GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
341 Commits 19 Branches 88 Tags
3071bda08a8c211d18b303487d34c7a9adadffd2
Commit Graph

341 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Faidon Liambotis
3071bda08a Make seccomp failures non-fatal & lower log prio 
Building a binary with --enable-seccomp and then running it on a < 3.5
kernel, results in seccomp_load() failing and ocserv's worker process
aborting. This might be okay-ish for users who ./configure && make
install on their own systems but it's obviously non-ideal for e.g.
distributions that need to distribute binaries.

Unfortunately there doesn't seem to be a good way (that I could find) to
check if the running kernel has seccomp -- uname/uts isn't a good
solution as Ubuntu has backported it to 3.2, custom kernels might have
CONFIG_SECCOMP=n etc.

So, this makes a tradeoff call and removes the exit_worker() call on
seccomp failures, lowers the seccomp error logs to LOG_DEBUG from
LOG_WARNING and the "could not disable system calls" to LOG_INFO from
LOG_ERR.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2013-05-16 23:01:38 +02:00
Faidon Liambotis
3bfbe1a371 Workaround libseccomp bug & fix error handling 
libseccomp has a bug where -EDOM is returned when seccomp_rule_add is
called for pseudo system calls (i.e. < -99). This was triggered by
adding the send() system call on my x86_64 machine. The bug seems to
have been recently (May 7th, 2013) reported and fixed on libseccomp
upstream but it will take a while to find its way to a release and
distributions.

Additionally, there was a bug on how libseccomp calls were error
handled: libseccomp functions don't actually set errno, but set errno
values in their return value instead. This resulted in the
seccomp_rule_add call above to print "could not add send to seccomp
filter: Success".

