Stéphane Lesimple
9eac699954
chore: doc: remove sparse trailing spaces from generated files
2023-03-03 11:59:06 +01:00
Stéphane Lesimple
76f25f287e
enh: setup-encryption.sh: don't require install to be called before us
2023-03-03 10:32:10 +01:00
Stéphane Lesimple
e009fc417d
doc: add restore from backup howto
2023-03-03 10:32:10 +01:00
Pierre Ducroquet
edb2ba8b97
fix links...
...
you know, redirections are great, right ? :)
2023-03-02 18:03:42 +01:00
Stéphane Lesimple
86d907acb6
release v3.10.00
2023-02-17 15:19:25 +01:00
Cédric Roussel
4d56c32853
fix: invalid suffixed account creation
2023-01-31 12:03:13 +01:00
Stéphane Lesimple
036f921c40
feat: add accountFreeze/accountUnfreeze
2022-12-30 17:53:08 +01:00
Stéphane Lesimple
0e787f4ea9
enh: accountInfo: add --no-password-info and --no-output
2022-12-30 17:53:08 +01:00
Stéphane Lesimple
b3683dfe6e
enh: osh.pl: add the account name on each error message
...
This makes it clearer which bastion is outputing the error when
multiple bastions are involved, for example in realm cases
2022-12-30 17:53:08 +01:00
Stéphane Lesimple
4508b6b6a8
enh: more precise matching of ssh client error messages
2022-12-30 17:52:42 +01:00
Stéphane Lesimple
f82ff21062
chore: generate-sudoers.sh: sort alphabetically
2022-11-23 17:17:51 +01:00
Stéphane Lesimple
649c1fffbf
release v3.09.02
2022-11-15 18:26:32 +01:00
Stéphane Lesimple
521836b17b
fix: rare race condition introduced by b7f4909
...
Under some specific conditions, the execute() call could get deadlocked with the program it started,
both waiting for each other to read or write data. This is easier to reproduce with the `scp` plugin,
where the transfer would just stall. Introduce an additional intermediate buffer to avoid this race condition.
2022-11-15 17:34:47 +01:00
Stéphane Lesimple
21f29680b6
fix: basic mitigation for scp's CVE-2020-15778
...
This CVE will not be fixed by scp authors, and as far as The Bastion
is concerned, this can't be achieved by anybody that doesn't already
have shell access to the remote server in addition to the scp rights,
but let's still block it for good measure.
2022-11-15 14:56:49 +01:00
Stéphane Lesimple
659b3b118f
chore: fix date typo in documentation
2022-10-27 15:43:45 +02:00
Stéphane Lesimple
4f0a80c9d4
release v3.09.01
2022-10-10 12:21:11 +02:00
Stéphane Lesimple
720222c423
fix: batch: don't attempt to read if stdin is closed
2022-09-21 11:57:55 +02:00
Stéphane Lesimple
b7f4909310
enh: make execute() way WAY faster
2022-09-21 11:57:55 +02:00
Stéphane Lesimple
1ebfb1e950
doc: update v3.09.00 release date
2022-09-21 11:54:59 +02:00
Stéphane Lesimple
3df86c58b3
release v3.09.00
2022-09-13 13:21:18 +02:00
Stéphane Lesimple
97b20c7ffe
tests: higher tolerance for TTL tests
2022-09-13 13:21:18 +02:00
Stéphane Lesimple
8c82c3441b
fix: accountInfo wasn't showing TTL account expiration #329
2022-09-09 17:14:25 +02:00
John Zimmermann
33fa768c27
fix: doc: use code-blocks:: instead of code::
...
code:: is not a recognized statement for sphinx,
code-blocks, as used on all other pages, is the correct one.
Syntax highlighting with shell does not work for the last two blocks.
