262 Commits (master)

Author	SHA1	Message	Date
Stéphane Lesimple	36850d6a05	fix: early check for port validity to avoid warnings later on	2 months ago
Stéphane Lesimple	01c896ba63	release v3.23.01	4 months ago
Stephane Lesimple	44488e8300	fix: add accountGidMin to avoid stealing an account's GID ... Between account system groups (bearing the same GID number than the UID they pertain to) and bastion groups, there might be collisions on bastions with a very high amount of both accounts and groups. This is only of importance if you're using fixed UIDs to create accounts, and can't let the system pick the UIDs itself (for example because these UIDs are referenced in some other system of your company). This fix applies a GID shifting to all the bastion groups to ensure they can never take a GID that would pertain to a later-to-be-created account with a fixed GID. This shift amount is configurable in bastion.conf as ``accountGidMin``, 500000 by default. Use the updated bin/admin/fix-group-gid.sh script to shift any preexisting group GID that would be out of the new groupGidMin range.	4 months ago
Stéphane Lesimple	7275605565	release v3.23.00 (#605) ... * release v3.23.00 * Update doc/release-notes/v3.23.00.md --------- Co-authored-by: Adrien Barreau <adrien.barreau@live.fr>	5 months ago
Stéphane Lesimple	7457f3db0d	feat: add admin script apply-ingress-keys-from-globally.pl (#604)	5 months ago
Stéphane Lesimple	98336fdafe	feat: httpproxy: add support for more HTTP methods (#601) ... By default this stays as before (GET and POST), but more methods can be allowed through the HTTP Proxy configuration.	5 months ago
Stéphane Lesimple	aa14c0e14f	enh: allow colon in remote user names (#602)	5 months ago
Stéphane Lesimple	f8694351e8	chore: bump version number to v3.22.00	8 months ago
Stéphane Lesimple	d55aa7e1e9	release v3.21.00	9 months ago
Stéphane Lesimple	8184991f7b	chore: shell functions: detect OS without requiring uname	9 months ago
Stéphane Lesimple	7cac4dc911	chore: remove references to NetBSD/OpenBSD in the code	9 months ago
Stéphane Lesimple	8e25642f42	fix: remove tests for DSA keys, compiled out of recent OpenSSH versions ... These keys have always been denied by the bastion code anyway.	9 months ago
Stéphane Lesimple	2873af8221	fix: supported key algorithms detection for OpenSSH >= 10	9 months ago
Stéphane Lesimple	686b56619d	fix: workaround a deluser bug in Debian 13	9 months ago
Stéphane Lesimple	9cf946ec42	fix: groupAddServer: don't ignore --force-key (close #561)	10 months ago
Stéphane Lesimple	cdbd6c701e	fix: FreeBSD compat for 2 cron scripts (#550)	11 months ago
Stéphane Lesimple	ad23386b84	fix: logic error validating idle(Lock|Kill)Timeout config values (close #549)	11 months ago
Stéphane Lesimple	2851d6f42c	release v3.20.00	1 year ago
Stéphane Lesimple	74447f58a7	fix: httpproxy: allow binary data to be passed through unmodified	1 year ago
Stéphane Lesimple	68c726930b	enh: ensure JSON streams are purely us-ascii	1 year ago
Nabil	fcc3044903	Fix: typos	1 year ago
Stéphane Lesimple	c83add8d8c	release v3.19.01	1 year ago
Stéphane Lesimple	f79b186727	chore: github actions: replace ubuntu 20.04 by 24.04 (EOL)	1 year ago
Stéphane Lesimple	11cb6ce351	feat: httpproxy: optional support for plain http on egress	1 year ago
Stéphane Lesimple	082b2f9176	release v3.19.00	1 year ago
Stéphane Lesimple	ebf4719cad	enh: use only TL1 special chars when generating passwords	1 year ago
Roy van Baekel	c9503f50e7	Implement ssh --forward-agent | -x functionality	1 year ago
Stéphane Lesimple	4dbc32e2e9	release v3.18.99-rc1	1 year ago
Stéphane Lesimple	43d5e8e986	enh: 35% faster is_valid_ip() when fast=1	1 year ago
Stéphane Lesimple	fdb6c292a8	chore: use proper naming of 'subnet' instead of 'prefix' or 'slash' ... To avoid confusion, we now use 'subnet' to talk about a subnet represented with the CIDR notation, such as 10.0.0.0/8. In in that case: - 10.0.0.0/8 is a 'subnet' - 10.0.0.0 is the 'prefix' - 8 is the 'prefix length', or by extension the 'subnet length' Use these words everywhere in the code and documentation for clarity.	1 year ago
Stéphane Lesimple	cb66961d82	fix: is_in_any_net: support matching netblocks	1 year ago
Stéphane Lesimple	8d33197061	feat: IPv6 support	1 year ago
Stéphane Lesimple	58354cc305	chore: factorize user@host:port display in machine_display()	1 year ago
Stéphane Lesimple	1d9ae483da	chg: set ECDSA as default egress key algo for new installs	1 year ago
Stéphane Lesimple	1859d6ab41	release v3.18.00	1 year ago
Stéphane Lesimple	92bc512050	feat: add assetForgetHostKey	1 year ago
Stéphane Lesimple	55f276e8cf	release v3.17.01	2 years ago
Stéphane Lesimple	117f222338	chore: change pod cuts to make recent versions of perltidy happy	2 years ago
TomRicci	a64db67fe2	fix: lint ACL.pm	2 years ago
TomRicci	dc27e041a0	fix: message protocol in ACL.pm	2 years ago
Stéphane Lesimple	529a1325d5	enh: interactive: handle CTRL+C nicely (fix #497)	2 years ago
Stéphane Lesimple	eb866bd16b	release v3.17.00	2 years ago
Stéphane Lesimple	4196a5b1c7	release v3.16.99-rc3	2 years ago
Stéphane Lesimple	3ee9a5d896	fix: regression introduced by 932e72e for stealth stdout in ssh ... Before 932e72e, plugin-scoped stealthStdout was ignored, which was fixed by 932e72e which in turn made ssh ignore the pattern-based egress ssh stealthStdout option. This fix ensures stealthStdout is honored for both plugins and egress ssh.	2 years ago
Stéphane Lesimple	a0ec3ff9ee	release v3.16.99-rc2	2 years ago
Stéphane Lesimple	accd50eea7	feat: add rsync support to --protocol	2 years ago
Stéphane Lesimple	858bb5157e	enh: plugins: add validate_tuple() so a plugin can validate user@host:port independently	2 years ago
Stéphane Lesimple	19ef1b2668	enh: plugins: add --protocol to handle scp, sftp, rsync ... Replace --sftp --scpup --scpdown by --protocol PROTOCOL. Also take the opportunity to replace --user-any by --user * and --port-any by --port *. All the legacy options are still supported but are now undocumented.	2 years ago
Stéphane Lesimple	454c16b4ce	refacto: move special protocols checks into a lib	2 years ago
Stéphane Lesimple	733e67ef1d	enh: add lock for group ACL change to avoid race conditions	2 years ago