libpve-access-control (7.4-3) bullseye; urgency=medium * use new 2nd factor verification from pve-rs -- Proxmox Support Team Tue, 16 May 2023 13:31:28 +0200 libpve-access-control (7.4-2) bullseye; urgency=medium * fix #4609: fix regression where a valid DN in the ldap/ad realm config wasn't accepted anymore -- Proxmox Support Team Thu, 23 Mar 2023 15:44:21 +0100 libpve-access-control (7.4-1) bullseye; urgency=medium * realm sync: refactor scope/remove-vanished into a standard option * ldap: Allow quoted values for DN attribute values -- Proxmox Support Team Mon, 20 Mar 2023 17:16:11 +0100 libpve-access-control (7.3-2) bullseye; urgency=medium * fix #4518: dramatically improve ACL computation performance * userid format: clarify that this is the full name@realm in description -- Proxmox Support Team Mon, 06 Mar 2023 11:40:11 +0100 libpve-access-control (7.3-1) bullseye; urgency=medium * realm: sync: allow explicit 'none' for 'remove-vanished' option -- Proxmox Support Team Fri, 16 Dec 2022 13:11:04 +0100 libpve-access-control (7.2-5) bullseye; urgency=medium * api: realm sync: avoid separate log line for "remove-vanished" opt * auth ldap/ad: compare group member dn case-insensitively * two factor auth: only lock tfa config for recovery keys * privs: add Sys.Incoming for guarding cross-cluster data streams like guest migrations and storage migrations -- Proxmox Support Team Thu, 17 Nov 2022 13:09:17 +0100 libpve-access-control (7.2-4) bullseye; urgency=medium * fix #4074: increase API OpenID code size limit to 2048 * auth key: protect against rare chance of a double rotation in clusters, leaving the potential that some set of nodes have the earlier key cached, that then got rotated out due to the race, resulting in a possible other set of nodes having the newer key cached. This is a split view of the auth key and may resulting in spurious failures if API requests are made to a different node than the ticket was generated on. In addition to that, the "keep validity of old tickets if signed in the last two hours before rotation" logic was disabled too in such a case, making such tickets invalid too early. Note that both are cases where Proxmox VE was too strict, so while this had no security implications it can be a nuisance, especially for environments that use the API through an automated or scripted way -- Proxmox Support Team Thu, 14 Jul 2022 08:36:51 +0200 libpve-access-control (7.2-3) bullseye; urgency=medium * api: token: use userid-group as API perm check to avoid being overly strict through a misguided use of user id for non-root users. * perm check: forbid undefined/empty ACL path for future proofing of against above issue -- Proxmox Support Team Mon, 20 Jun 2022 15:51:14 +0200 libpve-access-control (7.2-2) bullseye; urgency=medium * permissions: merge propagation flag for multiple roles on a path that share privilege in a deterministic way, to avoid that it gets lost depending on perl's random sort, which would result in returing less privileges than an auth-id actually had. * permissions: avoid that token and user privilege intersection is to strict for user permissions that have propagation disabled. -- Proxmox Support Team Fri, 03 Jun 2022 14:02:30 +0200 libpve-access-control (7.2-1) bullseye; urgency=medium * user check: fix expiration/enable order -- Proxmox Support Team Tue, 31 May 2022 13:43:37 +0200 libpve-access-control (7.1-8) bullseye; urgency=medium * fix #3668: realm-sync: replace 'full' & 'purge' with 'remove- vanished' -- Proxmox Support Team Thu, 28 Apr 2022 17:02:46 +0200 libpve-access-control (7.1-7) bullseye; urgency=medium * userid-group check: