GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,594 Commits 19 Branches 88 Tags
3eec11bfcd4653586a70a2deb3b3ffd7fbefe5b4
Commit Graph

3594 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
c778881927 Revert ".lgtm.yml: added" 
This reverts commit f1be23a7f7.
The LGTM.com integration doesn't seem to work as lgtm cannot
checkout this project.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-11 09:50:25 +01:00
Nikos Mavrogiannopoulos
f1be23a7f7 .lgtm.yml: added 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-10 17:16:29 +01:00
Daniel Lenski
dd34f85875 OpenConnect will interpret these headers once https://gitlab.com/openconnect/openconnect/-/merge_requests/156 is merged 
Examples of newly-authenticated sessions from Cisco servers:

- Default value of `Session-Timeout` is 1209600 seconds (14 days) per
  https://www.cisco.com/assets/sol/sb/RV345P_Emulators/RV345P_Emulator_v1-0-01-17/help/help/t_SSL_VPN.html
- https://www.mail-archive.com/openconnect-devel@lists.infradead.org/msg00968.html:
  `Lease-Duration` having the default value, while `Session-Timeout`
  and `Session-Timeout-Remaining` are `none`
- https://gitlab.com/openconnect/openconnect/-/issues/43#note_177677716:
  `Lease-Duration`, `Session-Timeout`, and `Session-Timeout-Remaining` all with
  same value

My own testing of *reconnected* sessions (on a newer Cisco server supporting
DTLS 1.2) shows that Session-Timeout-Remaining will have a value less than
Session-Timeout, such that the expiration timestamp remains constant from one
reconnection to the next.

Signed-off-by: Daniel Lenski <dlenski@amazon.com>
 2020-12-09 17:27:00 -08:00
Nikos Mavrogiannopoulos
3257070312 Merge branch 'tmp-lgtm' into 'master' 
Several updates to remove LGTM.com warnings

See merge request openconnect/ocserv!246
 2020-12-09 15:40:24 +00:00
Nikos Mavrogiannopoulos
3d7c846ecd ocserv: renamed main_loop 
This avoids warnings and static analyzers complains about
libev functions hiding the global 'loop' variable.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 15:56:29 +01:00
Nikos Mavrogiannopoulos
689b6fa1a4 process_worker_packet: remove FIXME comments; they serve little purpose 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 15:48:30 +01:00
Nikos Mavrogiannopoulos
85817d38b7 get_session_id: avoid parameter hiding 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 15:47:52 +01:00
Nikos Mavrogiannopoulos
a9cb1b7f1e headers: added header guards 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 15:46:12 +01:00
Nikos Mavrogiannopoulos
f6cb0db8e0 get_cert_names: made infinite loop apparent 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 15:44:12 +01:00
Nikos Mavrogiannopoulos
07606fc2d8 load_keys: avoid hiding a global variable 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 15:10:41 +01:00
Nikos Mavrogiannopoulos
9482756e6c parse_cfg_file: avoid hiding a global variable 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 15:10:01 +01:00
Nikos Mavrogiannopoulos
e035221030 update_auth_time_stats: cast operations to avoid overflows 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 15:05:24 +01:00
Nikos Mavrogiannopoulos
d619c90518 Avoid localtime() in favor of localtime_r() 
This is to keep some static analyzers happy that check for the
thread safe functions, even if in practice we do not need to be
thread safe.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 15:01:39 +01:00
Nikos Mavrogiannopoulos
24814ac874 ocserv: avoid the use of ctime 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 14:55:46 +01:00
Nikos Mavrogiannopoulos
44bff9ce5e .gitlab-ci.yml: corrected syntax 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 13:27:27 +01:00
Nikos Mavrogiannopoulos
39a86845cb .gitlab-ci.yml: RPM/epel8: undo downstream patch 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 11:44:50 +01:00
Nikos Mavrogiannopoulos
9927fbe997 design.dia: updated to mention seccomp 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 11:35:30 +01:00
Nikos Mavrogiannopoulos
8defa73293 Merge branch 'tmp-updated-http-parser' into 'master' 
Updated http-parser bundled library

See merge request openconnect/ocserv!245
 2020-12-09 09:15:53 +00:00
Nikos Mavrogiannopoulos
5c53d5f82d Updated bundled http-parser 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 09:31:07 +01:00
Nikos Mavrogiannopoulos
3702debb95 README.md: no longer recommend pcllib 
It is a very small library that doesn't change, not used by
any other projects and we bundle it. Let's use the bundled
version by default.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 09:29:45 +01:00
Nikos Mavrogiannopoulos
eaeac13962 Merge branch 'tmp-tests-no-need-root' into 'master' 
tests: drain-server-fail: make sure it runs only when root

See merge request openconnect/ocserv!244
 2020-12-06 21:57:56 +00:00
Nikos Mavrogiannopoulos
70150a856b tests: drain-server-fail: make sure it runs only when root 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-06 22:14:38 +01:00
Nikos Mavrogiannopoulos
bbaf5125e1 released 1.1.2 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
1.1.2 		2020-12-06 14:00:50 +01:00
Nikos Mavrogiannopoulos
3ba6b24379 Merge branch 'tmp-setrlimit' into 'master' 
update_fd_limits: set fd limits for "unlimited" users to 8k

Closes #349

See merge request openconnect/ocserv!243
 2020-12-06 12:59:51 +00:00
Nikos Mavrogiannopoulos
d08f4832e4 update_fd_limits: removed comment on future raise 
This increases the maximum number of fds by 96 to allow up to
128 scripts being run when close to the maximum limit of clients.

