ocserv

mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-09 08:16:58 +08:00

Author	SHA1	Message	Date
Grigory Trenin	dbbe6de40c	Fix premature ban score reset for short ban periods When ban period is minimal, the 'now > e->expires' condition alone cleared scores before a client was banned. Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>	2026-01-01 17:15:37 +01:00
Grigory Trenin	0f53e0d6d9	Communicate secmod address to worker after successful authentication This ensures all subsequent worker communications reach the original secmod instance that authenticated the client, enabling correct session accounting after IP address changes. Closes: #674 Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>	2025-12-21 11:41:51 +01:00
Grigory Trenin	afa34bbd10	Fix ban score reset logic The previous condition for resetting a ban score was insufficient. It failed to reset the score for a client that had just exited a ban, and also incorrectly reset the score of a currently banned client, causing premature unbans. Closes: #678 Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>	2025-12-21 11:24:19 +01:00
Grigory Trenin	d15b2af4b2	Fix 'occtl show ip bans' showing expired ban entries Added current timestamp comparison to ensure only active bans are shown by 'occtl show ip bans'. Closes: #675. Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>	2025-12-21 10:54:16 +01:00
Grigory Trenin	1c31314df4	occtl: Fix missing column headers in 'show ip bans' output Existing code used the loop index 'i == 0' to determine when to print column headers. However, a 'continue' statement inside the loop could skip the 'i = 0' iteration, causing the headers to never be printed. Introduced a separate boolean 'header_printed' variable to track whether headers have been printed. Closes: #677 Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>	2025-12-21 10:52:20 +01:00
Grigory Trenin	3892e032d9	Fix DTLS with systemd socket activation Remove IPV6_V6ONLY flag from per-client UDP sockets as it prevents IPv4 traffic on systemd-provided IPv6 sockets. This was a legacy from the old reopen_udp_port() code and is no longer needed. Fixes: #647 Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>	2025-12-21 10:48:59 +01:00
Nikos Mavrogiannopoulos	9833ca4789	.triage-policies.yml: use the new draft rule Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2025-12-21 10:36:14 +01:00
Nikos Mavrogiannopoulos	826aa0503f	Signoff rules: ignore the misformed commit `6a65e3acdd` Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2025-12-21 10:31:48 +01:00
Dimitri Papadopoulos Orfanos	acf8c5bc6a	Merge branch 'tmp-do_while' into 'master' Simplify do/while loops See merge request openconnect/ocserv!458	2025-12-06 11:39:32 +01:00
Dimitri Papadopoulos Orfanos	86c214feb9	Merge branch 'tmp-printf' into 'master' Modernize printf() format See merge request openconnect/ocserv!436	2025-12-06 11:20:28 +01:00
Dimitri Papadopoulos Orfanos	c5acc8580e	Merge branch 'tmp-llhtp' into 'master' llhttp: updated to latest version 9.3.0 See merge request openconnect/ocserv!459	2025-12-06 11:15:36 +01:00
Dimitri Papadopoulos Orfanos	c545361202	Merge branch 'tmp-CID-356061' into 'master' Fix issue flagged by Coverity See merge request openconnect/ocserv!460	2025-12-06 11:14:21 +01:00
Dimitri Papadopoulos Orfanos	31b3d6b930	Merge branch 'tmp-cloexec' into 'master' Update cloexec.* vendored files See merge request openconnect/ocserv!439	2025-12-06 11:10:11 +01:00
Dimitri Papadopoulos Orfanos	70a4269e38	Merge branch 'tmp-sigaltstack_RESOURCE_LEAK' into 'master' Silence coverity See merge request openconnect/ocserv!446	2025-12-06 11:09:29 +01:00
