Commit graph

705 commits

Author SHA1 Message Date
Stéphane Lesimple
58354cc305 chore: factorize user@host:port display in machine_display() 2024-12-24 14:46:36 +01:00
Stéphane Lesimple
9e357333db chg: groupInfo: remove deprecated JSON fields
Remove 'partial_members' and 'full_members' from JSON output,
which were replaced by 'members' and 'guests' since pre-v3.00.00
2024-12-24 14:46:36 +01:00
Stéphane Lesimple
26932258be enh: accountInfo: add osh-only information for accounts 2024-12-24 14:46:36 +01:00
Stéphane Lesimple
92d8b421c2 fix: groupInfo: don't attempt to (and fail) display the guest list when account doesn't have access to it 2024-12-24 14:46:36 +01:00
Stéphane Lesimple
a20a3b8a5d fix: accountInfo: don't attempt (and fail) to display info non-auditors don't have access to 2024-12-24 14:46:36 +01:00
Stéphane Lesimple
1d9ae483da chg: set ECDSA as default egress key algo for new installs 2024-12-24 14:46:36 +01:00
Stéphane Lesimple
545547de6d chore: tests: no longer run consistency check by default
This is slow and almost never catched a bug, so consistency check is
still supported but will not run by default, as it is quite slow,
checking the system between each and every test. The option
--skip-consistency-check is now ignored, and a new option to enable
it has been added: --consistency-check
2024-12-24 14:46:36 +01:00
Stéphane Lesimple
4de9f88fe4 chore: faster tests by removing grant/revoke command dance
When restricted commands need to be used during tests,
we now use "account0" which has all these commands granted,
instead of granting/revoking commands every time with no added
value with respect to the tests.

