1.0-16) unstable; urgency=low
477 * add 'pveum passwd' method
479 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
481 libpve-access-control (1.0-15) unstable; urgency=low
483 * Add VM.Config.CDROM privilege to PVEVMUser rule
485 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
487 libpve-access-control (1.0-14) unstable; urgency=low
489 * fix buf in userid-param permission check
491 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
493 libpve-access-control (1.0-13) unstable; urgency=low
495 * allow more characters in ldap base_dn attribute
497 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
499 libpve-access-control (1.0-12) unstable; urgency=low
501 * allow more characters with realm IDs
503 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
505 libpve-access-control (1.0-11) unstable; urgency=low
507 * fix bug in exec_api2_perm_check
509 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
511 libpve-access-control (1.0-10) unstable; urgency=low
513 * fix ACL group name parser
515 * changed 'pveum aclmod' command line arguments
517 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
519 libpve-access-control (1.0-9) unstable; urgency=low
521 * fix bug in check_volume_access (fixes vzrestore)
523 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
525 libpve-access-control (1.0-8) unstable; urgency=low
527 * fix return value for empty ACL list.
529 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
531 libpve-access-control (1.0-7) unstable; urgency=low
533 * fix bug #85: allow root@pam to generate tickets for other users
535 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
537 libpve-access-control (1.0-6) unstable; urgency=low
539 * API change: allow to filter enabled/disabled users.
541 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
543 libpve-access-control (1.0-5) unstable; urgency=low
545 * add a way to return file changes (diffs): set_result_changes()
547 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
549 libpve-access-control (1.0-4) unstable; urgency=low
551 * new environment type for ha agents
553 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
555 libpve-access-control (1.0-3) unstable; urgency=low
557 * add support for delayed parameter parsing - We need that to disable
558 file upload for normal API request (avoid DOS attacs)
560 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
562 libpve-access-control (1.0-2) unstable; urgency=low
564 * fix bug in fork_worker
566 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
568 libpve-access-control (1.0-1) unstable; urgency=low
570 * allow '-' in permission paths
572 * bump version to 1.0
574 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
576 libpve-access-control (0.1) unstable; urgency=low
578 * first dummy package - no functionality
580 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200