Keeper Gateway v1.1.0

Released on June 6th, 2023

Updated the Windows installer to incorporate service account support and introduced new options to reset permissions and assign user access IDs.
Enhanced file and config permissions handling: included checks for additional users, verification of added permissions, and automated corrections for mismatching identities.
Improved command-line functionality: added the "create-config-dir" command, adjusted 'fix-config' and log permissions based on users without access.
Improved codebase: refactored the permissions setting code, moved Windows utility functions and constants to 'utils.windows', and created 'utils.posix' for managing posix permissions.
Installer enhancements: included 'waituntilterminated' option for inno-setup commands, added a prompt for service uninstall before new installation on Windows, and handled older Python compatibility by removing type from dataclass.
Debugging and logging: provided a way to show subprocess command and output, improved subprocess command logging, and ensured logging includes any file permission checks.
Account handling: validated service account and created 'service-account.txt' for storing service account details.

Enhanced MariaDB Connector C build process across macOS, Linux, and Windows.macOS: Utilized Homebrew for installation of mariadb-connector-c.
Linux: Required the Python module cmake for cloning and building the mariadb-connector-c repo, specifically version 3.3.
Windows: No changes required, the existing setup works smoothly.

Implemented Kerberos and NTLM support to Windows Remote Management (WinRM), with automatic usage of Kerberos if user format meets certain conditions. Also included a custom field to override automatic usage based on issues.
Included libkrb5-dev and libmariadb-dev as dependencies for Kerberos and MariaDB modules respectively.
Introduced host mapping for providers, enabling the use of aliases for hostnames or IPs, particularly useful for Kerberos in Discovery.
Enhanced the SSH socket connection test to validate system availability on the desired port.
Improved the unit test suite for Kerberos authentication, including the creation of a WinRM instance that joins a domain.
Modified the logging mechanism to include Process ID (PID) in log messages for better process-message association.
Added MariaDB in requirements.txt to resolve utf-8 encoding issue in Windows.

Expanded shell support to include BASH, ZSH, ASH, Dash, CSH, KSH, TCSH, and Fish, improving compatibility across different systems and preventing command history logging.
Implemented a feature that handles password changes requiring repeated new/re-enter password prompts, particularly useful for Linux boxes joined to OpenLDAP servers and using Linux PAM.
Replaced hardcoded text values in the code with Enum constants, improving code readability and maintenance.

Fixed an issue where a PowerShell instance remained open after a local machine password rotation was completed. Adjustments have been made to ensure that connections close appropriately once done.
Enhanced the logging feature by including the Process ID (PID) of each spawned PowerShell. This allows for easier debugging, making it possible to match any lingering PowerShell instances to the PIDs in the log.
Updated the testing suite to include the PID in local connection responses, further improving traceability and troubleshooting capabilities.

Refactored the handling of AWS region names and Azure resource groups, ensuring consistent behavior and improved reliability.
Now, if the region name (or resource groups) is in an unknown state or not of the expected string or list type, it is set to an empty array.
Additionally, unit tests were added to validate these conditions, and existing unit tests were reorganized for better readability.

Last updated 10 months ago