ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-01-01 13:01:53 +08:00
Code Issues Projects Releases Packages Wiki Activity
520 commits 6 branches 48 tags 7.3 MiB
Commit graph

520 commits

This branch
This branch
All branches
Author SHA1 Message Date
Stéphane Lesimple
455fd8b8c3 chore: remove deprecated UseRoaming option from ssh_config 2023-04-07 10:44:05 +02:00
Stéphane Lesimple
4cdd52d85f chore: add Debian 12 to tests 
Note that Debian 12 is not released yet, so it's not yet supported.
 2023-04-07 10:44:05 +02:00
Stéphane Lesimple
52d44ba993 chore: remove Debian openssh-blacklist logic 
All Debian versions supporting this are EOL by now.
 2023-04-07 10:44:05 +02:00
Stéphane Lesimple
6f13149093 chore: bump OpenSUSE Leap tests from 15.3 to 15.4 2023-04-07 10:44:05 +02:00
Stéphane Lesimple
49dc104dd7 chore: push sandbox and tester images from Deb10 to Deb11 
Also remove old config files from previsously dropped OS versions
 2023-04-07 10:44:05 +02:00
Stéphane Lesimple
c6904d0fa0 release v3.11.01 2023-03-27 17:04:56 +02:00
Stéphane Lesimple
eb9a25a9ac fix: groupInfo: empty gk and guest accesses list 
Introduced in 7a825aeec4
 2023-03-27 17:04:32 +02:00
Stéphane Lesimple
e788a22a9b doc: add specific upgrade instructions 2023-03-23 15:03:35 +01:00
Stéphane Lesimple
cadf51145d release v3.11.00 2023-03-23 14:37:57 +01:00
Stéphane Lesimple
7a825aeec4 feat: add --all to groupInfo and accountInfo 2023-03-23 14:37:45 +01:00
Stéphane Lesimple
a1812e34bb fix: race condition when two parallel account creations used --uid-auto 
Fixes #363
 2023-03-22 11:00:16 +01:00
Stéphane Lesimple
a551294bcd chore: fix typo 
Co-authored-by: Adrien Barreau <adrien.barreau@live.fr>
 2023-03-21 12:28:18 +01:00
Stéphane Lesimple
400e14cf1d doc: add PuTTY tutorial 
Closes #356
 2023-03-21 12:28:18 +01:00
Stéphane Lesimple
f4abfc1ba8 feat: add sftp support 2023-03-16 13:45:42 +01:00
Stéphane Lesimple
a7c0b5ec23 fix: typo in a func name in an error code path 
Fixes #372
 2023-03-14 13:33:45 +01:00
Stéphane Lesimple
9eac699954 chore: doc: remove sparse trailing spaces from generated files 2023-03-03 11:59:06 +01:00
Stéphane Lesimple
76f25f287e enh: setup-encryption.sh: don't require install to be called before us 2023-03-03 10:32:10 +01:00
Stéphane Lesimple
e009fc417d doc: add restore from backup howto 2023-03-03 10:32:10 +01:00
Pierre Ducroquet
edb2ba8b97 fix links... 
you know, redirections are great, right ? :)
 2023-03-02 18:03:42 +01:00
Stéphane Lesimple
86d907acb6 release v3.10.00 2023-02-17 15:19:25 +01:00
Cédric Roussel
4d56c32853 fix: invalid suffixed account creation 2023-01-31 12:03:13 +01:00
Stéphane Lesimple
036f921c40 feat: add accountFreeze/accountUnfreeze 2022-12-30 17:53:08 +01:00
Stéphane Lesimple
0e787f4ea9 enh: accountInfo: add --no-password-info and --no-output 2022-12-30 17:53:08 +01:00
Stéphane Lesimple
b3683dfe6e enh: osh.pl: add the account name on each error message 
This makes it clearer which bastion is outputing the error when
multiple bastions are involved, for example in realm cases
 2022-12-30 17:53:08 +01:00
Stéphane Lesimple
4508b6b6a8 enh: more precise matching of ssh client error messages 2022-12-30 17:52:42 +01:00
Stéphane Lesimple
f82ff21062 chore: generate-sudoers.sh: sort alphabetically 2022-11-23 17:17:51 +01:00
Stéphane Lesimple
649c1fffbf release v3.09.02 2022-11-15 18:26:32 +01:00
Stéphane Lesimple
521836b17b fix: rare race condition introduced by b7f4909 
Under some specific conditions, the execute() call could get deadlocked with the program it started,
both waiting for each other to read or write data. This is easier to reproduce with the `scp` plugin,
where the transfer would just stall. Introduce an additional intermediate buffer to avoid this race condition.
 2022-11-15 17:34:47 +01:00
Stéphane Lesimple
21f29680b6 fix: basic mitigation for scp's CVE-2020-15778 
This CVE will not be fixed by scp authors, and as far as The Bastion
is concerned, this can't be achieved by anybody that doesn't already
have shell access to the remote server in addition to the scp rights,
but let's still block it for good measure.
 2022-11-15 14:56:49 +01:00
Stéphane Lesimple
659b3b118f chore: fix date typo in documentation 2022-10-27 15:43:45 +02:00
Stéphane Lesimple
4f0a80c9d4 release v3.09.01 2022-10-10 12:21:11 +02:00
Stéphane Lesimple
720222c423 fix: batch: don't attempt to read if stdin is closed 2022-09-21 11:57:55 +02:00
Stéphane Lesimple
b7f4909310 enh: make execute() way WAY faster 2022-09-21 11:57:55 +02:00
Stéphane Lesimple
1ebfb1e950 doc: update v3.09.00 release date 2022-09-21 11:54:59 +02:00
Stéphane Lesimple
3df86c58b3 release v3.09.00 2022-09-13 13:21:18 +02:00
Stéphane Lesimple
97b20c7ffe tests: higher tolerance for TTL tests 2022-09-13 13:21:18 +02:00
Stéphane Lesimple
8c82c3441b fix: accountInfo wasn't showing TTL account expiration #329 2022-09-09 17:14:25 +02:00
John Zimmermann
33fa768c27 fix: doc: use code-blocks:: instead of code:: 
code:: is not a recognized statement for sphinx,
code-blocks, as used on all other pages, is the correct one.
Syntax highlighting with shell does not work for the last two blocks.

