GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,700 Commits 19 Branches 88 Tags
1373a11f571567c57a8f0084db61b2d32a965f24
Commit Graph

3700 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
1373a11f57 tests: added a test for groups defined over multiple AVPs 
This adds a test for the available multi-group options as
well as documentation for the feature. This tests two options:
 * Separate group names in separate class attributes
 * Separate group names in separate class attributes with the OU= format

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-17 00:25:55 +02:00
Dimitri Papadopoulos
813690b9c2 radius: groups defined over multiple AVPs 
This helps circumvent the 253 characters limit of RADIUS string values.

We distinguish between value strings that start with "OU=" and the rest:
* Value strings that start with "OU=" define multiple groups in a single
  AVP. Here, we update the previous logic by taking into account all the
  AVPs. We emit a warning when discarding subsequent AVPs, but also when
  discarding groups within the current AVP because we have reached the
  maximum number of groups.
* Other value strings define a single group. Here, we change the
  previous logic. We append to the list of groups instead of silently
  discarding subsequent value strings.
  We emit a warning when discarding AVPs because we have reached the
  maximum number of groups.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-17 00:25:50 +02:00
Dimitri Papadopoulos
8aecd4f0c5 Trim trailing whitespace first 
This doesn't change anything, we just want to make clear that trimming
the string pointed to by `p2`, after assigning `pctx->groupnames[i]`,
will have an effect on both since they point to the same string.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-17 00:24:45 +02:00
Nikos Mavrogiannopoulos
2830263d4c Merge branch 'SYSCALL_open' into 'master' 
seccomp: GnuTLS 3.7.3 requires open() unconditionally

Closes #491

See merge request openconnect/ocserv!322
 2023-06-16 19:23:46 +00:00
Dimitri Papadopoulos
ea23edd453 seccomp: GnuTLS 3.7.3 requires open() and openat() 
We have added open() unconditionally, to be able to open system priority
and FIPS complicance configuration files from workers.

We had already added openat() unconditionally.

Therefore there is no need to re-add them to read XML config files.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-16 17:16:27 +02:00
Dimitri Papadopoulos
e2afd99c96 seccomp: GnuTLS 3.7.3 requires open() unconditionally 
Required on some version of Suse with GnuTLS 3.7.3, reportedly to open
system priority and FIPS compliance configuration files:
	/etc/crypto-policies/back-ends/gnutls.config
	/proc/sys/crypto/fips_enabled

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-16 17:16:27 +02:00
Dimitri Papadopoulos Orfanos
a0d101f45f Merge branch '_GNU_SOURCE' into 'master' 
_GNU_SOURCE → AC_USE_SYSTEM_EXTENSIONS

See merge request openconnect/ocserv!345
 2023-06-15 11:32:20 +00:00
Dimitri Papadopoulos
73d94d7e5b _GNU_SOURCE → AC_USE_SYSTEM_EXTENSIONS 
Do not define _GNU_SOURCE directly in sources.
Make sure we include "config.h" instead.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-15 11:41:19 +02:00
Dimitri Papadopoulos Orfanos
661fc3b947 Merge branch 'for_if_switch_while_(' into 'master' 
for/if/switch/while( → for/if/switch/while (

See merge request openconnect/ocserv!343
 2023-06-15 09:22:21 +00:00
Dimitri Papadopoulos
99e67dcc16 switch( → switch ( 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-14 23:34:17 +02:00
Dimitri Papadopoulos
88c8672e7e for( → for ( 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-14 23:34:17 +02:00
Dimitri Papadopoulos
8bae1f6a59 while( → while ( 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-14 23:34:13 +02:00
Dimitri Papadopoulos
8d192c4e76 if( → if ( 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-14 23:32:35 +02:00
Nikos Mavrogiannopoulos
93e8b1628e Merge branch 'tmp-fedora38' into 'master' 
Add fedora38 and almalinux builds / get rid of gnulib

See merge request openconnect/ocserv!342
 2023-06-14 05:29:55 +00:00
Nikos Mavrogiannopoulos
e33ef13a21 base64-helper: do not use restrict keyword for portability 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-13 16:54:42 +02:00
Nikos Mavrogiannopoulos
1ca50d7337 Removed gnulib 
Supporting gnulib brought a whole class of problems due to its complexity.
Removing its support eliminates this class of problems and simplifies the
code significantly.

This sets the locale explicitly on server startup to eliminate the
need for custom string comparison functions.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-13 16:54:38 +02:00
Nikos Mavrogiannopoulos
0fac0efc14 .gitlab-ci.yml: added almalinux9 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-13 16:51:38 +02:00
Nikos Mavrogiannopoulos
f41a07c7c1 occtl: removed dead code 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-13 16:51:38 +02:00
Nikos Mavrogiannopoulos
39e6eb7d2c .gitlab-ci.yml: added almalinux8 build 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-13 16:51:38 +02:00
Nikos Mavrogiannopoulos
cb48bc8f7f .gitlab-ci.yml: use fedora38 image 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-13 16:51:38 +02:00
Dimitri Papadopoulos Orfanos
359a137d1b Merge branch 'asprintf' into 'master' 
Check the return value of asprintf()

Closes #515

See merge request openconnect/ocserv!347
 2023-06-13 12:11:14 +00:00
Nikos Mavrogiannopoulos
92da630c37 Merge branch 'ocserv/ocserv' into 'master' 
https://gitlab.com/ocserv/ocserv → openconnect/ocserv

