ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2024-09-20 15:05:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
539 commits 5 branches 44 tags 6.9 MiB
Commit graph

539 commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stéphane Lesimple bd82ee49b7 release v3.12.00 2023-06-27 14:13:22 +02:00
Stéphane Lesimple f77b8a25d3 fix: accountList: crash in some cases 2023-06-13 10:14:22 +02:00
Stéphane Lesimple 340ebd0bec chore: fix GitHub actions under freebsd 2023-06-01 11:52:39 +02:00
Stéphane Lesimple 5f4832d203 chg: remove Debian 9 tests and dockerfile 2023-06-01 11:52:39 +02:00
Stéphane Lesimple 5cfb049a82 chore: doc: adding plugin configuration autogeneration 2023-06-01 11:52:39 +02:00
Stéphane Lesimple cf405badfb feat: add 2 configurable knobs to (self|account)AddPersonalAccess 
widest_v4_prefix (maximum allowed prefix to add in a single ACL),
and self_remote_user_only (only allow ACLs where the remote user
is the same than the bastion account name)
 2023-06-01 11:52:39 +02:00
Stéphane Lesimple 482eddb10c feat: plugins: add loadConfig parameter & config validator support 2023-06-01 11:52:39 +02:00
Stéphane Lesimple 262e545bbb feat: add dryrun in access_modify() and widest prefix precondition check 2023-06-01 11:52:39 +02:00
Stéphane Lesimple f4650bd0dc chore: shell/functions: remove now unused global var 2023-05-31 17:37:52 +02:00
Stéphane Lesimple 0515753f91 fix: add missing autocompletions, readonly flags and help category for some plugins 2023-05-31 17:37:52 +02:00
Stéphane Lesimple 902508f7d1 fix: update undocumented rename-group.sh script 2023-05-31 17:34:34 +02:00
Stéphane Lesimple d5dd119f83 release v3.11.02 2023-04-18 14:48:47 +02:00
Léo Rolland 71e79b1c36 doc: update ovh.com/blog links 
Actual links are broken, this update now uses blog.ovhcloud.com

Signed-off-by: Léo Rolland <leo.rolland@ovhcloud.com>
 2023-04-17 17:55:02 +02:00
Stéphane Lesimple c6a6f806d2 feat: add uid/gid collisions checking script & amend doc 2023-04-17 17:53:14 +02:00
Stéphane Lesimple f7f1514dd0 fix: groupInfo: show group name in human-readable output 2023-04-17 14:18:51 +02:00
Stéphane Lesimple 1be7b2c3eb chore: update dockerhub workflow 2023-04-12 11:34:49 +02:00
Stéphane Lesimple 84687256a8 fix: --force-key wasn't working for groups 
Fixes #259
 2023-04-07 10:44:14 +02:00
Stéphane Lesimple a0d361b8da fix: tests: race condition after sshd reload 2023-04-07 10:44:05 +02:00
Stéphane Lesimple 708efd90ca chore: add RockyLinux 9 support 2023-04-07 10:44:05 +02:00
Stéphane Lesimple 455fd8b8c3 chore: remove deprecated UseRoaming option from ssh_config 2023-04-07 10:44:05 +02:00
Stéphane Lesimple 4cdd52d85f chore: add Debian 12 to tests 
Note that Debian 12 is not released yet, so it's not yet supported.
 2023-04-07 10:44:05 +02:00
Stéphane Lesimple 52d44ba993 chore: remove Debian openssh-blacklist logic 
All Debian versions supporting this are EOL by now.
