ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2024-12-27 01:56:24 +08:00
Code Issues Projects Releases Packages Wiki Activity
673 commits 6 branches 48 tags 7.1 MiB
Commit graph

223 commits

Author SHA1 Message Date
TomRicci
dc27e041a0 fix: message protocol in ACL.pm 2024-10-23 11:16:51 +02:00
Stéphane Lesimple
529a1325d5 enh: interactive: handle CTRL+C nicely (fix #497) 2024-10-21 16:18:49 +02:00
Stéphane Lesimple
eb866bd16b release v3.17.00 2024-10-14 17:01:02 +02:00
Stéphane Lesimple
4196a5b1c7 release v3.16.99-rc3 2024-09-25 11:54:09 +02:00
Stéphane Lesimple
3ee9a5d896 fix: regression introduced by 932e72e for stealth stdout in ssh 
Before 932e72e, plugin-scoped stealthStdout was ignored, which was
fixed by 932e72e which in turn made ssh ignore the pattern-based egress ssh
stealthStdout option.

This fix ensures stealthStdout is honored for both plugins and egress ssh.
 2024-09-25 11:53:51 +02:00
Stéphane Lesimple
a0ec3ff9ee release v3.16.99-rc2 2024-09-17 14:45:36 +02:00
Stéphane Lesimple
accd50eea7 feat: add rsync support to --protocol 2024-09-17 14:44:28 +02:00
Stéphane Lesimple
858bb5157e enh: plugins: add validate_tuple() so a plugin can validate user@host:port independently 2024-09-17 14:44:28 +02:00
Stéphane Lesimple
19ef1b2668 enh: plugins: add --protocol to handle scp, sftp, rsync 
Replace --sftp --scpup --scpdown by --protocol PROTOCOL.
Also take the opportunity to replace --user-any by --user * and --port-any by --port *.
All the legacy options are still supported but are now undocumented.
 2024-09-17 14:44:28 +02:00
Stéphane Lesimple
454c16b4ce refacto: move special protocols checks into a lib 2024-09-17 14:44:28 +02:00
Stéphane Lesimple
733e67ef1d enh: add lock for group ACL change to avoid race conditions 2024-08-30 16:57:43 +02:00
Stéphane Lesimple
f4de5957a3 feat: add groupSetServers 2024-08-12 13:42:51 +02:00
Stéphane Lesimple
3d2cf21e0b release v3.16.99-rc1 2024-07-03 18:31:59 +02:00
Stéphane Lesimple
932e72eb83 fix: stealth_stdout/stderr was ignored for plugins (fix #482) 2024-07-03 17:38:40 +02:00
Stéphane Lesimple
2e96603300 feat: support wildcards in --user (fix #461) 2024-07-02 17:54:28 +02:00
Stéphane Lesimple
47b51c79ee feat: accountFreeze: terminate running sessions if any 2024-06-27 17:03:07 +02:00
Stéphane Lesimple
15e6869be0 fix: ignore transient errors during global destruction 2024-06-25 14:09:54 +02:00
Stéphane Lesimple
4b781b821a release v3.16.01 2024-05-22 16:16:41 +02:00
Stéphane Lesimple
72b757457c enh: info: removed uname dependency, added configuration 2024-04-17 14:38:19 +02:00
Stéphane Lesimple
3646badbdf release 3.16.00 2024-04-10 14:16:10 +02:00
Stéphane Lesimple
3c9382a192 enh: use print_accepted_key_algorithms everywhere 2024-04-10 10:51:01 +02:00
Stéphane Lesimple
321c592d51 chore: perltidy 2024-04-10 10:51:01 +02:00
Pierre-Elliott Bécue
99dfa9d351 Drop an unused variable in print_accepted_key_algorithms 2024-04-10 10:51:01 +02:00
Pierre-Elliott Bécue
