GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,378 Commits 19 Branches 88 Tags
3b0342c6784d9eeb4a04c35df14831d4906fac69
Commit Graph

2378 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
3b0342c678 doc update 2015-12-08 14:35:30 +01:00
Nikos Mavrogiannopoulos
4f4fa817b6 doc update 2015-12-08 14:28:16 +01:00
Nikos Mavrogiannopoulos
01706859e0 occtl: print the restricted ports for the client 2015-12-08 14:14:27 +01:00
Nikos Mavrogiannopoulos
cc4848fa6a protocol buffers generated sources for ctl were moved to libipc 2015-12-08 13:53:06 +01:00
Nikos Mavrogiannopoulos
e1fc1f3c45 TLS session resumption database was moved to sec-mod 
This reduces the number of sensitive data available to main process.
Resolves #21
 2015-12-07 19:52:30 +01:00
Nikos Mavrogiannopoulos
d378ce0709 doc update 2015-12-07 19:12:31 +01:00
Nikos Mavrogiannopoulos
9979b8cde0 tests: kill politely openconnect in all docker tests 2015-12-07 14:40:36 +01:00
Nikos Mavrogiannopoulos
4fad865864 tests: proxyproto-test: kill openconnect more politely and give it few seconds before checking output 2015-12-07 14:35:30 +01:00
Nikos Mavrogiannopoulos
c9e3911eaf tests: use consistent name for PID file 2015-12-07 14:20:35 +01:00
Nikos Mavrogiannopoulos
4539bd2ef5 ocserv-fw: removed unneeded variable 2015-12-07 14:20:00 +01:00
Nikos Mavrogiannopoulos
420b003a23 tests: corrected routes in ocserv-fw-neg and ocserv-reload tests 
Also simplified the ocserv-fw-neg test by not checking whether the
follow up script was run. This is part of the -fw test.
 2015-12-07 14:19:07 +01:00
Nikos Mavrogiannopoulos
3dcf18d7b4 occtl: added command 'show iroutes' 
This command will list all iroutes currently available.
Resolves #20
 2015-12-07 13:32:44 +01:00
Nikos Mavrogiannopoulos
75ad8a4359 ocserv-fw: added license 2015-12-07 13:10:45 +01:00
Nikos Mavrogiannopoulos
4df69f49b9 tests: added check for restrict-user-to-ports negation options 2015-12-07 11:34:41 +01:00
Nikos Mavrogiannopoulos
14d19b3e9a Enhanced configuration option 'restrict-user-to-ports' 
This enhancement allows to negate the rules and allow the user connecting
to all ports except the specified.
 2015-12-07 11:15:56 +01:00
Nikos Mavrogiannopoulos
8019490511 tests: added check for proper operation after SIGHUP 
This test checks whether we can retrieve user information
even after a SIGHUP (the time where the old config is invalidated).
 2015-12-07 10:38:16 +01:00
Nikos Mavrogiannopoulos
7db767599a Added /VPN to the list of known URLs for auth 
This URL is used by certain versions of the anyconnect client.
Reported by sskaje.
 2015-12-06 10:07:41 +01:00
Nikos Mavrogiannopoulos
4e71afbf6f occtl: use dash for no-dtls message to make it more consistent with other output 2015-12-06 02:10:26 +01:00
Nikos Mavrogiannopoulos
2588e617c0 configure: don't issue warnings that make compilation with libev impossible 2015-12-05 11:23:16 +01:00
Nikos Mavrogiannopoulos
c053474be9 doc update 2015-12-05 11:23:11 +01:00
Nikos Mavrogiannopoulos
fe28fd15cd Added occtl command 'show events', as well as the corresponding command in main 
This allows the main process to handle a single listener which will
get all information about new and disconnecting users.
 2015-12-05 11:23:06 +01:00
Nikos Mavrogiannopoulos
12bc8955bd main: allow multiple clients in control channel (occtl) 2015-12-05 11:23:01 +01:00
Nikos Mavrogiannopoulos
0e604b8a9f Master process was converted to use libev 2015-12-05 11:18:09 +01:00
Nikos Mavrogiannopoulos
9252e22298 Added reference counting to configuration values. 
That is, to allow referencing to these values from proc_st
without fearing of them being invalidated on a config reload. We
perform a cleanup of these values on the server periodic check.
