ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2024-09-20 23:15:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
486 commits 5 branches 44 tags 6.9 MiB
Commit graph

486 commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stéphane Lesimple cb28b44382 chore/fix: move HEXIT() to helper module, use HEXIT only in helpers 2021-12-13 09:51:00 +01:00
Stéphane Lesimple 850152a88c enh: ensure proper Getopt::Long options are set everywhere 2021-12-13 09:51:00 +01:00
Stéphane Lesimple d4cc727f74 chore: factorize helpers header 2021-12-13 09:51:00 +01:00
Stéphane Lesimple 2c2f723bbb fix: add helpers handling of SIGPIPE/SIGHUP 
To avoid having e.g. a group creation interrupted in the middle just because
the caller killed their ssh connection while we're still working
 2021-12-13 09:51:00 +01:00
Stéphane Lesimple 1725130a15 fix: avoid double-close log messages on HUP 2021-12-13 09:50:36 +01:00
Stéphane Lesimple 373f4907de fix: tests under OpenSUSE (fping raw sockets) 2021-12-13 09:32:52 +01:00
Antoine Leblanc cbf1bd6645 doc: allowkeeper: fix typo 
Signed-off-by: Antoine Leblanc <antoine.leblanc@ovhcloud.com>
 2021-12-09 16:51:55 +01:00
Christophe Crochet 98c1c79382 update of --force-password: code style cleanup 2021-12-09 16:51:40 +01:00
Christophe Crochet e9841b89bc update of --force-password: removed guest support 2021-12-09 16:51:40 +01:00
Christophe Crochet ff40617624 update of --force-password: guest support, autocompletion, new tests, code cleanups 2021-12-09 16:51:40 +01:00
Christophe Crochet e4b132ed9a new access option: --force-password <HASH>, to only try one specific password 2021-12-09 16:51:40 +01:00
Stéphane Lesimple 89ecb2c0d7 feat: add support for Duo PAM auth as MFA (#249) 2021-11-03 15:50:10 +01:00
Stéphane Lesimple 7dcbfeebc6 fix: --self-password was missing as a -P synonym (#257) 2021-10-28 11:33:13 +02:00
Stéphane Lesimple 11b2bc60b2 release v3.06.00 2021-10-20 13:42:13 +02:00
Stéphane Lesimple 00aa2e7efc fix: selfMFASetupTOTP: bad return func 2021-10-20 13:42:13 +02:00
Christophe Crochet d85298f229 new account option: --pubkey-auth-optional, to allow ingress login with or without pubkey when pam is required 2021-10-15 11:22:00 +02:00
madx 4d3ee1b99d regenerated doc 2021-10-15 11:22:00 +02:00
madx ea8ed97a34 new account option: mfa-any, to allow ingress login with pubkey alone or pam alone instead of requiring both 2021-10-15 11:22:00 +02:00
Stéphane Lesimple a65cbd55b8 accountPIV: fix bad autocompletion rule 2021-10-08 22:19:51 +02:00
Stéphane Lesimple a6488ee6fb fix: groupdel: false positive in lock contention detection 
Groups that were containing 'lock' or 'retry' in their name
would falsely trigger the /etc/passwd and /etc/group lock
contention detection, due to their presence in the output of
the system command, implying several retries that were not
needed.
 2021-09-28 09:08:31 +02:00
Jean "henyxia" Wasilewski b40a2fd6e3 fix: add superowner group requirement 
Signed-off-by: Jean "henyxia" Wasilewski <henyxia@revs0.com>
 2021-09-24 11:56:35 +02:00
Stéphane Lesimple 8d84fce34f fix: proactive-mfa: make it work for --osh batch and --osh clush 2021-09-22 11:32:19 +02:00
Stéphane Lesimple b5c5d9d5ee release v3.05.01 2021-09-22 10:43:40 +02:00
Stéphane Lesimple b58388a3d9 feat: add --proactive-mfa and mfa/nofa interactive commands 
For bastions using JIT MFA, where MFA can be requested when
attempting to connect through specific groups, or when using
some commands, with respect to MFA being enforced at connection
time directly through the sshd authentication process, one can
now request MFA validation in advance, to workaround problems
in commands such as ``clush``  or ``batch``, and interactive mode.
