Commit graph

705 commits

Author SHA1 Message Date
Stéphane Lesimple
9eac699954 chore: doc: remove sparse trailing spaces from generated files 2023-03-03 11:59:06 +01:00
Stéphane Lesimple
76f25f287e enh: setup-encryption.sh: don't require install to be called before us 2023-03-03 10:32:10 +01:00
Stéphane Lesimple
e009fc417d doc: add restore from backup howto 2023-03-03 10:32:10 +01:00
Pierre Ducroquet
edb2ba8b97 fix links...
you know, redirections are great, right ? :)
2023-03-02 18:03:42 +01:00
Stéphane Lesimple
86d907acb6 release v3.10.00 2023-02-17 15:19:25 +01:00
Cédric Roussel
4d56c32853 fix: invalid suffixed account creation 2023-01-31 12:03:13 +01:00
Stéphane Lesimple
036f921c40 feat: add accountFreeze/accountUnfreeze 2022-12-30 17:53:08 +01:00
Stéphane Lesimple
0e787f4ea9 enh: accountInfo: add --no-password-info and --no-output 2022-12-30 17:53:08 +01:00
Stéphane Lesimple
b3683dfe6e enh: osh.pl: add the account name on each error message
This makes it clearer which bastion is outputing the error when
multiple bastions are involved, for example in realm cases
2022-12-30 17:53:08 +01:00
Stéphane Lesimple
4508b6b6a8 enh: more precise matching of ssh client error messages 2022-12-30 17:52:42 +01:00
Stéphane Lesimple
f82ff21062 chore: generate-sudoers.sh: sort alphabetically 2022-11-23 17:17:51 +01:00
Stéphane Lesimple
649c1fffbf release v3.09.02 2022-11-15 18:26:32 +01:00
Stéphane Lesimple
521836b17b fix: rare race condition introduced by b7f4909
Under some specific conditions, the execute() call could get deadlocked with the program it started,
both waiting for each other to read or write data. This is easier to reproduce with the `scp` plugin,
where the transfer would just stall. Introduce an additional intermediate buffer to avoid this race condition.
2022-11-15 17:34:47 +01:00
Stéphane Lesimple
21f29680b6 fix: basic mitigation for scp's CVE-2020-15778
This CVE will not be fixed by scp authors, and as far as The Bastion
is concerned, this can't be achieved by anybody that doesn't already
have shell access to the remote server in addition to the scp rights,
but let's still block it for good measure.
2022-11-15 14:56:49 +01:00
Stéphane Lesimple
659b3b118f chore: fix date typo in documentation 2022-10-27 15:43:45 +02:00
Stéphane Lesimple
4f0a80c9d4 release v3.09.01 2022-10-10 12:21:11 +02:00
Stéphane Lesimple
720222c423 fix: batch: don't attempt to read if stdin is closed 2022-09-21 11:57:55 +02:00
Stéphane Lesimple
b7f4909310 enh: make execute() way WAY faster 2022-09-21 11:57:55 +02:00
Stéphane Lesimple
1ebfb1e950 doc: update v3.09.00 release date 2022-09-21 11:54:59 +02:00
Stéphane Lesimple
3df86c58b3 release v3.09.00 2022-09-13 13:21:18 +02:00
Stéphane Lesimple
97b20c7ffe tests: higher tolerance for TTL tests 2022-09-13 13:21:18 +02:00
Stéphane Lesimple
8c82c3441b fix: accountInfo wasn't showing TTL account expiration #329 2022-09-09 17:14:25 +02:00
John Zimmermann
33fa768c27 fix: doc: use code-blocks:: instead of code::
code:: is not a recognized statement for sphinx,
code-blocks, as used on all other pages, is the correct one.
Syntax highlighting with shell does not work for the last two blocks.

