mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 16:57:00 +08:00
Remove unused code when --disable-anyconnect-compat is set.
Resolves: #290 Signed-off-by: Alan Jowett alanjo@microsoft.com
This commit is contained in:
Alan Jowett
@@ -274,6 +274,30 @@ minimal:
|
||||
- ./*.log
|
||||
- tests/*.log
|
||||
|
||||
# Build a minimal version with every optional feature disable
|
||||
# --disable-compression currently not supported due to issue #291
|
||||
Ubuntu18.04-minimal:
|
||||
stage: testing
|
||||
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU18_BUILD
|
||||
script:
|
||||
- git submodule update --init
|
||||
- autoreconf -fvi
|
||||
- ./configure --without-protobuf --without-root-tests --without-docker-tests --without-nuttcp-tests --without-libtalloc-prefix --without-libnl --without-maxmind --without-geoip --without-libreadline-prefix --without-liboath --without-libc-prefix --without-pam --without-radius --without-libcrypt-prefix --without-utmp --without-libutil-prefix --without-libwrap --without-libwrap-prefix --without-libseccomp-prefix --without-libsystemd-prefix --without-http-parser --without-lz4 --without-gssapi --without-pcl-lib --disable-rpath --disable-seccomp --disable-anyconnect-compat
|
||||
- make -j$JOBS
|
||||
- make check -j$JOBS
|
||||
tags:
|
||||
- shared
|
||||
- linux
|
||||
except:
|
||||
- tags
|
||||
- schedules
|
||||
artifacts:
|
||||
expire_in: 1 week
|
||||
when: on_failure
|
||||
paths:
|
||||
- ./*.log
|
||||
- ./tests/*.log
|
||||
|
||||
# We do not compile with PAM under address sanitizer since we are using co-routines
|
||||
# without instrumentation for sanitizer.
|
||||
.asan/Fedora:
|
||||
|
||||
@@ -829,8 +829,10 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, co
|
||||
READ_NUMERIC(config->rate_limit_ms);
|
||||
} else if (strcmp(name, "ocsp-response") == 0) {
|
||||
READ_STRING(config->ocsp_response);
|
||||
#ifdef ANYCONNECT_CLIENT_COMPAT
|
||||
} else if (strcmp(name, "user-profile") == 0) {
|
||||
READ_STRING(config->xml_config_file);
|
||||
#endif
|
||||
} else if (strcmp(name, "default-domain") == 0) {
|
||||
READ_STRING(config->default_domain);
|
||||
} else if (strcmp(name, "crl") == 0) {
|
||||
@@ -1256,6 +1258,7 @@ static void check_cfg(vhost_cfg_st *vhost, vhost_cfg_st *defvhost, unsigned sile
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef ANYCONNECT_CLIENT_COMPAT
|
||||
if (vhost->perm_config.cert && vhost->perm_config.cert_hash == NULL) {
|
||||
vhost->perm_config.cert_hash = calc_sha1_hash(vhost->pool, vhost->perm_config.cert[0], 1);
|
||||
}
|
||||
@@ -1278,6 +1281,7 @@ static void check_cfg(vhost_cfg_st *vhost, vhost_cfg_st *defvhost, unsigned sile
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (config->priorities == NULL) {
|
||||
/* on vhosts assign the main host priorities */
|
||||
|
||||
@@ -371,9 +371,11 @@ void apply_default_config(main_server_st *s, proc_st *proc, GroupCfgSt *gc)
|
||||
gc->cgroup = vhost->perm_config.config->cgroup;
|
||||
}
|
||||
|
||||
#ifdef ANYCONNECT_CLIENT_COMPAT
|
||||
if (!gc->xml_config_file) {
|
||||
gc->xml_config_file = vhost->perm_config.config->xml_config_file;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!gc->has_rx_per_sec) {
|
||||
gc->rx_per_sec = vhost->perm_config.config->rx_per_sec;
|
||||
|
||||
@@ -185,8 +185,10 @@ static int group_cfg_ini_handler(void *_ctx, const char *section, const char *na
|
||||
/* net-priority will contain the actual priority + 1,
|
||||
* to allow having zero as uninitialized. */
|
||||
READ_RAW_PRIO_TOS(msg->config->net_priority, msg->config->has_net_priority);
|
||||
#ifdef ANYCONNECT_CLIENT_COMPAT
|
||||
} else if (strcmp(name, "user-profile") == 0) {
|
||||
READ_RAW_STRING(msg->config->xml_config_file);
|
||||
#endif
|
||||
} else if (strcmp(name, "restrict-user-to-ports") == 0) {
|
||||
ret = cfg_parse_ports(pool, &msg->config->fw_ports, &msg->config->n_fw_ports, value);
