summaryrefslogtreecommitdiff
path: root/internal
Commit message (Collapse)AuthorAgeFilesLines
* Relax key and username matching for sshdsh-improve-key-matching-sshdStan Hu2021-11-101-11/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to the way sshd works, gitlab-shell could be called with a single string in the form: ``` /path/to/gitlab-shell -c key-id ``` However, due to the tightening of the regular expressions in fcff692b this string no longer matches, so logins would fail with: ``` Failed to get username: who='' is invalid ``` This can be reproduced by changing the user's shell to point to gitlab-shell. For example: ``` usermod git -s /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell ``` While setting gitlab-shell as the user's shell isn't officially supported, gitlab-shell still should be able to cope with the key being specified as the last argument. We now split the argument list and use the last value. Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/530
* Add logging to RunGitalyCommand funcid-logging-for-handlerIgor Drozdov2021-10-202-5/+12
|
* Log SSL_CERT_DIR when it's configuredIgor Drozdov2021-10-201-0/+4
|
* Merge branch '499-log-non-git-commands' into 'main'Ash McKenzie2021-10-134-9/+37
|\ | | | | | | | | Improve logging for non-git commands See merge request gitlab-org/gitlab-shell!538
| * Improve logging for non-git commands499-log-non-git-commandsNick Thomas2021-10-134-9/+37
| | | | | | | | | | | | | | | | | | Several of our commands only touch the internal API, and go nowhere near Gitaly. Improve logging for each of these in a single MR. In general, we want to be able to tell what happened in the execution of each command, and to track failures down to a specific line of code. Changelog: added
* | Reject non-proxied connections when proxy protocol is enabled532-proxy-protocol-requireNick Thomas2021-10-122-5/+42
|/ | | | | | This will help to prevent misconfigurations. Changelog: fixed
* Log command invocation499-log-command-invocationNick Thomas2021-10-071-0/+7
| | | | | | | | Use reflection to log the command we are about to execute, both in gitlab-shell and gitlab-sshd. Include the environment, which has all the context we need to understand what the command is expected to do. Changelog: added
* Fix logging channel typefix-logging-channel-typeNick Thomas2021-10-061-1/+1
| | | | | | | | | | | Currently we get this in some log messages: logrus_error="can not add field \"channel_type\"" This is because we're trying to add a function, rather than the result of the function call (a string) to the `log.Fields`. Whoops! Changelog: fixed
* Resolve an error-swallowing issue499-log-me-more-moreNick Thomas2021-09-301-0/+7
|
* Add gitlab-sshd connection loggingNick Thomas2021-09-282-6/+18
|
* Add debug logging to gitlab-sshd sessionNick Thomas2021-09-282-12/+36
|
* Don't swallow an error parsing SSH_ORIGINAL_COMMANDNick Thomas2021-09-272-10/+5
|
* Respect log-level configuration againNick Thomas2021-09-233-2/+29
| | | | | | This was lost in the move from Ruby to Go. Restore it now. Changelog: fixed
* Merge branch 'refactor/unify-shell' into 'main'Igor Drozdov2021-09-202-18/+15
|\ | | | | | | | | | | | | refactor: unify instantiation of command.Shell Closes #517 See merge request gitlab-org/gitlab-shell!520
| * refactor: unify instantiation of command.Shellfeistel2021-09-202-18/+15
| |
* | Improve err message given when Gitaly unavailableIgor Drozdov2021-09-172-0/+22
|/
* Add context fields to loggingid-context-fieldsIgor Drozdov2021-09-155-12/+12
| | | | It adds correlation ids wherever possible
* Extract server config related code out of sshd.goIgor Drozdov2021-09-154-73/+217
|
* Unit test exit-codes for sshd/session.goid-session-test-2Igor Drozdov2021-09-151-0/+145
|
* Unit test sshd.handleEnv functionIgor Drozdov2021-09-151-0/+44
|
* Add TestInvalidClientConfig and TestNewServerWithoutHosts for sshd.goid-sshd-testsIgor Drozdov2021-09-151-0/+16
|
* Merge branch 'main' into refactor/cmdNick Thomas2021-09-141-1/+1
|\
| * Fix a flaky testNick Thomas2021-09-141-1/+1
| |
* | refactor: fix style issuesfeistel2021-09-081-4/+4
| |
* | refactor: rearchitect command and executable Go modulesfeistel2021-09-087-474/+5
|/
* Merge branch 'remove/generic-args' into 'main'Nick Thomas2021-09-087-35/+37
|\ | | | | | | | | | | | | refactor: remove commandargs.GenericArgs Closes #212 See merge request gitlab-org/gitlab-shell!506
| * refactor: add acceptargs field to executablefeistel2021-09-085-16/+20
| | | | | | | | | | parse logic will only run if the executable accept args. healthcheck is the only one not accepting arguments.
