GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,907 Commits 19 Branches 88 Tags
30d4b4e677a0a442d787f05e61c65407a3fd8fd5
Commit Graph

2907 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
bb40586630 forward_udp_to_owner: reduce the error log severity on bind error 
There are case cases where binding on the received address is not
possible. As this is not a critical error, reduce its logging level
to info.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-01-05 15:23:24 +01:00
Nikos Mavrogiannopoulos
ac065d871b ocserv: pass cookie expiration time to occtl 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-01-05 15:21:51 +01:00
Nikos Mavrogiannopoulos
241aa06c3a occtl: ensure initialization of printed expiration and creation time 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-01-05 15:17:05 +01:00
Nikos Mavrogiannopoulos
8e3d89eca5 doc update [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-12-26 23:25:34 +01:00
Nikos Mavrogiannopoulos
f6f2351fef vpn.h: increased AUTH_SLACK_TIME to 15 secs and documented its use 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-12-17 17:44:40 +01:00
Nikos Mavrogiannopoulos
bdb5ae4516 sample.config: added session-timeout parameter 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-12-11 08:26:48 +01:00
Nikos Mavrogiannopoulos
97fb12de51 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-12-11 08:26:48 +01:00
Nikos Mavrogiannopoulos
705b65d168 tests: updated to account for changes in cookie invalidation 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-12-11 08:26:48 +01:00
Nikos Mavrogiannopoulos
6cb4b37153 occtl: print cookie expiration time 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-12-11 08:26:48 +01:00
Nikos Mavrogiannopoulos
20fbbdbcd0 occtl: replaced last_modified time with created 
ocserv no longer sends the last modified time, but rather the
cookie creation time.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-12-11 08:26:48 +01:00
Nikos Mavrogiannopoulos
8253cc2920 sec-mod: separated expiration from creation time fields 
That allows to set explicit expiration of the cookie, and
ensure that we can close a session in a way that we provide
a limited time window for it to re-open. That handles anyconnect
client compatibility; this client terminates and reconnects
using the original cookie, multiple times.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-12-11 08:26:43 +01:00
Nikos Mavrogiannopoulos
c4a8b21aad base64-helper: use casts to avoid warnings with various nettle3 versions 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-12-10 15:06:40 +01:00
Nikos Mavrogiannopoulos
414e5d4c58 lz4: use LZ4_compress_default instead of the deprecated limitedOutput 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-12-10 15:05:28 +01:00
Nikos Mavrogiannopoulos
7bc61b1d56 Avoid gcc warnings due to snprintf truncation 
Detect such truncation and act accordingly.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-12-10 15:01:20 +01:00
Nikos Mavrogiannopoulos
0616435ec9 tlslib: eliminate warnings due to unused functions 
These warnings were related to gnutls 3.6.x support.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-12-10 14:41:54 +01:00
Nikos Mavrogiannopoulos
289a250864 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-11-30 15:53:59 +01:00
Nikos Mavrogiannopoulos
d5a4c2914c dtls: do increase handshake timeout and decrease retransmission time 
That in effect enables the default timeouts described in
gnutls_dtls_set_timeouts which are 60 seconds, and sets
retransmissions to occur in half a second.

Relates #122

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-11-30 15:53:56 +01:00
Nikos Mavrogiannopoulos
55cd8f4247 cmd_request_to_str: print the name of list cookies msg and its reply 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-11-22 07:52:19 +01:00
Nikos Mavrogiannopoulos
2134f139a2 .gitlab-ci.yml: added fedora rawhide build 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-11-19 16:42:58 +01:00
Nikos Mavrogiannopoulos
b73c50ab2d doc update [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-10-21 19:59:26 +02:00
Nikos Mavrogiannopoulos
803110634f updated auto-generated files 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
ocserv_0_11_9 		2017-10-09 21:48:16 +02:00
Nikos Mavrogiannopoulos
3d1598cfeb released 0.11.9 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-10-09 21:47:50 +02:00
Nikos Mavrogiannopoulos
7937fe2533 bumped version 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-10-09 21:45:43 +02:00
Nikos Mavrogiannopoulos
edfff8d2b2 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-10-09 21:45:19 +02:00
Frank Huang
f10c5bc73e Update ocpasswd-test 
Signed-off-by: Frank Huang <chuang213@gmail.com>
 2017-10-09 21:42:30 +02:00
Frank Huang
fd8d87e8e6 ocpasswd: the lock command -l will add multiple lock mark to the password file 
The changes will check if it is already locked before apply the locking.
This would be consistent with passwd like facilities.

