1 libpve-access-control (6.1-1) pve; urgency=medium
3 * pveum: add tfa delete subcommand for deleting user-TFA
5 * LDAP: don't complain about missing credentials on realm removal
7 * LDAP: skip anonymous bind when client certificate and key is configured
9 -- Proxmox Support Team <support@proxmox.com> Fri, 08 May 2020 17:47:41 +0200
11 libpve-access-control (6.0-7) pve; urgency=medium
13 * fix #2575: die when trying to edit built-in roles
15 * add realm sub commands to pveum CLI tool
17 * api: domains: add user group sync API enpoint
19 * allow one to sync and import users and groups from LDAP/AD based realms
21 * realm: add default-sync-options to config for more convenient sync configuration
23 * api: token create: return also full token id for convenience
25 -- Proxmox Support Team <support@proxmox.com> Sat, 25 Apr 2020 19:35:17 +0200
27 libpve-access-control (6.0-6) pve; urgency=medium
29 * API: add group members to group index
31 * implement API token support and management
33 * pveum: add 'pveum user token add/update/remove/list'
35 * pveum: add permissions sub-commands
37 * API: add 'permissions' API endpoint
39 * user.cfg: skip inexisting roles when parsing ACLs
41 -- Proxmox Support Team <support@proxmox.com> Wed, 29 Jan 2020 10:17:27 +0100
43 libpve-access-control (6.0-5) pve; urgency=medium
45 * pveum: add list command for users, groups, ACLs and roles
47 * add initial permissions for experimental SDN integration
49 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Nov 2019 17:56:37 +0100
51 libpve-access-control (6.0-4) pve; urgency=medium
53 * ticket: use clinfo to get cluster name
55 * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as
58 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 11:55:11 +0100
60 libpve-access-control (6.0-3) pve; urgency=medium
62 * fix #2433: increase possible TFA secret length
64 * parse user configuration: correctly parse group names in ACLs, for users
65 which begin their name with an @
67 * sort user.cfg entries alphabetically
69 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Oct 2019 08:52:23 +0100
71 libpve-access-control (6.0-2) pve; urgency=medium
73 * improve CSRF verification compatibility with newer PVE
75 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2019 20:24:35 +0200
77 libpve-access-control (6.0-1) pve; urgency=medium
79 * ticket: properly verify exactly 5 minute old tickets
81 * use hmac_sha256 instead of sha1 for CSRF token generation
83 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 18:14:45 +0200
85 libpve-access-control (6.0-0+1) pve; urgency=medium
87 * bump for Debian buster
89 * fix #2079: add periodic auth key rotation
91 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 21:31:15 +0200
93 libpve-access-control (5.1-10) unstable; urgency=medium
95 * add /access/user/{id}/tfa api call to get tfa types
97 -- Proxmox Support Team <support@proxmox.com> Wed, 15 May 2019 16:21:10 +0200
99 libpve-access-control (5.1-9) unstable; urgency=medium
101 * store the tfa type in user.cfg allowing to get it without proxying the call
102 to a higher priviledged daemon.
