GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,604 Commits 19 Branches 88 Tags
3d4fb9b3e6605ea3926e05b9f8dc342a3b39138c
Commit Graph

2604 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
3d4fb9b3e6 tests: added unit test for valid_hostname() function 2016-06-18 14:27:40 +02:00
Nikos Mavrogiannopoulos
f7e057a6dd tests: check whether the hostname is overriden by per-user conf 2016-06-18 14:21:46 +02:00
Nikos Mavrogiannopoulos
1f809f5e64 ocserv: check the hostname value received by the client for validity 2016-06-18 14:21:41 +02:00
Nikos Mavrogiannopoulos
ed31709e75 ocserv: notify back the client about the hostname accepted (if any) 
That is, the server will populate X-CSTP-Hostname and send it
back the the client.
 2016-06-18 14:05:29 +02:00
Nikos Mavrogiannopoulos
4124b9c089 doc update 2016-06-18 11:17:02 +02:00
Nikos Mavrogiannopoulos
0c093ad8f3 ocserv: allow overriding hostname on the per-user configuration 
This allows for the administrator to set specific hostnames, or even
empty hostname for specific users.
 2016-06-18 11:08:53 +02:00
Nikos Mavrogiannopoulos
a81652a411 doc update 2016-06-18 10:47:08 +02:00
Nikos Mavrogiannopoulos
966206ecea worker: when advertising the IPv6 address/prefix use the subnet prefix 
That is, instead of advertising the address with the server's prefix
advertise the IPv6 address with the prefix that is assigned to the client
itself.
 2016-06-18 10:45:25 +02:00
Kevin Cernekee
fb1430f95e Zero out the whole sockaddr_in6 struct when parsing explicit-ipv6 
This initializes sin6_scope_id to 0, so that $IPV6_REMOTE doesn't
get strings that look like: "2001:db8::1234%932152953"

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
 2016-06-18 10:41:32 +02:00
Nikos Mavrogiannopoulos
efafdd9e73 tests: added missing certs 2016-06-17 23:11:21 +02:00
Nikos Mavrogiannopoulos
a0ffa818c0 tests: use the .tmp suffix to pid files 2016-06-17 11:56:43 +02:00
Nikos Mavrogiannopoulos
f2bef25cdc sample.config: use new paths 2016-06-17 11:54:07 +02:00
Nikos Mavrogiannopoulos
cbc4dde44b tests: moved passwd files to data/ 2016-06-17 11:54:05 +02:00
Nikos Mavrogiannopoulos
f3a182dbdf tests: moved config files to data/ 2016-06-17 11:54:03 +02:00
Nikos Mavrogiannopoulos
5c88ee7715 tests: moved all certificates and keys in certs/ 2016-06-17 11:53:50 +02:00
Nikos Mavrogiannopoulos
0810cc0aa7 doc update ocserv_0_11_3 2016-06-16 08:49:52 +02:00
Nikos Mavrogiannopoulos
05badbea7a doc update 2016-06-16 08:28:42 +02:00
Nikos Mavrogiannopoulos
bb1ba34bdc ocserv-fw: updated with Lance LeFlore's version 2016-06-16 08:27:22 +02:00
Nikos Mavrogiannopoulos
c49b395a54 ocserv: better log message on terminating worker processes 2016-06-08 19:37:17 +02:00
Nikos Mavrogiannopoulos
aa27271f3b tests: remove the explicit docker pull commands from docker-common.sh 2016-06-08 17:01:48 +02:00
Nikos Mavrogiannopoulos
7a6a7c707a worker: wait for confirmation on messages sent during disconnect 
when disconnecting and sending stats and info to main and sec-mod
ensure that messages have been processed prior to exiting. That makes
sure that these messages are accounted and are not lost. This addresses
issue where the stats on disconnect were not properly reported to
sec-mod.
 2016-06-05 11:35:51 +02:00
Nikos Mavrogiannopoulos
d83c523661 sec-mod: process_packet -> process_worker_packet 2016-06-05 11:25:52 +02:00
Nikos Mavrogiannopoulos
1276ebeb48 ocserv: eliminated race condition with up/down scripts 
If a user is disconnected while the connect script is running,
kill the script and wait for its termination. If it successfully
terminated (exit code = 0) then run the user disconnect (down) script.
 2016-06-05 10:38:34 +02:00
Nikos Mavrogiannopoulos
ceed05b030 doc update 2016-06-05 10:14:34 +02:00
Nikos Mavrogiannopoulos
55cb72522a doc update 2016-06-04 20:03:40 +02:00
Nikos Mavrogiannopoulos
ab5d22c005 tests: added check for host-update-script being run 2016-06-04 20:02:15 +02:00
Nikos Mavrogiannopoulos
5c9cda67fb ocserv: added a host-update-script config option 
This option will set a script to be called once the user is
connected and provides a hostname to be used with his IP. That
script can be used to update a DNS server or so.

