GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,117 Commits 19 Branches 88 Tags
0f0a1b58e7ff6dbfd5365ee1d05e611adb202ce5
Commit Graph

352 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
55d5af2ebc check_multiple_users: do not account disconnected ones 
When max-same-clients is set to 1 and a user re-using a cookie
connects, check_multiple_users() would prevent the user from
reconnecting. This corrects the issue by taking into account
only valid sessions that have not yet been disconnected.

Resolves: #223

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-12-16 21:30:24 +01:00
Nikos Mavrogiannopoulos
cfa62cf6b4 Merge branch 'tmp-test-kerberos' into 'master' 
tests: added kerberos test case

See merge request openconnect/ocserv!116
 2019-12-12 15:29:35 +00:00
Nikos Mavrogiannopoulos
c9e907c841 tests: replaced docker-based kerberos test case with one that runs in CI 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-11-17 14:51:21 +01:00
Nikos Mavrogiannopoulos
ea845a57fc tests: clean-up pam server initiation 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-11-17 11:10:19 +01:00
Nikos Mavrogiannopoulos
4bcf29643d ocserv: added support for per-user split-dns directive 
Resolves: #229

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-11-17 11:06:47 +01:00
Lele Long
17ed47488d Add udp-listen-host option for DTLS 
This option supports different listen addresses for tcp and
udp such as haproxy for tcp, but support dtls at the same time (haproxy
does not support UDP at the moment)
 2019-09-30 09:01:55 +08:00
Nikos Mavrogiannopoulos
92b5db7b26 occtl: fix json in show status 
This removes a trailing comma from the end of the listing, and
adds a missing one.

Resolves: #220

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-09-25 20:37:16 +02:00
Alexey Dotsenko
0153172c03 tests: add radius otp test 
tests (radius-otp): add a check radcli version (atleast 1.2.7), since debian uses version
1.2.6, which does not support Access-Challenge server response.

tests: show debug messages only in VERBOSE mode

tests (radius-otp): replace test for option max_challenge to macro MAX_CHALLENGE

Signed-off-by: Alexey Dotsenko <lex@rwx.su>
 2019-06-24 17:25:44 +03:00
Nikos Mavrogiannopoulos
15380220ac tests: rewrite the radius tests using namespaces 
This simplifies the test and makes it runnable in our CI.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-06-03 22:47:23 +02:00
Nikos Mavrogiannopoulos
6cac225203 tests: make ping cmd functional in centos7,6 
It requires the '-6' option to be able to function with
IPv6 addresses.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-03-12 17:21:17 +01:00
Nikos Mavrogiannopoulos
27c83dcf42 tests: consistently disable isolate-workers in tests 
That is to prevent coverage reporting in tests.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-20 06:43:47 +01:00
Nikos Mavrogiannopoulos
8ba3987f4c occtl: print the TLS session information, even if no DTLS channel 
This ensures that the main process receives the TLS channel information
early and does not depend on DTLS channel establishment. Furthermore,
we refactor to make setup_dtls_psk_keys() fail early when no TLS channel
is available.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-19 20:09:53 +01:00
Nikos Mavrogiannopoulos
e0f847b984 worker: added safety check for selected DTLS ciphersuite prior to use 
This avoids a crash when no DTLS ciphersuite is selected and adds a
test case for negotiation without DTLS.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-19 18:19:11 +01:00
Nikos Mavrogiannopoulos
7fc4e0d0ee tests: added tests for anyconnect's DTLS1.2 support 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-19 18:19:09 +01:00
Nikos Mavrogiannopoulos
c640ffd955 test-cookie-timeout: updated for new openconnect kill semantics 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-19 13:39:11 +01:00
Nikos Mavrogiannopoulos
2dfa37784d tests: moved server-cert-rsa-pss to dist_check_scripts 
The gnutls included in distributions is expected to work well
with RSA-PSS.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-06 20:07:53 +01:00
Nikos Mavrogiannopoulos
b181f20a2e tests: added functionality test for config-per-group 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-11-18 21:06:22 +01:00
Nikos Mavrogiannopoulos
4e51e2a0ac tests: added check with empty password 
Relates #171

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-09-22 21:11:19 +02:00
Nikos Mavrogiannopoulos
3a330b8d85 tests: added unit tests for AES-128-GCM and AES-256-GCM 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-07-20 22:06:11 +02:00
Nikos Mavrogiannopoulos
579cfc0ead Added support for AES-256-CBC 
This enables support for AES-256 for anyconnect clients which
do not support AES-GCM. Also prioritized the 256-bit ciphers
higher than the 128-bit ones.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-07-20 21:58:49 +02:00
Nikos Mavrogiannopoulos
9ca7da7689 added missing file 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-05-12 08:20:59 +02:00
Nikos Mavrogiannopoulos
807ce345de main: create a sec-mod socket file independent of pid 
That addresses the issue of not being able to run under systemd,
or under non-forking mode. Added test case to detect proper
operation.

