GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,598 Commits 19 Branches 88 Tags
45b1f4626572c269271ce423a23db95c630a2cdd
Commit Graph

1598 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
45b1f46265 doc update 2015-02-10 11:17:04 +01:00
Nikos Mavrogiannopoulos
952d6adc9c Added implicit accounting when explicit addresses are specified 
Only odd IP addresses can now explicitly be set, so that the next
even address can be used as the local one.
 2015-02-10 11:07:58 +01:00
Kevin Cernekee
2e757cedb2 Use distinct remote and local IPs when explicit_ipv[46] is specified 
Currently the code sets the local interface IP to the same value as the
P-t-P IP:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:192.168.63.1  P-t-P:192.168.63.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1341  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

This doesn't seem to get things routed correctly.  e.g. pinging 192.168.63.1
from the ocserv gateway just loops traffic back to the local machine instead
of pinging the client.

So instead we'll set LIP = RIP + 1.  This isn't terribly intuitive (an
administrator might try to number consecutive users 192.168.1.1, 192.168.1.2,
192.168.1.3, ...) but it's better than the current situation.  Maybe at some
point, fixed IPs should also make use of the hash table.
 2015-02-10 10:43:49 +01:00
Nikos Mavrogiannopoulos
1e0af5c482 set cookie to expire when the last user disconnects 2015-02-10 09:10:00 +01:00
Kevin Cernekee
25cfd3b1db config: Use talloc_free() to free "route" strings 
Adding redundant routes triggers a glibc assertion on startup.  The offending
config file contained:

    route = 192.168.1.0/255.255.255.0
    route = default

The assertion:

    # ./src/ocserv -c ocserv.conf -f
    *** Error in `./src/ocserv': munmap_chunk(): invalid pointer: 0x0000000001703470 ***
    Aborted (core dumped)

Fix this by calling the correct free() function.
 2015-02-09 15:06:57 +01:00
Nikos Mavrogiannopoulos
35fae82538 document explicit-ipv? 2015-02-09 15:04:30 +01:00
Kevin Cernekee
71ff05cea7 Allow explicit-ipv4 / explicit-ipv6 addresses in per-user config files 
If a machine is running remotely accessible services, it can be helpful
to assign a fixed IP address upon connection.
 2015-02-09 11:32:24 +01:00
Kevin Cernekee
1545130237 main: Check chdir() return value 
This fixes:

    main.c: In function ‘main’:
    main.c:1025:8: warning: ignoring return value of ‘chdir’, declared with attribute warn_unused_result [-Wunused-result]
       chdir(s->config->chroot_dir);
            ^
 2015-02-09 11:31:52 +01:00
Kevin Cernekee
fbe55c23ef main: Fix unused variable warning on !HAVE_LIBSYSTEMD builds 
This fixes:

      CC       main.o
    main.c: In function ‘listen_ports’:
    main.c:276:11: warning: unused variable ‘fds’ [-Wunused-variable]
      int ret, fds;
               ^
 2015-02-09 11:31:18 +01:00
Nikos Mavrogiannopoulos
38206d6e93 eliminate double books for session expiration 
Session expiration is now handled only by security
module. That simplifies the logic significantly.
 2015-02-09 11:25:48 +01:00
Nikos Mavrogiannopoulos
e82e1b8d68 delete client entry after message is sent 2015-02-09 10:57:40 +01:00
Nikos Mavrogiannopoulos
dcb7068c19 Before allowing the steal of leases, check that usernames match 2015-02-09 10:20:25 +01:00
Nikos Mavrogiannopoulos
905222fe6e corrected typo 2015-02-09 10:20:00 +01:00
Nikos Mavrogiannopoulos
ee81ffa10d when we detect user disconnection, set the proper expiration time on their cookies 2015-02-09 10:07:46 +01:00
Nikos Mavrogiannopoulos
b014f8e1ec test-cookie-timeout: verify that a forced kill will not alter the cookie's validity 2015-02-09 09:53:45 +01:00
Nikos Mavrogiannopoulos
1ce578a525 doc update 2015-02-06 20:05:35 +01:00
Nikos Mavrogiannopoulos
ffe9451367 be explicit that dbus support is incomplete 2015-02-06 14:09:44 +01:00
Nikos Mavrogiannopoulos
1a462c7ced doc update 2015-02-06 14:05:22 +01:00
Nikos Mavrogiannopoulos
bcea928abe Added support for no-routes (X-Split-Exclude) 2015-02-06 14:05:10 +01:00
Nikos Mavrogiannopoulos
5f34edaf31 only use libseccomp in x86 (64) and ARM 2015-02-05 17:50:27 +01:00
Nikos Mavrogiannopoulos
2651099b96 doc update 2015-02-05 17:47:53 +01:00
Nikos Mavrogiannopoulos
06b4f02679 doc update 2015-01-31 12:29:32 +01:00
Nikos Mavrogiannopoulos
4cd880cb2d updated package dependencies 2015-01-30 11:45:58 +01:00
Nikos Mavrogiannopoulos
ea79349bc5 Revert "tests: added test for broken seccomp" 
This reverts commit 889d6ba0b7.
 2015-01-30 00:41:53 +01:00
Nikos Mavrogiannopoulos
c4f5027a46 Revert "tests: only run the seccomp check if it was enabled" 
This reverts commit 00a2caee36.
 2015-01-30 00:41:50 +01:00
Nikos Mavrogiannopoulos
639514d1e1 seccomp: allow _newselect since it is called in x86 instead of select 2015-01-30 00:41:26 +01:00
Nikos Mavrogiannopoulos
df872c218d configure: specify that experimental are not recommended 2015-01-29 19:26:25 +01:00
Nikos Mavrogiannopoulos
777199ffb7 bumped version 2015-01-29 19:22:06 +01:00
Nikos Mavrogiannopoulos
7598e9dee2 rearrange supported options 2015-01-29 19:20:09 +01:00
Nikos Mavrogiannopoulos
b5d8547563 doc update 2015-01-29 19:12:03 +01:00
Nikos Mavrogiannopoulos
00a2caee36 tests: only run the seccomp check if it was enabled 2015-01-29 14:12:20 +01:00
Nikos Mavrogiannopoulos
2d06c2da56 doc update 2015-01-29 14:08:27 +01:00
Nikos Mavrogiannopoulos
889d6ba0b7 tests: added test for broken seccomp 2015-01-29 14:07:55 +01:00
Nikos Mavrogiannopoulos
55c54202e1 doc update 2015-01-28 19:04:08 +01:00
Nikos Mavrogiannopoulos
06dcdb8669 tests: added missing file 2015-01-28 18:57:49 +01:00
Nikos Mavrogiannopoulos
22de76b5dd configure: ask for libfreeradius-client 1.1.7 2015-01-28 13:21:35 +01:00
Nikos Mavrogiannopoulos
b1947be1d1 tests: check for empty password support 2015-01-28 13:06:17 +01:00
Nikos Mavrogiannopoulos
654cf12ac4 sec-mod: use ctime() to print the ban list expiration time 2015-01-28 13:04:02 +01:00
Nikos Mavrogiannopoulos
5d3b2da2e1 sec-mod: pass all failures through handle_sec_auth_res() 
That will set the proper state to the user entry.
 2015-01-28 12:56:37 +01:00
Nikos Mavrogiannopoulos
0dc2e43335 worker: allow empty passwords 2015-01-28 11:52:38 +01:00
Nikos Mavrogiannopoulos
6c8174668d moved LOG_DEBUG messages to debug level 3 or higher 2015-01-28 11:48:58 +01:00
Nikos Mavrogiannopoulos
b8bcf8b835 moved some debugging messages into http level 2015-01-28 11:41:15 +01:00
Nikos Mavrogiannopoulos
b93306fca6 doc update 2015-01-25 21:50:05 +01:00
Nikos Mavrogiannopoulos
9dc43045c7 tests: added radius test 2015-01-25 20:01:09 +01:00
Nikos Mavrogiannopoulos
1e718980df tests: made pid file names unique 2015-01-25 18:54:22 +01:00
Nikos Mavrogiannopoulos
414c5d94da harmonize the time cookies are stored in security module and main server 2015-01-25 18:48:49 +01:00
Nikos Mavrogiannopoulos
e45482bd04 tests: added check to ensure that cookies remain valid during all session time 2015-01-25 17:40:43 +01:00
Nikos Mavrogiannopoulos
8e77c67f2a tests: check whether the expiration time in cookies in checked 2015-01-25 17:17:55 +01:00
Nikos Mavrogiannopoulos
92df4b925b test-multi-cookie: corrected test 2015-01-25 17:03:21 +01:00
Nikos Mavrogiannopoulos
df7f3c528c updated design documents 2015-01-25 09:52:08 +01:00