GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,542 Commits 19 Branches 88 Tags
00b631e01e163bc26eae4c03f0c98a99dd8b9022
Commit Graph

2542 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
00b631e01e .gitlab-ci.yml: added build rule on freebsd 2016-04-19 16:17:02 +02:00
Nikos Mavrogiannopoulos
b706ab7871 main: reduce UDP_FD_RESEND_TIME to 3 seconds 
This allows a client to reconnect the DTLS session as soon as even
3 seconds. This addresses issue with clients turning the wifi off and
on again, not being able to reconnect with DTLS.
 2016-04-19 14:16:53 +02:00
Nikos Mavrogiannopoulos
51f3c7b1eb Moved libev initialization after daemon() and sec-mod process init 
This is because libev uses a file descriptor in FreeBSD systems
(kqueue) which is closed by the kernel on fork(). That means
that on libev deinitialization after daemon(), libev will close
another unrelated descriptor.
 2016-04-19 13:42:05 +02:00
Nikos Mavrogiannopoulos
2a7d8ac303 Revert "FreeBSD: restrict to poll or select the main event loop" 
This reverts commit 659c903369.
 2016-04-19 13:23:54 +02:00
Nikos Mavrogiannopoulos
a092673dc4 set_socket_timeout: be more verbose in error conditions 2016-04-18 16:59:40 +02:00
Nikos Mavrogiannopoulos
2debbde9a3 ocserv: initialize ctl_fd to an invalid value 
This prevents issue with clear_lists() closing the 0-fd
even when ctl_handler is not initialized.
 2016-04-17 13:43:35 +02:00
Nikos Mavrogiannopoulos
359ec5fe2e sec-mod: simplify the name of the security module to ocserv-sm 2016-04-17 12:52:23 +02:00
Nikos Mavrogiannopoulos
5ea4b32f4d tests: use 127.0.0.1 for debian radiusclient conf 
That is because freeradius listens to IPv4 by default.
Also adjusted the default log directory to match the
Fedora's one and simplify the test.
 2016-04-17 12:51:05 +02:00
Nikos Mavrogiannopoulos
0561534639 tests: updated debian tests to use libgnutls30 2016-04-17 11:05:32 +02:00
Nikos Mavrogiannopoulos
3eb5dd360e doc update 2016-04-17 10:45:26 +02:00
Nikos Mavrogiannopoulos
795730a681 configure: Add a code coverage option 
Configure with:
  ./configure --enable-code-coverage
Show coverage output with:
  make && make check && make code-coverage-capture

It does not take into account tests run under docker.
 2016-04-16 12:39:18 +02:00
Nikos Mavrogiannopoulos
b088d2df73 Makefiles: combined the rules for local libraries 2016-04-16 10:47:18 +02:00
Nikos Mavrogiannopoulos
3b844bf3f0 bumped version 2016-04-16 08:56:23 +02:00
Nikos Mavrogiannopoulos
df36a4c0ba main: close stdin and stdout as early after daemon() 
The reason is that in some systems daemon() may close stdin
completely. If we delay this close and another descriptor takes
the stdin fileno, we may end up closing a legitimate descriptor.
 2016-04-16 08:49:35 +02:00
Nikos Mavrogiannopoulos
8ae0d044f2 doc update 2016-04-16 08:47:30 +02:00
Nikos Mavrogiannopoulos
659c903369 FreeBSD: restrict to poll or select the main event loop 
This addresses an issue with FreeBSD and the kqueue interface.
When used it causes the sec-mod spawn to fail. Enabling it, it possibly
affects the pipes generated for communication.
 2016-04-16 08:47:05 +02:00
Nikos Mavrogiannopoulos
ca4e281c1d setproctitle: fixed compilation issue in Linux systems without prctl 2016-04-15 14:22:47 +02:00
Nikos Mavrogiannopoulos
70d78f39d9 updated comment 2016-04-15 14:16:51 +02:00
Nikos Mavrogiannopoulos
9a125c3aba tests: update tests to include the running username/group 
That removes the requirement to keep a uid_wrapper specific
hack in check_upeer_id().
 2016-04-15 11:17:35 +02:00
Nikos Mavrogiannopoulos
4c43f06ab5 tests: added check for connection using invalid certificate 2016-04-12 22:13:54 +02:00
Nikos Mavrogiannopoulos
34d059c43a sec-mod: corrected comment 2016-04-12 21:54:12 +02:00
Nikos Mavrogiannopoulos
eb9cdf1933 TODO: mention hostname override 2016-04-12 21:48:11 +02:00
Nikos Mavrogiannopoulos
01cde787d3 doc update 2016-04-02 15:06:13 +02:00
Nikos Mavrogiannopoulos
071a37aaa4 tests: Added test for radius group receiving 
This tests the receiving of groups using "Class" radius attribute
in the format "OU=group1;group2".
 2016-04-01 15:39:38 +02:00
Nikos Mavrogiannopoulos
e798493d08 sec-mod: perform group checks at auth completion stage 
This allows to retrieve allowed groups from radius response.
 2016-04-01 15:39:02 +02:00
Nikos Mavrogiannopoulos
b5cabb9589 tests: added check for trim_trailing_whitespace() 2016-04-01 15:33:11 +02:00
Nikos Mavrogiannopoulos
ade786a0f1 radius: replace experimental Group-Name with Class attribute 
The current format allows to handle multiple groups and is used
by several radius servers.