104 * tfa: realm required TFA should lock out users without TFA configured, as it
105 was done before Proxmox VE 5.4
107 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2019 14:01:00 +0000
109 libpve-access-control (5.1-8) unstable; urgency=medium
111 * U2F: ensure we save correct public key on registration
113 -- Proxmox Support Team <support@proxmox.com> Tue, 09 Apr 2019 12:47:12 +0200
115 libpve-access-control (5.1-7) unstable; urgency=medium
117 * verify_ticket: allow general non-challenge tfa to be run as two step
120 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Apr 2019 16:56:14 +0200
122 libpve-access-control (5.1-6) unstable; urgency=medium
124 * more general 2FA configuration via priv/tfa.cfg
126 * add u2f api endpoints
128 * delete TFA entries when deleting a user
130 * allow users to change their TOTP settings
132 -- Proxmox Support Team <support@proxmox.com> Wed, 03 Apr 2019 13:40:26 +0200
134 libpve-access-control (5.1-5) unstable; urgency=medium
136 * fix vnc ticket verification without authkey lifetime
138 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 10:43:17 +0100
140 libpve-access-control (5.1-4) unstable; urgency=medium
142 * fix #1891: Add zsh command completion for pveum
144 * ground work to fix #2079: add periodic auth key rotation. Not yet enabled
145 to avoid issues on upgrade, will be enabled with 6.0
147 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Mar 2019 09:12:05 +0100
149 libpve-access-control (5.1-3) unstable; urgency=medium
151 * api/ticket: move getting cluster name into an eval
153 -- Proxmox Support Team <support@proxmox.com> Thu, 29 Nov 2018 12:59:36 +0100
155 libpve-access-control (5.1-2) unstable; urgency=medium
157 * fix #1998: correct return properties for read_role
159 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:22:40 +0100
161 libpve-access-control (5.1-1) unstable; urgency=medium
163 * pveum: introduce sub-commands
165 * register userid with completion
167 * fix #233: return cluster name on successful login
169 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Nov 2018 09:34:47 +0100
171 libpve-access-control (5.0-8) unstable; urgency=medium
173 * fix #1612: ldap: make 2nd server work with bind domains again
175 * fix an error message where passing a bad pool id to an API function would
176 make it complain about a wrong group name instead
178 * fix the API-returned permission list so that the GUI knows to show the
179 'Permissions' tab for a storage to an administrator apart from root@pam
181 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Jan 2018 13:34:50 +0100
183 libpve-access-control (5.0-7) unstable; urgency=medium
185 * VM.Snapshot.Rollback privilege added
187 * api: check for special roles before locking the usercfg
189 * fix #1501: pveum: die when deleting special role
191 * API/ticket: rework coarse grained permission computation
193 -- Proxmox Support Team <support@proxmox.com> Thu, 5 Oct 2017 11:27:48 +0200
195 libpve-access-control (5.0-6) unstable; urgency=medium
197 * Close #1470: Add server ceritifcate verification for AD and LDAP via the
198 'verify' option. For compatibility reasons this defaults to off for now,
199 but that might change with future updates.
201 * AD, LDAP: Add ability to specify a CA path or file, and a client
202 certificate via the 'capath', 'cert' and 'certkey' options.
204 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Aug 2017 11:56:38 +0200
206 libpve-access-control (5.0-5) unstable; urgency=medium
208 * change from dpkg-deb to dpkg-buildpackage
210 -- Proxmox Support Team <support@proxmox.com> Thu, 22 Jun 2017 09:12:37 +0200
212 libpve-access-control (5.0-4) unstable; urgency=medium
214 * PVE/CLI/pveum.pm: call setup_default_cli_env()
216 * PVE/Auth/PVE.pm: encode uft8 password before calling crypt
218 * check_api2_permissions: avoid warning about uninitialized value
220 -- Proxmox Support Team <support@proxmox.com> Tue, 02 May 2017 11:58:15 +0200
222 libpve-access-control (5.0-3) unstable; urgency=medium
224 * use new PVE::OTP class from pve-common
226 * use new PVE::Tools::encrypt_pw from pve-common
228 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 17:45:55 +0200
230 libpve-access-control (5.0-2) unstable; urgency=medium
232 * encrypt_pw: avoid '+' for crypt salt
234 -- Proxmox Support Team <support@proxmox.com> Thu, 30 Mar 2017 08:54:10 +0200
236 libpve-access-control (5.0-1) unstable; urgency=medium
238 * rebuild for PVE 5.0
240 -- Proxmox Support Team <support@proxmox.com> Mon, 6 Mar 2017 13:42:01 +0100
242 libpve-access-control (4.0-23) unstable; urgency=medium