1e44092c16 Factor out in a generic function the helper listing allowed ssh key algorithm 2024-04-10 10:51:01 +02:00
Pierre-Elliott Bécue
7dce5734fd Escape dots in regex patterns for ssh algorithms 
Co-authored-by: Stéphane Lesimple <speed47_github@speed47.net>
 2024-04-10 10:51:01 +02:00
Pierre-Elliott Bécue
d0ac9eabb9 Implement Ingress Secure Keys 2024-04-10 10:51:01 +02:00
Stéphane Lesimple
dad78fbfe5 release v3.15.00 2024-03-25 10:11:31 +01:00
Stéphane Lesimple
496fe94dd3 enh: allow @ as a valid remote user char (fixes #437) 2024-03-20 11:53:58 +01:00
Stéphane Lesimple
3bc83fae8e enh: interactive: fix display 2024-03-20 11:53:49 +01:00
Stéphane Lesimple
3d1e210dd8 fix: interactive: remove unnecessary loops for autocomplete 2024-03-20 11:53:49 +01:00
Stéphane Lesimple
7423f6ad63 feat: add dnsSupportLevel option for systems with broken DNS (fixes #397) 2024-03-20 11:53:00 +01:00
Stéphane Lesimple
3c6dd69538 chg: jailify: update params name to match minijail0 2024-02-21 14:13:56 +01:00
Stéphane Lesimple
91beea0012 release v3.14.16 2024-02-20 17:41:53 +01:00
Stéphane Lesimple
867410a16d enh: plugins: better signal handling to avoid dangling children processes 2024-02-20 12:14:01 +01:00
Stéphane Lesimple
f022bd9ac8 feat: add ttyrecStealthStdoutPattern config 
Commands that generate a lot of stdout output and are M2M workflows, such as rsync,
can now be excluded from ttyrec to avoid filling up drives
 2024-02-20 12:13:53 +01:00
Stéphane Lesimple
692ebca3c2 fix: accountInfo: return always_active=1 for globally-always-active accounts 2024-01-17 11:01:21 +01:00
Stéphane Lesimple
137c7b5454 release v3.14.15 2023-11-08 14:55:44 +01:00
Stéphane Lesimple
3d402a1bc6 feat: add admin-configurable lock/kill timeout per plugin 2023-11-08 14:55:35 +01:00
Stéphane Lesimple
7a288bd812 chore: perlcritic adjustement on RequireArgUnpacking 2023-11-08 13:21:20 +01:00
Stéphane Lesimple
47e058c272 refacto: use osh_print to obey force_stderr 2023-11-08 13:21:20 +01:00
Stéphane Lesimple
b48463076f feat: osh.pl: jit mfa for plugins 2023-11-08 13:21:20 +01:00
Pierre-Elliott Bécue
35d4841638 Allow setup-gpg.sh --import to receive, trust, and add to configure multiple public keys at once 2023-10-27 17:26:23 +02:00
Stéphane Lesimple
0eb61f26f2 meta: dev: add devenv docker, pre-commit info, and doc 2023-10-03 14:23:30 +02:00
Stéphane Lesimple
d70e52a09b release v3.14.00 2023-09-19 17:32:43 +02:00
Stéphane Lesimple
a6a25fd53b feat: add type8 and type9 password hashes 
This requires the-bastion-mkhash-helper v1.1.0+
 2023-09-19 17:12:48 +02:00
Stéphane Lesimple
5dc50b3e57
feat: add stealth_stderr/stdout ttyrec support, enable it for scp (#413) 2023-09-19 15:27:00 +02:00
Stéphane Lesimple
ee149cb185
release v3.13.01 (#410) 2023-08-23 11:41:43 +02:00
Stéphane Lesimple
9bdfca1c76 release v3.13.00 2023-07-28 14:18:15 +02:00
Stéphane Lesimple
a65c53b76e enh: use ttyrec instead of sqlite to record plugin output 2023-07-28 11:09:10 +02:00
Stéphane Lesimple
bd82ee49b7 release v3.12.00 2023-06-27 14:13:22 +02:00