Resolves #154

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-05-11 22:04:28 +02:00
Nikos Mavrogiannopoulos
a65b3444cb tests: ship missing test [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-04-23 11:13:13 +02:00
Nikos Mavrogiannopoulos
4111f598b8 tests: separated compression tests to lzs and lz4 
That allows testing both code paths separately.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-15 17:25:27 +02:00
Nikos Mavrogiannopoulos
432c12dcce tests: added test to unit test the maintenance cycle 
This allows to catch issues like crashes late in the server
operation as in #149

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-15 09:25:51 +02:00
Nikos Mavrogiannopoulos
0bb085de4a tests: pam-test was restricted to pam_matrix 
valgrind and asan were indicating issues with pam_oath, so
avoid using it in the testsuite.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 18:36:03 +02:00
Nikos Mavrogiannopoulos
9af953383e tests: properly handle memory in cfg_parse_ports() unit test 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 14:23:21 +02:00
Nikos Mavrogiannopoulos
90b3c439fb tests: server-cert-rsa-pss moved to xfail set 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 14:22:46 +02:00
Nikos Mavrogiannopoulos
158b099c9f tests: added test with compression enabled 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-06 06:53:27 +02:00
Nikos Mavrogiannopoulos
265e30dab7 tests: full-test was moved into traffic test 
The new traffic test only requires namespaces and no docker.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-05 20:06:27 +02:00
Nikos Mavrogiannopoulos
490a201826 haproxy-connect: split into lib 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-05 18:59:41 +02:00
Nikos Mavrogiannopoulos
86fe0fc457 tests: added check with haproxy connection 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-04 07:22:49 +02:00
Nikos Mavrogiannopoulos
63b7e81e87 tests: added test with proxy-protocol 
That tests operation under haproxy with proxy-protocol without docker.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-01 13:30:47 +02:00
Nikos Mavrogiannopoulos
0de68ef4b1 tests: added reproducer for #141 
This tests whether more than 128 options can be read in
routes or dns fields.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-03-21 12:28:24 +01:00
Nikos Mavrogiannopoulos
5d0205332d tests: introduced test program to check basic vhost functionality 
This checks whether connecting to different virtual hosts
with different authentication methods works.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-03-06 20:42:33 +01:00
Nikos Mavrogiannopoulos
ba6921ed9a Introduced the notion of virtual hosts 
This provides virtualized server configurations which take
effect after client connection when client hello is received.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-03-06 20:42:31 +01:00
Nikos Mavrogiannopoulos
274415d050 tests: use the --pid-file and -p options in ocserv 
This allows detecting issues like in #143 where these
two options regressed.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-03-01 19:18:54 +01:00
Nikos Mavrogiannopoulos
15fd4c9fbb tests: introduced tests with gssapi falling back to pass or certs 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 16:31:55 +01:00
Nikos Mavrogiannopoulos
4ecfed7ed0 tests: added check cert or pass auth 
This is the similar to the test case (test-pass-opt-cert) of pass or cert,
but in that case the certificate method is set as primary.

Relates #108

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 16:03:50 +01:00
Nikos Mavrogiannopoulos
30d4b4e677 test-pass-opt-cert: modified not to require root access 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 16:03:50 +01:00
Nikos Mavrogiannopoulos
86ae99864b tests: check whether ocserv is build with oath support prior to running otp tests 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 16:03:33 +01:00
Nikos Mavrogiannopoulos
66f9f97d1d test: replaced docker otp-test with cwrap test-otp 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 16:00:09 +01:00
Nikos Mavrogiannopoulos
00c6f566cb tests: introduced test with OTP-password and certificate auth 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 14:38:19 +01:00
Daniel Lenski
fbdf8f875e Make escape_url() percent-escape fewer characters and escape ' ' as '+' 
Per RFC 3986, neither ASCII alphanumeric characters, nor any of '-', '_',
'.', '~', need to be escaped anywhere in a URL or query string.
 2018-01-13 13:11:33 -08:00
Daniel Lenski
38ebf44620 tests for unescaping decimal HTML escapes and '+' in URLs 2018-01-13 12:56:59 -08:00
Nikos Mavrogiannopoulos
7a19296119 tests: updated for increase in slack time 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-06 08:55:02 +01:00
Nikos Mavrogiannopoulos
705b65d168 tests: updated to account for changes in cookie invalidation 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-12-11 08:26:48 +01:00
Frank Huang
f10c5bc73e Update ocpasswd-test 
Signed-off-by: Frank Huang <chuang213@gmail.com>
 2017-10-09 21:42:30 +02:00
Nikos Mavrogiannopoulos
a779b18a81 tests: test-pass-script: only run when openconnect supports --local-hostname 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-09 11:49:57 +02:00
Nikos Mavrogiannopoulos
6bf1341c21 .gitlab-ci.yml: root tests are run on CI systems 
Because these tests can only be run in-tree, the CI builds
were switched to be in-tree, except for FreeBSD build which
now runs out-of-tree.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-09 11:35:14 +02:00