244 * use new PVE::Ticket class
246 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 13:42:06 +0100
248 libpve-access-control (4.0-22) unstable; urgency=medium
250 * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency
251 (moved to PVE::Storage)
253 * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class
255 -- Proxmox Support Team <support@proxmox.com> Thu, 19 Jan 2017 09:12:04 +0100
257 libpve-access-control (4.0-21) unstable; urgency=medium
259 * setup_default_cli_env: expect $class as first parameter
261 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jan 2017 13:54:27 +0100
263 libpve-access-control (4.0-20) unstable; urgency=medium
265 * PVE/RPCEnvironment.pm: new function setup_default_cli_env
267 * PVE/API2/Domains.pm: fix property description
269 * use new repoman for upload target
271 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2017 12:13:26 +0100
273 libpve-access-control (4.0-19) unstable; urgency=medium
275 * Close #833: ldap: non-anonymous bind support
277 * don't import 'RFC' from MIME::Base32
279 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Aug 2016 13:09:08 +0200
281 libpve-access-control (4.0-18) unstable; urgency=medium
283 * fix #1062: recognize base32 otp keys again
285 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Jul 2016 08:43:18 +0200
287 libpve-access-control (4.0-17) unstable; urgency=medium
289 * drop oathtool and libdigest-hmac-perl dependencies
291 -- Proxmox Support Team <support@proxmox.com> Mon, 11 Jul 2016 12:03:22 +0200
293 libpve-access-control (4.0-16) unstable; urgency=medium
295 * use pve-doc-generator to generate man pages
297 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Apr 2016 07:06:05 +0200
299 libpve-access-control (4.0-15) unstable; urgency=medium
301 * Fix uninitialized warning when shadow.cfg does not exist
303 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:10:57 +0200
305 libpve-access-control (4.0-14) unstable; urgency=medium
307 * Add is_worker to RPCEnvironment
309 -- Proxmox Support Team <support@proxmox.com> Tue, 15 Mar 2016 16:47:34 +0100
311 libpve-access-control (4.0-13) unstable; urgency=medium
313 * fix #916: allow HTTPS to access custom yubico url
315 -- Proxmox Support Team <support@proxmox.com> Mon, 14 Mar 2016 11:39:23 +0100
317 libpve-access-control (4.0-12) unstable; urgency=medium
319 * Catch certificate errors instead of segfaulting
321 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Mar 2016 14:41:01 +0100
323 libpve-access-control (4.0-11) unstable; urgency=medium
325 * Fix #861: use safer sprintf formatting
327 -- Proxmox Support Team <support@proxmox.com> Fri, 08 Jan 2016 12:52:39 +0100
329 libpve-access-control (4.0-10) unstable; urgency=medium
331 * Auth::LDAP, Auth::AD: ipv6 support
333 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Dec 2015 12:09:32 +0100
335 libpve-access-control (4.0-9) unstable; urgency=medium
337 * pveum: implement bash completion
339 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Oct 2015 17:22:52 +0200
341 libpve-access-control (4.0-8) unstable; urgency=medium
343 * remove_storage_access: cleanup of access permissions for removed storage
345 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:39:15 +0200
347 libpve-access-control (4.0-7) unstable; urgency=medium
349 * new helper to remove access permissions for removed VMs
351 -- Proxmox Support Team <support@proxmox.com> Fri, 14 Aug 2015 07:57:02 +0200
353 libpve-access-control (4.0-6) unstable; urgency=medium
355 * improve parse_user_config, parse_shadow_config
357 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:14:33 +0200
359 libpve-access-control (4.0-5) unstable; urgency=medium
361 * pveum: check for $cmd being defined
363 -- Proxmox Support Team <support@proxmox.com> Wed, 10 Jun 2015 10:40:15 +0200
365 libpve-access-control (4.0-4) unstable; urgency=medium
367 * use activate-noawait triggers
369 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:25:31 +0200
371 libpve-access-control (4.0-3) unstable; urgency=medium
377 -- Proxmox Support Team <support@proxmox.com> Wed, 27 May 2015 11:15:44 +0200
379 libpve-access-control (4.0-2) unstable; urgency=medium
381 * trigger pve-api-updates event
383 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:06:38 +0200
385 libpve-access-control (4.0-1) unstable; urgency=medium
387 * bump version for Debian Jessie
389 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Feb 2015 11:22:01 +0100
391 libpve-access-control (3.0-16) unstable; urgency=low
393 * root@pam can now be disabled in GUI.
