self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-22 10:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
2003 commits 3221 branches 4173 tags 1.3 GiB
Commit graph

110 commits

Author SHA1 Message Date
Sasha Klizhentas 629d837064 pass token TTL, fixes #660 2016-12-24 15:53:56 -08:00
Sasha Klizhentas d214f5d5e2 address code review comments 2016-12-22 19:06:07 -08:00
Sasha Klizhentas dfd58dccb6 several fixes 2016-12-20 11:04:11 -08:00
Sasha Klizhentas 5755f7f74f recovering tests 2016-12-16 13:57:13 -08:00
Sasha Klizhentas 2dceb42547 Merge branch 'master' into sasha/rbac 2016-12-14 16:36:55 -08:00
Sasha Klizhentas 7e97b10032 add support for namespaces almost everywhere 2016-12-14 15:48:36 -08:00
Sasha Klizhentas f8be49d3db apiserver work and refactoring 2016-12-13 18:18:44 -08:00
Sasha Klizhentas 9cba8efd32 APIServer refactoring 2016-12-12 19:26:59 -08:00
Sasha Klizhentas 0f4db522b9 add interface support 2016-12-09 17:31:05 -08:00
Alex Charles 9e743f803a Some cleanup for PR. Mostly appId -> appID, U2f -> U2F 2016-12-08 02:23:51 -08:00
jcj83429 0f0cea1009 rename web APIs 
signinpreauth -> signin/preauth
u2f/inviteregisterrequest -> u2f/signuptokens
u2f/newuser -> u2f/users
u2f/signrequest/:user -> u2f/users/:user/sign
 2016-12-07 17:25:16 -08:00
jcj83429 06b33cca59 rename u2f apis to remove underscores 2016-11-30 12:05:50 -08:00
jcj83429 c2e7b5312b add u2f appid to the config.js. 
will make web ui hide u2f-related stuff if u2f appid is empty
 2016-11-28 00:21:37 -08:00
jcj83429 3b4c40c25d group the apiserver u2f endpoints together 2016-11-08 22:49:59 -08:00
jcj83429 2cff2aaa66 Merge upstream 'master' into u2f 
Conflicts:
	lib/config/fileconf.go
	tool/tsh/main.go
 2016-10-24 00:08:26 -07:00
jcj83429 bb0a25d617 Implemented U2F authentication on the server side 2016-10-16 14:03:43 -07:00
Ev Kontsevoy 2f9c669d26 Merge branch 'master' into ev/standalone 2016-10-14 00:11:41 -07:00
jcj83429 b79c4cffba Implmented U2F registration and some of authentication on the server side 
I know comments are very lacking right now. Once things are stable I will add
proper comments. Minimal manual testing of the U2F registration API was done
with a hardware U2F key. Some of the code may need to be cleaned up later to
remove excessively long variable names...

Currently we return an error rightaway if the username/password combo is wrong.
It's difficult to do U2F without revealing either whether a user exists or
whether the password is correct. Returning error immediately reveals whether
the user/password combo is valid, while waiting until we get a signed response
from the U2F device to announce whether the user/pass combo is valid can reveal
which users exist since we need to return a keyHandle in the U2F SignRequest
and generating fake keyHandles for nonexistent users can be difficult to get
right since there is no rigid format for keyHandle.
 2016-10-13 23:51:16 -07:00
Roman Tkachenko 20e281916a Relax requirements to domain name 2016-10-10 14:24:34 -07:00
Ev Kontsevoy baafe3a332 Renamed GetLocalDomain() to GetDomainName() 2016-10-09 17:27:56 -07:00
Sasha Klizhentas 438856e74d fix missing interface methods 2016-08-11 17:30:48 -07:00
Ev Kontsevoy 126a9e9ff8 Minor bugs regarding reverse tunnels 
- Friendly error messages when parsing configuration and establishing
  connection

- Bugs related to "first start" vs subsequent starts (reverse tunnells
  added to YAML file won't be seen upon restart)

- Nicer logging
 2016-06-09 19:17:07 -07:00
Ev Kontsevoy 9e1c087984 Added tctl CLI commands for listing and deleting tokens 
TODO: hook them up to server-side implementation
 2016-05-16 19:03:52 -07:00
Ev Kontsevoy 0b26b7fc47 Teleport Host Certificates support multiple roles now 
Teleport CA-signed host certificates used to support only one
server role per cert.

