Ev Kontsevoy
2035ace860
Dead code elimination and more comments
...
This commit does not change the behavior
2016-12-30 12:30:55 -08:00
Ev Kontsevoy
ed8604f757
Semi-serious connection overhaul of Teleport SSH
...
- Added idle timeout handling to every SSH connection.
- A bit of code refactoring (removing unused code paths)
Most importantly:
Added a custom SSH handshake between SSH Teleport proxies
and SSH Teleport servers. This handshake sends a custom JSON payload
from a proxy to a server, allowing to exchange additional information,
like the true IP of a client.
2016-12-30 01:21:28 -08:00
Ev Kontsevoy
4ed536a2f0
First pass at cleaning up DynamoDB and locks
...
- Added ability to read AWS config from `~/.aws` directory for testing
- Fixed TTL bug in DynamoDB back-end
- Made FS back-end return similar error types as Boltdb does
- Cleaned up buggy tests for DynamoDB
- Removed unnecessary locks everywhere in code
2016-12-27 00:12:59 -08:00
Ev Kontsevoy
5df0cf03c7
Merge branch 'master' into sasha/dynamic
2016-12-25 00:37:38 -08:00
Sasha Klizhentas
629d837064
pass token TTL, fixes #660
2016-12-24 15:53:56 -08:00
Sasha Klizhentas
8ab3add372
map OIDC scopes to roles, implements #620
2016-12-24 14:42:33 -08:00
Sasha Klizhentas
d214f5d5e2
address code review comments
2016-12-22 19:06:07 -08:00
Sasha Klizhentas
e054fd0fb0
fix more tests
2016-12-21 15:43:59 -08:00
Sasha Klizhentas
c8217f6d35
add missing pieces
2016-12-21 14:58:26 -08:00
Sasha Klizhentas
aa41f032a3
more fixes
2016-12-20 14:01:46 -08:00
Sasha Klizhentas
4222822a4e
cover lock logic by tests and fix some bugs
2016-12-20 12:27:20 -08:00
Sasha Klizhentas
dfd58dccb6
several fixes
2016-12-20 11:04:11 -08:00
Sasha Klizhentas
b87bef2378
create default namespace on start
2016-12-19 09:48:55 -08:00
Sasha Klizhentas
5abf6d44d5
continue fixing tests and code
2016-12-18 16:58:53 -08:00
Sasha Klizhentas
cb143dab46
ssh server tests recovered
2016-12-18 13:36:02 -08:00
Sasha Klizhentas
13d61781b7
recover auth server tests
2016-12-18 12:00:17 -08:00
Sasha Klizhentas
1fee2980f2
login attempts fix
2016-12-16 19:33:18 -08:00
Sasha Klizhentas
66a52519fc
recovered more tests
2016-12-16 15:22:34 -08:00
Sasha Klizhentas
5755f7f74f
recovering tests
2016-12-16 13:57:13 -08:00
Sasha Klizhentas
cedacb92aa
migrate users, add role per user
2016-12-16 11:25:17 -08:00
Sasha Klizhentas
4ce3a7992c
fix OIDC
2016-12-16 09:02:31 -08:00
Sasha Klizhentas
44e9580041
add bunch of notest
2016-12-15 20:12:17 -08:00
Sasha Klizhentas
e513a789c5
Add signing constraints
2016-12-15 20:08:48 -08:00
Sasha Klizhentas
4f7ddfed92
Integrate roles with auth server
2016-12-15 17:10:43 -08:00
Sasha Klizhentas
eae8c2a00d
fix
2016-12-15 09:42:44 -08:00
Sasha Klizhentas
c56ae26635
more work
2016-12-14 18:16:00 -08:00
Sasha Klizhentas
2dceb42547
Merge branch 'master' into sasha/rbac
2016-12-14 16:36:55 -08:00
Sasha Klizhentas
7e97b10032
add support for namespaces almost everywhere
2016-12-14 15:48:36 -08:00
Sasha Klizhentas
f8be49d3db
apiserver work and refactoring
2016-12-13 18:18:44 -08:00
Sasha Klizhentas
698e615fd7
make API backwards compatible with pre-namespaces
2016-12-13 14:20:52 -08:00
Sasha Klizhentas
9cba8efd32
APIServer refactoring
2016-12-12 19:26:59 -08:00
Sasha Klizhentas
3678cf56e0
new permission checking system
2016-12-11 16:52:22 -08:00
jcj83429
2e43b34f30
Merge branch 'master' into u2f-devel
2016-12-10 20:50:11 -08:00
jcj83429
f2e589ee53
fix hiding of u2f-related things in web ui when u2f is disabled
2016-12-10 20:01:12 -08:00
Sasha Klizhentas
0f4db522b9
add interface support
2016-12-09 17:31:05 -08:00
jcj83429
a81164a86e
mocku2f: add support for different key handles
...
and general code cleanup
2016-12-09 15:44:15 -08:00
jcj83429
4920164616
add comments to U2F related functions in tun.go
2016-12-09 14:50:00 -08:00
jcj83429
3771689d2e
new_web_user.go: use trace.DebugReport to log error
2016-12-09 14:43:27 -08:00
jcj83429
0f113f18bd
new_web_user.go: rename u2fRegReq -> request
2016-12-09 14:11:48 -08:00
jcj83429
c9ebd8ce3e
new_web_user.go: avoid repeatedly constructing lock path
2016-12-09 14:11:05 -08:00
Alex Charles
75a95a7916
mocku2f uses trace for err handling
2016-12-08 02:32:07 -08:00
Alex Charles
9e743f803a
Some cleanup for PR. Mostly appId -> appID, U2f -> U2F
2016-12-08 02:23:51 -08:00
jcj83429
0274afba8d
group the u2f configs in auth_service
...
OLD:
auth_service:
u2fappid: https://mycorp.com/appid.js
u2ftrustedfacets:
- https://proxy1.mycorp.com:3080
- https://proxy2.mycorp.com:3080
NEW:
auth_service:
u2f:
enabled: yes
appid: https://mycorp.com/appid.js
facets:
- https://proxy1.mycorp.com:3080
- https://proxy2.mycorp.com:3080
2016-12-07 19:37:22 -08:00
jcj83429
0f0cea1009
rename web APIs
...
signinpreauth -> signin/preauth
u2f/inviteregisterrequest -> u2f/signuptokens
u2f/newuser -> u2f/users
u2f/signrequest/:user -> u2f/users/:user/sign
2016-12-07 17:25:16 -08:00
Sasha Klizhentas
6a9b847c56
move test
2016-12-06 17:03:22 -08:00
Sasha Klizhentas
f3a3104934
lift permission restriction
2016-12-06 16:43:43 -08:00
Sasha Klizhentas
ab19c70032
implement cert gen CLI tool
2016-12-06 10:43:19 -08:00
Jay
ade8b1dc7b
Fixed merge conflicts with original repository
2016-11-30 17:08:20 -08:00
Jay
b06d3c5f98
Fixed Format for Merging
2016-11-30 16:41:07 -08:00
jcj83429
06b33cca59
rename u2f apis to remove underscores
2016-11-30 12:05:50 -08:00