GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,477 Commits 19 Branches 88 Tags
065f51e6af6b1716bedc5a04a06de6cc8f7a5abb
Commit Graph

3477 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Russ Young
065f51e6af Added build flags and Test for OWASP headers 2021-04-20 11:55:28 -06:00
Russ Young
f3e23793a7 Added the default OWASP http headers to http responses. 2021-04-14 13:59:04 -06:00
Nikos Mavrogiannopoulos
b1c9573ce0 Merge branch 'lognoise' into 'master' 
Changes offensive messages. Reduced log noise

See merge request openconnect/ocserv!259
 2021-03-12 19:30:39 +00:00
Russ Young
cbd858081e Changed logging level to reduce noise. 2021-03-01 10:42:43 -07:00
Russ Young
7864798b59 Changed logging levels to reduce noise. 2021-03-01 10:41:30 -07:00
Russ Young
e9ddacde59 Changes offensive messages. 
Changed noisy messages to be logged at LOG_DEBUG level.
 2021-02-24 11:45:36 -07:00
Alan Jowett
25e899017a Merge branch 'cookie-httponly' into 'master' 
Added HttpOnly flag to cookie

See merge request openconnect/ocserv!258
 2021-02-22 16:25:42 +00:00
Russ Young
90e08cc12d Added HttpOnly flag to cookie 2021-02-17 12:15:09 -07:00
Nikos Mavrogiannopoulos
3e47d192ed Merge branch 'openbsd-devname' into 'master' 
OpenBSD Devname changes

Closes #399

See merge request openconnect/ocserv!256
 2021-02-11 10:24:31 +00:00
Jake S
a2775715ec OpenBSD Devname changes 2021-02-10 22:17:46 +00:00
Nikos Mavrogiannopoulos
7c81ba20f4 Merge branch 'dtls-fix-memory-corruption' into 'master' 
dtls connection setup: fix memory corruption, proper watcher setup

See merge request openconnect/ocserv!255
 2021-02-10 20:48:42 +00:00
Stefan Bühler
4cea55c6d6 dtls connection setup: fix memory corruption, proper watcher setup 
ev_init and ev_io_set must never be called on active watchers - we
need to cleanup previous connection state before setting a new one.

ev_init clears the "active" flag, but doesn't remove the watcher from
libev internal linked lists (and doesn't clear the "next" pointer for
it).  This can for example lead to (unexpected) cyclic lists in libev,
and libev can loop forever trying to deal with them.
 2021-02-10 13:23:42 +01:00
Nikos Mavrogiannopoulos
9f08770c08 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-02-04 21:58:41 +01:00
Nikos Mavrogiannopoulos
289ce060dc Merge branch 'issue400' into 'master' 
Close fd and stop ev_io on failed handshake.

Closes #400

See merge request openconnect/ocserv!253
 2021-02-04 20:56:06 +00:00
Alan Jowett
c53cc97395 Close fd and stop ev_io on failed handshake. 
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-02-04 10:18:34 -07:00
Nikos Mavrogiannopoulos
d4800b54e3 Updated NEWS 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-02-03 20:36:11 +01:00
Nikos Mavrogiannopoulos
ae049ee9ab Merge branch 'tmp-394' into 'master' 
Change how stdin and stdout are closed

Closes #394

See merge request openconnect/ocserv!252
 2021-01-31 19:43:15 +00:00
Nikos Mavrogiannopoulos
9d3ac17073 Change how stdin and stdout are closed 
We only close the descriptors on the main process
as this could close other unrelated descriptors.

Resolves: #394

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-01-25 21:19:40 +01:00
Nikos Mavrogiannopoulos
acf31f5dde parse_data: print unknown bye packets 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-27 21:58:18 +01:00
Nikos Mavrogiannopoulos
b7134d59f8 corrected typo 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-27 13:22:31 +01:00
Nikos Mavrogiannopoulos
7f088554d2 README-radius.md: corrected note 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-27 13:20:48 +01:00
Nikos Mavrogiannopoulos
1f6cfdc41e README-radius.md: better phrasing of NAS-Port issue with freeradius 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-27 13:12:34 +01:00
Nikos Mavrogiannopoulos
d0708ab3ff Merge branch 'tmp-coverage-check' into 'master' 
Include debugging output into our coverage tests

See merge request openconnect/ocserv!251
 2020-12-19 14:00:59 +00:00
Nikos Mavrogiannopoulos
d8377398bc .triage-policies.yml: improved message on reopening 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-19 14:17:32 +01:00
Nikos Mavrogiannopoulos
13f59eebbd tests: increase verbosity on coverage runs 
This includes the debugging output into our tests.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-19 14:15:56 +01:00
Nikos Mavrogiannopoulos
1657781caf Merge branch 'tmp-share-vars' into 'master' 
worker.h: share OCSERV_ENV_WORKER_STARTUP_MSG between main and worker

See merge request openconnect/ocserv!250
 2020-12-14 23:10:08 +00:00
Nikos Mavrogiannopoulos
8b9cc3a5c5 Merge branch 'tmp-cleanup' into 'master' 
Cleanups in Makefile