 2015-12-05 11:08:51 +01:00
Nikos Mavrogiannopoulos
2e68ba1158 config-ports: added error checking on talloc 2015-12-03 14:48:33 +01:00
Nikos Mavrogiannopoulos
a580303e95 README.md: added liboath dependency 2015-12-02 13:59:58 +01:00
Nikos Mavrogiannopoulos
d910c8952b doc: list 'route=default' as an example 2015-12-02 10:41:16 +01:00
Nikos Mavrogiannopoulos
446baaf95a tests: use a common macro to obtain docker image IP address 2015-12-02 10:41:13 +01:00
Nikos Mavrogiannopoulos
34ac6bce56 tests: check restrict-user-to-ports in firewall-test 2015-12-02 10:41:10 +01:00
Nikos Mavrogiannopoulos
2bb25347d0 tests: Added check for port parser 2015-12-02 10:41:00 +01:00
Nikos Mavrogiannopoulos
eabfbe8473 Added configuration option 'restrict-user-to-ports' 
This option is intended to allow restricting users to accessing
specific ports once they enter the VPN. The rules set using this
option will be enforced by the ocserv-fw script.
 2015-12-02 10:38:12 +01:00
Nikos Mavrogiannopoulos
0a38b70cc3 removed unused structure 2015-12-01 13:51:30 +01:00
Nikos Mavrogiannopoulos
8990ee7448 eliminated double null check 2015-12-01 11:46:30 +01:00
Nikos Mavrogiannopoulos
a0ca61c9a8 README.md: added gssntlmssp as a dependency 2015-12-01 11:17:43 +01:00
Nikos Mavrogiannopoulos
53376c96a2 doc: document the behavior of restrict-user-to-routes in case of defaultroute 2015-11-29 20:24:32 +01:00
Nikos Mavrogiannopoulos
b11567dd64 include ocserv-fw 2015-11-28 23:11:14 +01:00
Nikos Mavrogiannopoulos
e215c77112 tests: check for %{RI} validity in test-iroute 2015-11-28 22:13:47 +01:00
Nikos Mavrogiannopoulos
d9fc3b465a tests: check for sever exit in test-cert 2015-11-28 20:25:28 +01:00
Nikos Mavrogiannopoulos
0ba6330d37 libopts: updated to 5.18.6 2015-11-28 20:04:04 +01:00
Nikos Mavrogiannopoulos
3e5a78d500 .gitignore: ignore more auto-generated files 2015-11-28 19:42:53 +01:00
Nikos Mavrogiannopoulos
c40b0aed13 tests: check whether append-routes directive works 2015-11-28 19:41:39 +01:00
Nikos Mavrogiannopoulos
2d823aa200 Added config option 'append-routes' 
If set to true it will restore the old configuration semantics
of appending the global routes to per user/group config.
 2015-11-28 19:28:24 +01:00
Nikos Mavrogiannopoulos
6ac03c0c80 tests: removed ipv6 functionality check from kerberos test 2015-11-27 09:42:35 +01:00
Nikos Mavrogiannopoulos
be77cdf671 tests: test-cookie-invalidation add a time wait after client termination 
That ensures that the client is already terminated when the final check
starts.
 2015-11-27 09:36:41 +01:00
Nikos Mavrogiannopoulos
dad2181261 doc update 2015-11-26 18:29:31 +01:00
Nikos Mavrogiannopoulos
e41d6b6e75 tests: updated radius config files for f23 2015-11-26 18:29:27 +01:00
Nikos Mavrogiannopoulos
2484d81aad Allow matching passwords of format <xxx_password> in client's login message 2015-11-26 18:29:22 +01:00
Nikos Mavrogiannopoulos
cefd77b633 Simplified per-user/group configuration handling 
We now use a common structure in SESSION_REPLY and AUTH_REP
messages. That structure is generated by sec-mod and forwarded
by main to worker, thus eliminating the need to create passing
code for each new user-config variable being added.
 2015-11-26 18:29:14 +01:00
Nikos Mavrogiannopoulos
f86fb99b50 doc update 2015-11-24 00:29:31 +01:00
Nikos Mavrogiannopoulos
fa6c7ac0e6 ocserv-fw: when called with --removeall exit immediately after action 2015-11-23 18:12:09 +01:00