Resolves: #349

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-03 23:52:32 +01:00
Nikos Mavrogiannopoulos
86138698fe update_fd_limits: set fd limits for "unlimited" users to 8k 
Relates: #349

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-03 23:42:14 +01:00
Nikos Mavrogiannopoulos
051a20dde9 Merge branch 'tmp-ubuntu' into 'master' 
.gitlab-ci.yml: ubuntu: added seccomp check and enabled nuttcp tests

See merge request openconnect/ocserv!242
 2020-12-03 10:40:57 +00:00
Russ Young
3055c15c96 Log changes to reduce logging noise 
Signed-off-by: Russell Young <ruyoung@microsoft.com>
 2020-12-03 10:58:22 +01:00
Nikos Mavrogiannopoulos
a2e2bf0053 .gitlab-ci.yml: ubuntu: enabled nuttcp tests 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-03 10:57:32 +01:00
Nikos Mavrogiannopoulos
2f0b1bba0d Merge branch 'tmp-remove-listen-file' into 'master' 
Removed the listen-clear-file config option

Closes #376

See merge request openconnect/ocserv!238
 2020-12-03 09:50:18 +00:00
Nikos Mavrogiannopoulos
5cf457b425 Removed the listen-clear-file config option 
This option was almost impossible to use in general and worked with
very few clients only (not including openconnect). That also meant that
it could not be tested. Removed to reduce maintenance to parameters
that are used in practice.

Resolves: #376

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-03 10:04:57 +01:00
Nikos Mavrogiannopoulos
6c9615618d Merge branch 'tmp-coverity-fixes' into 'master' 
Several fixes or annotations attributed to coverity scan

See merge request openconnect/ocserv!237
 2020-12-03 09:00:59 +00:00
Alan Jowett
84dd1ace60 Merge branch 'coverity_fix' into 'master' 
Fix coverity warning in forward_udp_to_owner

See merge request openconnect/ocserv!241
 2020-12-02 20:43:39 +00:00
Alan Jowett
50ab40782a Fix coverty warning in forward_udp_to_owner 
Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
 2020-12-02 12:58:56 -07:00
Nikos Mavrogiannopoulos
8000de58bd handle_sec_auth_cont: corrected use of ps_status_to_str 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-01 21:03:29 +01:00
Nikos Mavrogiannopoulos
6805023bd3 handle_sec_auth_cont: print status in readable form 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-01 20:48:22 +01:00
Nikos Mavrogiannopoulos
b797d509fc set_non_block: ensure we log errors 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-11-26 14:38:05 +01:00
Nikos Mavrogiannopoulos
d60cbf53c5 handle_commands_from_main: silence coverity 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-11-26 14:38:03 +01:00
Nikos Mavrogiannopoulos
9680622d86 handle_events_cmd: silence coverity 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-11-26 14:25:14 +01:00
Nikos Mavrogiannopoulos
65a0e595e5 gssapi_vhost_init: simplified 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-11-26 14:22:36 +01:00
Nikos Mavrogiannopoulos
6fe528ec4c post_auth_handler: added error checking to cstp_printf 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-11-26 14:22:25 +01:00
Nikos Mavrogiannopoulos
57c0381269 send_stats_to_secmod: silence coverity 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-11-26 14:22:17 +01:00
Nikos Mavrogiannopoulos
56c6ab9cbf _listen_unix_ports: error when remove fails 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-11-26 14:20:26 +01:00
Nikos Mavrogiannopoulos
4150c2251b pam: silence coverity warning 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-11-26 14:20:22 +01:00
Nikos Mavrogiannopoulos
9d98e08aa1 Merge branch 'tmp-always-check-rnd' into 'master' 
gnutls_rnd(): always check its return value

See merge request openconnect/ocserv!236
 2020-11-19 22:04:23 +00:00
Nikos Mavrogiannopoulos
3be9234cb9 gnutls_rnd(): always check its return value 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-11-19 22:20:19 +01:00
Nikos Mavrogiannopoulos
fa73c53d46 Merge branch 'tmp-upgrade-ci-to-f33' into 'master' 
Upgrade fedora CI to fedora33

See merge request openconnect/ocserv!235
 2020-11-14 22:03:18 +00:00
Nikos Mavrogiannopoulos
7ee163ad2c kerberos: fixes for fedora33 kdc 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-11-14 22:05:56 +01:00
Nikos Mavrogiannopoulos
6d8bcb4795 .gitlab-ci.yml: do not use --disable-maintainer-mode 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-11-12 16:55:01 +01:00
Nikos Mavrogiannopoulos
dfadd45b9b Makefile: removed unused rules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-11-12 16:37:25 +01:00