See merge request openconnect/ocserv!249
 2020-12-14 22:40:12 +00:00
Nikos Mavrogiannopoulos
8d4a5924e4 worker.h: share OCSERV_ENV_WORKER_STARTUP_MSG between main and worker 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-14 23:26:17 +01:00
Nikos Mavrogiannopoulos
b2a5688bf7 Makefile.am: cleanup 
This rearranges variables so they are set before they are used.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-14 21:20:22 +01:00
Nikos Mavrogiannopoulos
e09a7d5a70 Merge branch 'tmp-lgtm' into 'master' 
More fixes to reduce warnings from lgtm.com static analyzer

See merge request openconnect/ocserv!248
 2020-12-12 22:30:50 +00:00
Nikos Mavrogiannopoulos
56f98cbba2 sample.config: document what 'unlimited' means 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-12 23:12:10 +01:00
Nikos Mavrogiannopoulos
5869006ce1 Replaced redundant checked with asserts 
Although the checks where strictly redundant, an update
or restructuring of the loops/files could cause a signficant
issues. For that keep them but within an assert() statement
to be clear what it is about.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-12 22:47:43 +01:00
Nikos Mavrogiannopoulos
47c6638286 ocserv-worker: renamed loop to worker_loop 
This avoids warnings and static analyzers complains about
the libev functions hiding the global 'loop' variable

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-12 22:41:57 +01:00
Nikos Mavrogiannopoulos
c778881927 Revert ".lgtm.yml: added" 
This reverts commit f1be23a7f7.
The LGTM.com integration doesn't seem to work as lgtm cannot
checkout this project.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-11 09:50:25 +01:00
Nikos Mavrogiannopoulos
f1be23a7f7 .lgtm.yml: added 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-10 17:16:29 +01:00
Daniel Lenski
dd34f85875 OpenConnect will interpret these headers once https://gitlab.com/openconnect/openconnect/-/merge_requests/156 is merged 
Examples of newly-authenticated sessions from Cisco servers:

- Default value of `Session-Timeout` is 1209600 seconds (14 days) per
  https://www.cisco.com/assets/sol/sb/RV345P_Emulators/RV345P_Emulator_v1-0-01-17/help/help/t_SSL_VPN.html
- https://www.mail-archive.com/openconnect-devel@lists.infradead.org/msg00968.html:
  `Lease-Duration` having the default value, while `Session-Timeout`
  and `Session-Timeout-Remaining` are `none`
- https://gitlab.com/openconnect/openconnect/-/issues/43#note_177677716:
  `Lease-Duration`, `Session-Timeout`, and `Session-Timeout-Remaining` all with
  same value

My own testing of *reconnected* sessions (on a newer Cisco server supporting
DTLS 1.2) shows that Session-Timeout-Remaining will have a value less than
Session-Timeout, such that the expiration timestamp remains constant from one
reconnection to the next.

Signed-off-by: Daniel Lenski <dlenski@amazon.com>
 2020-12-09 17:27:00 -08:00
Nikos Mavrogiannopoulos
3257070312 Merge branch 'tmp-lgtm' into 'master' 
Several updates to remove LGTM.com warnings

See merge request openconnect/ocserv!246
 2020-12-09 15:40:24 +00:00
Nikos Mavrogiannopoulos
3d7c846ecd ocserv: renamed main_loop 
This avoids warnings and static analyzers complains about
libev functions hiding the global 'loop' variable.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 15:56:29 +01:00
Nikos Mavrogiannopoulos
689b6fa1a4 process_worker_packet: remove FIXME comments; they serve little purpose 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 15:48:30 +01:00
Nikos Mavrogiannopoulos
85817d38b7 get_session_id: avoid parameter hiding 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 15:47:52 +01:00
Nikos Mavrogiannopoulos
a9cb1b7f1e headers: added header guards 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 15:46:12 +01:00
Nikos Mavrogiannopoulos
f6cb0db8e0 get_cert_names: made infinite loop apparent 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 15:44:12 +01:00
Nikos Mavrogiannopoulos
07606fc2d8 load_keys: avoid hiding a global variable 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 15:10:41 +01:00
Nikos Mavrogiannopoulos
9482756e6c parse_cfg_file: avoid hiding a global variable 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 15:10:01 +01:00
Nikos Mavrogiannopoulos
e035221030 update_auth_time_stats: cast operations to avoid overflows 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 15:05:24 +01:00
Nikos Mavrogiannopoulos
d619c90518 Avoid localtime() in favor of localtime_r() 
This is to keep some static analyzers happy that check for the
thread safe functions, even if in practice we do not need to be
thread safe.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 15:01:39 +01:00
Nikos Mavrogiannopoulos
24814ac874 ocserv: avoid the use of ctime 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 14:55:46 +01:00
Nikos Mavrogiannopoulos
44bff9ce5e .gitlab-ci.yml: corrected syntax 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 13:27:27 +01:00
Nikos Mavrogiannopoulos
39a86845cb .gitlab-ci.yml: RPM/epel8: undo downstream patch 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 11:44:50 +01:00
Nikos Mavrogiannopoulos
9927fbe997 design.dia: updated to mention seccomp 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 11:35:30 +01:00