GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,067 Commits 19 Branches 88 Tags
0153172c03c32bc5feb831dd447ea40af0f1109f
Commit Graph

3067 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexey Dotsenko
0153172c03 tests: add radius otp test 
tests (radius-otp): add a check radcli version (atleast 1.2.7), since debian uses version
1.2.6, which does not support Access-Challenge server response.

tests: show debug messages only in VERBOSE mode

tests (radius-otp): replace test for option max_challenge to macro MAX_CHALLENGE

Signed-off-by: Alexey Dotsenko <lex@rwx.su>
 2019-06-24 17:25:44 +03:00
Alexey Dotsenko
283daffc1a radius: add access-challenge (multifactor) authentication 
skip banning each next OTP for modules with allows_retries option:

sec_mod_auth: add check - the repeated password or the password of the
following factor is entered

radius: passwd_count incremention is related to a auth-message change

sec-mod-auth: set more descriptive name for password-retries indicator

Signed-off-by: Alexey Dotsenko <lex@rwx.su>
 2019-06-24 16:10:25 +03:00
Nikos Mavrogiannopoulos
15380220ac tests: rewrite the radius tests using namespaces 
This simplifies the test and makes it runnable in our CI.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-06-03 22:47:23 +02:00
Nikos Mavrogiannopoulos
5d226c4f32 ocserv: create its own process group 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-06-03 22:31:16 +02:00
Nikos Mavrogiannopoulos
72921e5cbf radius: parse_groupnames: avoid overflow in group parsing 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-06-03 22:10:06 +02:00
Nikos Mavrogiannopoulos
33633560b4 NEWS: doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
ocserv_0_12_3 		2019-03-12 21:15:54 +01:00
Nikos Mavrogiannopoulos
03cd4a198c released 0.12.3 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-03-12 21:14:24 +01:00
Nikos Mavrogiannopoulos
8450e3bb97 Merge branch 'tmp-centos-tests' into 'master' 
tests: make ping cmd functional in centos7,6

See merge request openconnect/ocserv!100
 2019-03-12 17:59:56 +00:00
Nikos Mavrogiannopoulos
6cac225203 tests: make ping cmd functional in centos7,6 
It requires the '-6' option to be able to function with
IPv6 addresses.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-03-12 17:21:17 +01:00
Nikos Mavrogiannopoulos
03c76eb873 worker: workarounds string is made applicable for gnutls 3.3 
The %NO_SESSION_HASH priority string does not work with gnutls 3.3.
This fix does not include it into the priority string.

Resolves: #201

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-03-12 12:02:24 +01:00
Nikos Mavrogiannopoulos
d9967aa63a doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-02-22 08:47:00 +01:00
Nikos Mavrogiannopoulos
0d8fd8d2b6 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-02-22 08:45:49 +01:00
Nikos Mavrogiannopoulos
b425d9f9a5 Merge branch 'patch-1' into 'master' 
Fix the bug of "ocserv-worker: segfault at 0 ip b76d6747 sp bf851c70",...

See merge request openconnect/ocserv!99
 2019-02-22 07:44:10 +00:00
Frank Huang
d3cb2e8f53 Fix the bug of "ocserv-worker: segfault at 0 ip b76d6747 sp bf851c70", https://gitlab.com/openconnect/ocserv/issues/197 
It must be some caller does not add extra size for null at the end

Signed-off-by: Frank Huang <chuang213@gmail.com>
 2019-02-17 08:12:42 +00:00
Nikos Mavrogiannopoulos
2d42c22919 main: removed unused code 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-31 07:57:37 +01:00
Nikos Mavrogiannopoulos
16c48bdf38 Merge branch 'tmp-coverage' into 'master' 
updates in code coverage calculation

See merge request openconnect/ocserv!97
 2019-01-30 18:50:22 +00:00
Nikos Mavrogiannopoulos
383c25e239 .gitlab-ci.yml: run code coverage with -O0 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-30 19:23:05 +01:00
Nikos Mavrogiannopoulos
75c8211fd6 README.md: updated URIs for new gitlab group 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-30 19:03:10 +01:00
Nikos Mavrogiannopoulos
020a985119 Merge branch 'tmp-tests-cleanup' into 'master' 
tests: several cleanups

See merge request openconnect/ocserv!96
 2019-01-30 17:00:55 +00:00
Nikos Mavrogiannopoulos
385af4e831 .gitlab-ci.yml: ensure gcov scripts are writeable 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-20 06:44:29 +01:00
Nikos Mavrogiannopoulos
27c83dcf42 tests: consistently disable isolate-workers in tests 
That is to prevent coverage reporting in tests.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-20 06:43:47 +01:00
Nikos Mavrogiannopoulos
a1d5ec1e1c Merge branch 'tmp-fix-tls-ciphersuite' into 'master' 
occtl: print the TLS session information, even if no DTLS channel

See merge request openconnect/ocserv!95
 2019-01-19 19:29:12 +00:00
Nikos Mavrogiannopoulos
8ba3987f4c occtl: print the TLS session information, even if no DTLS channel 
This ensures that the main process receives the TLS channel information
early and does not depend on DTLS channel establishment. Furthermore,
we refactor to make setup_dtls_psk_keys() fail early when no TLS channel
is available.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-19 20:09:53 +01:00
Nikos Mavrogiannopoulos
bfa7682d3f Merge branch 'tmp-test-aes-gcm' into 'master' 
tests: added tests for anyconnect's DTLS1.2 support