Dimitri Papadopoulos Orfanos	e5de27a316	Merge branch 'tmp-main' into 'master' Main() signature compliant with C standard See merge request openconnect/ocserv!438	2025-12-06 11:08:40 +01:00
Dimitri Papadopoulos Orfanos	134ae37a13	Merge branch 'tmp-freeradius-client-1.1.8' into 'master' Work around API breakage in freeradius-client 1.1.8 Closes #650 See merge request openconnect/ocserv!453	2025-12-06 11:08:18 +01:00
Dimitri Papadopoulos Orfanos	6a65e3acdd	Merge branch 'fix-json-output-issues' into 'master' Fix invalid JSON output in occtl commands Closes #661 and #669 See merge request openconnect/ocserv!463	2025-12-06 10:54:28 +01:00
Pavel Lavrukhin	59c67fb160	Fix invalid JSON output in occtl commands	2025-12-06 10:54:28 +01:00
Dimitri Papadopoulos Orfanos	0949bfd0db	Merge branch 'bugfix/iroute' into 'master' Fix iroute option processing Closes #625 See merge request openconnect/ocserv!472	2025-12-01 22:41:21 +01:00
Grigory Trenin	4dcf3aa524	Fix iroute option processing Return proper values (1 for success, 0 for error) from iroutes_handler() to prevent premature parser termination Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>	2025-11-30 19:53:14 -05:00
Dimitri Papadopoulos Orfanos	5ff994633c	Merge branch 'bugfix/ping-leases' into 'master' Fix ping-leases option, broken since v1.1.1 See merge request openconnect/ocserv!471	2025-11-22 14:32:40 +01:00
Grigory Trenin	a307bda153	Repair ping-leases option A misplaced bracket passed 'sizeof(addr1) == -1' instead of 'sizeof(addr1)' to sendto(), causing it to fail. This prevented icmp_ping4() from sending ICMP echo requests. Consequently, the 'ping-leases' option has been non-functional since this bug was introduced in commit `2aaa287a`. Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>	2025-11-21 15:59:01 -05:00
Dimitri Papadopoulos Orfanos	88054ae4c2	Merge branch 'socket-remove' into 'master' Ignore ENOENT error when removing occtl socket file See merge request openconnect/ocserv!470	2025-11-21 21:17:51 +01:00
Dimitri Papadopoulos Orfanos	9298a6006c	Merge branch 'bugfix/arg-order' into 'master' Fix swapped arguments in the printf-like call See merge request openconnect/ocserv!467	2025-11-21 21:08:19 +01:00
Dimitri Papadopoulos Orfanos	d817992938	Merge branch 'gperf' into 'master' build: add gperf check See merge request openconnect/ocserv!466	2025-11-21 21:07:48 +01:00
Dimitri Papadopoulos Orfanos	33e1b26f43	Merge branch 'ipcalc-not-found' into 'master' docs: add ipcalc installation in README.md Closes #659 See merge request openconnect/ocserv!455	2025-11-21 21:04:56 +01:00
Dimitri Papadopoulos Orfanos	77fa214d6b	Merge branch 'bugfix/cscot-url' into 'master' Fix CSCOT URLs handling See merge request openconnect/ocserv!456	2025-11-21 21:04:02 +01:00
Dimitri Papadopoulos Orfanos	7b92adf29c	Merge branch 'non-ascii' into 'master' Replace non-ASCII character in error message See merge request openconnect/ocserv!469	2025-11-21 21:03:22 +01:00
Grigory Trenin	0017038bcd	Ignore ENOENT error when removing occtl socket file Silence misleading debug message on server startup since absence of the socket file is normal and expected. Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>	2025-11-16 14:40:04 -05:00
Grigory Trenin	22a762da43	Replace non-ASCII character in error message Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>	2025-11-12 07:40:21 -05:00
Grigory Trenin	093051ea5f	Fix printf argument order Correct the argument order passed to the printf-like function to match the format string "expected %d, received %d". Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>	2025-11-06 16:54:42 -05:00
