self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-21 17:53:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
2363 commits 3226 branches 4171 tags 1.3 GiB
Commit graph

429 commits

Author SHA1 Message Date
Sasha Klizhentas f1f5a1e413 Merge branch 'master' into sasha/sessions 2017-03-10 17:33:41 -08:00
Russell Jones 084a9211c3 Call ConvertResponse to convert error to internal error type based on 
HTTP response code and HTTP body contents.
 2017-03-10 17:05:43 -08:00
Sasha Klizhentas ef9336dbfa fix tests and roles 2017-03-10 16:41:14 -08:00
Sasha Klizhentas ff9a0a458e more code 2017-03-10 15:50:39 -08:00
Russell Jones 2f70866e5a Added TrustedCluster resource. 2017-03-09 13:49:44 -08:00
Russell Jones 54c7f1cd32 Added dynamic_config and removed seed_config. 2017-03-01 16:44:34 -08:00
Russell Jones cfe92d7ad2 Fixed bugs created in #783. Updated response returned from /webapi/ping and 
/web/config.js. Added support for authentication selection based off ping
response in tsh.
 2017-02-23 13:45:19 -08:00
Russell Jones 1dcd3e11e5 Refactored authentication configuration, created resources for dynamic configuration of authentication configuration, and updated documentation. 2017-02-22 11:48:06 -08:00
Sasha Klizhentas d6ff6f6204 Configure web session duration, fixes #691 
* Fix bug with OIDC powered sessions logged out after 10 minutes
* Adjust web sessions durations by taking roles into account
* Provide explicit TTL enforced on the server side for bearer tokens

Before this PR the web session TTL was measured using defaults,
10 minutes for local sessions and 1 hour for OIDC sessions and
the system relied on client to renew the bearer token.

With this change bearer token TTL is set to 10 minutes
and the entire web session will expire if not renewed before

The maximum session duration is set to 12 hours, if not
limited to a smaller value by roles in RBAC modules.
 2017-02-17 16:16:44 -08:00
Russell Jones ff443f7b51 Deduplicate principals for host certificates. 2017-02-13 11:28:36 -08:00
Sasha Klizhentas 4967287946 fix sessions and web UI 2017-02-12 14:19:01 -08:00
Sasha Klizhentas e48932e97d Merge branch 'master' into sasha/iface 2017-02-11 11:09:19 -08:00
Sasha Klizhentas c9c4f73437 another fix 2017-02-11 11:05:09 -08:00
Sasha Klizhentas b569b04494 work in progress sessions 2017-02-10 18:55:51 -08:00
Russell Jones 8029318647 Use a fake clock in OTP tests. 2017-02-10 22:46:26 +00:00
Russell Jones 6464f3904e Fix TOTP test that would occasionally fail due to timing issues. 2017-02-10 19:43:57 +00:00
Russell Jones 23f964968c Admin certificate revered back to only host uuid for backward compatibility. 2017-02-09 16:43:16 -08:00
Russell Jones 6295213815 Host certificate now presents two principals: hostUUID.clusterName and nodeName.clusterName. 2017-02-08 18:34:29 -08:00
Ev Kontsevoy 7d534a7c50 Fixed window resize problems 2017-02-04 01:02:23 -08:00
Ev Kontsevoy 3b9b78ff19 Polish CLI client integration into web terminal 2017-02-03 17:35:52 -08:00
Sasha Klizhentas fc2ecacce2 properly invalidate oidc clients 2017-02-01 18:49:45 -08:00
Sasha Klizhentas 2513936677 invalidate OIDC connectors on updates and deletes 2017-02-01 16:31:56 -08:00
Ev Kontsevoy 9a322f0326 Resolved the issue of having too many certs in ssh-agent 
The solution:

When the new key is added, `tsh` will remove the certs with the same key
id from the ssh-agent cache.
 2017-01-31 21:52:17 -08:00
Sasha Klizhentas 1eb8a0dc7b fix panic 2017-01-30 22:11:32 -08:00
Sasha Klizhentas 8d1c3392cf fix tests 2017-01-30 21:43:01 -08:00
Sasha Klizhentas 83d979d007 fixing tests 2017-01-30 20:18:15 -08:00
Sasha Klizhentas cc3d20a0f2 some work 2017-01-30 18:57:58 -08:00
Ev Kontsevoy e7f44bfcd6 SSH port lookup on the proxy side 
Before this commit, tsh HAD to know which SSH port the server is
listening on. Meanwhile the proxy _already knows_ which port every
server is listening on! This made it inconvenient to use tsh when
non-default port was used.

