GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,351 Commits 19 Branches 88 Tags
446baaf95a468c05a9cb4e1fc9bcc68637aa44fb
Commit Graph

2351 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
446baaf95a tests: use a common macro to obtain docker image IP address 2015-12-02 10:41:13 +01:00
Nikos Mavrogiannopoulos
34ac6bce56 tests: check restrict-user-to-ports in firewall-test 2015-12-02 10:41:10 +01:00
Nikos Mavrogiannopoulos
2bb25347d0 tests: Added check for port parser 2015-12-02 10:41:00 +01:00
Nikos Mavrogiannopoulos
eabfbe8473 Added configuration option 'restrict-user-to-ports' 
This option is intended to allow restricting users to accessing
specific ports once they enter the VPN. The rules set using this
option will be enforced by the ocserv-fw script.
 2015-12-02 10:38:12 +01:00
Nikos Mavrogiannopoulos
0a38b70cc3 removed unused structure 2015-12-01 13:51:30 +01:00
Nikos Mavrogiannopoulos
8990ee7448 eliminated double null check 2015-12-01 11:46:30 +01:00
Nikos Mavrogiannopoulos
a0ca61c9a8 README.md: added gssntlmssp as a dependency 2015-12-01 11:17:43 +01:00
Nikos Mavrogiannopoulos
53376c96a2 doc: document the behavior of restrict-user-to-routes in case of defaultroute 2015-11-29 20:24:32 +01:00
Nikos Mavrogiannopoulos
b11567dd64 include ocserv-fw 2015-11-28 23:11:14 +01:00
Nikos Mavrogiannopoulos
e215c77112 tests: check for %{RI} validity in test-iroute 2015-11-28 22:13:47 +01:00
Nikos Mavrogiannopoulos
d9fc3b465a tests: check for sever exit in test-cert 2015-11-28 20:25:28 +01:00
Nikos Mavrogiannopoulos
0ba6330d37 libopts: updated to 5.18.6 2015-11-28 20:04:04 +01:00
Nikos Mavrogiannopoulos
3e5a78d500 .gitignore: ignore more auto-generated files 2015-11-28 19:42:53 +01:00
Nikos Mavrogiannopoulos
c40b0aed13 tests: check whether append-routes directive works 2015-11-28 19:41:39 +01:00
Nikos Mavrogiannopoulos
2d823aa200 Added config option 'append-routes' 
If set to true it will restore the old configuration semantics
of appending the global routes to per user/group config.
 2015-11-28 19:28:24 +01:00
Nikos Mavrogiannopoulos
6ac03c0c80 tests: removed ipv6 functionality check from kerberos test 2015-11-27 09:42:35 +01:00
Nikos Mavrogiannopoulos
be77cdf671 tests: test-cookie-invalidation add a time wait after client termination 
That ensures that the client is already terminated when the final check
starts.
 2015-11-27 09:36:41 +01:00
Nikos Mavrogiannopoulos
dad2181261 doc update 2015-11-26 18:29:31 +01:00
Nikos Mavrogiannopoulos
e41d6b6e75 tests: updated radius config files for f23 2015-11-26 18:29:27 +01:00
Nikos Mavrogiannopoulos
2484d81aad Allow matching passwords of format <xxx_password> in client's login message 2015-11-26 18:29:22 +01:00
Nikos Mavrogiannopoulos
cefd77b633 Simplified per-user/group configuration handling 
We now use a common structure in SESSION_REPLY and AUTH_REP
messages. That structure is generated by sec-mod and forwarded
by main to worker, thus eliminating the need to create passing
code for each new user-config variable being added.
 2015-11-26 18:29:14 +01:00
Nikos Mavrogiannopoulos
f86fb99b50 doc update 2015-11-24 00:29:31 +01:00
Nikos Mavrogiannopoulos
fa6c7ac0e6 ocserv-fw: when called with --removeall exit immediately after action 2015-11-23 18:12:09 +01:00
Nikos Mavrogiannopoulos
ddddaee5be tests: check whether the firewall rules have been applied with restrict-user-to-routes 2015-11-23 17:43:14 +01:00
Nikos Mavrogiannopoulos
5952dfbece prior to execl() scripts set stdout to be our stderr to avoid confusing scripts 2015-11-23 17:32:01 +01:00
Nikos Mavrogiannopoulos
f5fca982dc Added configuration option restrict-user-to-routes 
This option, if set, will call /usr/bin/ocserv-fw for each user
connecting, i.e., adding firewall restrictions based on its allowed
routes.
