GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,578 Commits 19 Branches 88 Tags
5c9cda67fbb2a6ec4ec22154f6867bde627c1068
Commit Graph

2578 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
5c9cda67fb ocserv: added a host-update-script config option 
This option will set a script to be called once the user is
connected and provides a hostname to be used with his IP. That
script can be used to update a DNS server or so.

Relates #39
 2016-06-04 19:49:03 +02:00
Andrew Karpow
db31e9def3 ocserv: fix ipv6 tun control on OpenBSD 
This fixes ipv6 tunnel support on OpenBSD. OpenBSD network stack doesn't
enable the multicast flag on tun devices like FreeBSD - but this is
obligatory for ipv6.

Error message without this patch:
main: tun.c:260: tun0: Error setting IPv6: Invalid argument

Signed-off-by: Andrew Karpow <andy@ndyk.de>
 2016-06-01 22:10:51 +02:00
Nikos Mavrogiannopoulos
8c3990cfde doc update 2016-06-01 15:41:13 +02:00
Nikos Mavrogiannopoulos
9e4ee0551a ocserv: improved old openconnect version detection 
That is enhance detection to detect openconnect version 3 and _earlier_.

Resolves #51
 2016-06-01 15:37:17 +02:00
Nikos Mavrogiannopoulos
63e4500f09 bumped version 2016-05-29 11:57:33 +02:00
Nikos Mavrogiannopoulos
0c9feb2b8b Added travis automatic builds 2016-05-29 11:46:07 +02:00
Nikos Mavrogiannopoulos
c7200bb3cf configure.ac: reduced libtasn1 dependency to 3.4 
This allows building in travis systems.
 2016-05-29 11:46:02 +02:00
Nikos Mavrogiannopoulos
0ee0ef79fb documented the available URL handlers 2016-05-17 14:50:52 +02:00
Nikos Mavrogiannopoulos
788f40253b doc update 2016-05-17 14:47:36 +02:00
Nikos Mavrogiannopoulos
a9c5a8271c tests: added check for the CA certificate handler 2016-05-17 14:46:12 +02:00
Nikos Mavrogiannopoulos
f87871fc48 ocserv: added '/ca.pem' and '/ca.cer' HTTP handler 
This handler will return the server's CA certificate to the requester
in PEM and DER formats.
 2016-05-17 14:42:09 +02:00
Nikos Mavrogiannopoulos
edabd11b4a strcasestr.m4: explicitly unblock SIGALRM 
This works around an issue in the freebsd CI which fails on this test.
For some reason that signal is blocked while running the test.
 2016-05-17 13:11:48 +02:00
Nikos Mavrogiannopoulos
7b8e886502 ocserv: avoid calling exit() on signal handlers 2016-05-16 14:48:55 +02:00
Nikos Mavrogiannopoulos
7f65577fbd ocserv: enforce a default auth timeout value 
That is to prevent processes hanging on inactive sessions.
 2016-05-16 14:47:15 +02:00
Nikos Mavrogiannopoulos
465389a82a main-worker-cmd: more precise messages 2016-05-15 09:50:08 +02:00
Nikos Mavrogiannopoulos
db5b81c1b7 doc update 2016-05-14 20:39:58 +02:00
Nikos Mavrogiannopoulos
3a834fad26 occtl: print the cookie associated with a user on user info 
This allows to map existing cookies to connected users.
 2016-05-14 20:37:12 +02:00
Nikos Mavrogiannopoulos
f08b143398 memmem/strcasestr.m4: don't call exit() from signal handler 2016-05-13 11:29:49 +02:00
Nikos Mavrogiannopoulos
cb01bed65e Increased the minimum acceptable MTU size under IPv4 
This is because lower MTUs than 576 are unreasonable today, and RFC791
(from 1981) requires that all hosts must be prepared to receive 576-byte
datagrams.
 2016-05-11 17:01:40 +02:00
Nikos Mavrogiannopoulos
2a59aa87ea ocserv: on DTLS rehandshake or new fd reset the MTU 
This allows to avoid an indefinite drop of MTU without any possibility
to reset.
 2016-05-11 17:01:40 +02:00
Nikos Mavrogiannopoulos
4dabfe0afd doc update 2016-05-09 14:04:24 +02:00
Nikos Mavrogiannopoulos
a15fb587c8 doc: mention that restrict-user-* are experimental options 2016-05-09 12:44:49 +02:00
Nikos Mavrogiannopoulos
becd51e799 ocserv: corrected setting of UDP socket options 2016-05-09 12:12:09 +02:00
Nikos Mavrogiannopoulos
6b9b80e487 README.md: doc update 2016-05-01 00:39:30 +02:00
Nikos Mavrogiannopoulos
f77217f0f5 gnutls_pem_base64_encode2 was replaced with gnutls_pem_base64_encode_alloc 