 2023-04-07 10:44:05 +02:00
Stéphane Lesimple 6f13149093 chore: bump OpenSUSE Leap tests from 15.3 to 15.4 2023-04-07 10:44:05 +02:00
Stéphane Lesimple 49dc104dd7 chore: push sandbox and tester images from Deb10 to Deb11 
Also remove old config files from previsously dropped OS versions
 2023-04-07 10:44:05 +02:00
Stéphane Lesimple c6904d0fa0 release v3.11.01 2023-03-27 17:04:56 +02:00
Stéphane Lesimple eb9a25a9ac fix: groupInfo: empty gk and guest accesses list 
Introduced in 7a825aeec4
 2023-03-27 17:04:32 +02:00
Stéphane Lesimple e788a22a9b doc: add specific upgrade instructions 2023-03-23 15:03:35 +01:00
Stéphane Lesimple cadf51145d release v3.11.00 2023-03-23 14:37:57 +01:00
Stéphane Lesimple 7a825aeec4 feat: add --all to groupInfo and accountInfo 2023-03-23 14:37:45 +01:00
Stéphane Lesimple a1812e34bb fix: race condition when two parallel account creations used --uid-auto 
Fixes #363
 2023-03-22 11:00:16 +01:00
Stéphane Lesimple a551294bcd chore: fix typo 
Co-authored-by: Adrien Barreau <adrien.barreau@live.fr>
 2023-03-21 12:28:18 +01:00
Stéphane Lesimple 400e14cf1d doc: add PuTTY tutorial 
Closes #356
 2023-03-21 12:28:18 +01:00
Stéphane Lesimple f4abfc1ba8 feat: add sftp support 2023-03-16 13:45:42 +01:00
Stéphane Lesimple a7c0b5ec23 fix: typo in a func name in an error code path 
Fixes #372
 2023-03-14 13:33:45 +01:00
Stéphane Lesimple 9eac699954 chore: doc: remove sparse trailing spaces from generated files 2023-03-03 11:59:06 +01:00
Stéphane Lesimple 76f25f287e enh: setup-encryption.sh: don't require install to be called before us 2023-03-03 10:32:10 +01:00
Stéphane Lesimple e009fc417d doc: add restore from backup howto 2023-03-03 10:32:10 +01:00
Pierre Ducroquet edb2ba8b97 fix links... 
you know, redirections are great, right ? :)
 2023-03-02 18:03:42 +01:00
Stéphane Lesimple 86d907acb6 release v3.10.00 2023-02-17 15:19:25 +01:00
Cédric Roussel 4d56c32853 fix: invalid suffixed account creation 2023-01-31 12:03:13 +01:00
Stéphane Lesimple 036f921c40 feat: add accountFreeze/accountUnfreeze 2022-12-30 17:53:08 +01:00
Stéphane Lesimple 0e787f4ea9 enh: accountInfo: add --no-password-info and --no-output 2022-12-30 17:53:08 +01:00
Stéphane Lesimple b3683dfe6e enh: osh.pl: add the account name on each error message 
This makes it clearer which bastion is outputing the error when
multiple bastions are involved, for example in realm cases
 2022-12-30 17:53:08 +01:00
Stéphane Lesimple 4508b6b6a8 enh: more precise matching of ssh client error messages 2022-12-30 17:52:42 +01:00
Stéphane Lesimple f82ff21062 chore: generate-sudoers.sh: sort alphabetically 2022-11-23 17:17:51 +01:00
Stéphane Lesimple 649c1fffbf release v3.09.02 2022-11-15 18:26:32 +01:00
Stéphane Lesimple 521836b17b fix: rare race condition introduced by b7f4909 
Under some specific conditions, the execute() call could get deadlocked with the program it started,
both waiting for each other to read or write data. This is easier to reproduce with the `scp` plugin,
where the transfer would just stall. Introduce an additional intermediate buffer to avoid this race condition.
 2022-11-15 17:34:47 +01:00
Stéphane Lesimple 21f29680b6 fix: basic mitigation for scp's CVE-2020-15778 
This CVE will not be fixed by scp authors, and as far as The Bastion
is concerned, this can't be achieved by anybody that doesn't already
have shell access to the remote server in addition to the scp rights,
but let's still block it for good measure.
 2022-11-15 14:56:49 +01:00
Stéphane Lesimple 659b3b118f chore: fix date typo in documentation 2022-10-27 15:43:45 +02:00
Stéphane Lesimple 4f0a80c9d4 release v3.09.01 2022-10-10 12:21:11 +02:00