See merge request openconnect/ocserv!94
 2019-01-19 17:50:16 +00:00
Nikos Mavrogiannopoulos
e0f847b984 worker: added safety check for selected DTLS ciphersuite prior to use 
This avoids a crash when no DTLS ciphersuite is selected and adds a
test case for negotiation without DTLS.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-19 18:19:11 +01:00
Nikos Mavrogiannopoulos
71ef4e4b6a worker: allow negotiating AC-DTLS12 with openconnect 
This doesn't have the anyconnect client bug with parsing the
server hello.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-19 18:19:11 +01:00
Nikos Mavrogiannopoulos
7fc4e0d0ee tests: added tests for anyconnect's DTLS1.2 support 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-19 18:19:09 +01:00
Nikos Mavrogiannopoulos
ef468d6a24 test-cookie-timeout: updated for new openconnect kill semantics 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-19 13:42:35 +01:00
Nikos Mavrogiannopoulos
c640ffd955 test-cookie-timeout: updated for new openconnect kill semantics 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-19 13:39:11 +01:00
Nikos Mavrogiannopoulos
cafd66d33d corrected typo 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
ocserv_0_12_2 		2019-01-10 20:01:58 +01:00
Nikos Mavrogiannopoulos
dfc8f95ee8 released 0.12.2 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-10 19:55:15 +01:00
Nikos Mavrogiannopoulos
19cbf2db98 Makefile: allow out-of-tree builds with bundled protobuf 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-10 19:54:38 +01:00
Nikos Mavrogiannopoulos
aa57ee9f3b Merge branch 'tmp-harmonize-strings' into 'master' 
worker-http: use the same workaround string for all ciphersuites

Closes #193

See merge request openconnect/ocserv!93
 2019-01-10 18:47:04 +00:00
Nikos Mavrogiannopoulos
a67c45099f .gitlab-ci.yml: removed XFAIL from centos6; previous changes seem to fix it 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-10 19:30:36 +01:00
Nikos Mavrogiannopoulos
c02320ee50 worker-http: use the same workaround string for all ciphersuites 
Resolves #193

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-10 19:11:22 +01:00
Nikos Mavrogiannopoulos
a196fd3328 Merge branch 'tmp-dtls12' into 'master' 
Added support for DTLS1.2 with anyconnect clients

Closes #193 and #188

See merge request openconnect/ocserv!92
 2019-01-10 13:43:58 +00:00
Nikos Mavrogiannopoulos
232de85d17 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-10 13:03:03 +01:00
Nikos Mavrogiannopoulos
ec5ebd33a4 setup_dtls0_9_keys: renamed and updated log messages for clarity 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-10 13:03:03 +01:00
Nikos Mavrogiannopoulos
21bebfff41 worker-http: dropped txt_version 
All the versions checked were prior to the minimum gnutls
version we require.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-10 13:03:03 +01:00
Nikos Mavrogiannopoulos
acdd6d156b worker-http: added support for anyconnect DTLS1.2 ciphersuites 
This adds support for DTLS1.2 ciphersuite header as sent by anyconnect
clients.

Resolves #188
Resolves #193

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-10 13:02:40 +01:00
Nikos Mavrogiannopoulos
c441017f27 README.md: updated instructions on debian 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-06 20:10:48 +01:00
Nikos Mavrogiannopoulos
a5502022c2 .gitlab-ci.yml: skip Centos6 tests that fail 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-06 20:07:53 +01:00
Nikos Mavrogiannopoulos
923f697014 cfg_ini_handler: notify static analyzers that defvhost is always non-null 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-06 20:07:53 +01:00
Nikos Mavrogiannopoulos
2dfa37784d tests: moved server-cert-rsa-pss to dist_check_scripts 
The gnutls included in distributions is expected to work well
with RSA-PSS.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-06 20:07:53 +01:00
Nikos Mavrogiannopoulos
c1cb9c02f9 Merge branch 'add-logging-ipv6' into 'master' 
Add logging output when IPv6 is disabled.

See merge request openconnect/ocserv!90
 2018-11-19 05:42:43 +00:00
pumpkin031
34b39d213c Add logging output when IPv6 is disabled. 
Signed-off-by: pumpkin031 <www.carrotsoft@gmail.com>
 2018-11-19 10:04:29 +09:00
Nikos Mavrogiannopoulos
bba393868e Merge branch 'tmp-fix-per-group' into 'master' 
Enhance testsuite on per-group configuration and a minor fix

See merge request openconnect/ocserv!89
 2018-11-18 20:22:50 +00:00
Nikos Mavrogiannopoulos
d4a4e780fc plain: skip the empty group 
Previously we were incorrectly setting the '*' as the group name.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-11-18 21:06:24 +01:00
Nikos Mavrogiannopoulos
63479d6394 sec-mod: log sucessful authentication 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-11-18 21:06:24 +01:00
Nikos Mavrogiannopoulos
b181f20a2e tests: added functionality test for config-per-group 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-11-18 21:06:22 +01:00