Relates #39
 2016-06-04 19:49:03 +02:00
Andrew Karpow
db31e9def3 ocserv: fix ipv6 tun control on OpenBSD 
This fixes ipv6 tunnel support on OpenBSD. OpenBSD network stack doesn't
enable the multicast flag on tun devices like FreeBSD - but this is
obligatory for ipv6.

Error message without this patch:
main: tun.c:260: tun0: Error setting IPv6: Invalid argument

Signed-off-by: Andrew Karpow <andy@ndyk.de>
 2016-06-01 22:10:51 +02:00
Nikos Mavrogiannopoulos
8c3990cfde doc update 2016-06-01 15:41:13 +02:00
Nikos Mavrogiannopoulos
9e4ee0551a ocserv: improved old openconnect version detection 
That is enhance detection to detect openconnect version 3 and _earlier_.

Resolves #51
 2016-06-01 15:37:17 +02:00
Nikos Mavrogiannopoulos
63e4500f09 bumped version 2016-05-29 11:57:33 +02:00
Nikos Mavrogiannopoulos
0c9feb2b8b Added travis automatic builds 2016-05-29 11:46:07 +02:00
Nikos Mavrogiannopoulos
c7200bb3cf configure.ac: reduced libtasn1 dependency to 3.4 
This allows building in travis systems.
 2016-05-29 11:46:02 +02:00
Nikos Mavrogiannopoulos
0ee0ef79fb documented the available URL handlers 2016-05-17 14:50:52 +02:00
Nikos Mavrogiannopoulos
788f40253b doc update 2016-05-17 14:47:36 +02:00
Nikos Mavrogiannopoulos
a9c5a8271c tests: added check for the CA certificate handler 2016-05-17 14:46:12 +02:00
Nikos Mavrogiannopoulos
f87871fc48 ocserv: added '/ca.pem' and '/ca.cer' HTTP handler 
This handler will return the server's CA certificate to the requester
in PEM and DER formats.
 2016-05-17 14:42:09 +02:00
Nikos Mavrogiannopoulos
edabd11b4a strcasestr.m4: explicitly unblock SIGALRM 
This works around an issue in the freebsd CI which fails on this test.
For some reason that signal is blocked while running the test.
 2016-05-17 13:11:48 +02:00
Nikos Mavrogiannopoulos
7b8e886502 ocserv: avoid calling exit() on signal handlers 2016-05-16 14:48:55 +02:00
Nikos Mavrogiannopoulos
7f65577fbd ocserv: enforce a default auth timeout value 
That is to prevent processes hanging on inactive sessions.
 2016-05-16 14:47:15 +02:00
Nikos Mavrogiannopoulos
465389a82a main-worker-cmd: more precise messages 2016-05-15 09:50:08 +02:00
Nikos Mavrogiannopoulos
db5b81c1b7 doc update 2016-05-14 20:39:58 +02:00
Nikos Mavrogiannopoulos
3a834fad26 occtl: print the cookie associated with a user on user info 
This allows to map existing cookies to connected users.
 2016-05-14 20:37:12 +02:00
Nikos Mavrogiannopoulos
f08b143398 memmem/strcasestr.m4: don't call exit() from signal handler 2016-05-13 11:29:49 +02:00
Nikos Mavrogiannopoulos
cb01bed65e Increased the minimum acceptable MTU size under IPv4 
This is because lower MTUs than 576 are unreasonable today, and RFC791
(from 1981) requires that all hosts must be prepared to receive 576-byte
datagrams.
 2016-05-11 17:01:40 +02:00
Nikos Mavrogiannopoulos
2a59aa87ea ocserv: on DTLS rehandshake or new fd reset the MTU 
This allows to avoid an indefinite drop of MTU without any possibility
to reset.
 2016-05-11 17:01:40 +02:00
Nikos Mavrogiannopoulos
4dabfe0afd doc update 2016-05-09 14:04:24 +02:00
Nikos Mavrogiannopoulos
a15fb587c8 doc: mention that restrict-user-* are experimental options 2016-05-09 12:44:49 +02:00
Nikos Mavrogiannopoulos
becd51e799 ocserv: corrected setting of UDP socket options 2016-05-09 12:12:09 +02:00
Nikos Mavrogiannopoulos
6b9b80e487 README.md: doc update 2016-05-01 00:39:30 +02:00