GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,341 Commits 19 Branches 88 Tags
5b3b8e8d33084091bcc53923b2a1fed689428ae2
Commit Graph

3341 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alan Jowett
5b3b8e8d33 Merge branch 'issue345' into 'master' 
Stop accepting new TCP connections when the server is at maximum active connection capacity & add support for gracefully stopping the server.

Closes #345

See merge request openconnect/ocserv!212
 2020-09-02 14:51:05 +00:00
Alan Jowett
77dfa36c71 Stop accepting new TCP connections when the server is at maximum active connection capacity. 
Add support for gracefully stopping the server.
Add primer on using ocserv with L3 load balancer.

Resolves: #345

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-08-28 16:01:35 -06:00
Alan Jowett
e5191bf4f3 Merge branch 'issue341' into 'master' 
Modify ocserv-sm to permit it to scale up to the number of CPUs. This permits...

Closes #341

See merge request openconnect/ocserv!210
 2020-08-26 16:44:43 +00:00
Alan Jowett
945699097d Modify ocserv-sm to permit it to scale up to the number of CPUs. This permits a higher rate of client connections and prevents TLS signing from becoming a bottleneck for clients connecting. 
Resolves: #341

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-08-26 09:46:04 -06:00
Nikos Mavrogiannopoulos
44a1357083 Merge branch 'tmp-domain-suffix' into 'master' 
sample.config: documented how to specify multiple default domains

Closes #328

See merge request openconnect/ocserv!206
 2020-08-10 18:44:07 +00:00
Nikos Mavrogiannopoulos
e5fced512f Merge branch 'tmp-test-updates2' into 'master' 
tests: eliminate legacy docker tests

See merge request openconnect/ocserv!209
 2020-08-09 20:13:31 +00:00
Nikos Mavrogiannopoulos
d0a509c6c3 tests: introduced new proxy protocol tests 
This replaces the old no longer used "docker-tests".

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 21:32:27 +02:00
Nikos Mavrogiannopoulos
5021c994db tests: always use @ISOLATE_WORKERS@ 
Now all tests configs are being auto-generated, so this variable
will be replaced.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 19:56:37 +02:00
Nikos Mavrogiannopoulos
8f3dd01483 sample.config: disable all legacy TLS versions by default 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 18:41:24 +02:00
Nikos Mavrogiannopoulos
c914b8d398 Merge branch 'tmp-test-updates' into 'master' 
test updates

Closes #340

See merge request openconnect/ocserv!207
 2020-08-09 16:39:57 +00:00
Nikos Mavrogiannopoulos
d84272ffed tests: added test for ping-leases 
Resolves: #340

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 17:59:04 +02:00
Nikos Mavrogiannopoulos
b2c0c6c1cf tests: replaced explicit ports with random assignment 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 13:14:22 +02:00
Nikos Mavrogiannopoulos
f814cf851b tests: added session resumption test 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 11:54:04 +02:00
Nikos Mavrogiannopoulos
edbb1e7111 sample.config: documented how to specify multiple default domains 
It is possible to specify multiple domains in X-CSTP-Default-Domain for
openconnect clients; make sure that this is documented.

Resolves: #328

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-06 20:57:22 +02:00
Nikos Mavrogiannopoulos
ae9f299b0f Merge branch 'tmp-warn-in-password-auth' into 'master' 
config: error when multiple password authentication methods are present

See merge request openconnect/ocserv!205
 2020-08-06 11:10:53 +00:00
Nikos Mavrogiannopoulos
c3e62fe7a3 Merge branch 'tmp-enable-asan' into 'master' 
.gitlab-ci.yml: reenable address sanitizer

See merge request openconnect/ocserv!202
 2020-08-06 11:10:13 +00:00
Nikos Mavrogiannopoulos
0ecef93423 .gitlab-ci.yml: reenable address sanitizer 
This disables all the tests that use LD_PRELOAD, and thus limits
the test suite on the tests that are run as root.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-05 23:08:43 +02:00
Nikos Mavrogiannopoulos
7a7d432d0f use REMOTE_HOSTNAME to pass the user's advertised hostname 
The previously used HOSTNAME variable is being overriden by bash and
thus was not a reliable one. We switch to setting REMOTE_HOSTNAME,
but keep the HOSTNAME for compatibility.

This also changes 'test-pass-script' to check for the new variable.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-05 23:05:24 +02:00
Nikos Mavrogiannopoulos
08c0eecc85 config: error when multiple password authentication methods are present 
This prevents starting a server with an invalid configuration.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-05 22:46:24 +02:00
Nikos Mavrogiannopoulos
df61f59e3e config: better debug messages on default vhost 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-05 22:26:49 +02:00
Nikos Mavrogiannopoulos
9ce249e583 Merge branch 'tmp-update-contribution-guide' into 'master' 
CONTRIBUTING.md: added more detailed contribution rules