Suggested by Yick Xie.
 2016-04-01 15:33:11 +02:00
Nikos Mavrogiannopoulos
0b4333d7ee ocserv: warn when conflicting supplemental config options are specified 
That is, do not allow radius' groupconfig=true option to be combined
with config-per-user/group. This reduces frustration since these options
are incompatible.
 2016-04-01 15:32:27 +02:00
Nikos Mavrogiannopoulos
34857ff5a5 tests: check for DNS information propagation in user config 2016-04-01 15:32:20 +02:00
Nikos Mavrogiannopoulos
6bd1d0b0e0 worker: always free the previous msg in an fd update 2016-03-28 15:49:48 +02:00
Nikos Mavrogiannopoulos
2f684a227b doc update 2016-03-23 19:53:38 +01:00
Nikos Mavrogiannopoulos
a037174a87 occtl: use '?' for unknown time 2016-03-23 19:52:40 +01:00
Nikos Mavrogiannopoulos
1b1fab8c3c occtl: add newline into print iroutes 2016-03-21 21:48:48 +01:00
Nikos Mavrogiannopoulos
adc4aa40af sec-mod: don't set negative time into last_modified field 2016-03-21 21:44:45 +01:00
Nikos Mavrogiannopoulos
cd4fe99a57 main: don't require a full handshake packet when forwarding UDP session 
That is, to allow any small DPD packets to be sent to the correct
worker process.
 2016-03-19 23:26:19 +01:00
Nikos Mavrogiannopoulos
441c112575 bumped version ocserv_0_11_1 2016-03-19 13:05:34 +01:00
Nikos Mavrogiannopoulos
8bfc3f6e2d reduced logging verbosity in certain common failures 2016-03-13 10:29:28 +01:00
Nikos Mavrogiannopoulos
76e6aef74d doc: mention the ip_address option 2016-03-08 12:27:07 +01:00
Nikos Mavrogiannopoulos
98647dc117 occtl: correctly print last modified field 2016-03-07 16:12:36 +01:00
Nikos Mavrogiannopoulos
eb71a82210 worker: improved exit reason reporting for server disconnects 2016-03-07 13:56:16 +01:00
Nikos Mavrogiannopoulos
da4e4fcf2a Improved error message propagation due to new combined APIs 
This amends 8892eb1934
 2016-03-07 13:51:55 +01:00
Nikos Mavrogiannopoulos
c213a8b8fc sec-mod: do not export expired entries to cookies list op 
Also combined macro to determine expired entries.
 2016-03-07 13:42:46 +01:00
Nikos Mavrogiannopoulos
e4dbeb6bd3 more files to ignore 2016-03-06 19:08:10 +01:00
Nikos Mavrogiannopoulos
94b2da514c occtl: split show cookies to all and valid 2016-03-06 19:07:33 +01:00
Nikos Mavrogiannopoulos
e0947340bb ipc: pass the connection status as integer 
Conversion to textual form now happens at the client (occtl)
instead of the main server.
 2016-03-06 19:07:24 +01:00
Nikos Mavrogiannopoulos
8892eb1934 use a single format for all messages simplifying server 
That patch also combines all the message generation or receiving
functions for to allow easier modifications to the format.
 2016-03-06 19:07:07 +01:00
Nikos Mavrogiannopoulos
8a99ed78db doc update 2016-03-06 12:06:44 +01:00
Nikos Mavrogiannopoulos
f3338e84f7 Added occtl command to display cookies 
This allows to display and examine valid cookies from occtl.
 2016-03-06 12:05:36 +01:00
Nikos Mavrogiannopoulos
4541a73d3d tests: fixed proxyproto test on debian 2016-03-05 16:58:17 +01:00
Nikos Mavrogiannopoulos
435c78fa3d doc: eliminated references to HOSTNAME 
It was never available in the up/down scripts.
 2016-03-05 16:45:39 +01:00