Grigory Trenin	49a807a25f	build: add gperf check Check for gperf in ./configure to provide a clear, user-friendly error message if it's not found and required generated files are missing, instead of failing at compile time. Also fix an invalid package name ('install') in README.md for Fedora/RHEL build. Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>	2025-11-06 15:57:19 -05:00
Grigory Trenin	1d76699731	Revert "combined CSCOT URLs" This reverts commit `6fea92a961`. The URL consolidation caused worker to no longer recognize either of the original URLs. This led to "unexpected URL" errors and immediate worker termination. The original change was intended to simplify URL configuration, but it inadvertently broke functionality for both endpoints. Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>	2025-11-05 09:12:27 -05:00
Dimitri Papadopoulos	cc062ae4aa	Fix issue flagged by Coverity 356061 Use of 32-bit time_t Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2025-09-01 00:58:17 +03:00
Dimitri Papadopoulos	cc86919f28	llhttp: updated to latest version 9.3.0 Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2025-08-28 22:17:07 +03:00
Dimitri Papadopoulos	2a2334513c	Simplify do/while loops Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2025-08-27 11:10:59 +03:00
Mohammad Amin Taheri	77b1bffaa5	docs: add ipcalc installation in README.md Signed-off-by: Mohammad Amin Taheri <xirehat@gmail.com> docs: update ipcalc in configure.ac	2025-08-17 22:19:17 +03:30
Dimitri Papadopoulos	8b284c645e	Work around API breakage in freeradius-client 1.1.8 FreeRADIUS client 1.1.8 introduced this backwards-incompatible API change: `50d78bb53f` Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2025-05-23 11:29:14 +02:00
Dimitri Papadopoulos	f007cce818	Modify the header file for C99 compatibility Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2025-04-02 09:07:32 +02:00
Dimitri Papadopoulos	8fab36aa12	Update to the last version in the Gnulib repository git://git.sv.gnu.org/gnulib.git Latest changes are from 2025-01-01. Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2025-04-02 09:07:02 +02:00
Dimitri Papadopoulos	e21f08fb97	Do not apply clang-format to vendored files Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2025-04-02 09:05:42 +02:00
Dimitri Papadopoulos	e8139682fb	Move cloexec.* files out of common These files are only used by the main program. Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2025-04-02 09:05:42 +02:00
Nikos Mavrogiannopoulos	284f2ecde5	Merge branch 'tmp-protobuf' into 'master' updated to protobuf 1.5.1 See merge request openconnect/ocserv!450	2025-03-30 16:46:10 +00:00
Nikos Mavrogiannopoulos	c90ab65c82	Merge branch 'tmp-readline' into 'master' occtl requires readline, it's not optional Closes #632 See merge request openconnect/ocserv!451	2025-03-30 16:45:39 +00:00
Dimitri Papadopoulos Orfanos	43bd5d48c9	Merge branch 'master' into 'master' Make path to ocserv-fw script conform to config prefix See merge request openconnect/ocserv!448	2025-03-25 22:18:56 +01:00
Lee Keitel	58263db779	Make path to ocserv-fw script conform to config prefix Signed-off-by: default avatarLee Keitel <lee@keitel.xyz>	2025-03-25 22:18:55 +01:00
Dimitri Papadopoulos	4eac8d29f4	occtl requires readline, it's not optional Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2025-03-12 22:09:43 +01:00
Dimitri Papadopoulos Orfanos	30de6d0b44	Merge branch 'tmp-listen-host' into 'master' Option `listen-host` expects a single IP address Closes #635 See merge request openconnect/ocserv!447	2025-03-02 18:32:12 +00:00
Dimitri Papadopoulos	78658605c9	updated to protobuf 1.5.1 Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2025-03-02 19:30:44 +01:00
Dimitri Papadopoulos	4a4c341b45	Option `listen-host` expects a single IP address Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2025-03-02 19:07:22 +01:00

1 2 3 4 5 ...

4017 Commits