This commit adds the ability to store multiple roles in a
certificate, paving the road for multi-role node support in
a near future.
 2016-05-10 20:27:18 -07:00
Ev Kontsevoy e3d2114f28 Introduce multi-role tokens 
This commit:

- Makes all Teleport tokens multi-role (a token is associated with a
  list of roles its owner can assume)
- Removes some unused/obsolete features
     a) "AllowedTokens" config setting which we don't use
     b) "authorities" TCTL command

It does not affect how Teleport works, just preparing the plumbing for
--roles flag for `tctl nodes add`
 2016-05-09 22:39:07 -07:00
Ev Kontsevoy b175d92052 PR comments - implemented! 2016-05-07 21:51:35 -07:00
Ev Kontsevoy e10612028e Preparations for a PR 
Fixes #394
 2016-05-06 20:48:02 -07:00
Ev Kontsevoy a1dbe76e72 Fixed connection issue during recording 2016-05-06 11:47:05 -07:00
Ev Kontsevoy f27e207afc Replaced weg sockets with HTTP POST/GET chunks 2016-05-05 23:51:56 -07:00
Ev Kontsevoy a08ea32b5e Replaced a websocket in the auth API 
For writing to the session stream. It's a simple HTTP POST without any
kind of enncoding.
 2016-05-05 15:43:29 -07:00
Ev Kontsevoy bf4d053764 UGHHHH!!! 2016-05-04 20:38:14 -07:00
Ev Kontsevoy ce1c4d4a38 A great number of bugfixes: 
- replay now works in both web and CLI
- fixed two nasty connection bugs in web sessions
- removed verbose logging/diagnostics
- refactoring of web code by Alexey
 2016-05-03 21:30:17 -07:00
Ev Kontsevoy 6534aaa473 Switched web socket to text mode 2016-05-02 15:38:39 -07:00
Ev Kontsevoy e3c843a655 New implementation of socket streaming 2016-05-02 15:26:13 -07:00
Ev Kontsevoy 801a409738 Converted web sockets for session replay from... 
... from raw Writes to Message.Send()
 2016-05-02 11:03:12 -07:00
Ev Kontsevoy e221665906 Chunks are synchronized 2016-05-02 00:11:08 -07:00
Ev Kontsevoy f4dfbf2e50 Easier bookkeeping of sessin parties 2016-05-01 17:31:28 -07:00
Ev Kontsevoy 38762176f5 Bugfix 2016-05-01 15:03:37 -07:00
Ev Kontsevoy f26762d744 Fixed the live event stream for web sessions 2016-04-29 23:35:42 -07:00
Ev Kontsevoy cc07d80069 Rough implementation of event search 2016-04-29 02:42:08 -07:00
Ev Kontsevoy 053024cb39 Intermediate commit 2016-04-28 17:07:41 -07:00
Ev Kontsevoy 755e361d70 New implementation of session.GetSessions() 2016-04-28 14:13:53 -07:00
Ev Kontsevoy 4bed72d50b Intermediate commit: 
- Finished (roughly) audit logs + events
- Started covering this with tests
 2016-04-26 23:28:58 -07:00
Ev Kontsevoy 051c8240d1 Completed session recording + streaming 
TODO:
- Implement streaming timing
 2016-04-26 17:41:04 -07:00
Ev Kontsevoy 8775f44935 Hooked up new AuditLog in few places: 
- Fixed all tests
- Wrote a simple test for AuditLog.Emit
 2016-04-26 17:41:04 -07:00
Ev Kontsevoy 347d2fb3e3 Implemented AuditLogI interface for: 
- auth.Client   : HTTP client
- APIServer     : HTTP server for Auth API
- AuthWithRoles : HTTP server for Auth API (which calls HasPermission)
- AuditLog      : actual server-side filesystem-based implementation
 2016-04-26 17:40:49 -07:00
Ev Kontsevoy 35b6a5f687 Simplified SSH context handling 
- ctx object is created earlier
- session connection is not passed around anymore (it's part of ctx
  anyway)
- clearly identified places in code where audit events must be logged
 2016-04-26 17:40:49 -07:00
Ev Kontsevoy 6f111e39e2 Removed lunk + old events + old recorder 2016-04-26 17:39:46 -07:00
Ev Kontsevoy 3161b905fc Scaffolding for simplified logger+event viewer 2016-04-26 17:39:46 -07:00
klizhentas c77be08521 simplify API 2016-04-14 17:50:54 -07:00