This was previously required for OSes that have a limit to the
number of groups an account can be a member of, but these OSes
have now long been unsupported.
2024-12-24 14:46:36 +01:00
Stéphane Lesimple
e0d5617435
chore: update README (#514)
Co-authored-by: Adrien Barreau <adrien.barreau@live.fr>
2024-12-24 14:46:08 +01:00
Stéphane Lesimple
598ba3f33c fix: deny netblocks for nc, mtr, ping, alive plugins 2024-12-23 15:06:52 +01:00
Stéphane Lesimple
1859d6ab41 release v3.18.00 2024-12-10 14:21:40 +01:00
Stéphane Lesimple
4062b3e046 chore: add release notes to doc/ 2024-12-10 14:21:30 +01:00
Stéphane Lesimple
ad54cc6aad chore: speedup tests in 330-selfkeys.sh 2024-12-10 14:21:20 +01:00
Stéphane Lesimple
92bc512050 feat: add assetForgetHostKey 2024-12-10 14:21:20 +01:00
Stéphane Lesimple
62613bf894 fix: scp: downloads would sometimes stall (#486) 2024-12-10 12:18:47 +01:00
Stéphane Lesimple
55f276e8cf release v3.17.01 2024-10-23 13:46:09 +02:00
Stéphane Lesimple
117f222338 chore: change pod cuts to make recent versions of perltidy happy 2024-10-23 11:22:34 +02:00
TomRicci
05236c1410 fix: documentation selfDelPersonalAccess.rst 2024-10-23 11:16:51 +02:00
TomRicci
96e28fd237 fix: documentation selfAddPersonalAccess.rst 2024-10-23 11:16:51 +02:00
TomRicci
b0202c43eb fix: documentation accountDelPersonalAccess.rst 2024-10-23 11:16:51 +02:00
TomRicci
b40a9e5b72 fix: documentation accountAddPersonalAccess.rst 2024-10-23 11:16:51 +02:00
TomRicci
e9fac9b163 fix: documentation groupDelGuestAccess.rst 2024-10-23 11:16:51 +02:00
TomRicci
f5d9f403dc fix: documentation groupAddGuestAccess.rst 2024-10-23 11:16:51 +02:00
TomRicci
a64db67fe2 fix: lint ACL.pm 2024-10-23 11:16:51 +02:00
TomRicci
949d68485e fix: message scpdownload scpupload in scp.override.rst 2024-10-23 11:16:51 +02:00
TomRicci
d188c1fc5c fix: message scpdownload scpupload in scp.rst 2024-10-23 11:16:51 +02:00
TomRicci
f599793c76 fix: protocol scpdownload scpupload in 395-mfa-scp-sftp-rsync.sh 2024-10-23 11:16:51 +02:00
TomRicci
e418b5126c fix: message scpdownload scpupload in scp 2024-10-23 11:16:51 +02:00
TomRicci
457df64290 fix: message scpdownload scpupload in groupDelGuestAccess 2024-10-23 11:16:51 +02:00
TomRicci
a0e6486753 fix: message scpdownload scpupload in groupAddGuestAccess 2024-10-23 11:16:51 +02:00
TomRicci
ecceeb8bb5 fix: message scpdownload scpupload in accountAddPersonalAccess 2024-10-23 11:16:51 +02:00
TomRicci
92f7dcc920 fix: message scpdownload scpupload in selfDelPersonalAccess 2024-10-23 11:16:51 +02:00
TomRicci
f67f064e67 fix: message scpdownload scpupload in selfAddPersonalAccess 2024-10-23 11:16:51 +02:00
TomRicci
6842792bce fix: message scpdownload scpupload in accountDelPersonalAccess 2024-10-23 11:16:51 +02:00
TomRicci
e095008175 fix: message scpdownload scpupload in sftp_scp_rsync.rst 2024-10-23 11:16:51 +02:00
TomRicci
6432771123 fix: message scpdownload scpupload in upgrading.rst 2024-10-23 11:16:51 +02:00
TomRicci
dc27e041a0 fix: message protocol in ACL.pm 2024-10-23 11:16:51 +02:00
Stéphane Lesimple
529a1325d5 enh: interactive: handle CTRL+C nicely (fix #497) 2024-10-21 16:18:49 +02:00
Stéphane Lesimple
8cafbc854c fix: allow ssh-as in connect.pl 2024-10-16 13:45:10 +02:00
Stéphane Lesimple
36352d6dcc fix: osh.pl: remove a warning on interactive mode timeout 2024-10-16 12:24:45 +02:00
Stéphane Lesimple
eb866bd16b release v3.17.00 2024-10-14 17:01:02 +02:00
Stéphane Lesimple
c93498c762 fix: opensuse: add procps package (for pkill) 2024-10-14 17:01:02 +02:00
Stéphane Lesimple
790f4c3e92 fix: osh.pl: propagate signals to plugins before exiting 2024-10-14 15:53:32 +02:00
Stéphane Lesimple
4196a5b1c7 release v3.16.99-rc3 2024-09-25 11:54:09 +02:00
Stéphane Lesimple
3ee9a5d896 fix: regression introduced by 932e72e for stealth stdout in ssh
Before 932e72e, plugin-scoped stealthStdout was ignored, which was
fixed by 932e72e which in turn made ssh ignore the pattern-based egress ssh
stealthStdout option.

This fix ensures stealthStdout is honored for both plugins and egress ssh.
2024-09-25 11:53:51 +02:00
Stéphane Lesimple
a0ec3ff9ee release v3.16.99-rc2 2024-09-17 14:45:36 +02:00
Stéphane Lesimple
accd50eea7 feat: add rsync support to --protocol 2024-09-17 14:44:28 +02:00
Stéphane Lesimple
858bb5157e enh: plugins: add validate_tuple() so a plugin can validate user@host:port independently 2024-09-17 14:44:28 +02:00
Stéphane Lesimple
19ef1b2668 enh: plugins: add --protocol to handle scp, sftp, rsync
Replace --sftp --scpup --scpdown by --protocol PROTOCOL.
Also take the opportunity to replace --user-any by --user * and --port-any by --port *.
All the legacy options are still supported but are now undocumented.
2024-09-17 14:44:28 +02:00
Stéphane Lesimple
454c16b4ce refacto: move special protocols checks into a lib 2024-09-17 14:44:28 +02:00