GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-03-26 23:08:16 +08:00
Code Issues Packages Projects Releases Wiki Activity
4,044 Commits 19 Branches 89 Tags
master
Commit Graph

4044 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
41b9016db1 meson: autogenerate AUTHORS 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-03-21 07:35:48 +01:00
Nikos Mavrogiannopoulos
b5e631f6f4 .gitlab-ci.yml: added distcheck job 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-03-20 20:47:35 +01:00
Nikos Mavrogiannopoulos
bdf4df9756 test-camouflage: improve termination of client connection 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-03-20 20:47:35 +01:00
Nikos Mavrogiannopoulos
763f98a93e dist-script: generate kkdcp_asn1_tab.c and fail if necessary files missing 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-03-20 20:47:35 +01:00
Nikos Mavrogiannopoulos
a7df5240f1 http-heads: generate as C file to avoid issue with coverage 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-03-20 20:47:35 +01:00
Nikos Mavrogiannopoulos
97ad7e479a tests: explicitly specify the path (srcdir vs builddir) of config files 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-03-20 20:47:35 +01:00
Nikos Mavrogiannopoulos
f98bf6afcb test-oidc: generate data 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-03-20 20:47:35 +01:00
Nikos Mavrogiannopoulos
7c740caf63 test-namespace-listen: only run when namespaces are enabled 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-03-20 20:47:35 +01:00
Nikos Mavrogiannopoulos
df6cfdd64e tests: radius: auto-generate the freeradius config directory 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-03-20 20:47:35 +01:00
Nikos Mavrogiannopoulos
7e00f4247a test-script-multi-user: Fix timeout: move sleep 600 inside connect branch 
The sleep-connect-script blocked on both connect and disconnect invocations.
When the server shuts down, two disconnect scripts race past the test -f
check simultaneously and both sleep 600s, exceeding the test timeout.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-03-20 20:47:35 +01:00
Nikos Mavrogiannopoulos
18401eb298 Replaced autoconf with meson build files 
Resolves: #699

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-03-20 20:47:27 +01:00
Nikos Mavrogiannopoulos
e0aebc0a3c terminate-commands: kill stray processes and reset routes 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-03-15 21:05:36 +01:00
Nikos Mavrogiannopoulos
a6ec9e93df Merge branch 'feature/terminate-session-commands' into 'master' 
Add terminate commands for session cookie invalidation

Closes #689

See merge request openconnect/ocserv!503
 2026-03-15 17:13:53 +00:00
Ivan Verbin
a8730a6997 occtl: add terminate commands for session cookie invalidation 
Add 'terminate user', 'terminate id' and 'terminate session' commands
to occtl that disconnect users and invalidate their session cookies,
preventing reconnection with cached credentials.

Short session IDs are resolved to full safe_id by fetching the cookie
list from sec-mod via CTL_CMD_LIST_COOKIES with prefix matching and
ambiguity detection. Active sessions trigger a warning before
invalidation.

Add integration tests for all three terminate commands.

Signed-off-by: Ivan Verbin <verbinivan@gmail.com>
 2026-03-15 17:05:29 +03:00
Dimitri Papadopoulos Orfanos
d632aaf046 Merge branch 'fix/ns_name_collision' into 'master' 
tests: Fix intermittent namespace conflicts in CI

See merge request openconnect/ocserv!508
 2026-03-12 15:36:13 +02:00
Grigory Trenin
cab071aa78 tests: Fix intermittent namespace conflicts in CI 
Fix PID-based namespace name collisions by:
- Extracting last 9 digits of PID (instead of first 4)
- Shortening interface names to fit 15-character IFNAMSIZ limit

Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-03-11 18:58:24 -04:00
Dimitri Papadopoulos
a309ecead0 llhttp: updated to latest version 9.3.1 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2026-03-02 08:19:50 +01:00
Nikos Mavrogiannopoulos
1cb1e5706f NEWS: clarified fix on authentication bypass 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-03-02 08:13:54 +01:00
Nikos Mavrogiannopoulos
071f1e18ee design.md: moved all diagrams to mermaid 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-03-01 20:11:07 +01:00
Nikos Mavrogiannopoulos
4ba99fc18b VPN overview: expanded diagram 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-03-01 20:11:04 +01:00
Nikos Mavrogiannopoulos
87cd179117 Removed design.dia in favor of design.md 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-03-01 20:10:59 +01:00
Nikos Mavrogiannopoulos
38458a8305 prepare for 1.4.2 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-03-01 19:19:06 +01:00
Nikos Mavrogiannopoulos
7477c32ba5 NEWS: updated 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
1.4.1 		2026-02-28 11:47:15 +01:00
Nikos Mavrogiannopoulos
789252b3f0 check_cert_user_group_status: added defense in depth check 
Suggested by Maksim Anufriev.

