GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,196 Commits 19 Branches 88 Tags
275ab571b3a52bd725836d22062eefa91e5bffaa
Commit Graph

3196 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
275ab571b3 Merge branch 'master' into 'master' 
Fix hmac hash problem for time_t and unit64_t, they may have different size in 32bit/64bit systems

See merge request openconnect/ocserv!156
 2020-04-01 11:31:01 +00:00
sunnyqeen
899a1323a9 Fix hmac hash problem for time_t and unit64_t, they may have different size in 32bit/64bit systems 2020-03-31 09:58:09 +00:00
Nikos Mavrogiannopoulos
ced7ba9fd3 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-03-27 08:24:15 +01:00
Stefan Bühler
0e6a791a40 occtl show status: produce machine-readable output for json 
This adds additional variables to include machine-readable output
in json form.

Resolves: #271

Signed-off-by: Stefan Bühler <stbuehler@web.de>
 2020-03-27 08:20:34 +01:00
Nikos Mavrogiannopoulos
07948320ad Merge branch 'fix_compilation_warnings_in_pcl' into 'master' 
Fixed minor compilation warnings

See merge request openconnect/ocserv!153
 2020-03-25 09:24:39 +00:00
Pierre Souchay
f19c3f7d23 Fixed minor compilation warnings 
Warnings outputed by gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0

* pcl/pcl.c:385:17: warning: unused variable ‘r’ [-Wunused-variable]

* Use pre-compilation directive to avoid defining unused function when not needed:

  * pcl/pcl.c:62:12: warning: ‘co_ctx_stackdir’ defined but not used [-Wunused-function]
    static int co_ctx_stackdir(void)

  * pcl/pcl.c:54:12: warning: ‘co_ctx_sdir’ defined but not used [-Wunused-function]
    static int co_ctx_sdir(unsigned long psp)

Signed-off-by: Pierre Souchay <pierre@souchay.net>
 2020-03-23 18:20:08 +01:00
Nikos Mavrogiannopoulos
c142868909 Merge branch 'fix-ban-log' into 'master' 
ban log: only log once when adding, not when increasing score when already banned

See merge request openconnect/ocserv!152
 2020-03-23 07:16:44 +00:00
Stefan Bühler
23430d1118 ban log: only log once when adding, not when increasing score when already banned 
Signed-off-by: Stefan Bühler <stbuehler@web.de>
 2020-03-22 16:01:03 +01:00
Nikos Mavrogiannopoulos
3382277e97 released 1.0.0 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
1.0.0 		2020-03-20 13:58:25 +01:00
Nikos Mavrogiannopoulos
8ff144992c Merge branch 'tmp-fix-nas-port' into 'master' 
radius: do not include NAS-Port via rc_aaa()

Closes #269

See merge request openconnect/ocserv!150
 2020-03-20 12:40:08 +00:00
Nikos Mavrogiannopoulos
cf0bca2cae radius: do not include NAS-Port via rc_aaa() 
We were previously asking rc_aaa() to include NAS-Port pair to
the request which has undesirable results.

Resolves: #269

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-03-19 22:20:40 +01:00
Nikos Mavrogiannopoulos
e97022e01d Merge branch 'tmp-detect-ios' into 'master' 
Provide a special IPv6 route for iOS

Closes #254

See merge request openconnect/ocserv!146
 2020-03-16 22:33:42 +00:00
Nikos Mavrogiannopoulos
88059e43ac .gitlab-ci.yml: no longer test on Centos6 
This is a very old platform with old openconnect available in EPEL.
We do not need to keep compatibility with it.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-03-16 22:56:18 +01:00
Nikos Mavrogiannopoulos
3544e3ee2b tests: verify environment under Apple clients 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-03-16 22:21:37 +01:00
Nikos Mavrogiannopoulos
3475e2b0fc Provide a special IPv6 route for iOS 
When IPv6 is requested by iphone we provide a special route that is
necessary by these clients to use IPv6.

Resolves: #254

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-03-15 13:23:37 +01:00
Nikos Mavrogiannopoulos
65a7fcab67 tests: remove option pointing to non-existant script 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-03-15 13:23:35 +01:00
Nikos Mavrogiannopoulos
881953c293 Merge branch 'tmp-test-psk-negotiate' into 'master' 
Fix PSK-NEGOTIATE ciphers

Closes #262

See merge request openconnect/ocserv!147
 2020-03-12 19:40:32 +00:00
Nikos Mavrogiannopoulos
af11e05ff7 Merge branch 'tmp-werror' into 'master' 
Introduce a -Werror build

See merge request openconnect/ocserv!148
 2020-03-12 19:26:18 +00:00
Nikos Mavrogiannopoulos
c4759fd334 .gitlab-ci.yml: introduce run with -Werror 
This allows catching warnings that could have slipped in.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos
f14385e1b4 worker-proxyproto: corrected type of data_size to avoid warnings in comparisons 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos
fb07fcca87 vpn.h: made sign of max_ban_score more appropriate 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos
bcc07c935e tests: improved ipv6-prefix 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos
449e608f86 str_replace_str: ensure types match for comparison 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos
bf8616cbca tests: generate_oidc_test_data: fixed used of strncat 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos
370cc7cdf7 disable_system_calls: ensure gettimeofday is not a macro 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos
6b84d7e681 eliminate warnings when used for unit testing tests 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos
13b92d3b11 Fix crypt.h detection 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos
5e817d3d60 tests: added test to test match-tls-dtls-ciphers config option 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-12 17:01:01 +01:00
Nikos Mavrogiannopoulos
b0c885ca63 ocserv: fix PSK negotiation 
This fixes a regression which prevented DTLS-PSK (or PSK-NEGOTIATE)
from being negotiated.