Signed-off-by: John Zimmermann <John.Zimmermann@th-ab.de>
2022-09-09 10:48:41 +02:00
Stéphane Lesimple
0c96df0a3d
enh: tests: faster perl-check script
2022-07-29 11:35:26 +02:00
Stéphane Lesimple
ebebed7be0
fix: remove spurious set +e/-e after commit bdea34c
2022-07-29 11:34:56 +02:00
Stéphane Lesimple
7b3c721f66
doc: add a missing parameter in ping's help
2022-07-29 11:34:43 +02:00
Stéphane Lesimple
a86f25470a
chore: selfListEgressKeys: fix typo
2022-07-29 11:29:58 +02:00
Stéphane Lesimple
8c2b6a410a
fix: accountUnlock: add missing check_spurious_args and no_auto_abbrev
2022-07-29 11:29:34 +02:00
Stéphane Lesimple
81aeb2ee3c
release v3.09.00-rc3
2022-07-12 12:34:58 +02:00
Stéphane Lesimple
72cefa6417
fix: performance issues introduced by effab4a
...
Commit that introduced the performance degradation is effab4a
(fix: workaround for undocumented caching in getpw/getgr funcs)
Rewrote caching at the getpwent/getpwnam/getgrent/getgrnam level,
which restores performance pre-effab4a and even enhances it in somes cases,
for example on a 2000-accounts and 2000-groups bastion, we are:
- 11% faster on --osh help
- 35% faster on --osh selfListAccesses (reduces syscalls by 87%)
2022-07-12 10:07:16 +02:00
Stéphane Lesimple
7a3306a00d
fix: cleanup-guest-key-access: use cache for performance
2022-07-12 10:07:16 +02:00
Stéphane Lesimple
bdea34ccad
enh: install: better error detection
2022-07-11 12:06:42 +02:00
Stéphane Lesimple
8e148a6e53
release v3.09.00-rc2
2022-07-05 18:12:08 +02:00
Stéphane Lesimple
45070f833c
enh: MFA: specify account name in message
2022-07-05 18:06:41 +02:00
Stéphane Lesimple
c89dd82d26
enh: print_public_key: better formatter
2022-07-05 18:04:19 +02:00
Stéphane Lesimple
6ccb43e938
enh: move some code from get_hashes_list() to a new get_password_file()
2022-07-05 18:04:19 +02:00
Stéphane Lesimple
7fafeb3e1d
doc: osh-encrypt-rsync.conf: add verbose
2022-07-05 18:04:19 +02:00
Thomas Soëte
da6d80bef1
fix: Bad plugin name
2022-07-05 10:02:37 +02:00
Stéphane Lesimple
7ff286b00f
v3.09.00-rc1
2022-07-04 11:06:54 +02:00
Stéphane Lesimple
73b6a625f5
feat: add support and tests for Ubuntu 22.04 LTS
2022-07-04 11:06:34 +02:00
Stéphane Lesimple
d75b221deb
fix: group-specific idle timeouts: also handle password-only groups
2022-07-01 15:33:44 +02:00
Stéphane Lesimple
39e667f703
doc: amend groupModify documentation
2022-07-01 15:33:44 +02:00
Stéphane Lesimple
3956dc587b
fix: ttyrec cmdline: don't add --warn-before-* when no --idle-*-timeout is specified
2022-07-01 15:33:44 +02:00
Stéphane Lesimple
291d897832
fix: group-specific timeouts: advertise the proper timeout that will be applied when connecting
2022-07-01 15:33:44 +02:00
Stéphane Lesimple
3540dc309c
enh: groupInfo: clearer message for disabled idle/kill timeout policies
2022-07-01 15:33:44 +02:00
Stéphane Lesimple
46a01a546a
feat: groupModify: add --idle-lock-timeout and --idle-kill-timeout for group-specific timeouts
2022-07-01 15:33:44 +02:00
Stéphane Lesimple
6fb528ccf1
chore: rename some vars for clarity
2022-07-01 15:33:44 +02:00
Stéphane Lesimple
e040afb074
chore: new perltidy rules
2022-07-01 10:21:19 +02:00
Stéphane Lesimple
bd2f069c7e
enh: print a msg when no ingress keys are found
2022-07-01 10:10:17 +02:00
Stéphane Lesimple
7a043165bc
fix: don't emit a membership log when nothing changed
2022-07-01 10:09:57 +02:00