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2013-05-16 23:00:06 +02:00
Nikos Mavrogiannopoulos
7bb5056d98 fixed length checks 2013-05-16 22:33:16 +02:00
Nikos Mavrogiannopoulos
ddae1e8339 check for children cleanup prior to checking for termination. 
That allows to quickly terminate after the secmod death is detected.
 2013-05-13 22:53:21 +02:00
Nikos Mavrogiannopoulos
30efc0433e updated example 2013-05-13 22:50:35 +02:00
Nikos Mavrogiannopoulos
200e0cfaaa use gnulib's ctype 2013-05-13 22:43:54 +02:00
Nikos Mavrogiannopoulos
538d909134 released ocserv_0_1_2 2013-05-07 23:48:07 +02:00
Nikos Mavrogiannopoulos
037db7a52c do not check for a working libregex if it is disabled 2013-05-07 19:32:03 +02:00
Nikos Mavrogiannopoulos
ebe956aec6 bumped version 2013-05-07 19:29:23 +03:00
Nikos Mavrogiannopoulos
c688a6fb43 check for setproctitle 2013-05-07 19:25:01 +03:00
Nikos Mavrogiannopoulos
e9b60cbe4d added missing files 2013-05-07 00:47:30 +03:00
Nikos Mavrogiannopoulos
bc30d9b20f design update 2013-05-06 12:11:44 +03:00
Nikos Mavrogiannopoulos
e0a7ad9fe6 Added X-CSTP-Default-Domain option. 2013-05-06 10:56:21 +03:00
Nikos Mavrogiannopoulos
67e83f89d7 Use sigaction() to have a consistent behavior across systems for signals. 2013-05-02 11:46:02 +03:00
Nikos Mavrogiannopoulos
a84664733a updated TODO 2013-04-30 00:02:16 +03:00
Nikos Mavrogiannopoulos
dd3571bc99 Updates for cisco's client. 2013-04-29 14:19:59 +03:00
Nikos Mavrogiannopoulos
6ee0af050c corrected bug in anyconnect compat 2013-04-29 02:27:29 +03:00
Nikos Mavrogiannopoulos
d38aaf4d2f doc update 2013-04-29 00:17:11 +03:00
Nikos Mavrogiannopoulos
58a4e81c94 verify the ICMP IDs prior to checking response. 2013-04-29 00:16:42 +03:00
Nikos Mavrogiannopoulos
947214a9a4 Added config file option ping-leases. 2013-04-29 00:12:37 +03:00
Nikos Mavrogiannopoulos
ce9fb618e5 corrected bug which prevented ocpasswd adding more than a single user. 2013-04-28 16:57:39 +03:00
Nikos Mavrogiannopoulos
bdc6ed3941 more files to ignore 2013-04-28 15:37:48 +03:00
Nikos Mavrogiannopoulos
cb35f8f6ac updated ocpasswd doc 2013-04-28 15:36:46 +03:00
Nikos Mavrogiannopoulos
09b34ee745 make ocpasswd manpage 2013-04-28 15:33:46 +03:00
Nikos Mavrogiannopoulos
38464bd822 Updated autogen generated files, and added more options to ocpasswd. 
ocpasswd now accepts the --lock and --unlock options and accepts the
username as the last argument.
 2013-04-28 15:30:53 +03:00
Nikos Mavrogiannopoulos
66d9e9404d updated libopts 2013-04-28 15:16:15 +03:00
Nikos Mavrogiannopoulos
fed7861b89 Prior to leasing an IPv4 ping it to check if it is already in use. 2013-04-28 13:53:22 +03:00
Nikos Mavrogiannopoulos
b0ff05dee9 read device name in FreeBSD 2013-04-12 17:29:16 +02:00
Nikos Mavrogiannopoulos
6c43eedf50 several updates to allow compilation on FreeBSD 2013-04-12 17:00:52 +02:00
Nikos Mavrogiannopoulos
8f5e98579a updated doc 2013-04-03 19:02:22 +02:00
Nikos Mavrogiannopoulos
78e46e59e5 updated ocserv_0_1_1 2013-04-03 18:46:28 +02:00
Nikos Mavrogiannopoulos
02895efaf7 Added license file 2013-03-25 20:02:15 +01:00
Nikos Mavrogiannopoulos
74d84d1b64 updated 2013-03-25 08:13:50 +01:00
Nikos Mavrogiannopoulos
376fea950f removed session ticket support 2013-03-24 18:53:30 +01:00
Nikos Mavrogiannopoulos
be87110e7c bumped version 2013-03-24 18:50:16 +01:00
Nikos Mavrogiannopoulos
a5ad896899 doc update 2013-03-24 18:45:27 +01:00
Nikos Mavrogiannopoulos
f275f8ac4c removed unused variable 2013-03-24 17:45:07 +01:00
Nikos Mavrogiannopoulos
b42857ffdd MTU discovery simplified 2013-03-24 16:25:32 +01:00
Nikos Mavrogiannopoulos
fc6e385abe MTU handling updates 2013-03-24 13:19:51 +01:00
Nikos Mavrogiannopoulos
123eae6510 clear any lists prior to running sec mod 2013-03-24 09:36:42 +01:00
Nikos Mavrogiannopoulos
2a8bd08288 Revert "run sec mod earlier to save memory" 
This reverts commit a8152e8c59.
 2013-03-24 09:31:46 +01:00
Nikos Mavrogiannopoulos
b433e20682 when debugging do not set memory limits 2013-03-24 09:11:02 +01:00
Nikos Mavrogiannopoulos
a8152e8c59 run sec mod earlier to save memory 2013-03-24 08:50:40 +01:00
Nikos Mavrogiannopoulos
c1db9b9711 deinitialize memory taken by configuration parser. 2013-03-24 08:46:16 +01:00
Nikos Mavrogiannopoulos
1baa8d8a6f disable dh-params by default 2013-03-24 08:42:43 +01:00
Nikos Mavrogiannopoulos
cbcb97cc79 doc update 2013-03-23 23:25:29 +01:00
Nikos Mavrogiannopoulos
42d532c3a3 doc update ocserv_0_1_0 2013-03-23 10:08:03 +01:00
Nikos Mavrogiannopoulos
6da505a0a1 added dh-params option into sample file 2013-03-23 09:48:06 +01:00
Nikos Mavrogiannopoulos
4f49779015 make clear that anyconnect compat layer is experimental 2013-03-23 09:45:10 +01:00
Nikos Mavrogiannopoulos
b994462ce1 depend on gnutls 3.1.10 2013-03-23 09:41:28 +01:00