| * refactor: improve unknown executable error messagefeistel2021-09-081-1/+2
| |
| * refactor: remove commandargs.GenericArgsfeistel2021-08-113-21/+18
| |
* | refactor: move away from ioutil (deprecated)feistel2021-08-1917-47/+45
| |
* | refactor: change httpclient to return an errorfeistel2021-08-133-7/+12
| |
* | refactor: update usage of NewHTTPClient to NewHTTPClientWithOptsfeistel2021-08-111-1/+6
|/
* Merge branch '499-use-labkit-logging-initialize' into 'main'Patrick Bajao2021-08-042-33/+63
|\ | | | | | | | | | | | | Switch to labkit for logging system setup Closes #271 See merge request gitlab-org/gitlab-shell!504
| * Switch to labkit for logging system setupNick Thomas2021-08-042-33/+63
| | | | | | | | | | | | | | | | | | | | | | - We start supporting the "color" format for logs. - We now respond to SIGHUP by reopening the log file. - We now respect the log format when no log filename is specified. Output to syslog in the event of logging system setup is preserved in OpenSSH mode. Changelog: added
* | Merge branch 'security-300265' into 'main'Patrick Bajao2021-08-042-4/+9
|\ \ | |/ |/| | | | | Modify regex to prevent partial matches See merge request gitlab-org/security/gitlab-shell!6
| * Modify regex to prevent partial matchesRobert May2021-06-292-4/+9
| |
* | Remove some unreliable testsNick Thomas2021-07-304-71/+76
| | | | | | | | | | | | | | | | | | | | | | | | | | Logrus buffers its output internally, which makes these tests fail intermittently. They're also not a good example to follow generally. We now have acceptance tests that exercise this functionality so I'm pretty relaxed about losing the expectations. However, we can test them by inspecting the server-received metadata too, so there's no loss of coverage here. The move from logrus to labkit for logging also makes these tests hard to justify keeping.
* | Sshd: Log same correlation_id on auth keysIgor Drozdov2021-07-273-54/+152
| |
* | Merge branch 'sh-update-go-proxyproto' into 'main'Nick Thomas2021-07-271-1/+5
|\ \ | | | | | | | | | | | | Update go-proxyproto to v0.6.0 See merge request gitlab-org/gitlab-shell!499
| * | Set a 90-second timeout on proxy headersStan Hu2021-07-261-9/+12
| | |
* | | Fix formatting via make fmtStan Hu2021-07-266-18/+16
|/ /
* | Merge branch 'id-switch-logging-to-labkit' into 'main'Patrick Bajao2021-07-234-21/+23
|\ \ | | | | | | | | | | | | Switch to labkit/log for logging functionality See merge request gitlab-org/gitlab-shell!498
| * | Switch to labkit/log for logging functionalityIgor Drozdov2021-07-224-21/+23
| | |
* | | Unit tests for internal/sshd/connection.goNick Thomas2021-07-221-5/+73
|/ /
* | Prometheus metrics for HTTP requestsIgor Drozdov2021-07-214-40/+101
| | | | | | | | | | A RoundTripper for tracking the duration of an http request is introduced
* | remove tracing.NewRoundTripper from internal/Config, now that NewHTTPClient ↵Igor Wiedler2021-07-201-10/+4
| | | | | | | | already includes it
* | Provide liveness and readiness probesIgor Drozdov2021-07-193-15/+114
| | | | | | | | | | They are going to be used to determine whether a server is alive and ready to accept traffic
* | Shutdown sshd gracefullyIgor Drozdov2021-07-153-22/+132
| | | | | | | | | | | | | | | | When interruption signal is sent, we are closing ssh listener to prevent it from accepting new connections Then after configured grace period, we cancel the context to cancel all ongoing operations
* | Merge branch 'id-refactor-test-helper' into 'main'Nick Thomas2021-07-142-32/+11
|\ \ | | | | | | | | | | | | Refactor testhelper.PrepareTestRootDir using t.Cleanup See merge request gitlab-org/gitlab-shell!493
| * | Refactor testhelper.PrepareTestRootDir using t.CleanupIgor Drozdov2021-07-142-32/+11
| |/
View Lorry Controller Status