the-bastion

Commit Graph

Author	SHA1	Message	Date
Stéphane Lesimple	31dd4bf166	wip	1 year ago
Stéphane Lesimple	bc8abd0baa	wip	1 year ago
Stéphane Lesimple	3534f1060c	WIP validate all osh json output	1 year ago
Stéphane Lesimple	75793d55e2	chore: use proper naming of 'netblock' instead of 'prefix' To avoid confusion, we now use 'netblock' to talk about 10.0.0.0/8, with 10.0.0.0 being the 'prefix' and '8' being the 'prefix size' or 'netblock size'. Use these words everywhere in the code and documentation for clarity	1 year ago
Stéphane Lesimple	29aa8adff0	enh: 35% faster is_valid_ip() when fast=1	1 year ago
Stéphane Lesimple	30aba693ec	feat: IPv6 support	1 year ago
Stéphane Lesimple	7c42c78d80	chg: set ECDSA as default egress key algo for new installs	1 year ago
Stéphane Lesimple	288ff637d9	chore: tests: no longer run consistency check by default This is slow and almost never catched a bug, so consistency check is still supported but will not run by default, as it is quite slow, checking the system between each and every test. The option --skip-consistency-check is now ignored, and a new option to enable it has been added: --consistency-check	1 year ago
Stéphane Lesimple	f5f0cdfba4	chore: faster tests by removing grant/revoke command dance When restricted commands need to be used during tests, we now use "account0" which has all these commands granted, instead of granting/revoking commands every time with no added value with respect to the tests. This was previously required for OSes that have a limit to the number of groups an account can be a member of, but these OSes have now long been unsupported.	1 year ago
Stéphane Lesimple	ad54cc6aad	chore: speedup tests in 330-selfkeys.sh	1 year ago
Stéphane Lesimple	92bc512050	feat: add assetForgetHostKey	1 year ago
TomRicci	f599793c76	fix: protocol scpdownload scpupload in 395-mfa-scp-sftp-rsync.sh	1 year ago
Stéphane Lesimple	8cafbc854c	fix: allow ssh-as in connect.pl	1 year ago
Stéphane Lesimple	3ee9a5d896	fix: regression introduced by `932e72e` for stealth stdout in ssh Before `932e72e`, plugin-scoped stealthStdout was ignored, which was fixed by `932e72e` which in turn made ssh ignore the pattern-based egress ssh stealthStdout option. This fix ensures stealthStdout is honored for both plugins and egress ssh.	1 year ago
Stéphane Lesimple	accd50eea7	feat: add rsync support to --protocol	1 year ago
Stéphane Lesimple	f4de5957a3	feat: add groupSetServers	2 years ago
Stéphane Lesimple	2e96603300	feat: support wildcards in --user (fix #461 )	2 years ago
Stéphane Lesimple	77ab1e2336	fix: tests: Ubuntu 24.04 adjustments	2 years ago
Stéphane Lesimple	7487597d61	fix: tests: don't test FIDO2 on unsupported distros	2 years ago
perrze	0b13371165	Adding tests for secure keys feature	2 years ago
Stéphane Lesimple	a1efcec582	feat: replace --wait by a tcp-based connection try	2 years ago
Stéphane Lesimple	4216795895	fix: tests: detect definition errors in modules	2 years ago
Stéphane Lesimple	c53f50ddf9	enh: remove nc dependency	2 years ago
Stéphane Lesimple	496fe94dd3	enh: allow @ as a valid remote user char (fixes #437 )	2 years ago
Stéphane Lesimple	7423f6ad63	feat: add dnsSupportLevel option for systems with broken DNS (fixes #397 )	2 years ago
Stéphane Lesimple	d8f9423e8f	fix: scp/sftp: correctly bypass JIT MFA if asked to, when old helpers are used	2 years ago
Stéphane Lesimple	8625b74307	fix: tests for FreeBSD	2 years ago
Stéphane Lesimple	345a1f951f	fix: don't exit with fping host is unreachable As ping can return unknown exit codes for unknown cases, just never bail out to avoid taking bad decisions, as we retry each second maximum, there's no DoS risk	2 years ago
Stéphane Lesimple	59b04ab761	tests: add tests for MFA with scp/sftp	2 years ago
Stéphane Lesimple	b48463076f	feat: osh.pl: jit mfa for plugins	2 years ago
Stéphane Lesimple	ac5eb9b636	enh: tests: more mfa tests	2 years ago
Stéphane Lesimple	027521b875	chore: fix FreeBSD GitHub Action	2 years ago
Stéphane Lesimple	d3ece7b9f4	enh: add tests for multiple gpg keys setup	2 years ago
Stéphane Lesimple	213bd28616	fix: scp: adapt wrapper and tests to new scp versions	2 years ago
Stéphane Lesimple	a6a25fd53b	feat: add type8 and type9 password hashes This requires the-bastion-mkhash-helper v1.1.0+	2 years ago
Stéphane Lesimple	5dc50b3e57	feat: add stealth_stderr/stdout ttyrec support, enable it for scp (#413 )	2 years ago
Stéphane Lesimple	a50224a99d	chore: tests: ensure test modules don't pollute the caller's env	3 years ago
Stéphane Lesimple	cf405badfb	feat: add 2 configurable knobs to (self\|account)AddPersonalAccess widest_v4_prefix (maximum allowed prefix to add in a single ACL), and self_remote_user_only (only allow ACLs where the remote user is the same than the bastion account name)	3 years ago
Stéphane Lesimple	84687256a8	fix: --force-key wasn't working for groups Fixes #259	3 years ago
Stéphane Lesimple	a0d361b8da	fix: tests: race condition after sshd reload	3 years ago
Stéphane Lesimple	52d44ba993	chore: remove Debian openssh-blacklist logic All Debian versions supporting this are EOL by now.	3 years ago
Stéphane Lesimple	6f13149093	chore: bump OpenSUSE Leap tests from 15.3 to 15.4	3 years ago
Stéphane Lesimple	7a825aeec4	feat: add --all to groupInfo and accountInfo	3 years ago
Stéphane Lesimple	f4abfc1ba8	feat: add sftp support	3 years ago
Stéphane Lesimple	a7c0b5ec23	fix: typo in a func name in an error code path Fixes #372	3 years ago
Cédric Roussel	4d56c32853	fix: invalid suffixed account creation	3 years ago
Stéphane Lesimple	036f921c40	feat: add accountFreeze/accountUnfreeze	3 years ago
Stéphane Lesimple	521836b17b	fix: rare race condition introduced by `b7f4909` Under some specific conditions, the execute() call could get deadlocked with the program it started, both waiting for each other to read or write data. This is easier to reproduce with the `scp` plugin, where the transfer would just stall. Introduce an additional intermediate buffer to avoid this race condition.	3 years ago
Stéphane Lesimple	97b20c7ffe	tests: higher tolerance for TTL tests	3 years ago
Stéphane Lesimple	8c82c3441b	fix: accountInfo wasn't showing TTL account expiration #329	4 years ago

1 2 3

127 Commits (jsonvalidator)