 2015-11-23 17:31:55 +01:00
Nikos Mavrogiannopoulos
183820ae3c ocserv-fw: Added script to restrict clients to their allowed routes 
That is when called as a connect/disconnect script it restricts the client
to the routes it is allowed to see, and prevents it from accessing anything
else.
 2015-11-23 16:04:19 +01:00
Nikos Mavrogiannopoulos
a556837f2b tests: check whether the routes and DNS servers are set in scripts 2015-11-23 10:53:51 +01:00
Nikos Mavrogiannopoulos
6f794a287e If running the local script fails due to signal handle that as non-zero exit status 2015-11-23 10:53:48 +01:00
Nikos Mavrogiannopoulos
c7fe48f372 scripts: export the routes,no-routes and dns servers 2015-11-23 10:53:43 +01:00
Nikos Mavrogiannopoulos
45c2fb55c8 tests: avoid source dependencies from other dirs in Makefile 
That causes compilation errors under certain cirquimstances.
 2015-11-19 14:35:16 +01:00
Nikos Mavrogiannopoulos
854fd8f421 added cwrap libs as dependencies 2015-11-19 14:31:08 +01:00
Nikos Mavrogiannopoulos
e91a56117b tests: modified cwrap tests to run from different builddir 2015-11-19 14:30:48 +01:00
Nikos Mavrogiannopoulos
ba44c2a6c1 pass DPD and keepalive values to occtl 2015-11-19 12:23:37 +01:00
Nikos Mavrogiannopoulos
01a6435fad .gitlab-ci.yml: run all checks on build systems 2015-11-19 10:46:22 +01:00
Nikos Mavrogiannopoulos
345a752676 tests: converted part of the test suite to run with cwrap 
That allows several tests to run as non-root.
 2015-11-19 10:44:34 +01:00
Nikos Mavrogiannopoulos
a09d4f51ab relocated confusing message on user logged in 2015-11-19 10:09:38 +01:00
Nikos Mavrogiannopoulos
8d03519fb2 doc update 2015-11-17 11:02:26 +01:00
Nikos Mavrogiannopoulos
2b0102d1c5 tests: use more sensible names for pid files 2015-11-17 08:36:27 +01:00
Nikos Mavrogiannopoulos
f770e0000c tests: added check to verify the proper operation of cookie key rotation 2015-11-17 08:36:04 +01:00
Nikos Mavrogiannopoulos
2473633b8d Added cookie key rotation 2015-11-17 08:33:38 +01:00
Nikos Mavrogiannopoulos
fd5f9df898 route-add: added more sensible version of system() 2015-11-16 22:30:56 +01:00
Nikos Mavrogiannopoulos
9f93c318a3 prior to calling system set the default signal mask 2015-11-16 18:14:16 +01:00
Nikos Mavrogiannopoulos
684f779381 tests: use fedora 23 for docker images 2015-11-16 17:59:32 +01:00
Nikos Mavrogiannopoulos
850dd24be3 document testing dependencies 2015-11-16 17:59:23 +01:00
Nikos Mavrogiannopoulos
cc48b0808a A failure to apply iroutes is propagated and login is denied 2015-11-16 17:22:45 +01:00
Nikos Mavrogiannopoulos
8cb807d27d design.md: document a possible optimization in IPC protocol 2015-11-13 12:46:36 +01:00
Nikos Mavrogiannopoulos
3c653fa747 worker-extras -> worker-http-handers 2015-11-13 10:24:02 +01:00
Nikos Mavrogiannopoulos
a53ee64472 occtl: include files from generated common dir 2015-11-11 16:30:29 +01:00
Nikos Mavrogiannopoulos
0d9d283b12 tests: remove CCAN sources - we already link to libccan.a 2015-11-11 16:26:47 +01:00