395 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Jan 2015 06:20:22 +0100
397 libpve-access-control (3.0-15) unstable; urgency=low
399 * oath: add 'step' and 'digits' option
401 -- Proxmox Support Team <support@proxmox.com> Wed, 23 Jul 2014 06:59:52 +0200
403 libpve-access-control (3.0-14) unstable; urgency=low
405 * add oath two factor auth
407 * add oathkeygen binary to generate keys for oath
409 * add yubico two factor auth
413 * depend on libmime-base32-perl
415 * allow to write builtin auth domains config (comment/tfa/default)
417 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Jul 2014 13:09:56 +0200
419 libpve-access-control (3.0-13) unstable; urgency=low
421 * use correct connection string for AD auth
423 -- Proxmox Support Team <support@proxmox.com> Thu, 22 May 2014 07:16:09 +0200
425 libpve-access-control (3.0-12) unstable; urgency=low
427 * add dummy API for GET /access/ticket (useful to generate login pages)
429 -- Proxmox Support Team <support@proxmox.com> Wed, 30 Apr 2014 14:47:56 +0200
431 libpve-access-control (3.0-11) unstable; urgency=low
433 * Sets common hot keys for spice client
435 -- Proxmox Support Team <support@proxmox.com> Fri, 31 Jan 2014 10:24:28 +0100
437 libpve-access-control (3.0-10) unstable; urgency=low
439 * implement helper to generate SPICE remote-viewer configuration
441 * depend on libnet-ssleay-perl
443 -- Proxmox Support Team <support@proxmox.com> Tue, 10 Dec 2013 10:45:08 +0100
445 libpve-access-control (3.0-9) unstable; urgency=low
447 * prevent user enumeration attacks
449 * allow dots in access paths
451 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2013 09:06:38 +0100
453 libpve-access-control (3.0-8) unstable; urgency=low
455 * spice: use lowercase hostname in ticktet signature
457 -- Proxmox Support Team <support@proxmox.com> Mon, 28 Oct 2013 08:11:57 +0100
459 libpve-access-control (3.0-7) unstable; urgency=low
461 * check_volume_access : use parse_volname instead of path, and remove
464 * use warnings instead of global -w flag.
466 -- Proxmox Support Team <support@proxmox.com> Tue, 01 Oct 2013 12:35:53 +0200
468 libpve-access-control (3.0-6) unstable; urgency=low
470 * use shorter spiceproxy tickets
472 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Jul 2013 12:39:09 +0200
474 libpve-access-control (3.0-5) unstable; urgency=low
476 * add code to generate tickets for SPICE
478 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Jun 2013 13:08:32 +0200
480 libpve-access-control (3.0-4) unstable; urgency=low
482 * moved add_vm_to_pool/remove_vm_from_pool from qemu-server
484 -- Proxmox Support Team <support@proxmox.com> Tue, 14 May 2013 11:56:54 +0200
486 libpve-access-control (3.0-3) unstable; urgency=low
488 * Add new role PVETemplateUser (and VM.Clone priviledge)
490 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Apr 2013 11:42:15 +0200
492 libpve-access-control (3.0-2) unstable; urgency=low
494 * remove CGI.pm related code (pveproxy does not need that)
496 -- Proxmox Support Team <support@proxmox.com> Mon, 15 Apr 2013 12:34:23 +0200
498 libpve-access-control (3.0-1) unstable; urgency=low
500 * bump version for wheezy release
502 -- Proxmox Support Team <support@proxmox.com> Fri, 15 Mar 2013 08:07:06 +0100
504 libpve-access-control (1.0-26) unstable; urgency=low
506 * check_volume_access: fix access permissions for backup files
508 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Feb 2013 10:00:14 +0100
510 libpve-access-control (1.0-25) unstable; urgency=low
512 * add VM.Snapshot permission
514 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Sep 2012 09:23:32 +0200
516 libpve-access-control (1.0-24) unstable; urgency=low
518 * untaint path (allow root to restore arbitrary paths)
520 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2012 13:06:34 +0200
522 libpve-access-control (1.0-23) unstable; urgency=low
524 * correctly compute GUI capabilities (consider pools)
526 -- Proxmox Support Team <support@proxmox.com> Wed, 30 May 2012 08:47:23 +0200
528 libpve-access-control (1.0-22) unstable; urgency=low
530 * new plugin architecture for Auth modules, minor API change for Auth
531 domains (new 'delete' parameter)
533 -- Proxmox Support Team <support@proxmox.com> Wed, 16 May 2012 07:21:44 +0200
