ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2024-09-20 15:05:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
501 commits 5 branches 44 tags 6.9 MiB
Commit graph

162 commits

Author SHA1 Message Date
Stéphane Lesimple 86d907acb6 release v3.10.00 2023-02-17 15:19:25 +01:00
Cédric Roussel 4d56c32853 fix: invalid suffixed account creation 2023-01-31 12:03:13 +01:00
Stéphane Lesimple 036f921c40 feat: add accountFreeze/accountUnfreeze 2022-12-30 17:53:08 +01:00
Stéphane Lesimple 649c1fffbf release v3.09.02 2022-11-15 18:26:32 +01:00
Stéphane Lesimple 521836b17b fix: rare race condition introduced by b7f4909 
Under some specific conditions, the execute() call could get deadlocked with the program it started,
both waiting for each other to read or write data. This is easier to reproduce with the `scp` plugin,
where the transfer would just stall. Introduce an additional intermediate buffer to avoid this race condition.
 2022-11-15 17:34:47 +01:00
Stéphane Lesimple 4f0a80c9d4 release v3.09.01 2022-10-10 12:21:11 +02:00
Stéphane Lesimple b7f4909310 enh: make execute() way WAY faster 2022-09-21 11:57:55 +02:00
Stéphane Lesimple 3df86c58b3 release v3.09.00 2022-09-13 13:21:18 +02:00
Stéphane Lesimple 8c82c3441b fix: accountInfo wasn't showing TTL account expiration #329 2022-09-09 17:14:25 +02:00
Stéphane Lesimple 81aeb2ee3c release v3.09.00-rc3 2022-07-12 12:34:58 +02:00
Stéphane Lesimple 72cefa6417 fix: performance issues introduced by effab4a 
Commit that introduced the performance degradation is effab4a
(fix: workaround for undocumented caching in getpw/getgr funcs)

Rewrote caching at the getpwent/getpwnam/getgrent/getgrnam level,
which restores performance pre-effab4a and even enhances it in somes cases,
for example on a 2000-accounts and 2000-groups bastion, we are:

