GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,586 Commits 19 Branches 88 Tags
03b71ca57f314a67140e41e600377b104738df42
Commit Graph

3586 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dimitri Papadopoulos
3a92062b44 Typos found by Visual Studio Code Checker 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2021-12-22 19:21:02 +01:00
Dimitri Papadopoulos
a58ff2534f chmod +x autogen.sh 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2021-12-22 19:17:58 +01:00
Nikos Mavrogiannopoulos
d28b2e9f01 Merge branch 'const_char' into 'master' 
Improve const char declarations

See merge request openconnect/ocserv!278
 2021-12-22 18:16:36 +00:00
Dimitri Papadopoulos
a5d79fc230 Improve const char declarations 
Declare C string constants using array syntax, avoid pointer syntax
when possible. They are different, the array syntax generates smaller,
faster code.

Also, const char[] should usually be static, again to avoid poor
compilation and runtime performance where compilers tend to
initialize the const declaration for every call instead of using
.rodata for the string.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2021-12-17 10:26:17 +01:00
Nikos Mavrogiannopoulos
78c26b6f21 Merge branch 'repeat' into 'master' 
Fix repeated words in comments

See merge request openconnect/ocserv!277
 2021-12-11 16:55:34 +00:00
Nikos Mavrogiannopoulos
5c79fa24b2 sample.config: removed mentioning of listen-clear-file 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-11-20 17:14:35 +01:00
Dimitri Papadopoulos
47c1e1be84 Fix repeated words in comments 2021-11-18 06:21:14 +01:00
Nikos Mavrogiannopoulos
11fdd9fb04 manpages: fixed output with ronn-ng 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
1.1.5 		2021-11-17 13:18:55 +01:00
Nikos Mavrogiannopoulos
7f5414bd07 Merge branch 'codespell' into 'master' 
Fix typo found by codespell

See merge request openconnect/ocserv!274
 2021-11-17 08:52:48 +00:00
Nikos Mavrogiannopoulos
a61daf0332 systemd files: updated 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-11-14 12:27:44 +01:00
Dimitri Papadopoulos
1dcd78d05f Fix typo found by codespell 2021-11-13 13:17:51 +01:00
Nikos Mavrogiannopoulos
176a10b8dc configure.ac: 1.1.4 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
1.1.4 		2021-11-13 08:45:56 +01:00
Nikos Mavrogiannopoulos
697f5f9bc2 maxmind: ensure that asprintf is checked 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-11-13 08:45:14 +01:00
Nikos Mavrogiannopoulos
5f943148be NEWS: released 1.1.4 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-11-13 08:42:52 +01:00
Nikos Mavrogiannopoulos
4f9c4de805 lgtm: ignore unuseful warnings 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-11-13 08:41:30 +01:00
Nikos Mavrogiannopoulos
6e821c3df3 Merge branch 'tmp-allow-small-prefix' into 'master' 
Do not assign an IPv6 address to client that matches the network

Closes #430

See merge request openconnect/ocserv!273
 2021-11-12 17:45:26 +00:00
Nikos Mavrogiannopoulos
11c79189cc tests: skip leaks in occtl 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-11-01 10:23:01 +01:00
Nikos Mavrogiannopoulos
296b4fb4fe test-explicit-ip: corrected the illegal IP address 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-10-31 22:26:25 +01:00
Nikos Mavrogiannopoulos
3995473219 NEWS: doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-10-31 22:26:25 +01:00
Nikos Mavrogiannopoulos
ceebc11cc4 tests: check functionality of an IPv6 net with prefix 127 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-10-31 22:26:16 +01:00
Nikos Mavrogiannopoulos
8ac992d273 Do not assign the same local and remote IPs 
Resolves: #430

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-10-31 17:18:42 +01:00
Nikos Mavrogiannopoulos
471d804e28 Merge branch 'tmp-codespell' into 'master' 
Typos found by codespell

See merge request openconnect/ocserv!271
 2021-10-09 16:25:14 +00:00
Nikos Mavrogiannopoulos
7fc33ad008 sample.config: documented sec-mod-scale 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-10-09 18:07:08 +02:00
Dimitri Papadopoulos
81df79a95b Typos found by codespell 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2021-10-09 17:57:11 +02:00
Nikos Mavrogiannopoulos
d8d19837d9 Merge branch 'tmp-no-self-test' into 'master' 
hash.c: removed self-test

See merge request openconnect/ocserv!272
 2021-10-07 07:50:46 +00:00
Nikos Mavrogiannopoulos
890a37ebea doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-10-07 09:34:21 +02:00
Nikos Mavrogiannopoulos
53dfa056a4 hash.c: removed self-test 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-10-07 09:30:23 +02:00
Nikos Mavrogiannopoulos
80fd3293b2 Merge branch 'tmp-ignore-self-test' into 'master' 
cppcheck: ignore SELF_TEST in ccan/hash

