the-bastion

Commit Graph

Author	SHA1	Message	Date
Stéphane Lesimple	7951d7b087	enh: clush: keep hosts order and no longer dedupe them The hosts order might have some importance for the caller, so don't attempt to sort them. Also don't try to dedupe them, it might be for some reason that the same host appears twice in the list, so don't make any assumptions on how we are used and just apply the command on the given hosts, exactly in the order given.	8 months ago
Stéphane Lesimple	9473e5437b	fix: scp/sftp: handle case where TMPDIR is mounted in noexec (#569 ) * fix: scp/sftp: handle case where TMPDIR is mounted in noexec * review: fix copy/paste Co-authored-by: Adrien Barreau <adrien.barreau@live.fr> --------- Co-authored-by: Adrien Barreau <adrien.barreau@live.fr>	9 months ago
Stéphane Lesimple	ed6ea14fb6	fix: ping max deadline is 3600 on FreeBSD (close #547 )	10 months ago
Stéphane Lesimple	395243f665	fix: sftp wrapper: handle -P properly (close #553 )	10 months ago
Stéphane Lesimple	763ae8e9a7	enh: scp: add more scp options, update doc	10 months ago
Nabil	fcc3044903	Fix: typos	1 year ago
Stéphane Lesimple	f79b186727	chore: github actions: replace ubuntu 20.04 by 24.04 (EOL)	1 year ago
Stéphane Lesimple	02bacede06	fix: selfPlaySession: warn in syslog properly	1 year ago
Stéphane Lesimple	fdb6c292a8	chore: use proper naming of 'subnet' instead of 'prefix' or 'slash' To avoid confusion, we now use 'subnet' to talk about a subnet represented with the CIDR notation, such as 10.0.0.0/8. In in that case: - 10.0.0.0/8 is a 'subnet' - 10.0.0.0 is the 'prefix' - 8 is the 'prefix length', or by extension the 'subnet length' Use these words everywhere in the code and documentation for clarity.	1 year ago
Stéphane Lesimple	9e357333db	chg: groupInfo: remove deprecated JSON fields Remove 'partial_members' and 'full_members' from JSON output, which were replaced by 'members' and 'guests' since pre-v3.00.00	1 year ago
Stéphane Lesimple	92d8b421c2	fix: groupInfo: don't attempt to (and fail) display the guest list when account doesn't have access to it	1 year ago
Stéphane Lesimple	598ba3f33c	fix: deny netblocks for nc, mtr, ping, alive plugins	1 year ago
Stéphane Lesimple	62613bf894	fix: scp: downloads would sometimes stall (#486 )	1 year ago
TomRicci	e418b5126c	fix: message scpdownload scpupload in scp	2 years ago
Stéphane Lesimple	accd50eea7	feat: add rsync support to --protocol	2 years ago
Stéphane Lesimple	454c16b4ce	refacto: move special protocols checks into a lib	2 years ago
Stéphane Lesimple	97c0252605	enh: selfPlaySession: remove sqliteLog.ttyrecfile dependency We'll try to find the ttyrec file ourselves, given the uniqid. This also enables ttyplaying for osh plugins.	2 years ago
Stéphane Lesimple	f09a2064d7	chore: selfMFASetupPassword: clearer message	2 years ago
Stéphane Lesimple	b3361d3ed1	fix: selfGenerateProxyPassword: help message was incorrect	2 years ago
Stéphane Lesimple	72b757457c	enh: info: removed uname dependency, added configuration	2 years ago
Stéphane Lesimple	1f6e6c3639	fix: alive: don't mask signals	2 years ago
Stéphane Lesimple	3c9382a192	enh: use print_accepted_key_algorithms everywhere	2 years ago
Pierre-Elliott Bécue	1e44092c16	Factor out in a generic function the helper listing allowed ssh key algorithm	2 years ago
Pierre-Elliott Bécue	d0ac9eabb9	Implement Ingress Secure Keys	2 years ago
Stéphane Lesimple	c53f50ddf9	enh: remove nc dependency	2 years ago
Stéphane Lesimple	0314798c87	enh: interactive: allow multi-spaces in autocompletes	2 years ago