See merge request openconnect/ocserv!346
 2023-06-13 11:36:45 +00:00
Nikos Mavrogiannopoulos
210da435f4 sec-mod: simplified load_keys() 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-13 11:49:30 +02:00
Dimitri Papadopoulos
e57b36e112 Check the return value of asprintf() 
The value of the pointer to the string printed to might be undefined.
In case of error, set to NULL, as we do with strdup() calls.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-12 20:41:42 +02:00
Dimitri Papadopoulos
d2fef9f08f https://gitlab.com/ocserv/ocserv → openconnect/ocserv 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-12 17:25:59 +02:00
Nikos Mavrogiannopoulos
59ba4a63be Merge branch 'dtls_pull' into 'master' 
Fix function defined but not used (in some cases)

See merge request openconnect/ocserv!344
 2023-06-12 12:24:10 +00:00
Dimitri Papadopoulos
abebe4553c Fix function defined but not used (in some cases) 
worker-vpn.c:170:9: warning: 'dtls_pull' defined but not used [-Wunused-function]
  170 | ssize_t dtls_pull(gnutls_transport_ptr_t ptr, void *data, size_t size)
      |         ^~~~~~~~~

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-12 13:53:34 +02:00
Nikos Mavrogiannopoulos
5c253125c8 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-11 13:07:38 +02:00
Dimitri Papadopoulos Orfanos
0bd957350a Merge branch 'ignore-querystring-of-post' into 'master' 
ignore querystring of post while dispatching

See merge request openconnect/ocserv!337
 2023-06-10 12:01:16 +00:00
johnson
eadebbbd71 ignore querystring while dispatching 
Signed-off-by: johnson <10619522-OnFIs@users.noreply.gitlab.com>
 2023-06-10 16:21:34 +08:00
Kirill Ovchinnikov
85fdf7d2e6 Camouflage functionality 
This adds a "camouflage" functionality (looking and acting like an ordinary web server),
to prevent OCserv installations from being automatically scanned or blocked with active probing techniques.

Signed-off-by: Kirill Ovchinnikov <kirill.ovchinn@gmail.com>
 2023-06-09 15:08:25 +02:00
Nikos Mavrogiannopoulos
1ecdf35494 NEWS: added entry for 1.1.8 [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-06 14:41:15 +02:00
Nikos Mavrogiannopoulos
a8d5d3616e corrected typo 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-06 14:34:37 +02:00
Nikos Mavrogiannopoulos
cf2eba93e8 Merge branch 'checkpatch.pl' into 'master' 
Pedantic suggestions by checkpatch.pl from Linux kernel

See merge request openconnect/ocserv!339
 2023-06-06 11:20:04 +00:00
Dimitri Papadopoulos
8404920637 Macros with multiple statements should be enclosed in a do - while loop 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-04 17:55:59 +02:00
Dimitri Papadopoulos
44840a4f72 Unnecessary typecast of c90 int constant 
- `(long)0` could be `0L`
- but then `0` is sufficient in a comparison

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-04 17:55:59 +02:00
Dimitri Papadopoulos
895b009c7d Statements should start on a tabstop 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-04 17:55:59 +02:00
Dimitri Papadopoulos
cea0fc2e3f return is not a function, parentheses are not required 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-04 17:55:59 +02:00
Dimitri Papadopoulos
b5380f2181 Macros starting with if should be enclosed by a do - while loop to avoid possible if/else logic defects 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-04 17:55:59 +02:00
Dimitri Papadopoulos
fa7f33d6f1 switch and case should be at the same indent 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-04 17:55:58 +02:00
Dimitri Papadopoulos
30fc4eb46d Prefer ARRAY_SIZE 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-04 17:55:50 +02:00
Dimitri Papadopoulos
d6d5680249 Bad function definition - int main() should be int main(void) 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-04 14:33:59 +02:00
Dimitri Papadopoulos
c221d901dc Avoid unnecessary line continuations 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-04 14:33:58 +02:00
Dimitri Papadopoulos
5e881697e7 void function return statements are not generally useful 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-04 14:33:58 +02:00
Dimitri Papadopoulos Orfanos
52e16650ec Merge branch 'http_parser' into 'master' 
Update bundled http-parser one last time

See merge request openconnect/ocserv!325
 2023-06-04 12:31:21 +00:00
Nikos Mavrogiannopoulos
e6ac970dbb Merge branch 'pcl' into 'master' 
Revert previous fix to PCL

See merge request openconnect/ocserv!326
 2023-06-04 09:06:19 +00:00
Nikos Mavrogiannopoulos
2a3066d97c Merge branch 'UNDER_TEST' into 'master' 
Fix compiler warnings

See merge request openconnect/ocserv!336
 2023-06-04 09:05:29 +00:00
Nikos Mavrogiannopoulos
3cd972df3d Merge branch 'liboauth-dev' into 'master' 
Add missing optional dependency: liboath

Closes #508

See merge request openconnect/ocserv!335
 2023-06-04 09:05:09 +00:00
Nikos Mavrogiannopoulos
719ccfcf27 Merge branch 'syslog' into 'master' 
Improve ocserv man page

Closes #512

See merge request openconnect/ocserv!334
 2023-06-04 09:04:52 +00:00
Dimitri Papadopoulos
a1294eadac Typos found by codespell 
Re-apply 81df79a9.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-03 10:02:07 +02:00