 2021-09-21 12:06:40 +02:00
Stéphane Lesimple f64cf79260 chore: rename an envvar for clarity 2021-09-21 12:06:40 +02:00
Stéphane Lesimple db8f621abf doc: add help about the interactive builtin commands (#227) 2021-09-20 17:00:46 +02:00
Stéphane Lesimple 99686499b1 feat: osh-backup-acl-keys: add the possibility to sign encrypted backups (#209) 2021-09-20 17:00:18 +02:00
Stéphane Lesimple 8e6c247cdf doc: add upgrading notice 2021-09-14 16:05:27 +02:00
Stéphane Lesimple d3f443a532 release v3.05.00 2021-09-14 10:21:04 +02:00
Stéphane Lesimple f6e4ec81a8 chore: remove useless 'section' test info 
As tests are now split by modules, the section is autodetected
and taken as the module name, hence a test now only needs a name,
instead of a section & a name.
 2021-09-13 17:45:36 +02:00
Stéphane Lesimple 4a21cfc421 enh: add --max-inactive-days to accountCreate 2021-09-06 14:52:46 +02:00
Stéphane Lesimple ef10d509fd enh: add max_inactive_days to account configuration (#230) 2021-09-06 14:52:46 +02:00
Stéphane Lesimple 15cb2c2453 enh: accountInfo: add --list-groups 
Listing groups can be slow on bastions having thousands
of groups, hence this is now disabled by default.
 2021-09-02 13:13:44 +02:00
Stéphane Lesimple 82b681a38d doc: add faq about session locking (#226) 2021-09-02 11:42:48 +02:00
Stéphane Lesimple f1e875ca4b fix: erroneous message in connect.pl 2021-09-02 11:42:18 +02:00
Stéphane Lesimple 56d4078605 feat: add --fallback-password-delay (3) for ssh password autologin 2021-09-02 11:42:18 +02:00
Stéphane Lesimple 5930775626 enh: better error message when unknown option is used 2021-09-02 10:07:03 +02:00
Stéphane Lesimple 5d188faac0 chore: trick perltidy 2021-09-02 10:06:47 +02:00
Stéphane Lesimple cd5b61b239 chore: perlcritic: remove Variables::RequireInitializationForLocalVars check 2021-09-02 10:06:47 +02:00
Stéphane Lesimple 2510de0cd5 doc: generate scripts doc reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple 710eb2e4cb doc: use autosectionlabel 2021-09-02 10:06:47 +02:00
Stéphane Lesimple 92d4a46ac5 doc: add osh-piv-grace-reaper.pl config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple 9f28dfa977 doc: add osh-backup-acl-keys.sh config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple 3c6ce52e8e doc: add osh-encrypt-rsync.pl config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple 0dc448943a doc: add osh-sync-watcher.sh config reference 2021-09-02 10:06:47 +02:00
Stéphane Lesimple 873804dbbe enh: config reading: add rootonly option 2021-09-02 10:06:47 +02:00
Stéphane Lesimple 9b2aa996b3 enh: better use of account creation metadata 
Store account creation information in a JSON.
Display this information in `accountInfo` for auditors.
 2021-07-23 09:50:18 +02:00
Stéphane Lesimple a2626e6970 chore: tests: add json_document() func 2021-07-23 09:50:18 +02:00
Stéphane Lesimple c0bebf23d4 fix: accountCreate --uid-auto: rare case where a free UID couldn't be found 
This happened when a free UID was found, along with a corresponding GID,
but the corresponding GID for the ttyrec group of the account was not
available. Now this is checked directly in get_next_available_uid()
 2021-07-19 11:53:18 +02:00
Stéphane Lesimple 6b4418e864 chore: fixrights: ensure tests/functional/proxy/remote-daemon is +x 2021-07-16 11:05:04 +02:00