Resolves: #262

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-12 16:14:22 +01:00
Nikos Mavrogiannopoulos
5097604d4d tests: added test for PSK-NEGOTIATE ciphers 
Relates: #262

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-12 13:23:06 +01:00
Alan Jowett
780fbb89a0 Script needs access to additional client metadata. 
Export more information to the script, including client device platform,
type and user agent.

Resolves: #256

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-03-11 09:13:55 +01:00
Nikos Mavrogiannopoulos
9a41a27b18 NEWS: documented bearer token support 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-03-09 21:51:06 +01:00
Alan Jowett
b43e782b12 Add support for RFC6750 bearer tokens to ocserv 
This permits the validation of OpenID Connect auth tokens OpenID
Connect is an OAuth 2.0 protocol used to identify a resource owner
(VPN client end-user) to a resource server (VPN server) intermediated
by an Authorization server.

Resolves: #240

Signed-off-by: Alan TG Jowett <alan.jowett@microsoft.com>
 2020-03-09 21:48:04 +01:00
Nikos Mavrogiannopoulos
a6c2d36952 Merge branch 'coverity_scan_defects' into 'master' 
Fix issues flag by Coverity:

See merge request openconnect/ocserv!144
 2020-03-05 19:26:32 +00:00
Alan Jowett
6d3b295b12 Fix issues flag by Coverity: 
288530 Dereference after null check
288529 Array compared against 0

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-03-04 09:49:24 -07:00
Nikos Mavrogiannopoulos
31719b2cec main: no need to check nullity on an array 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-04 12:14:54 +01:00
Nikos Mavrogiannopoulos
e70573d9fc new_client_entry: prevent null pointer dereference 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-04 12:14:29 +01:00
Nikos Mavrogiannopoulos
85912c705e Fixed incorrect pointer arithmetic on configuration error 
This addresses a crash on incorrect configuration.
Reported by Zero King <l2dy@icloud.com>

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-29 19:43:57 +01:00
Nikos Mavrogiannopoulos
4aeb5ea52e NEWS: doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-28 22:50:29 +01:00
Nikos Mavrogiannopoulos
31104c4de9 Merge branch 'issue251' into 'master' 
ocserv-worker that fails to complete it's authentication should be killed

Closes #251

See merge request openconnect/ocserv!141
 2020-02-28 21:41:39 +00:00
Nikos Mavrogiannopoulos
3449eefdc3 Merge branch 'issue252' into 'master' 
Use an HMAC to verify the local and remote IP presented during SEC_AUTH_INIT phase.

Closes #252

See merge request openconnect/ocserv!139
 2020-02-28 20:16:47 +00:00
Alan Jowett
c9662282a1 Prevent tampering of our_ip, ip, session_start_time in SEC_AUTH_INIT from ocserv-worker to ocserv->sm and reject replay of auth_init_messages from old sessions. 
Resolves: #252

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-02-28 11:20:30 -07:00
Nikos Mavrogiannopoulos
e0e3cc9c97 Merge branch 'issue245' into 'master' 
CMD_BAN_IP should not use the IP address provided by worker process as it is not verified.

Closes #245

See merge request openconnect/ocserv!140
 2020-02-27 20:15:04 +00:00
Alan Jowett
6518965129 CMD_BAN_IP should not use the IP address provided by worker process as it is not verified. 
Resolves: #245

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-02-27 12:18:09 -07:00
Alan Jowett
bfa442379d ocserv-worker that fails to complete it's authentication should be killed 
Resolves: #251

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-02-27 12:17:45 -07:00
Nikos Mavrogiannopoulos
6558653c4b .gitlab-ci.yml: include the right build in schedules [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-02-26 12:48:10 +01:00
Nikos Mavrogiannopoulos
85108c7598 .gitlab-ci.yml: corrected 'only' use in coverity build 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-02-26 12:43:34 +01:00
Nikos Mavrogiannopoulos
12c69171a8 steal_ip_leases: reorg to avoid null pointer dereference 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-02-25 08:25:24 +01:00
Nikos Mavrogiannopoulos
de3d3cb786 Merge branch 'tmp-fix231' into 'master' 
Ensure scripts have all the information on all disconnection types

Closes #231

See merge request openconnect/ocserv!137
 2020-02-24 21:32:59 +00:00
Nikos Mavrogiannopoulos
cc651b9de5 Ensure scripts have all the information on all disconnection types 
When a client re-uses a cookie and takes over a previous connection
previously the disconnect script of the old connection wouldn't receive
the IP information. Ensure that all information is provided to scripts
at this case.

Resolves: #231

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-23 13:44:19 +01:00