GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
348 Commits 19 Branches 88 Tags
3be923c77842570d811990e726c591b11133883e
Commit Graph

263 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
f0afab6782 corrected cipher names 2013-05-17 22:01:53 +02:00
Nikos Mavrogiannopoulos
e8458828ee Allow for a ciphersuite negotiation 2013-05-17 21:15:24 +02:00
Nikos Mavrogiannopoulos
766d3bec7e small fixes 2013-05-17 20:21:08 +02:00
Nikos Mavrogiannopoulos
e679fd643f reorganized HTTP header reading. 2013-05-17 20:07:58 +02:00
Faidon Liambotis
3071bda08a Make seccomp failures non-fatal & lower log prio 
Building a binary with --enable-seccomp and then running it on a < 3.5
kernel, results in seccomp_load() failing and ocserv's worker process
aborting. This might be okay-ish for users who ./configure && make
install on their own systems but it's obviously non-ideal for e.g.
distributions that need to distribute binaries.

Unfortunately there doesn't seem to be a good way (that I could find) to
check if the running kernel has seccomp -- uname/uts isn't a good
solution as Ubuntu has backported it to 3.2, custom kernels might have
CONFIG_SECCOMP=n etc.

So, this makes a tradeoff call and removes the exit_worker() call on
seccomp failures, lowers the seccomp error logs to LOG_DEBUG from
LOG_WARNING and the "could not disable system calls" to LOG_INFO from
LOG_ERR.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2013-05-16 23:01:38 +02:00
Faidon Liambotis
3bfbe1a371 Workaround libseccomp bug & fix error handling 
libseccomp has a bug where -EDOM is returned when seccomp_rule_add is
called for pseudo system calls (i.e. < -99). This was triggered by
adding the send() system call on my x86_64 machine. The bug seems to
have been recently (May 7th, 2013) reported and fixed on libseccomp
upstream but it will take a while to find its way to a release and
distributions.

Additionally, there was a bug on how libseccomp calls were error
handled: libseccomp functions don't actually set errno, but set errno
values in their return value instead. This resulted in the
seccomp_rule_add call above to print "could not add send to seccomp
filter: Success".