Signed-off-by: John Zimmermann <John.Zimmermann@th-ab.de>
2022-09-09 10:48:41 +02:00
Stéphane Lesimple
0c96df0a3d enh: tests: faster perl-check script 2022-07-29 11:35:26 +02:00
Stéphane Lesimple
ebebed7be0 fix: remove spurious set +e/-e after commit bdea34c 2022-07-29 11:34:56 +02:00
Stéphane Lesimple
7b3c721f66 doc: add a missing parameter in ping's help 2022-07-29 11:34:43 +02:00
Stéphane Lesimple
a86f25470a chore: selfListEgressKeys: fix typo 2022-07-29 11:29:58 +02:00
Stéphane Lesimple
8c2b6a410a fix: accountUnlock: add missing check_spurious_args and no_auto_abbrev 2022-07-29 11:29:34 +02:00
Stéphane Lesimple
81aeb2ee3c release v3.09.00-rc3 2022-07-12 12:34:58 +02:00
Stéphane Lesimple
72cefa6417 fix: performance issues introduced by effab4a
Commit that introduced the performance degradation is effab4a
(fix: workaround for undocumented caching in getpw/getgr funcs)

Rewrote caching at the getpwent/getpwnam/getgrent/getgrnam level,
which restores performance pre-effab4a and even enhances it in somes cases,
for example on a 2000-accounts and 2000-groups bastion, we are:

- 11% faster on --osh help
- 35% faster on --osh selfListAccesses (reduces syscalls by 87%)
2022-07-12 10:07:16 +02:00
Stéphane Lesimple
7a3306a00d fix: cleanup-guest-key-access: use cache for performance 2022-07-12 10:07:16 +02:00
Stéphane Lesimple
bdea34ccad enh: install: better error detection 2022-07-11 12:06:42 +02:00
Stéphane Lesimple
8e148a6e53 release v3.09.00-rc2 2022-07-05 18:12:08 +02:00
Stéphane Lesimple
45070f833c enh: MFA: specify account name in message 2022-07-05 18:06:41 +02:00
Stéphane Lesimple
c89dd82d26 enh: print_public_key: better formatter 2022-07-05 18:04:19 +02:00
Stéphane Lesimple
6ccb43e938 enh: move some code from get_hashes_list() to a new get_password_file() 2022-07-05 18:04:19 +02:00
Stéphane Lesimple
7fafeb3e1d doc: osh-encrypt-rsync.conf: add verbose 2022-07-05 18:04:19 +02:00
Thomas Soëte
da6d80bef1 fix: Bad plugin name 2022-07-05 10:02:37 +02:00
Stéphane Lesimple
7ff286b00f v3.09.00-rc1 2022-07-04 11:06:54 +02:00
Stéphane Lesimple
73b6a625f5 feat: add support and tests for Ubuntu 22.04 LTS 2022-07-04 11:06:34 +02:00
Stéphane Lesimple
d75b221deb fix: group-specific idle timeouts: also handle password-only groups 2022-07-01 15:33:44 +02:00
Stéphane Lesimple
39e667f703 doc: amend groupModify documentation 2022-07-01 15:33:44 +02:00
Stéphane Lesimple
3956dc587b fix: ttyrec cmdline: don't add --warn-before-* when no --idle-*-timeout is specified 2022-07-01 15:33:44 +02:00
Stéphane Lesimple
291d897832 fix: group-specific timeouts: advertise the proper timeout that will be applied when connecting 2022-07-01 15:33:44 +02:00
Stéphane Lesimple
3540dc309c enh: groupInfo: clearer message for disabled idle/kill timeout policies 2022-07-01 15:33:44 +02:00
Stéphane Lesimple
46a01a546a feat: groupModify: add --idle-lock-timeout and --idle-kill-timeout for group-specific timeouts 2022-07-01 15:33:44 +02:00
Stéphane Lesimple
6fb528ccf1 chore: rename some vars for clarity 2022-07-01 15:33:44 +02:00
Stéphane Lesimple
e040afb074 chore: new perltidy rules 2022-07-01 10:21:19 +02:00
Stéphane Lesimple
bd2f069c7e enh: print a msg when no ingress keys are found 2022-07-01 10:10:17 +02:00
Stéphane Lesimple
7a043165bc fix: don't emit a membership log when nothing changed 2022-07-01 10:09:57 +02:00