Relates: #694

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-02-28 11:47:00 +01:00
Nikos Mavrogiannopoulos
c354de22f8 get_cert-names: simplified username extraction 
Relates: #964

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-02-28 11:47:00 +01:00
Nikos Mavrogiannopoulos
82e9467faa tests: added test-pass-cert-rfc822name 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-02-28 11:46:56 +01:00
Nikos Mavrogiannopoulos
7f6f671702 tests: enhanced test-pass-cert with various other certificate types 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-02-28 11:39:55 +01:00
Dimitri Papadopoulos Orfanos
834d2fa0e8 Merge branch 'tmp-README-oidc.md' into 'master' 
Small doc improvements

See merge request openconnect/ocserv!502
 2026-02-04 00:07:29 +02:00
Nikos Mavrogiannopoulos
210b3338da Merge branch 'tmp-protobuf-c' into 'master' 
updated to protobuf 1.5.2

See merge request openconnect/ocserv!475
 2026-02-03 17:32:58 +00:00
Nikos Mavrogiannopoulos
1e08ef47e0 Merge branch 'compression-tests' into 'master' 
Fix race condition in traffic tests

See merge request openconnect/ocserv!499
 2026-02-03 17:31:57 +00:00
Dimitri Papadopoulos
2b178b22ba Small doc improvements 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2026-02-01 18:41:51 +01:00
Dimitri Papadopoulos
32979e6519 updated to protobuf 1.5.2 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2026-01-30 00:55:46 +01:00
Dimitri Papadopoulos Orfanos
ba19dcd3be Merge branch 'tmp-NEWS' into 'master' 
Fix NEWS file

See merge request openconnect/ocserv!501
 2026-01-30 01:53:08 +02:00
Nikos Mavrogiannopoulos
e05485f008 Merge branch 'issue599' into 'master' 
Fix session timeout bypass

Closes #599

See merge request openconnect/ocserv!489
 2026-01-29 18:47:55 +00:00
Grigory Trenin
016c1b7f51 Use separate port for second iperf3 daemon 
Avoids race condition when the first daemon's port release is delayed

Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-01-28 18:19:03 -05:00
Dimitri Papadopoulos Orfanos
360e4714e3 Merge branch 'bugfix/ban-json' into 'master' 
occtl: Fix 'show ip bans' may produce invalid JSON (#683)

Closes #683

See merge request openconnect/ocserv!495
 2026-01-26 09:16:47 +02:00
Dimitri Papadopoulos Orfanos
3ac91eeb2a Merge branch 'gitignore' into 'master' 
.gitignore: add generated and cleanup legacy files (gnulib, libopts)

See merge request openconnect/ocserv!496
 2026-01-26 09:16:00 +02:00
Dimitri Papadopoulos
842bccc283 Fix NEWS file 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2026-01-26 08:15:23 +01:00
Grigory Trenin
fb41d4203d Fix session timeout bypass 
- Fixes an issue #599 where the session timeout could be bypassed
  by reconnecting, such as through a laptop lid close/open cycle.
- Adds 'Session started at:' field to 'occtl show user' output.

Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-01-25 18:59:13 -05:00
Nikos Mavrogiannopoulos
882759092c Merge branch 'tmp-udp_port' into 'master' 
Initialise udp_port using vhost config section

Closes #612

See merge request openconnect/ocserv!431
 2026-01-25 17:30:35 +00:00
Nikos Mavrogiannopoulos
d06e67d102 Merge branch 'tmp-inih' into 'master' 
inih: updated to latest version r62

See merge request openconnect/ocserv!437
 2026-01-25 17:01:47 +00:00
Nikos Mavrogiannopoulos
5644e95dbf Merge branch 'worker-title' into 'master' 
Fix worker process title not being set

See merge request openconnect/ocserv!498
 2026-01-25 16:58:18 +00:00
Grigory Trenin
a644718fd7 Fix worker process title not being set 
Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-01-25 07:33:21 -05:00
Dimitri Papadopoulos
592745b8b9 inih: silence static analysis error 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2026-01-25 13:22:37 +01:00
Dimitri Papadopoulos
28252bff8f inih: increased max line size 
Re-apply e7233819.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2026-01-25 13:22:37 +01:00
Dimitri Papadopoulos
44d58a049c inih: updated to latest version r62 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2026-01-25 13:22:37 +01:00
Nikos Mavrogiannopoulos
58321bf626 Merge branch 'min-reauth-time' into 'master' 
Rename min-reauth-time to ban-time

Closes #676

See merge request openconnect/ocserv!497
 2026-01-25 09:08:47 +00:00
Grigory Trenin
9cc0191236 occtl: Fix 'show ip bans' may produce invalid JSON (#683) 
Modified the printing logic to use a 'comma-before' approach instead of
'comma-after'.

Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-01-23 12:54:43 -05:00
Grigory Trenin
b080d7dd2b Rename min-reauth-time to ban-time (#676) 
Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-01-23 05:44:05 -05:00
Grigory Trenin
0ed29607b6 .gitignore: add generated and cleanup legacy files (gnulib, libopts) 
Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-01-19 08:43:45 -05:00