GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-03-27 15:27:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'libexec' into 'master'

Browse Source 
bin/ocserv-fw → libexec/ocserv-fw

Closes #78

See merge request openconnect/ocserv!388
This commit is contained in:
Dimitri Papadopoulos Orfanos
2023-12-06 17:51:37 +00:00
parent 69f7c0845d 8ada82ff5c
commit a711aa4a22
4 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@@ -1,8 +1,9 @@
* Version 1.2.3 (unreleased) * Version 1.2.3 (unreleased)
- ocserv-fw: Move under libexec.
- ocserv-fw: Fixed clean_all_rules logic on multiple similar devices (!384)
- Warn when more than 2 DNS server IPv6 addresses are sent by Radius. - Warn when more than 2 DNS server IPv6 addresses are sent by Radius.
- occtl: added machine-readable "raw_connected_at" field for user stats - occtl: added machine-readable "raw_connected_at" field for user stats
- Modified "Camouflage" functionality to allow AnyConnect clients (#544) - Modified "Camouflage" functionality to allow AnyConnect clients (#544)
- ocserv-fw: Fixed clean_all_rules logic on multiple similar devices (!384)
* Version 1.2.2 (released 2023-09-21) * Version 1.2.2 (released 2023-09-21)

6
doc/sample.config
View File

@@ -560,15 +560,15 @@ no-route = 192.168.5.0/255.255.255.0
# Note the that following two firewalling options currently are available # Note the that following two firewalling options currently are available
# in Linux systems with iptables software. # in Linux systems with iptables software.
# If set, the script /usr/bin/ocserv-fw will be called to restrict # If set, the script /usr/libexec/ocserv-fw will be called to restrict
# the user to its allowed routes and prevent him from accessing # the user to its allowed routes and prevent him from accessing
# any other routes. In case of defaultroute, the no-routes are restricted. # any other routes. In case of defaultroute, the no-routes are restricted.
# All the routes applied by ocserv can be reverted using /usr/bin/ocserv-fw # All the routes applied by ocserv can be reverted using /usr/libexec/ocserv-fw
# --removeall. This option can be set globally or in the per-user configuration. # --removeall. This option can be set globally or in the per-user configuration.
#restrict-user-to-routes = true #restrict-user-to-routes = true
# This option implies restrict-user-to-routes set to true. If set, the # This option implies restrict-user-to-routes set to true. If set, the
# script /usr/bin/ocserv-fw will be called to restrict the user to # script /usr/libexec/ocserv-fw will be called to restrict the user to
# access specific ports in the network. This option can be set globally # access specific ports in the network. This option can be set globally
# or in the per-user configuration. # or in the per-user configuration.
#restrict-user-to-ports = "tcp(443), tcp(80), udp(443), sctp(99), tcp(583), icmp(), icmpv6()" #restrict-user-to-ports = "tcp(443), tcp(80), udp(443), sctp(99), tcp(583), icmp(), icmpv6()"

2
src/Makefile.am
View File

@@ -58,7 +58,7 @@ ACCT_SOURCES=acct/radius.c acct/radius.h acct/pam.c acct/pam.h
sbin_PROGRAMS = ocserv ocserv-worker sbin_PROGRAMS = ocserv ocserv-worker
bin_SCRIPTS = ocserv-fw libexec_SCRIPTS = ocserv-fw
ocserv_SOURCES = $(CORE_SOURCES) $(AUTH_SOURCES) $(ACCT_SOURCES) \ ocserv_SOURCES = $(CORE_SOURCES) $(AUTH_SOURCES) $(ACCT_SOURCES) \
main.c main-auth.c main-ban.c main-ban.h main-ctl-unix.c main-proc.c \ main.c main-auth.c main-ban.c main-ban.h main-ctl-unix.c main-proc.c \

2
src/main-user.c
View File

@@ -47,7 +47,7 @@
#include <script-list.h> #include <script-list.h>
#include <ccan/list/list.h> #include <ccan/list/list.h>
#define OCSERV_FW_SCRIPT "/usr/bin/ocserv-fw" #define OCSERV_FW_SCRIPT "/usr/libexec/ocserv-fw"
#define APPEND_TO_STR(str, val) \ #define APPEND_TO_STR(str, val) \
do { \ do { \