distinguish create and update * api: get user: declare token schema -- Proxmox Support Team Mon, 21 Mar 2022 16:15:23 +0100 libpve-access-control (7.1-6) bullseye; urgency=medium * fix #3768: warn on bad u2f or webauthn settings * tfa: when modifying others, verify the current user's password * tfa list: account for admin permissions * fix realm sync permissions * fix token permission display bug * include SDN permissions in permission tree -- Proxmox Support Team Fri, 21 Jan 2022 14:20:42 +0100 libpve-access-control (7.1-5) bullseye; urgency=medium * openid: fix username-claim fallback -- Proxmox Support Team Thu, 25 Nov 2021 07:57:38 +0100 libpve-access-control (7.1-4) bullseye; urgency=medium * set current origin in the webauthn config if no fixed origin was configured, to support webauthn via subdomains -- Proxmox Support Team Mon, 22 Nov 2021 14:04:06 +0100 libpve-access-control (7.1-3) bullseye; urgency=medium * openid: allow arbitrary username-claims * openid: support configuring the prompt, scopes and ACR values -- Proxmox Support Team Fri, 19 Nov 2021 08:11:52 +0100 libpve-access-control (7.1-2) bullseye; urgency=medium * catch incompatible tfa entries with a nice error -- Proxmox Support Team Wed, 17 Nov 2021 13:44:45 +0100 libpve-access-control (7.1-1) bullseye; urgency=medium * tfa: map HTTP 404 error in get_tfa_entry correctly -- Proxmox Support Team Mon, 15 Nov 2021 15:33:22 +0100 libpve-access-control (7.0-7) bullseye; urgency=medium * fix #3513: pass configured proxy to OpenID * use rust based parser for TFA config * use PBS-like auth api call flow, * merge old user.cfg keys to tfa config when adding entries * implement version checks for new tfa config writer to ensure all cluster nodes are ready to avoid login issues * tickets: add tunnel ticket -- Proxmox Support Team Thu, 11 Nov 2021 18:17:49 +0100 libpve-access-control (7.0-6) bullseye; urgency=medium * fix regression in user deletion when realm does not enforce TFA -- Proxmox Support Team Thu, 21 Oct 2021 12:28:52 +0200 libpve-access-control (7.0-5) bullseye; urgency=medium * acl: check path: add /sdn/vnets/* path * fix #2302: allow deletion of users when realm enforces TFA * api: delete user: disable user first to avoid surprise on error during the various cleanup action required for user deletion (e.g., TFA, ACL, group) -- Proxmox Support Team Mon, 27 Sep 2021 15:50:47 +0200 libpve-access-control (7.0-4) bullseye; urgency=medium * realm: add OpenID configuration * api: implement OpenID related endpoints * implement opt-in OpenID autocreate user feature * api: user: add 'realm-type' to user list response -- Proxmox Support Team Fri, 02 Jul 2021 13:45:46 +0200 libpve-access-control (7.0-3) bullseye; urgency=medium * api: acl: add missing `/access/realm/`, `/access/group/` and `/sdn/zones/` to allowed ACL paths -- Proxmox Support Team Mon, 21 Jun 2021 10:31:19 +0200 libpve-access-control (7.0-2) bullseye; urgency=medium * fix #3402: add Pool.Audit privilege - custom roles containing Pool.Allocate must be updated to include the new privilege. -- Proxmox Support Team Tue, 1 Jun 2021 11:28:38 +0200 libpve-access-control (7.0-1) bullseye; urgency=medium * re-build for Debian 11 Bullseye based releases -- Proxmox Support Team Sun, 09 May 2021 18:18:23 +0200 libpve-access-control (6.4-1) pve; urgency=medium * fix #1670: change PAM service name to project specific name * fix #1500: permission path syntax check for access control * pveum: add resource pool CLI commands -- Proxmox Support Team Sat, 24 Apr 2021 19:48:21 +0200 libpve-access-control (6.1-3) pve; urgency=medium * partially fix #2825: authkey: rotate if