This commit makes proxy smarter:

- If `-p` flag is explicitly set, proxy looks for this port and gives an
  intelligent error if the port doesn't match what's actually used.

- If `-p` is skipped, the proxy automatically uses the correct port,
  and what's cooler it uses port `22` if connecting to OpenSSH servers.

This commit fixes the second issue of #729
 2017-01-29 16:58:50 -08:00
Ev Kontsevoy b14320beae Nicer error message 2017-01-29 14:43:08 -08:00
Ev Kontsevoy ff2fd9ca47 Code review changes 2017-01-25 13:45:46 -08:00
Sasha Klizhentas 74ac7b45ed update according to code review comments 2017-01-25 09:31:18 -08:00
Sasha Klizhentas d45b94b321 deny access in case of missing roles, fixes #724 2017-01-24 09:08:49 -08:00
Ev Kontsevoy 7da705e47b Two fixes in one commit 
Fix one:

Fixed typo in defining `teleport.HOTP` constant.
This fixes bug #721

Fix two:

Removes 'drop tunnel connection' logic on any tunnel-related error. This
fixes 2nd problem "Handling Unreachable nodes" for issue #717 (see
klizhentas comment there)
 2017-01-22 19:55:54 -08:00
Alexander Klizhentas 6f38f4f418 Merge branch 'master' into sasha/cert 2017-01-17 14:23:05 -08:00
Russell Jones 05efdb2a17 Moved Check* methods into auth package. 2017-01-17 14:17:03 -08:00
Sasha Klizhentas 3b019f7308 check permissions of proper user 
* GenerateUserCert should check permissions of a user that
is about to get certificate, not the currently authenticated
user, because these users do not always match
 2017-01-17 12:57:29 -08:00
Russell Jones 1c0313794e Removing un-used imports. 2017-01-17 11:28:25 -08:00
Russell Jones 9e0c439927 Added TOTP support and deprecated HOTP support. New users are created with TOTP as the second factor, but HOTP backward compatibility is maintained by allowing users created before this commit to continue to log in with HOTP tokens. 2017-01-17 11:24:52 -08:00
Ev Kontsevoy ac205ad530 Finished cleaning up storage back-ends 
I hope this closes #688
 2017-01-15 23:23:37 -08:00
Ev Kontsevoy 7040331660 Fixed all tests 
Also replaced mailgun.FrozenTime with `clockwork` in a few places
(mailgun's frozen time still remains elsewhere)
 2017-01-15 16:28:18 -08:00
Ev Kontsevoy 52fa112ee9 Non-functional changes (comments, formatting) 2017-01-09 23:39:40 -08:00
Sasha Klizhentas aad5bba5a1 fix migrations from V1 
Trusted clusters and cert authorities static configuration
sections were not properly processed and we've been creating
incomplete V2 objects in the database. This commit fixes the problem
 2017-01-02 12:49:05 -08:00
Sasha Klizhentas 084651fbb0 fix migrations 2016-12-30 19:23:51 -08:00
Sasha Klizhentas 6dc157985e Merge branch 'master' into sasha/oidc 2016-12-30 16:51:13 -08:00
Sasha Klizhentas 6db29f37ad fixes 2016-12-30 16:07:56 -08:00
Ev Kontsevoy db2c09e630 Fixed tests 2016-12-30 15:01:27 -08:00
Sasha Klizhentas 5eedbea1ad fix integration tests 2016-12-30 14:47:52 -08:00
Sasha Klizhentas 98e613a4ea web tests recovered 2016-12-30 13:25:35 -08:00
Ev Kontsevoy 2035ace860 Dead code elimination and more comments 
This commit does not change the behavior
 2016-12-30 12:30:55 -08:00
Sasha Klizhentas 3a7db7d29c SSH server tests recovered 2016-12-30 12:20:48 -08:00