See merge request openconnect/ocserv!269
 2021-09-14 07:15:50 +00:00
Nikos Mavrogiannopoulos
807250f78e cppcheck: ignore SELF_TEST in ccan/hash 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-09-13 22:17:57 +02:00
Luo Bo
ec14f60b79 seccomp: Add epoll_pwait to allow list. AArch64 requires this. 
Signed-off-by: Luo Bo <luobodi@hotmail.com>
 2021-09-13 22:07:08 +02:00
Nikos Mavrogiannopoulos
664d88d84e README.md: updated [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-23 09:17:56 +02:00
Nikos Mavrogiannopoulos
644873f5a9 README.md: updated [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-23 09:16:35 +02:00
Nikos Mavrogiannopoulos
45fcdbf0b3 Merge branch 'tmp-log-simple' into 'master' 
Clean ups on logging

See merge request openconnect/ocserv!266
 2021-06-12 21:11:30 +00:00
Nikos Mavrogiannopoulos
3c783faaa2 .gitlab-ci.yml: removed epel RPM builds on second stage 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 22:55:19 +02:00
Nikos Mavrogiannopoulos
add3272c1d disable_system_calls: added newfstatat unconditionally 
It is required in newer glibc.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 22:23:36 +02:00
Nikos Mavrogiannopoulos
4bfb42cb34 pcl: removed code causing use-after-free 
Found by static analyzer.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 21:46:28 +02:00
Nikos Mavrogiannopoulos
173b5abd56 .gitlab-ci.yml: updated fedora image name 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 21:42:51 +02:00
Nikos Mavrogiannopoulos
29995ebd43 log: simplified logging process 
This combines duplicate logic, and allows uncovering errors
when the wrong log level is specified.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 21:42:51 +02:00
Nikos Mavrogiannopoulos
bcf6ed7204 worker: minor improvements in log messages 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 21:42:21 +02:00
Nikos Mavrogiannopoulos
6daa24f010 worker: correct log message 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 10:16:27 +02:00
Nikos Mavrogiannopoulos
559a0f85c6 released 1.1.3 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
1.1.3 		2021-06-02 08:32:46 +02:00
Nikos Mavrogiannopoulos
750a4bfb3f NEWS: removed X-CSTP-Lease-Duration 
This amends fac0244f3e

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-23 18:58:28 +02:00
Nikos Mavrogiannopoulos
60af6e3f6a Merge branch 'do_not_set_X-CSTP-Lease-Duration_header' into 'master' 
Do not set X-CSTP-Lease-Duration header

See merge request openconnect/ocserv!265
 2021-05-22 18:17:29 +00:00
Daniel Lenski
fac0244f3e Do not set X-CSTP-Lease-Duration header 
This header was added in dd34f85875.
The intention was to allow clients to accurately determine the remaining
lifetime of the authentication session by replicating the headers that Cisco
servers were observed to send. See https://gitlab.com/openconnect/openconnect/-/merge_requests/156
for the client-side implementation in OpenConnect.

However, two users of ocserv have now reported that the *presence* of this
header *breaks* compatibility with newer Cisco AnyConnect clients
(https://gitlab.com/openconnect/ocserv/-/issues/414#note_581221384,
https://gitlab.com/openconnect/ocserv/-/issues/232#note_477714207).

This patch removes the `X-CSTP-Lease-Duration` header, while leaving behind
the `X-CSTP-Session-Timeout` and `X-CSTP-Session-Timeout-Remaining` headers.
With

(a) Cisco AnyConnect clients are able to correct (tested at
    https://gitlab.com/openconnect/ocserv/-/issues/414#note_581563460)
(b) OpenConnect clients are still able to determine the authentication session
    lifetime (https://gitlab.com/openconnect/ocserv/-/issues/414#note_582314323)

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
 2021-05-22 10:32:52 -07:00
Nikos Mavrogiannopoulos
b37544b513 Merge branch 'refactorlogging' into 'master' 
Separated logging level from debug-ability

See merge request openconnect/ocserv!262
 2021-05-18 18:38:50 +00:00
Russell Young
658ffb47df Separated logging level from debug-ability 
Modified code to separate logging level from the debug-ability. Added new command line option -x or --traceable to control the pr_dumpable state (default is pr_dumpable false) Added config parameter for controlling the log-level the option is "log-level" it can also be specified on the commandline with -d or --debug.

Signed-off-by: Russell Young <ruyoung@microsoft.com>
 2021-05-18 18:38:49 +00:00
Nikos Mavrogiannopoulos
797d6f75d0 Merge branch 'bypass-protocol' into 'master' 
add client-bypass-protocol config option

Closes #407

See merge request openconnect/ocserv!261
 2021-05-18 07:15:43 +00:00
fdomain
b3fe0d85c2 Added client-bypass-protocol config option 
By default, anyconnect clients will drop all traffic of a given IP
version if there is no IP address in that version assigned to the
client. The client-bypass-protocol option, if enabled, will send an
extra header to the clients telling anyconnect client to bypass VPN
tunnel if there is no IP assigned. No impact for openconnect clients,
this header will simply be ignored.

Signed-off-by: Florian Domain <f.domain@criteo.com>
 2021-05-18 07:15:43 +00:00
Nikos Mavrogiannopoulos
4eb211d8d0 Merge branch 'tmp-minimal-fix' into 'master' 
.gitlab-ci.yml: merged options from minimal and Ubuntu minimal

See merge request openconnect/ocserv!264
 2021-05-16 21:27:05 +00:00
Nikos Mavrogiannopoulos
3d5981c0f2 .gitlab-ci.yml: enabled more tests on ubuntu20.04 minimal 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-16 22:43:46 +02:00