it was generated in the future * fix #2947: add an option to LDAP or AD realm to switch user lookup to case insensitive -- Proxmox Support Team Tue, 29 Sep 2020 08:54:13 +0200 libpve-access-control (6.1-2) pve; urgency=medium * also check SDN permission path when computing coarse permissions heuristic for UIs * add SDN Permissions.Modify * add VM.Config.Cloudinit -- Proxmox Support Team Tue, 30 Jun 2020 13:06:56 +0200 libpve-access-control (6.1-1) pve; urgency=medium * pveum: add tfa delete subcommand for deleting user-TFA * LDAP: don't complain about missing credentials on realm removal * LDAP: skip anonymous bind when client certificate and key is configured -- Proxmox Support Team Fri, 08 May 2020 17:47:41 +0200 libpve-access-control (6.0-7) pve; urgency=medium * fix #2575: die when trying to edit built-in roles * add realm sub commands to pveum CLI tool * api: domains: add user group sync API endpoint * allow one to sync and import users and groups from LDAP/AD based realms * realm: add default-sync-options to config for more convenient sync configuration * api: token create: return also full token id for convenience -- Proxmox Support Team Sat, 25 Apr 2020 19:35:17 +0200 libpve-access-control (6.0-6) pve; urgency=medium * API: add group members to group index * implement API token support and management * pveum: add 'pveum user token add/update/remove/list' * pveum: add permissions sub-commands * API: add 'permissions' API endpoint * user.cfg: skip inexisting roles when parsing ACLs -- Proxmox Support Team Wed, 29 Jan 2020 10:17:27 +0100 libpve-access-control (6.0-5) pve; urgency=medium * pveum: add list command for users, groups, ACLs and roles * add initial permissions for experimental SDN integration -- Proxmox Support Team Tue, 26 Nov 2019 17:56:37 +0100 libpve-access-control (6.0-4) pve; urgency=medium * ticket: use clinfo to get cluster name * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as SSL version -- Proxmox Support Team Mon, 18 Nov 2019 11:55:11 +0100 libpve-access-control (6.0-3) pve; urgency=medium * fix #2433: increase possible TFA secret length * parse user configuration: correctly parse group names in ACLs, for users which begin their name with an @ * sort user.cfg entries alphabetically -- Proxmox Support Team Tue, 29 Oct 2019 08:52:23 +0100 libpve-access-control (6.0-2) pve; urgency=medium * improve CSRF verification compatibility with newer PVE -- Proxmox Support Team Wed, 26 Jun 2019 20:24:35 +0200 libpve-access-control (6.0-1) pve; urgency=medium * ticket: properly verify exactly 5 minute old tickets * use hmac_sha256 instead of sha1 for CSRF token generation -- Proxmox Support Team Mon, 24 Jun 2019 18:14:45 +0200 libpve-access-control (6.0-0+1) pve; urgency=medium * bump for Debian buster * fix #2079: add periodic auth key rotation -- Proxmox Support Team Tue, 21 May 2019 21:31:15 +0200 libpve-access-control (5.1-10) unstable; urgency=medium * add /access/user/{id}/tfa api call to get tfa types -- Proxmox Support Team Wed, 15 May 2019 16:21:10 +0200 libpve-access-control (5.1-9) unstable; urgency=medium * store the tfa type in user.cfg allowing to get it without proxying the call to a higher privileged daemon. * tfa: realm required TFA should lock out users without TFA configured, as it was done before Proxmox VE 5.4 -- Proxmox Support Team Tue, 30 Apr 2019 14:01:00 +0000 libpve-access-control (5.1-8) unstable; urgency=medium * U2F: ensure we save correct public key on registration -- Proxmox Support Team Tue, 09 Apr 2019 12:47:12 +0200 libpve-access-control (5.1-7) unstable; urgency=medium * verify_ticket: allow general non-challenge tfa