Signed-off-by: Frank Huang <chuang213@gmail.com>
 2017-10-09 21:41:41 +02:00
Nikos Mavrogiannopoulos
a779b18a81 tests: test-pass-script: only run when openconnect supports --local-hostname 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-09 11:49:57 +02:00
Nikos Mavrogiannopoulos
ba1338d8af README: updated to reflect the fact that more tests run under CI 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-09 11:37:23 +02:00
Nikos Mavrogiannopoulos
6bf1341c21 .gitlab-ci.yml: root tests are run on CI systems 
Because these tests can only be run in-tree, the CI builds
were switched to be in-tree, except for FreeBSD build which
now runs out-of-tree.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-09 11:35:14 +02:00
Nikos Mavrogiannopoulos
b5d77da7f4 Separate root from docker tests 
This allows running the root tests under CI, even if the
docker tests (which cannot be run) are not.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-09 11:27:35 +02:00
Nikos Mavrogiannopoulos
9ded09293e clarify coverage report [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-09 11:26:28 +02:00
Nikos Mavrogiannopoulos
3b01e2addc .gitlab-ci.yml: use fedora26 for address sanitizer 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-09 10:56:29 +02:00
Nikos Mavrogiannopoulos
d710b58621 .gitlab-ci.yml: centos7: skip tests with gssntlmssp 
They do not seem to run reliably.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-09 10:55:19 +02:00
Nikos Mavrogiannopoulos
7fcb1d835d configure.ac: also check /lib/security for PAMDIR 
This is the path used in Debian.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-09-09 10:51:47 +02:00
Nikos Mavrogiannopoulos
8eafacf2a9 tests: test-gssapi is now run as non-root 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-09-09 10:51:42 +02:00
Nikos Mavrogiannopoulos
834326fe70 tests: provide more verbose output on test-pam 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-09-08 11:29:31 +02:00
Nikos Mavrogiannopoulos
e1f4d1229c .gitlab-ci.yml: use fedora26 builds 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-09-08 10:36:28 +02:00
Nikos Mavrogiannopoulos
d5d1c2f780 .gitlab-ci.yml: added static analyzers 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-08 10:33:51 +02:00
Nikos Mavrogiannopoulos
a10376d750 occtl: disable code during static analysis that causes trouble to clang 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-07 21:57:31 +02:00
Nikos Mavrogiannopoulos
83770bb45d config: avoid compiler warning 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-07 21:57:31 +02:00
Nikos Mavrogiannopoulos
6b6b86c14c sec-mod: avoid null pointer dereference 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-07 21:57:31 +02:00
Nikos Mavrogiannopoulos
ba37feed5b occtl: avoid null pointer dereference 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-07 21:57:31 +02:00
Nikos Mavrogiannopoulos
ce297aed4b occtl: removed unused variables 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-07 21:57:31 +02:00
Nikos Mavrogiannopoulos
67991e6960 removed dead assignments 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-07 21:57:31 +02:00
Nikos Mavrogiannopoulos
4104160950 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-08-23 12:00:15 +02:00
Nikos Mavrogiannopoulos
077e16e36d tests: check server functionality with Ed25519/RSA-PSS certs 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-08-23 12:00:15 +02:00
Nikos Mavrogiannopoulos
af2a64df2f ocserv: handle RSA-PSS and ed25519 key types when compiled with gnutls 3.6.0 
That is, enhance the security module to accept and understand
more elaborate signing commands.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-08-23 12:00:15 +02:00
Nikos Mavrogiannopoulos
aaf2c0265f doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-08-23 11:59:53 +02:00
Nikos Mavrogiannopoulos
4527e5f864 is_ipv4_ok: corrected access to mask 
This prevents the acceptance of an invalid IPv4 address
as valid.

Resolves #112

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-08-23 11:58:44 +02:00
Nikos Mavrogiannopoulos
5d74492a59 tests: verify correct operation with locked account 
That checks whether connecting to a locked account will have
unexpected effects (e.g., login allowed).

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-08-23 09:26:58 +02:00