the-bastion

Commit Graph

Author	SHA1	Message	Date
Stéphane Lesimple	f3a7353f9f	enh: expiration: reorder code and remove legacy checks The accountCreate.comment file no longer exists, and migration has been handled by the install script since several years, so get rid of the code that still reference it. Defaulting on the ttyrec folder date to guess last login time is not needed, checking the lastlog file is enough. Add a syslog warning for accounts where we can't determine the last login date. Still allow them to login if no expiration policy is set, deny them otherwise.	1 year ago
Stéphane Lesimple	fdb6c292a8	chore: use proper naming of 'subnet' instead of 'prefix' or 'slash' To avoid confusion, we now use 'subnet' to talk about a subnet represented with the CIDR notation, such as 10.0.0.0/8. In in that case: - 10.0.0.0/8 is a 'subnet' - 10.0.0.0 is the 'prefix' - 8 is the 'prefix length', or by extension the 'subnet length' Use these words everywhere in the code and documentation for clarity.	1 year ago
Stéphane Lesimple	9e357333db	chg: groupInfo: remove deprecated JSON fields Remove 'partial_members' and 'full_members' from JSON output, which were replaced by 'members' and 'guests' since pre-v3.00.00	1 year ago
Stéphane Lesimple	26932258be	enh: accountInfo: add osh-only information for accounts	1 year ago
Stéphane Lesimple	92d8b421c2	fix: groupInfo: don't attempt to (and fail) display the guest list when account doesn't have access to it	1 year ago
Stéphane Lesimple	a20a3b8a5d	fix: accountInfo: don't attempt (and fail) to display info non-auditors don't have access to	1 year ago
Stéphane Lesimple	598ba3f33c	fix: deny netblocks for nc, mtr, ping, alive plugins	1 year ago
Stéphane Lesimple	92bc512050	feat: add assetForgetHostKey	1 year ago
Stéphane Lesimple	62613bf894	fix: scp: downloads would sometimes stall (#486 )	1 year ago
TomRicci	e418b5126c	fix: message scpdownload scpupload in scp	2 years ago
TomRicci	457df64290	fix: message scpdownload scpupload in groupDelGuestAccess	2 years ago
TomRicci	a0e6486753	fix: message scpdownload scpupload in groupAddGuestAccess	2 years ago
TomRicci	ecceeb8bb5	fix: message scpdownload scpupload in accountAddPersonalAccess	2 years ago
TomRicci	92f7dcc920	fix: message scpdownload scpupload in selfDelPersonalAccess	2 years ago
TomRicci	f67f064e67	fix: message scpdownload scpupload in selfAddPersonalAccess	2 years ago
TomRicci	6842792bce	fix: message scpdownload scpupload in accountDelPersonalAccess	2 years ago
Stéphane Lesimple	accd50eea7	feat: add rsync support to --protocol	2 years ago
Stéphane Lesimple	19ef1b2668	enh: plugins: add --protocol to handle scp, sftp, rsync Replace --sftp --scpup --scpdown by --protocol PROTOCOL. Also take the opportunity to replace --user-any by --user * and --port-any by --port *. All the legacy options are still supported but are now undocumented.	2 years ago
Stéphane Lesimple	454c16b4ce	refacto: move special protocols checks into a lib	2 years ago
Stéphane Lesimple	4ef9c6ddde	feat: add --egress-session-multiplexing option to accountModify	2 years ago
Stéphane Lesimple	f4de5957a3	feat: add groupSetServers	2 years ago
Stéphane Lesimple	97c0252605	enh: selfPlaySession: remove sqliteLog.ttyrecfile dependency We'll try to find the ttyrec file ourselves, given the uniqid. This also enables ttyplaying for osh plugins.	2 years ago
Stéphane Lesimple	f09a2064d7	chore: selfMFASetupPassword: clearer message	2 years ago
Stéphane Lesimple	3ba789ed34	chore: adapt help messages for wildcard --user support	2 years ago
Stéphane Lesimple	2e96603300	feat: support wildcards in --user (fix #461 )	2 years ago
Stéphane Lesimple	b1396b2ed7	fix: accountFreeze: restore json results	2 years ago
Stéphane Lesimple	47b51c79ee	feat: accountFreeze: terminate running sessions if any	2 years ago
Stéphane Lesimple	b3361d3ed1	fix: selfGenerateProxyPassword: help message was incorrect	2 years ago
Stéphane Lesimple	72b757457c	enh: info: removed uname dependency, added configuration	2 years ago
Stéphane Lesimple	1f6e6c3639	fix: alive: don't mask signals	2 years ago
Stéphane Lesimple	3646badbdf	release 3.16.00	2 years ago
Stéphane Lesimple	3c9382a192	enh: use print_accepted_key_algorithms everywhere	2 years ago
Pierre-Elliott Bécue	1e44092c16	Factor out in a generic function the helper listing allowed ssh key algorithm	2 years ago
Pierre-Elliott Bécue	d0ac9eabb9	Implement Ingress Secure Keys	2 years ago
Stéphane Lesimple	c53f50ddf9	enh: remove nc dependency	2 years ago
Stéphane Lesimple	54321ff706	enh: add a few autocompletes	2 years ago
Stéphane Lesimple	0314798c87	enh: interactive: allow multi-spaces in autocompletes	2 years ago
Stéphane Lesimple	867410a16d	enh: plugins: better signal handling to avoid dangling children processes	2 years ago
Stéphane Lesimple	6dd43c66c0	enh: batch: openhandle() is overkill and doesn't work on EOF	2 years ago
Stéphane Lesimple	692ebca3c2	fix: accountInfo: return always_active=1 for globally-always-active accounts	2 years ago
Stéphane Lesimple	345a1f951f	fix: don't exit with fping host is unreachable As ping can return unknown exit codes for unknown cases, just never bail out to avoid taking bad decisions, as we retry each second maximum, there's no DoS risk	2 years ago
Stéphane Lesimple	47e058c272	refacto: use osh_print to obey force_stderr	3 years ago
Stéphane Lesimple	1bcec68d2a	enh: scp and sftp with mfa support	3 years ago
Stéphane Lesimple	5ba7e52054	refacto: osh.pl: move hardcoded plugin special cases to config	3 years ago
Stéphane Lesimple	213bd28616	fix: scp: adapt wrapper and tests to new scp versions	3 years ago
Stéphane Lesimple	13c885df42	enh: enable stealth_stdout mode for sftp	3 years ago
Stéphane Lesimple	a6a25fd53b	feat: add type8 and type9 password hashes This requires the-bastion-mkhash-helper v1.1.0+	3 years ago
Stéphane Lesimple	5dc50b3e57	feat: add stealth_stderr/stdout ttyrec support, enable it for scp (#413 )	3 years ago
Stéphane Lesimple	87d3f721e5	fix: clush: restore default handlers for SIGHUP/PIPE	3 years ago
Stéphane Lesimple	4d8b5f520d	fix: selfMFASetupPassword: restore default sighandlers to avoid being zombified	3 years ago

1 2 3

144 Commits (expiration)