to be run as two step call -- Proxmox Support Team Mon, 08 Apr 2019 16:56:14 +0200 libpve-access-control (5.1-6) unstable; urgency=medium * more general 2FA configuration via priv/tfa.cfg * add u2f api endpoints * delete TFA entries when deleting a user * allow users to change their TOTP settings -- Proxmox Support Team Wed, 03 Apr 2019 13:40:26 +0200 libpve-access-control (5.1-5) unstable; urgency=medium * fix vnc ticket verification without authkey lifetime -- Proxmox Support Team Mon, 18 Mar 2019 10:43:17 +0100 libpve-access-control (5.1-4) unstable; urgency=medium * fix #1891: Add zsh command completion for pveum * ground work to fix #2079: add periodic auth key rotation. Not yet enabled to avoid issues on upgrade, will be enabled with 6.0 -- Proxmox Support Team Mon, 18 Mar 2019 09:12:05 +0100 libpve-access-control (5.1-3) unstable; urgency=medium * api/ticket: move getting cluster name into an eval -- Proxmox Support Team Thu, 29 Nov 2018 12:59:36 +0100 libpve-access-control (5.1-2) unstable; urgency=medium * fix #1998: correct return properties for read_role -- Proxmox Support Team Fri, 23 Nov 2018 14:22:40 +0100 libpve-access-control (5.1-1) unstable; urgency=medium * pveum: introduce sub-commands * register userid with completion * fix #233: return cluster name on successful login -- Proxmox Support Team Thu, 15 Nov 2018 09:34:47 +0100 libpve-access-control (5.0-8) unstable; urgency=medium * fix #1612: ldap: make 2nd server work with bind domains again * fix an error message where passing a bad pool id to an API function would make it complain about a wrong group name instead * fix the API-returned permission list so that the GUI knows to show the 'Permissions' tab for a storage to an administrator apart from root@pam -- Proxmox Support Team Thu, 18 Jan 2018 13:34:50 +0100 libpve-access-control (5.0-7) unstable; urgency=medium * VM.Snapshot.Rollback privilege added * api: check for special roles before locking the usercfg * fix #1501: pveum: die when deleting special role * API/ticket: rework coarse grained permission computation -- Proxmox Support Team Thu, 5 Oct 2017 11:27:48 +0200 libpve-access-control (5.0-6) unstable; urgency=medium * Close #1470: Add server ceritifcate verification for AD and LDAP via the 'verify' option. For compatibility reasons this defaults to off for now, but that might change with future updates. * AD, LDAP: Add ability to specify a CA path or file, and a client certificate via the 'capath', 'cert' and 'certkey' options. -- Proxmox Support Team Tue, 08 Aug 2017 11:56:38 +0200 libpve-access-control (5.0-5) unstable; urgency=medium * change from dpkg-deb to dpkg-buildpackage -- Proxmox Support Team Thu, 22 Jun 2017 09:12:37 +0200 libpve-access-control (5.0-4) unstable; urgency=medium * PVE/CLI/pveum.pm: call setup_default_cli_env() * PVE/Auth/PVE.pm: encode uft8 password before calling crypt * check_api2_permissions: avoid warning about uninitialized value -- Proxmox Support Team Tue, 02 May 2017 11:58:15 +0200 libpve-access-control (5.0-3) unstable; urgency=medium * use new PVE::OTP class from pve-common * use new PVE::Tools::encrypt_pw from pve-common -- Proxmox Support Team Thu, 30 Mar 2017 17:45:55 +0200 libpve-access-control (5.0-2) unstable; urgency=medium * encrypt_pw: avoid '+' for crypt salt -- Proxmox Support Team Thu, 30 Mar 2017 08:54:10 +0200 libpve-access-control (5.0-1) unstable; urgency=medium * rebuild for PVE 5.0 -- Proxmox Support Team Mon, 6 Mar 2017 13:42:01 +0100 libpve-access-control (4.0-23) unstable; urgency=medium * use new PVE::Ticket class -- Proxmox Support Team Thu, 19 Jan 2017 13:42:06 +0100 libpve-access-control (4.0-22) unstable; urgency=medium * RPCEnvironment: removed check_volume_access() to avoid cyclic dependency (moved to PVE::Storage) * PVE::PCEnvironment: use new PVE::RESTEnvironment as base class -- Proxmox Support Team Thu, 19 Jan 2017 09:12:04 +0100 libpve-access-control (4.0-21) unstable; urgency=medium * setup_default_cli_env: expect $class as first parameter -- Proxmox Support Team Thu, 12 Jan 2017 13:54:27 +0100 libpve-access-control (4.0-20) unstable; urgency=medium * PVE/RPCEnvironment.pm: new function setup_default_cli_env * PVE/API2/Domains.pm: fix property description * use new repoman for upload target -- Proxmox Support Team Wed, 11 Jan 2017 12:13:26 +0100 libpve-access-control (4.0-19) unstable; urgency=medium * Close #833: ldap: non-anonymous bind support * don't import 'RFC' from MIME::Base32 -- Proxmox Support Team Fri, 05 Aug 2016 13:09:08 +0200 libpve-access-control (4.0-18) unstable; urgency=medium * fix #1062: recognize base32 otp keys again -- Proxmox Support Team Thu, 21 Jul 2016 08:43:18 +0200 libpve-access-control (4.0-17) unstable; urgency=medium * drop oathtool and libdigest-hmac-perl dependencies -- Proxmox Support Team Mon, 11 Jul 2016 12:03:22 +0200 libpve-access-control (4.0-16) unstable; urgency=medium * use pve-doc-generator to generate man pages -- Proxmox Support Team Fri, 08 Apr 2016 07:06:05 +0200 libpve-access-control (4.0-15) unstable; urgency=medium * Fix uninitialized warning when shadow.cfg does not exist -- Proxmox Support Team Fri, 01 Apr 2016 07:10:57 +0200 libpve-access-control (4.0-14) unstable; urgency=medium * Add is_worker to RPCEnvironment -- Proxmox Support Team Tue, 15 Mar 2016 16:47:34 +0100 libpve-access-control (4.0-13) unstable; urgency=medium * fix #916: allow HTTPS to access custom yubico url -- Proxmox Support Team Mon, 14 Mar 2016 11:39:23 +0100 libpve-access-control (4.0-12) unstable; urgency=medium * Catch certificate errors instead of segfaulting -- Proxmox Support Team Wed, 09 Mar 2016 14:41:01 +0100 libpve-access-control (4.0-11) unstable; urgency=medium * Fix #861: use safer sprintf formatting -- Proxmox Support Team Fri, 08 Jan 2016 12:52:39 +0100 libpve-access-control (4.0-10) unstable; urgency=medium * Auth::LDAP, Auth::AD: ipv6 support -- Proxmox Support Team Thu, 03 Dec 2015 12:09:32 +0100 libpve-access-control (4.0-9) unstable; urgency=medium * pveum: implement bash completion -- Proxmox Support Team Thu, 01 Oct 2015 17:22:52 +0200 libpve-access-control (4.0-8) unstable; urgency=medium * remove_storage_access: cleanup of access permissions for removed storage -- Proxmox Support Team Wed, 19 Aug 2015 15:39:15 +0200 libpve-access-control (4.0-7) unstable; urgency=medium * new helper to remove access permissions for removed VMs -- Proxmox Support Team Fri, 14 Aug 2015 07:57:02 +0200 libpve-access-control (4.0-6) unstable; urgency=medium * improve parse_user_config, parse_shadow_config -- Proxmox Support Team Mon, 27 Jul 2015 13:14:33 +0200 libpve-access-control (4.0-5) unstable; urgency=medium * pveum: check for $cmd being defined -- Proxmox Support Team Wed, 10 Jun 2015 10:40:15 +0200 libpve-access-control (4.0-4) unstable; urgency=medium * use activate-noawait triggers -- Proxmox Support Team Mon, 01 Jun 2015 12:25:31 +0200 libpve-access-control (4.0-3) unstable; urgency=medium * IPv6 fixes * non-root buildfix -- Proxmox Support Team Wed, 27 May 2015 11:15:44 +0200 libpve-access-control (4.0-2) unstable; urgency=medium * trigger pve-api-updates event -- Proxmox Support Team Tue, 05 May 2015 15:06:38 +0200 libpve-access-control (4.0-1) unstable; urgency=medium * bump version for Debian Jessie -- Proxmox Support Team Thu, 26 Feb 2015 11:22:01 +0100 libpve-access-control (3.0-16) unstable; urgency=low * root@pam can now be disabled in GUI. -- Proxmox Support Team Fri, 30 Jan 2015 06:20:22 +0100 libpve-access-control (3.0-15) unstable; urgency=low * oath: add 'step' and 'digits' option -- Proxmox Support Team Wed, 23 Jul 2014 06:59:52 +0200 libpve-access-control (3.0-14) unstable; urgency=low * add oath two factor auth * add oathkeygen binary to generate keys for oath * add yubico two factor auth * dedend on oathtool * depend on libmime-base32-perl * allow to write builtin auth domains config (comment/tfa/default) -- Proxmox Support Team Thu, 17 Jul 2014 13:09:56 +0200 libpve-access-control (3.0-13) unstable; urgency=low * use correct connection string for AD auth -- Proxmox Support Team Thu, 22 May 2014 07:16:09 +0200 libpve-access-control (3.0-12) unstable; urgency=low * add dummy API for GET /access/ticket (useful to generate login pages) -- Proxmox Support Team Wed, 30 Apr 2014 14:47:56 +0200 libpve-access-control (3.0-11) unstable; urgency=low * Sets common hot keys for spice client -- Proxmox Support Team Fri, 31 Jan 2014 10:24:28 +0100 libpve-access-control (3.0-10) unstable; urgency=low * implement helper to generate SPICE remote-viewer configuration * depend on libnet-ssleay-perl -- Proxmox Support Team Tue, 10 Dec 2013 10:45:08 +0100 libpve-access-control (3.0-9) unstable; urgency=low * prevent user enumeration attacks * allow dots in access paths -- Proxmox Support Team Mon, 18 Nov 2013 09:06:38 +0100 libpve-access-control (3.0-8) unstable; urgency=low * spice: use lowercase hostname in ticktet signature -- Proxmox Support Team Mon, 28 Oct 2013 08:11:57 +0100 libpve-access-control (3.0-7) unstable; urgency=low * check_volume_access : use parse_volname instead of path, and remove path related code. * use warnings instead of global -w flag. -- Proxmox Support Team Tue, 01 Oct 2013 12:35:53 +0200 libpve-access-control (3.0-6) unstable; urgency=low * use shorter spiceproxy tickets -- Proxmox Support Team Fri, 19 Jul 2013 12:39:09 +0200 libpve-access-control (3.0-5) unstable; urgency=low * add code to generate tickets for SPICE -- Proxmox Support Team Wed, 26 Jun 2013 13:08:32 +0200 libpve-access-control (3.0-4) unstable; urgency=low * moved add_vm_to_pool/remove_vm_from_pool from qemu-server -- Proxmox Support Team Tue, 14 May 2013 11:56:54 +0200 libpve-access-control (3.0-3) unstable; urgency=low * Add new role PVETemplateUser (and VM.Clone privilege) -- Proxmox Support Team Mon, 29 Apr 2013 11:42:15 +0200 libpve-access-control (3.0-2) unstable; urgency=low * remove CGI.pm related code (pveproxy does not need that) -- Proxmox Support Team Mon, 15 Apr 2013 12:34:23 +0200 libpve-access-control (3.0-1) unstable; urgency=low * bump version for wheezy release -- Proxmox Support Team Fri, 15 Mar 2013 08:07:06 +0100 libpve-access-control (1.0-26) unstable; urgency=low * check_volume_access: fix access permissions for backup files -- Proxmox Support Team Thu, 28 Feb 2013 10:00:14 +0100 libpve-access-control (1.0-25) unstable; urgency=low * add VM.Snapshot permission -- Proxmox Support Team Mon, 10 Sep 2012 09:23:32 +0200 libpve-access-control (1.0-24) unstable; urgency=low * untaint path (allow root to restore arbitrary paths) -- Proxmox Support Team Wed, 06 Jun 2012 13:06:34 +0200 libpve-access-control (1.0-23) unstable; urgency=low * correctly compute GUI capabilities (consider pools) -- Proxmox Support Team Wed, 30 May 2012 08:47:23 +0200 libpve-access-control (1.0-22) unstable; urgency=low * new plugin architecture for Auth modules, minor API change for Auth domains (new 'delete' parameter) -- Proxmox Support Team Wed, 16 May 2012 07:21:44 +0200 libpve-access-control (1.0-21) unstable; urgency=low * do not allow user names including slash -- Proxmox Support Team Tue, 24 Apr 2012 10:07:47 +0200 libpve-access-control (1.0-20) unstable; urgency=low * add ability to fork cli workers in background -- Proxmox Support Team Wed, 18 Apr 2012 08:28:20 +0200 libpve-access-control (1.0-19) unstable; urgency=low * return set of privileges on login - can be used to adopt GUI -- Proxmox Support Team Tue, 17 Apr 2012 10:25:10 +0200 libpve-access-control (1.0-18) unstable; urgency=low * fix bug #151: correctly parse username inside ticket * fix bug #152: allow user to change his own password -- Proxmox Support Team Wed, 11 Apr 2012 09:40:15 +0200 libpve-access-control (1.0-17) unstable; urgency=low * set propagate flag by default -- Proxmox Support Team Thu, 01 Mar 2012 12:40:19 +0100 libpve-access-control (1.0-16) unstable; urgency=low * add 'pveum passwd' method -- Proxmox Support Team Thu, 23 Feb 2012 12:05:25 +0100 libpve-access-control (1.0-15) unstable; urgency=low * Add VM.Config.CDROM privilege to PVEVMUser rule -- Proxmox Support Team Wed, 22 Feb 2012 11:44:23 +0100 libpve-access-control (1.0-14) unstable; urgency=low * fix buf in userid-param permission check -- Proxmox Support Team Wed, 22 Feb 2012 10:52:35 +0100 libpve-access-control (1.0-13) unstable; urgency=low * allow more characters in ldap base_dn attribute -- Proxmox Support Team Wed, 22 Feb 2012 06:17:02 +0100 libpve-access-control (1.0-12) unstable; urgency=low * allow more characters with realm IDs -- Proxmox Support Team Mon, 20 Feb 2012 08:50:33 +0100 libpve-access-control (1.0-11) unstable; urgency=low * fix bug in exec_api2_perm_check -- Proxmox Support Team Wed, 15 Feb 2012 07:06:30 +0100 libpve-access-control (1.0-10) unstable; urgency=low * fix ACL group name parser * changed 'pveum aclmod' command line arguments -- Proxmox Support Team Tue, 14 Feb 2012 12:08:02 +0100 libpve-access-control (1.0-9) unstable; urgency=low * fix bug in check_volume_access (fixes vzrestore) -- Proxmox Support Team Mon, 13 Feb 2012 09:56:37 +0100 libpve-access-control (1.0-8) unstable; urgency=low * fix return value for empty ACL list. -- Proxmox Support Team Fri, 10 Feb 2012 11:25:04 +0100 libpve-access-control (1.0-7) unstable; urgency=low * fix bug #85: allow root@pam to generate tickets for other users -- Proxmox Support Team Tue, 17 Jan 2012 06:40:18 +0100 libpve-access-control (1.0-6) unstable; urgency=low * API change: allow to filter enabled/disabled users. -- Proxmox Support Team Wed, 11 Jan 2012 12:30:37 +0100 libpve-access-control (1.0-5) unstable; urgency=low * add a way to return file changes (diffs): set_result_changes() -- Proxmox Support Team Tue, 20 Dec 2011 11:18:48 +0100 libpve-access-control (1.0-4) unstable; urgency=low * new environment type for ha agents -- Proxmox Support Team Tue, 13 Dec 2011 10:08:53 +0100 libpve-access-control (1.0-3) unstable; urgency=low * add support for delayed parameter parsing - We need that to disable file upload for normal API request (avoid DOS attacks) -- Proxmox Support Team Fri, 02 Dec 2011 09:56:10 +0100 libpve-access-control (1.0-2) unstable; urgency=low * fix bug in fork_worker -- Proxmox Support Team Tue, 11 Oct 2011 08:37:05 +0200 libpve-access-control (1.0-1) unstable; urgency=low * allow '-' in permission paths * bump version to 1.0 -- Proxmox Support Team Mon, 27 Jun 2011 13:51:48 +0200 libpve-access-control (0.1) unstable; urgency=low * first dummy package - no functionality -- Proxmox Support Team Thu, 09 Jul 2009 16:03:00 +0200