535 libpve-access-control (1.0-21) unstable; urgency=low
537 * do not allow user names including slash
539 -- Proxmox Support Team <support@proxmox.com> Tue, 24 Apr 2012 10:07:47 +0200
541 libpve-access-control (1.0-20) unstable; urgency=low
543 * add ability to fork cli workers in background
545 -- Proxmox Support Team <support@proxmox.com> Wed, 18 Apr 2012 08:28:20 +0200
547 libpve-access-control (1.0-19) unstable; urgency=low
549 * return set of privileges on login - can be used to adopt GUI
551 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Apr 2012 10:25:10 +0200
553 libpve-access-control (1.0-18) unstable; urgency=low
555 * fix bug #151: corretly parse username inside ticket
557 * fix bug #152: allow user to change his own password
559 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2012 09:40:15 +0200
561 libpve-access-control (1.0-17) unstable; urgency=low
563 * set propagate flag by default
565 -- Proxmox Support Team <support@proxmox.com> Thu, 01 Mar 2012 12:40:19 +0100
567 libpve-access-control (1.0-16) unstable; urgency=low
569 * add 'pveum passwd' method
571 -- Proxmox Support Team <support@proxmox.com> Thu, 23 Feb 2012 12:05:25 +0100
573 libpve-access-control (1.0-15) unstable; urgency=low
575 * Add VM.Config.CDROM privilege to PVEVMUser rule
577 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 11:44:23 +0100
579 libpve-access-control (1.0-14) unstable; urgency=low
581 * fix buf in userid-param permission check
583 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 10:52:35 +0100
585 libpve-access-control (1.0-13) unstable; urgency=low
587 * allow more characters in ldap base_dn attribute
589 -- Proxmox Support Team <support@proxmox.com> Wed, 22 Feb 2012 06:17:02 +0100
591 libpve-access-control (1.0-12) unstable; urgency=low
593 * allow more characters with realm IDs
595 -- Proxmox Support Team <support@proxmox.com> Mon, 20 Feb 2012 08:50:33 +0100
597 libpve-access-control (1.0-11) unstable; urgency=low
599 * fix bug in exec_api2_perm_check
601 -- Proxmox Support Team <support@proxmox.com> Wed, 15 Feb 2012 07:06:30 +0100
603 libpve-access-control (1.0-10) unstable; urgency=low
605 * fix ACL group name parser
607 * changed 'pveum aclmod' command line arguments
609 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Feb 2012 12:08:02 +0100
611 libpve-access-control (1.0-9) unstable; urgency=low
613 * fix bug in check_volume_access (fixes vzrestore)
615 -- Proxmox Support Team <support@proxmox.com> Mon, 13 Feb 2012 09:56:37 +0100
617 libpve-access-control (1.0-8) unstable; urgency=low
619 * fix return value for empty ACL list.
621 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Feb 2012 11:25:04 +0100
623 libpve-access-control (1.0-7) unstable; urgency=low
625 * fix bug #85: allow root@pam to generate tickets for other users
627 -- Proxmox Support Team <support@proxmox.com> Tue, 17 Jan 2012 06:40:18 +0100
629 libpve-access-control (1.0-6) unstable; urgency=low
631 * API change: allow to filter enabled/disabled users.
633 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Jan 2012 12:30:37 +0100
635 libpve-access-control (1.0-5) unstable; urgency=low
637 * add a way to return file changes (diffs): set_result_changes()
639 -- Proxmox Support Team <support@proxmox.com> Tue, 20 Dec 2011 11:18:48 +0100
641 libpve-access-control (1.0-4) unstable; urgency=low
643 * new environment type for ha agents
645 -- Proxmox Support Team <support@proxmox.com> Tue, 13 Dec 2011 10:08:53 +0100
647 libpve-access-control (1.0-3) unstable; urgency=low
649 * add support for delayed parameter parsing - We need that to disable
650 file upload for normal API request (avoid DOS attacs)
652 -- Proxmox Support Team <support@proxmox.com> Fri, 02 Dec 2011 09:56:10 +0100
654 libpve-access-control (1.0-2) unstable; urgency=low
656 * fix bug in fork_worker
658 -- Proxmox Support Team <support@proxmox.com> Tue, 11 Oct 2011 08:37:05 +0200
660 libpve-access-control (1.0-1) unstable; urgency=low
662 * allow '-' in permission paths
664 * bump version to 1.0
666 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jun 2011 13:51:48 +0200
668 libpve-access-control (0.1) unstable; urgency=low
670 * first dummy package - no functionality
672 -- Proxmox Support Team <support@proxmox.com> Thu, 09 Jul 2009 16:03:00 +0200