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2013-05-16 23:00:06 +02:00
Nikos Mavrogiannopoulos
7bb5056d98 fixed length checks 2013-05-16 22:33:16 +02:00
Nikos Mavrogiannopoulos
ddae1e8339 check for children cleanup prior to checking for termination. 
That allows to quickly terminate after the secmod death is detected.
 2013-05-13 22:53:21 +02:00
Nikos Mavrogiannopoulos
200e0cfaaa use gnulib's ctype 2013-05-13 22:43:54 +02:00
Nikos Mavrogiannopoulos
e0a7ad9fe6 Added X-CSTP-Default-Domain option. 2013-05-06 10:56:21 +03:00
Nikos Mavrogiannopoulos
67e83f89d7 Use sigaction() to have a consistent behavior across systems for signals. 2013-05-02 11:46:02 +03:00
Nikos Mavrogiannopoulos
dd3571bc99 Updates for cisco's client. 2013-04-29 14:19:59 +03:00
Nikos Mavrogiannopoulos
6ee0af050c corrected bug in anyconnect compat 2013-04-29 02:27:29 +03:00
Nikos Mavrogiannopoulos
58a4e81c94 verify the ICMP IDs prior to checking response. 2013-04-29 00:16:42 +03:00
Nikos Mavrogiannopoulos
947214a9a4 Added config file option ping-leases. 2013-04-29 00:12:37 +03:00
Nikos Mavrogiannopoulos
ce9fb618e5 corrected bug which prevented ocpasswd adding more than a single user. 2013-04-28 16:57:39 +03:00
Nikos Mavrogiannopoulos
cb35f8f6ac updated ocpasswd doc 2013-04-28 15:36:46 +03:00
Nikos Mavrogiannopoulos
38464bd822 Updated autogen generated files, and added more options to ocpasswd. 
ocpasswd now accepts the --lock and --unlock options and accepts the
username as the last argument.
 2013-04-28 15:30:53 +03:00
Nikos Mavrogiannopoulos
fed7861b89 Prior to leasing an IPv4 ping it to check if it is already in use. 2013-04-28 13:53:22 +03:00
Nikos Mavrogiannopoulos
b0ff05dee9 read device name in FreeBSD 2013-04-12 17:29:16 +02:00
Nikos Mavrogiannopoulos
6c43eedf50 several updates to allow compilation on FreeBSD 2013-04-12 17:00:52 +02:00
Nikos Mavrogiannopoulos
8f5e98579a updated doc 2013-04-03 19:02:22 +02:00
Nikos Mavrogiannopoulos
376fea950f removed session ticket support 2013-03-24 18:53:30 +01:00
Nikos Mavrogiannopoulos
f275f8ac4c removed unused variable 2013-03-24 17:45:07 +01:00
Nikos Mavrogiannopoulos
b42857ffdd MTU discovery simplified 2013-03-24 16:25:32 +01:00
Nikos Mavrogiannopoulos
fc6e385abe MTU handling updates 2013-03-24 13:19:51 +01:00
Nikos Mavrogiannopoulos
123eae6510 clear any lists prior to running sec mod 2013-03-24 09:36:42 +01:00
Nikos Mavrogiannopoulos
2a8bd08288 Revert "run sec mod earlier to save memory" 
This reverts commit a8152e8c59.
 2013-03-24 09:31:46 +01:00
Nikos Mavrogiannopoulos
b433e20682 when debugging do not set memory limits 2013-03-24 09:11:02 +01:00
Nikos Mavrogiannopoulos
a8152e8c59 run sec mod earlier to save memory 2013-03-24 08:50:40 +01:00
Nikos Mavrogiannopoulos
c1db9b9711 deinitialize memory taken by configuration parser. 2013-03-24 08:46:16 +01:00
Nikos Mavrogiannopoulos
cbcb97cc79 doc update 2013-03-23 23:25:29 +01:00
Nikos Mavrogiannopoulos
42d532c3a3 doc update 2013-03-23 10:08:03 +01:00
Nikos Mavrogiannopoulos
b994462ce1 depend on gnutls 3.1.10 2013-03-23 09:41:28 +01:00
Nikos Mavrogiannopoulos
6632f53f58 updated doc 2013-03-22 08:56:55 +01:00
Nikos Mavrogiannopoulos
55c62d25b9 use quotes when printing password file 2013-03-17 09:56:07 +01:00
Nikos Mavrogiannopoulos
c6f3f5b428 cookies are overwritten prior to fork 2013-03-17 09:54:13 +01:00
Nikos Mavrogiannopoulos
0b87653241 updated 2013-03-16 23:41:52 +01:00
Nikos Mavrogiannopoulos
dd3f304091 readjusted log levels 2013-03-16 23:28:51 +01:00
Nikos Mavrogiannopoulos
530dbc71f1 reduce MTU on mtu failure in a less steep way 2013-03-16 23:25:19 +01:00
Nikos Mavrogiannopoulos
a29e6847c9 changed level of messages 2013-03-16 23:24:15 +01:00
Nikos Mavrogiannopoulos
9f18e7db9a consider chroot environment when creating socket file. 2013-03-16 23:02:50 +01:00
Nikos Mavrogiannopoulos
c69c86cfdd simplified umask 2013-03-16 22:54:05 +01:00
Nikos Mavrogiannopoulos
82df00f0b0 updates in unix socket creation 2013-03-16 21:27:58 +01:00
Nikos Mavrogiannopoulos
f941e6af69 added missing file 2013-03-16 19:38:12 +01:00
Nikos Mavrogiannopoulos
0dba2cbcff use pkcs11_reinit() only when defined. 2013-03-16 19:38:05 +01:00
Nikos Mavrogiannopoulos
37f0303424 adjust buffer size if needed. 2013-03-16 19:31:18 +01:00
Nikos Mavrogiannopoulos
70b7f3d6d9 consider TCP MSS in MTU calculations. 2013-03-16 19:26:10 +01:00
Nikos Mavrogiannopoulos
be6033e7b4 set certain limits on the worker process using setrlimit() 2013-03-15 20:01:56 +01:00
Nikos Mavrogiannopoulos
6746b1851f Added copyright headers 2013-03-15 19:46:20 +01:00