Stéphane Lesimple	867410a16d	enh: plugins: better signal handling to avoid dangling children processes	2 years ago
Stéphane Lesimple	6dd43c66c0	enh: batch: openhandle() is overkill and doesn't work on EOF	2 years ago
Stéphane Lesimple	345a1f951f	fix: don't exit with fping host is unreachable As ping can return unknown exit codes for unknown cases, just never bail out to avoid taking bad decisions, as we retry each second maximum, there's no DoS risk	2 years ago
Stéphane Lesimple	47e058c272	refacto: use osh_print to obey force_stderr	3 years ago
Stéphane Lesimple	1bcec68d2a	enh: scp and sftp with mfa support	3 years ago
Stéphane Lesimple	5ba7e52054	refacto: osh.pl: move hardcoded plugin special cases to config	3 years ago
Stéphane Lesimple	213bd28616	fix: scp: adapt wrapper and tests to new scp versions	3 years ago
Stéphane Lesimple	13c885df42	enh: enable stealth_stdout mode for sftp	3 years ago
Stéphane Lesimple	a6a25fd53b	feat: add type8 and type9 password hashes This requires the-bastion-mkhash-helper v1.1.0+	3 years ago
Stéphane Lesimple	5dc50b3e57	feat: add stealth_stderr/stdout ttyrec support, enable it for scp (#413 )	3 years ago
Stéphane Lesimple	87d3f721e5	fix: clush: restore default handlers for SIGHUP/PIPE	3 years ago
Stéphane Lesimple	4d8b5f520d	fix: selfMFASetupPassword: restore default sighandlers to avoid being zombified	3 years ago
Stéphane Lesimple	0515753f91	fix: add missing autocompletions, readonly flags and help category for some plugins	3 years ago
Stéphane Lesimple	f7f1514dd0	fix: groupInfo: show group name in human-readable output	3 years ago
Stéphane Lesimple	eb9a25a9ac	fix: groupInfo: empty gk and guest accesses list Introduced in `7a825aeec4`	3 years ago
Stéphane Lesimple	7a825aeec4	feat: add --all to groupInfo and accountInfo	3 years ago
Stéphane Lesimple	f4abfc1ba8	feat: add sftp support	3 years ago
Stéphane Lesimple	521836b17b	fix: rare race condition introduced by `b7f4909` Under some specific conditions, the execute() call could get deadlocked with the program it started, both waiting for each other to read or write data. This is easier to reproduce with the `scp` plugin, where the transfer would just stall. Introduce an additional intermediate buffer to avoid this race condition.	4 years ago
Stéphane Lesimple	21f29680b6	fix: basic mitigation for scp's CVE-2020-15778 This CVE will not be fixed by scp authors, and as far as The Bastion is concerned, this can't be achieved by anybody that doesn't already have shell access to the remote server in addition to the scp rights, but let's still block it for good measure.	4 years ago
Stéphane Lesimple	720222c423	fix: batch: don't attempt to read if stdin is closed	4 years ago
Stéphane Lesimple	7b3c721f66	doc: add a missing parameter in ping's help	4 years ago
Stéphane Lesimple	a86f25470a	chore: selfListEgressKeys: fix typo	4 years ago
Stéphane Lesimple	72cefa6417	fix: performance issues introduced by `effab4a` Commit that introduced the performance degradation is `effab4a` (fix: workaround for undocumented caching in getpw/getgr funcs) Rewrote caching at the getpwent/getpwnam/getgrent/getgrnam level, which restores performance pre-effab4a and even enhances it in somes cases, for example on a 2000-accounts and 2000-groups bastion, we are: - 11% faster on --osh help - 35% faster on --osh selfListAccesses (reduces syscalls by 87%)	4 years ago
Thomas Soëte	da6d80bef1	fix: Bad plugin name	4 years ago

1 2

84 Commits (clush)