See merge request openconnect/ocserv!204
 2020-08-05 05:08:34 +00:00
Nikos Mavrogiannopoulos
24a9945e0d CONTRIBUTING.md: added more detailed contribution rules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-04 23:38:20 +02:00
Nikos Mavrogiannopoulos
91712b3420 test-script-multi-user: do not run under asan 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-04 22:48:33 +02:00
Nikos Mavrogiannopoulos
99fd5d7263 test-pass-script: introduced more sophisticated timeouts 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-04 22:48:33 +02:00
Nikos Mavrogiannopoulos
d2a9f6b5de occtl: free the talloc pool on exit 
This eliminates any memory leaks pointed by asan.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-04 22:48:33 +02:00
Nikos Mavrogiannopoulos
e379b5075a snapshot: clear htable on cleanup 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-03 21:58:18 +02:00
Nikos Mavrogiannopoulos
7a3475951f Merge branch 'tmp-introduce-clang' into 'master' 
.gitlab-ci.yml: introduced clang compilation

See merge request openconnect/ocserv!203
 2020-08-03 13:36:15 +00:00
Nikos Mavrogiannopoulos
0fa951a06b .gitlab-ci.yml: introduced clang compilation 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-03 14:54:59 +02:00
Nikos Mavrogiannopoulos
0aed7584d9 Merge branch 'tmp-add-x86' into 'master' 
.gitlab-ci.yml: added i386 build

See merge request openconnect/ocserv!158
 2020-07-31 12:31:53 +00:00
Nikos Mavrogiannopoulos
1759bfdc4f .gitlab-ci.yml: added i386 build 
This introduces an i386 CI build to catch issues that relate
to 32-bit systems.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-31 13:50:37 +02:00
Nikos Mavrogiannopoulos
2f9d534e2c NEWS: corrected issue number [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-30 22:41:14 +02:00
Nikos Mavrogiannopoulos
9ac1be83cd README.md: removed unnecessary dependency [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-30 09:19:57 +02:00
Nikos Mavrogiannopoulos
8934be816c Merge branch 'issue326' into 'master' 
Pass the hostname to ocserv-main after receiving the connect request.

Closes #326

See merge request openconnect/ocserv!200
 2020-07-29 17:13:21 +00:00
Nikos Mavrogiannopoulos
ce1911ffca .gitlab-ci.yml: added auto-triage rules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-28 21:39:28 +02:00
Alan Jowett
34eab81339 Resolves: #326 
Pass the hostname to ocserv-main after receiving the connect request.

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-07-28 13:37:20 -06:00
Nikos Mavrogiannopoulos
68eccaedf7 sample.config: documented host-update-script and added unit test 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-28 20:12:52 +02:00
Nikos Mavrogiannopoulos
2b4251eba7 Merge branch 'tmp-banner2' into 'master' 
Added the config option of a pre-login banner

Closes #313

See merge request openconnect/ocserv!199
 2020-07-27 20:56:22 +00:00
Nikos Mavrogiannopoulos
9460367822 Added the config option of a pre-login banner 
Resolves: #313

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-27 22:15:12 +02:00
Nikos Mavrogiannopoulos
fc842a8d5d Merge branch 'tmp-disconnect-user2' into 'master' 
Race free disconnection of a connected user with occtl

Closes #59

See merge request openconnect/ocserv!198
 2020-07-26 11:11:08 +00:00
Nikos Mavrogiannopoulos
8aa39b0106 Improved user disconnection to avoid race conditions 
Previously when we were disconnecting a user there were few seconds
after which the cookie was still valid, so a reconnect would succeed
by the same user. This change ensures that a disconnected (via occtl)
user cannot re-use the same cookie to connect. That enables a safe
user removal from the authentication database, and from run-time.

Resolves: #59

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 21:38:55 +02:00
Nikos Mavrogiannopoulos
f100dcfa9a occtl: corrected error code on failed commands 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 00:30:52 +02:00
Nikos Mavrogiannopoulos
e677c8b536 common: added textual description to all messages 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 00:30:52 +02:00
Nikos Mavrogiannopoulos
d0a12f6d8e .gitlab-ci.yml: coverity: use centos8 image 
This addresses incompatibilities with Fedora32.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 00:30:19 +02:00
Nikos Mavrogiannopoulos
0811d7d46b coverity: enable OIDC and latency stats in coverity run 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-23 09:00:20 +02:00
Nikos Mavrogiannopoulos
a1f5fbf206 .gitlab-ci.yml: reduce unnecessary runs in schedules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-23 08:57:46 +02:00
Nikos Mavrogiannopoulos
3ebd9ecc3e Merge branch 'tmp-nobody' into 'master' 
README.md/sample.config: underline the need for a dedicated user

See merge request openconnect/ocserv!196
 2020-07-22 20:50:57 +00:00
Nikos Mavrogiannopoulos
e75e8d2471 README.md/sample.config: underline the need for a dedicated user 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-20 19:48:11 +02:00
Nikos Mavrogiannopoulos
bf8b22f3b9 Merge branch 'tmp-add-ubuntu20' into 'master' 
.gitlab-ci.yml: updated ubuntu build to 20.04

See merge request openconnect/ocserv!195
 2020-07-18 20:22:45 +00:00
Nikos Mavrogiannopoulos
0d1ae8a53d .gitlab-ci.yml: updated ubuntu build to 20.04 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-18 21:30:12 +02:00
Nikos Mavrogiannopoulos
f53d5e1395 Merge branch 'tmp-disable-tls13' into 'master' 
ocserv: disable TLS1.3 when cisco client compatibility is requested

Closes #318

See merge request openconnect/ocserv!194
 2020-07-18 19:27:10 +00:00