- 11% faster on --osh help
- 35% faster on --osh selfListAccesses (reduces syscalls by 87%)
 2022-07-12 10:07:16 +02:00
Stéphane Lesimple 8e148a6e53 release v3.09.00-rc2 2022-07-05 18:12:08 +02:00
Stéphane Lesimple c89dd82d26 enh: print_public_key: better formatter 2022-07-05 18:04:19 +02:00
Stéphane Lesimple 6ccb43e938 enh: move some code from get_hashes_list() to a new get_password_file() 2022-07-05 18:04:19 +02:00
Stéphane Lesimple 7ff286b00f v3.09.00-rc1 2022-07-04 11:06:54 +02:00
Stéphane Lesimple 3956dc587b fix: ttyrec cmdline: don't add --warn-before-* when no --idle-*-timeout is specified 2022-07-01 15:33:44 +02:00
Stéphane Lesimple 46a01a546a feat: groupModify: add --idle-lock-timeout and --idle-kill-timeout for group-specific timeouts 2022-07-01 15:33:44 +02:00
Stéphane Lesimple 6fb528ccf1 chore: rename some vars for clarity 2022-07-01 15:33:44 +02:00
Stéphane Lesimple e040afb074 chore: new perltidy rules 2022-07-01 10:21:19 +02:00
Stéphane Lesimple 7a043165bc fix: don't emit a membership log when nothing changed 2022-07-01 10:09:57 +02:00
Stéphane Lesimple 884b4bbaf0 fix: install: ensure that the healthcheck user can always connect from 127.0.0.1 
Regardless of the bastion config about the ingressKeysFrom configuration
 2022-06-29 11:33:41 +02:00
Stéphane Lesimple 2e9e955e93 chore: interactive.inc: prepend internal funcs by _ 2022-03-14 12:42:26 +01:00
Stéphane Lesimple effab4a5c2 fix: workaround for undocumented caching in getpw/getgr funcs 2022-03-14 12:42:26 +01:00
Stéphane Lesimple 7fa2523bfc fix: get_group_list() returned invalid members list (was not used anywhere) 2022-02-09 14:31:33 +01:00
Stéphane Lesimple a178aa7906 enh: cron scripts: factorize common code and standardize logging 2022-02-09 14:31:33 +01:00
Stéphane Lesimple 2c2064a484 feat: osh-encrypt-rsync: handle sqlite and user logs along with ttyrec files 2022-02-09 14:31:33 +01:00
Stéphane Lesimple 0ffdd108bd v3.08.01 2022-01-19 11:24:12 +01:00
Stéphane Lesimple 744bd5fa0c enh: introduce exit_fail and exit_success for shell scripts 2022-01-19 11:23:44 +01:00
Stéphane Lesimple d7a898a5fa Release v3.08.00 2022-01-04 15:50:02 +01:00
Stéphane Lesimple ae997dd93c chore: shellcheck: rewrite shell-check.sh and make files compliant with v0.8.0 2021-12-29 11:40:34 +01:00
Stéphane Lesimple 54a4dc6c65 chore: use state vars where we can 2021-12-29 11:21:04 +01:00
Stéphane Lesimple b3af2933f9 enh: install.inc: random delay under CI 2021-12-29 11:20:55 +01:00
Stéphane Lesimple be6a71afab fix: install.inc: verbose under CI 2021-12-29 11:20:55 +01:00
Stéphane Lesimple 2f623dfb3a fix: install.inc: fail nicely on invalid JSON under set -e 2021-12-29 11:20:55 +01:00
Stéphane Lesimple 11e81614a4 fix: remove hardcoded config path and fix FreeBSD 2021-12-29 11:20:55 +01:00
Stéphane Lesimple f609565fe8 enh: batch: detect when asked to start a plugin requiring MFA 2021-12-29 11:20:55 +01:00
Stéphane Lesimple 000ed4e8af feat: move scripts to GnuPG 2.x and add tests 2021-12-29 11:20:43 +01:00
Stéphane Lesimple e847a19857 enh: ttyrec & yubico installs: hardcode URLs for when API is down 2021-12-22 18:00:21 +01:00
Stéphane Lesimple aaaa173764 feat: add the accountUnlock restricted plugin 2021-12-21 09:42:54 +01:00
Stéphane Lesimple d51c4c8be0 fix: tests: full tests on FreeBSD 2021-12-20 12:54:32 +01:00
Stéphane Lesimple c48af00ff8 feat: add info_syslog() and code-info syslog type 2021-12-16 11:02:26 +01:00
Stéphane Lesimple 7cc350b40d chore: check for spurious args in all helpers 2021-12-16 11:02:13 +01:00
Stéphane Lesimple 3507586de6 release v3.07.00 2021-12-13 14:02:41 +01:00
Stéphane Lesimple cb28b44382 chore/fix: move HEXIT() to helper module, use HEXIT only in helpers 2021-12-13 09:51:00 +01:00
Stéphane Lesimple d4cc727f74 chore: factorize helpers header 2021-12-13 09:51:00 +01:00
Stéphane Lesimple 2c2f723bbb fix: add helpers handling of SIGPIPE/SIGHUP 
To avoid having e.g. a group creation interrupted in the middle just because
the caller killed their ssh connection while we're still working
 2021-12-13 09:51:00 +01:00
Stéphane Lesimple 1725130a15 fix: avoid double-close log messages on HUP 2021-12-13 09:50:36 +01:00
Antoine Leblanc cbf1bd6645 doc: allowkeeper: fix typo 
Signed-off-by: Antoine Leblanc <antoine.leblanc@ovhcloud.com>
 2021-12-09 16:51:55 +01:00
Christophe Crochet e9841b89bc update of --force-password: removed guest support 2021-12-09 16:51:40 +01:00
Christophe Crochet ff40617624 update of --force-password: guest support, autocompletion, new tests, code cleanups 2021-12-09 16:51:40 +01:00