Signed-off-by: John Zimmermann <John.Zimmermann@th-ab.de>
 2022-09-09 10:48:41 +02:00
Stéphane Lesimple
0c96df0a3d enh: tests: faster perl-check script 2022-07-29 11:35:26 +02:00
Stéphane Lesimple
ebebed7be0 fix: remove spurious set +e/-e after commit bdea34c 2022-07-29 11:34:56 +02:00
Stéphane Lesimple
7b3c721f66 doc: add a missing parameter in ping's help 2022-07-29 11:34:43 +02:00
Stéphane Lesimple
a86f25470a chore: selfListEgressKeys: fix typo 2022-07-29 11:29:58 +02:00
Stéphane Lesimple
8c2b6a410a fix: accountUnlock: add missing check_spurious_args and no_auto_abbrev 2022-07-29 11:29:34 +02:00
Stéphane Lesimple
81aeb2ee3c release v3.09.00-rc3 2022-07-12 12:34:58 +02:00
Stéphane Lesimple
72cefa6417 fix: performance issues introduced by effab4a 
Commit that introduced the performance degradation is effab4a
(fix: workaround for undocumented caching in getpw/getgr funcs)

Rewrote caching at the getpwent/getpwnam/getgrent/getgrnam level,
which restores performance pre-effab4a and even enhances it in somes cases,
for example on a 2000-accounts and 2000-groups bastion, we are:

- 11% faster on --osh help
- 35% faster on --osh selfListAccesses (reduces syscalls by 87%)
 2022-07-12 10:07:16 +02:00
Stéphane Lesimple
7a3306a00d fix: cleanup-guest-key-access: use cache for performance 2022-07-12 10:07:16 +02:00
Stéphane Lesimple
bdea34ccad enh: install: better error detection 2022-07-11 12:06:42 +02:00
Stéphane Lesimple
8e148a6e53 release v3.09.00-rc2 2022-07-05 18:12:08 +02:00
Stéphane Lesimple
45070f833c enh: MFA: specify account name in message 2022-07-05 18:06:41 +02:00
Stéphane Lesimple
c89dd82d26 enh: print_public_key: better formatter 2022-07-05 18:04:19 +02:00