GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-09 08:16:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
4,017 Commits 19 Branches 88 Tags
master
Commit Graph

4017 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dimitri Papadopoulos Orfanos
834d2fa0e8 Merge branch 'tmp-README-oidc.md' into 'master' 
Small doc improvements

See merge request openconnect/ocserv!502
 2026-02-04 00:07:29 +02:00
Nikos Mavrogiannopoulos
210b3338da Merge branch 'tmp-protobuf-c' into 'master' 
updated to protobuf 1.5.2

See merge request openconnect/ocserv!475
 2026-02-03 17:32:58 +00:00
Nikos Mavrogiannopoulos
1e08ef47e0 Merge branch 'compression-tests' into 'master' 
Fix race condition in traffic tests

See merge request openconnect/ocserv!499
 2026-02-03 17:31:57 +00:00
Dimitri Papadopoulos
2b178b22ba Small doc improvements 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2026-02-01 18:41:51 +01:00
Dimitri Papadopoulos
32979e6519 updated to protobuf 1.5.2 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2026-01-30 00:55:46 +01:00
Dimitri Papadopoulos Orfanos
ba19dcd3be Merge branch 'tmp-NEWS' into 'master' 
Fix NEWS file

See merge request openconnect/ocserv!501
 2026-01-30 01:53:08 +02:00
Nikos Mavrogiannopoulos
e05485f008 Merge branch 'issue599' into 'master' 
Fix session timeout bypass

Closes #599

See merge request openconnect/ocserv!489
 2026-01-29 18:47:55 +00:00
Grigory Trenin
016c1b7f51 Use separate port for second iperf3 daemon 
Avoids race condition when the first daemon's port release is delayed

Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-01-28 18:19:03 -05:00
Dimitri Papadopoulos Orfanos
360e4714e3 Merge branch 'bugfix/ban-json' into 'master' 
occtl: Fix 'show ip bans' may produce invalid JSON (#683)

Closes #683

See merge request openconnect/ocserv!495
 2026-01-26 09:16:47 +02:00
Dimitri Papadopoulos Orfanos
3ac91eeb2a Merge branch 'gitignore' into 'master' 
.gitignore: add generated and cleanup legacy files (gnulib, libopts)

See merge request openconnect/ocserv!496
 2026-01-26 09:16:00 +02:00
Dimitri Papadopoulos
842bccc283 Fix NEWS file 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2026-01-26 08:15:23 +01:00
Grigory Trenin
fb41d4203d Fix session timeout bypass 
- Fixes an issue #599 where the session timeout could be bypassed
  by reconnecting, such as through a laptop lid close/open cycle.
- Adds 'Session started at:' field to 'occtl show user' output.

Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-01-25 18:59:13 -05:00
Nikos Mavrogiannopoulos
882759092c Merge branch 'tmp-udp_port' into 'master' 
Initialise udp_port using vhost config section

Closes #612

See merge request openconnect/ocserv!431
 2026-01-25 17:30:35 +00:00
Nikos Mavrogiannopoulos
d06e67d102 Merge branch 'tmp-inih' into 'master' 
inih: updated to latest version r62

See merge request openconnect/ocserv!437
 2026-01-25 17:01:47 +00:00
Nikos Mavrogiannopoulos
5644e95dbf Merge branch 'worker-title' into 'master' 
Fix worker process title not being set

See merge request openconnect/ocserv!498
 2026-01-25 16:58:18 +00:00
Grigory Trenin
a644718fd7 Fix worker process title not being set 
Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-01-25 07:33:21 -05:00
Dimitri Papadopoulos
592745b8b9 inih: silence static analysis error 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2026-01-25 13:22:37 +01:00
Dimitri Papadopoulos
28252bff8f inih: increased max line size 
Re-apply e7233819.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2026-01-25 13:22:37 +01:00
Dimitri Papadopoulos
44d58a049c inih: updated to latest version r62 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2026-01-25 13:22:37 +01:00
Nikos Mavrogiannopoulos
58321bf626 Merge branch 'min-reauth-time' into 'master' 
Rename min-reauth-time to ban-time

Closes #676

See merge request openconnect/ocserv!497
 2026-01-25 09:08:47 +00:00
Grigory Trenin
9cc0191236 occtl: Fix 'show ip bans' may produce invalid JSON (#683) 
Modified the printing logic to use a 'comma-before' approach instead of
'comma-after'.

Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-01-23 12:54:43 -05:00
Grigory Trenin
b080d7dd2b Rename min-reauth-time to ban-time (#676) 
Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-01-23 05:44:05 -05:00
Grigory Trenin
0ed29607b6 .gitignore: add generated and cleanup legacy files (gnulib, libopts) 
Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-01-19 08:43:45 -05:00
Nikos Mavrogiannopoulos
1c156d8325 Merge branch 'docs/man-tidy' into 'master' 
docs: tidy up man pages

See merge request openconnect/ocserv!494
 2026-01-11 12:02:01 +00:00
Grigory Trenin
74ebc5ec8a Strip domain suffix from hostname 
The hostname validation was rejecting any hostname containg a '.'
character (eg: 'MacBook-Air.local'). This was overly restrictive and
prevented the HOSTNAME environment variable from being populated for
a signifficant number of clients, particularly on macOS.

Strip the domain suffix from such hostnames instead of discarding them.

Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-01-11 09:15:14 +01:00
Nikos Mavrogiannopoulos
8cdce81e6e .gitlab-ci.yml: increased job parallelization 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-01-11 09:04:18 +01:00
Nikos Mavrogiannopoulos
29786781ed tests: resumption: enhanced and avoid the use of gnutls-cli insecure option 
This test was improved to test resumption with TLS 1.3 in addition to TLS 1.2
as well as improve fallback on centos10. This patch introduces validation using
the right CA file.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-01-11 09:04:18 +01:00
Nikos Mavrogiannopoulos
ebea140c5f Added centos10 build in CI 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-01-11 09:04:18 +01:00
Nikos Mavrogiannopoulos
f4d72259e7 Merge branch 'tests-strlcpy' into 'master' 
tests: replace strcpy() with strlcpy()

See merge request openconnect/ocserv!493
 2026-01-11 08:03:17 +00:00
Grigory Trenin
08c321c41a docs: tidy up man pages 
- Updated the SYNOPSIS of ocserv(8), occtl(8), and ocpasswd(8)
  to match their --help output
- Corrected usage syntax (eg: '-c config' is optional for ocserv,
  'username' is required for ocpasswd).
- Removed non-standard ':' trailing from options definitions
- Documented missing command-line options: --log-stderr,  --syslog,
  --no-chdir, --traceable
- Added default configuration file paths:
  /etc/ocserv/ocserv.conf, /etc/ocserv/ocpasswd
- Documented USER_AGENT environment variable
- Fixed typos

Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-01-10 18:05:02 -05:00
Grigory Trenin
8636464880 tests: replace strcpy() with strlcpy() 
- Replaced strcpy() with strlcpy() in test files
- Added linking to libcommon.a (and its dependency libnettle)
  as not all systems provide strlcpy()
- Centralized syslog_open variable by moving it from multiple definitions
  in main.c, worker.c, and test files into log.c. This avoids duplication
  and resolves a linking conflict with libcommon.a

Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-01-07 15:46:16 -05:00
Dimitri Papadopoulos Orfanos
0d58edf884 Merge branch 'bugfix/ban-columns' into 'master' 
occtl: Fix column misalignment in ban command outputs

See merge request openconnect/ocserv!490
 2026-01-05 17:42:44 +02:00
Grigory Trenin
e40d735316 occtl: Fix column misalignment in ban command outputs 
- Increase the width from 14 to 15 characters for 'show bans' and
'show ban points' commands. This ensures proper column alignment
for all valid IPv4 addresses.

- Reduce Score column to 10 characters since UINT_MAX is typically
10 digits.

- Remove unnecessary (unsinged int) cast since 'score' is an actual
unsigned int.

Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-01-04 13:32:51 -05:00
Nikos Mavrogiannopoulos
1837b5877d NEWS: updated for 1.4.1 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-01-04 15:11:37 +01:00
Nikos Mavrogiannopoulos
5f5ac6fe65 Released 1.4.0 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
1.4.0 		2026-01-04 14:41:44 +01:00
Nikos Mavrogiannopoulos
59d205b3e8 Merge branch 'bugfix/mtu-stats' into 'master' 
Fix max_mtu calculation in server stats

See merge request openconnect/ocserv!488
 2026-01-03 14:51:06 +00:00
Dimitri Papadopoulos
79f8eb35f8 Don't forget to initialise udp_port for vhost 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2026-01-03 11:11:36 +02:00
Grigory Trenin
98015b1b24 Fix max_mtu calculation in server stats 
proc->mtu was incorrectly compared against min_mtu instead of max_mtu

Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-01-02 16:34:59 -05:00
Nikos Mavrogiannopoulos
5e39f4c7f0 Merge branch 'tmp-fedora42' into 'master' 
Updated CI to fedora42

See merge request openconnect/ocserv!487
 2026-01-02 16:25:40 +00:00
Nikos Mavrogiannopoulos
8366100ebf Merge branch 'tmp-no-yajl' into 'master' 
tests: use jq to test json correctness

Closes #679

See merge request openconnect/ocserv!486
 2026-01-02 16:00:50 +00:00
Nikos Mavrogiannopoulos
da61847df9 isolate: ensure calling chdir('/') after chroot 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-01-02 16:58:18 +01:00
Nikos Mavrogiannopoulos
8ddc9b6abd Updated CI to fedora42 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-01-02 16:45:56 +01:00
Nikos Mavrogiannopoulos
5d75e3fd74 Removed centos7 builds (EOL) 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-01-02 16:45:46 +01:00
Nikos Mavrogiannopoulos
5fad4f93dd tests: use jq to test json correctness 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-01-02 11:18:23 +01:00
Nikos Mavrogiannopoulos
ef075f6b83 get_auth_handler2: update to reflect username and password ask 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-01-01 20:14:20 +01:00
Lee Keitel
70d936ca95 Fix network namespace setup script 
At least my machine was generating IDs that were to long and any test
that required networking wouldn't work. This patch restricts the
namespace names to 4 digits.

Signed-off-by: Lee Keitel <lee@keitel.xyz>
 2026-01-01 20:14:15 +01:00
Lee Keitel
6e5bbcf5ac Combine username and password in one form 
Fixes issue #551.

This patch combines the initial username and password text fields
into a single form. Subsequent requests due to a wrong password
would receive only the password field as before. This mimicks
AnyConnect's default behaviour.

Signed-off-by: Lee Keitel <lee@keitel.xyz>
 2026-01-01 20:06:27 +01:00
Nikos Mavrogiannopoulos
e12b278260 fixed typo 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2026-01-01 17:38:10 +01:00
Dimitri Papadopoulos
300f986a70 .gitlab-ci.yml: forget the Ubuntu 16 image 
We don't use UBUNTU_BUILD in CI any more.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2026-01-01 17:32:08 +01:00
Grigory Trenin
1893047e8f Fix irregular stats-report-time 
Currently 'ocserv' sends session accounting statistics at irregular intervals.
For example, if 'stats-report-time' is set to 60, the actual intervals may vary
between 50, 60, 70, or even 80 seconds.  Moreover, these intervals are not
constant - they fluctuate arbitrarily with each statistics update.

This behavior was intentionally introduced to avoid worker processes acting
simultaneously in scenarios like server restarts, where all clients reconnect
at the same time, which could impose heavy load on the secmod process.

However, it causes issues for RADIUS servers that require accurate and
consistent timing.

Summary of changes:
 - Apply randomization only once when the timer is initially set up, affecting
   only the first timer firing.  All subsequent firings will occur at regular
   intervals relative to the first one.
 - Remove fuzzing from 'interim_update_secs'. This value originates either from
   RADIUS or from 'stats-report-time' and should not be altered.

Closes: #630

Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
 2026-01-01 17:31:01 +01:00