The latter version is available in older GnuTLS versions than 3.4.0.
 2016-04-30 17:51:00 +02:00
Nikos Mavrogiannopoulos
106f0a4f5b doc update 2016-04-30 13:53:32 +02:00
Nikos Mavrogiannopoulos
6687220e48 tests: added check for cert handler validity 2016-04-30 13:53:32 +02:00
Nikos Mavrogiannopoulos
9a27c0537b sec-mod: when receiving invalid headers from main, bail out 2016-04-30 13:53:32 +02:00
Nikos Mavrogiannopoulos
43a7fe41b3 ocserv: added '/cert.pem' and '/cert.cer' HTTP handler 
This handler will return the server's certificate to the requester
in PEM and DER formats.
 2016-04-30 13:53:32 +02:00
Nikos Mavrogiannopoulos
e6c566ac76 doc update 2016-04-29 16:33:56 +02:00
Nikos Mavrogiannopoulos
5caf3f82ad .gitlab-ci.yml: enhanced separate build dir check with code coverage output 2016-04-29 16:33:41 +02:00
Nikos Mavrogiannopoulos
3f367c36bc ax_code_coverage.m4: updated to latest version 2016-04-29 16:33:36 +02:00
Nikos Mavrogiannopoulos
e142202583 README.md: updated build badge 2016-04-26 21:46:00 +02:00
Nikos Mavrogiannopoulos
4779fb0fa5 doc: updated copyright dates 2016-04-26 21:45:27 +02:00
Nikos Mavrogiannopoulos
3bc5c0607c doc update ocserv_0_11_2 2016-04-25 22:55:52 +02:00
Nikos Mavrogiannopoulos
46a53437d0 ocpasswd-test: updated grep check for more portability across systems 2016-04-19 16:57:08 +02:00
Nikos Mavrogiannopoulos
00b631e01e .gitlab-ci.yml: added build rule on freebsd 2016-04-19 16:17:02 +02:00
Nikos Mavrogiannopoulos
b706ab7871 main: reduce UDP_FD_RESEND_TIME to 3 seconds 
This allows a client to reconnect the DTLS session as soon as even
3 seconds. This addresses issue with clients turning the wifi off and
on again, not being able to reconnect with DTLS.
 2016-04-19 14:16:53 +02:00
Nikos Mavrogiannopoulos
51f3c7b1eb Moved libev initialization after daemon() and sec-mod process init 
This is because libev uses a file descriptor in FreeBSD systems
(kqueue) which is closed by the kernel on fork(). That means
that on libev deinitialization after daemon(), libev will close
another unrelated descriptor.
 2016-04-19 13:42:05 +02:00
Nikos Mavrogiannopoulos
2a7d8ac303 Revert "FreeBSD: restrict to poll or select the main event loop" 
This reverts commit 659c903369.
 2016-04-19 13:23:54 +02:00
Nikos Mavrogiannopoulos
a092673dc4 set_socket_timeout: be more verbose in error conditions 2016-04-18 16:59:40 +02:00
Nikos Mavrogiannopoulos
2debbde9a3 ocserv: initialize ctl_fd to an invalid value 
This prevents issue with clear_lists() closing the 0-fd
even when ctl_handler is not initialized.
 2016-04-17 13:43:35 +02:00
Nikos Mavrogiannopoulos
359ec5fe2e sec-mod: simplify the name of the security module to ocserv-sm 2016-04-17 12:52:23 +02:00
Nikos Mavrogiannopoulos
5ea4b32f4d tests: use 127.0.0.1 for debian radiusclient conf 
That is because freeradius listens to IPv4 by default.
Also adjusted the default log directory to match the
Fedora's one and simplify the test.
 2016-04-17 12:51:05 +02:00
Nikos Mavrogiannopoulos
0561534639 tests: updated debian tests to use libgnutls30 2016-04-17 11:05:32 +02:00
Nikos Mavrogiannopoulos
3eb5dd360e doc update 2016-04-17 10:45:26 +02:00
Nikos Mavrogiannopoulos
795730a681 configure: Add a code coverage option 
Configure with:
  ./configure --enable-code-coverage
Show coverage output with:
  make && make check && make code-coverage-capture

It does not take into account tests run under docker.
 2016-04-16 12:39:18 +02:00
Nikos Mavrogiannopoulos
b088d2df73 Makefiles: combined the rules for local libraries 2016-04-16 10:47:18 +02:00
Nikos Mavrogiannopoulos
3b844bf3f0 bumped version 2016-04-16 08:56:23 +02:00
Nikos Mavrogiannopoulos
df36a4c0ba main: close stdin and stdout as early after daemon() 
The reason is that in some systems daemon() may close stdin
completely. If we delay this close and another descriptor takes
the stdin fileno, we may end up closing a legitimate descriptor.
 2016-04-16 08:49:35 +02:00