|
||||
if (ret < 0) {
|
||||
|
||||
@@ -323,8 +323,10 @@ struct cfg_st {
|
||||
char *cgroup;
|
||||
char *proxy_url;
|
||||
|
||||
#ifdef ANYCONNECT_CLIENT_COMPAT
|
||||
char *xml_config_file;
|
||||
char *xml_config_hash;
|
||||
#endif
|
||||
|
||||
/* additional configuration files */
|
||||
char *per_group_dir;
|
||||
|
||||
@@ -970,10 +970,15 @@ int post_common_handler(worker_st * ws, unsigned http_ver, const char *imsg)
|
||||
success_msg_foot_size = strlen(success_msg_foot);
|
||||
} else {
|
||||
success_msg_head = oc_success_msg_head;
|
||||
success_msg_foot = NULL;
|
||||
#ifdef ANYCONNECT_CLIENT_COMPAT
|
||||
if (WSCONFIG(ws)->xml_config_file) {
|
||||
success_msg_foot = talloc_asprintf(ws, OC_SUCCESS_MSG_FOOT_PROFILE,
|
||||
WSCONFIG(ws)->xml_config_file, WSCONFIG(ws)->xml_config_hash);
|
||||
} else {
|
||||
}
|
||||
#endif
|
||||
|
||||
if (success_msg_foot == NULL) {
|
||||
success_msg_foot = talloc_strdup(ws, OC_SUCCESS_MSG_FOOT);
|
||||
}
|
||||
|
||||
@@ -1062,6 +1067,7 @@ int post_common_handler(worker_st * ws, unsigned http_ver, const char *imsg)
|
||||
if (ret < 0)
|
||||
goto fail;
|
||||
|
||||
#ifdef ANYCONNECT_CLIENT_COMPAT
|
||||
if (WSCONFIG(ws)->xml_config_file) {
|
||||
ret =
|
||||
cstp_printf(ws,
|
||||
@@ -1075,6 +1081,7 @@ int post_common_handler(worker_st * ws, unsigned http_ver, const char *imsg)
|
||||
"Set-Cookie: webvpnc=bu:/&p:t&iu:1/&sh:%s; path=/; Secure\r\n",
|
||||
WSPCONFIG(ws)->cert_hash);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ret < 0)
|
||||
goto fail;
|
||||
|
||||
@@ -216,6 +216,7 @@ int get_ca_der_handler(worker_st * ws, unsigned http_ver)
|
||||
return ca_handler(ws, http_ver, 1);
|
||||
}
|
||||
|
||||
#ifdef ANYCONNECT_CLIENT_COMPAT
|
||||
int get_config_handler(worker_st *ws, unsigned http_ver)
|
||||
{
|
||||
int ret;
|
||||
@@ -252,7 +253,6 @@ int get_config_handler(worker_st *ws, unsigned http_ver)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifdef ANYCONNECT_CLIENT_COMPAT
|
||||
#define VPN_VERSION "0,0,0000\n"
|
||||
#define XML_START "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<vpn rev=\"1.0\">\n</vpn>\n"
|
||||
|
||||
|
||||
@@ -60,8 +60,8 @@ static const struct known_urls_st known_urls[] = {
|
||||
LL("/cert.cer", get_cert_der_handler, NULL),
|
||||
LL("/ca.pem", get_ca_handler, NULL),
|
||||
LL("/ca.cer", get_ca_der_handler, NULL),
|
||||
LL_DIR("/profiles", get_config_handler, NULL),
|
||||
#ifdef ANYCONNECT_CLIENT_COMPAT
|
||||
LL_DIR("/profiles", get_config_handler, NULL),
|
||||
LL("/1/index.html", get_empty_handler, NULL),
|
||||
LL("/1/Linux", get_empty_handler, NULL),
|
||||
LL("/1/Linux_64", get_empty_handler, NULL),
|
||||
|
||||
@@ -119,6 +119,7 @@ int disable_system_calls(struct worker_st *ws)
|
||||
ADD_SYSCALL(getsockopt, 0);
|
||||
ADD_SYSCALL(setsockopt, 0);
|
||||
|
||||
#ifdef ANYCONNECT_CLIENT_COMPAT
|
||||
/* we need to open files when we have an xml_config_file setup on any vhost */
|
||||
list_for_each(ws->vconfig, vhost, list) {
|
||||
if (vhost->perm_config.config->xml_config_file) {
|
||||
@@ -128,6 +129,7 @@ int disable_system_calls(struct worker_st *ws)
|
||||
break;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/* this we need to get the MTU from
|
||||
* the TUN device */
|
||||
|
||||
@@ -312,7 +312,9 @@ int get_ca_der_handler(worker_st * ws, unsigned http_ver);
|
||||
|
||||
int response_404(worker_st *ws, unsigned http_ver);
|
||||
int get_empty_handler(worker_st *server, unsigned http_ver);
|
||||
#ifdef ANYCONNECT_CLIENT_COMPAT
|
||||
int get_config_handler(worker_st *ws, unsigned http_ver);
|
||||
#endif
|
||||
int get_string_handler(worker_st *ws, unsigned http_ver);
|
||||
int get_dl_handler(worker_st *ws, unsigned http_ver);
|
||||
int get_cert_names(worker_st * ws, const gnutls_datum_t * raw);
|
||||
|
||||
Reference in New Issue
Block a user