GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,306 Commits 19 Branches 88 Tags
68eccaedf7f6474ed16f473daafc68d3aeef03d3
Commit Graph

96 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
d0a12f6d8e .gitlab-ci.yml: coverity: use centos8 image 
This addresses incompatibilities with Fedora32.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 00:30:19 +02:00
Nikos Mavrogiannopoulos
0811d7d46b coverity: enable OIDC and latency stats in coverity run 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-23 09:00:20 +02:00
Nikos Mavrogiannopoulos
a1f5fbf206 .gitlab-ci.yml: reduce unnecessary runs in schedules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-23 08:57:46 +02:00
Nikos Mavrogiannopoulos
0d1ae8a53d .gitlab-ci.yml: updated ubuntu build to 20.04 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-18 21:30:12 +02:00
William Dauchy
f4c7d41d14 add basic namespace support for listen address 
- this patch adds `listen-netns` parameter
- when set the listening socket will be created in the given namespace

it allows to properly segregate your traffic:
- do the backend traffic in the root namespace
- receive the VIP traffic in a given namespace

All this patch is widely inspired by haproxy implementation which allows
to bind each IP in a given namespace.

Resolves: #316

Signed-off-by: William Dauchy <w.dauchy@criteo.com>
 2020-07-13 18:11:30 +02:00
Nikos Mavrogiannopoulos
541bf6f137 .gitlab-ci.yml: added alpine linux CI run 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-11 12:54:26 +02:00
Alan Jowett
be17dac16f OpenBSD lacks support for procfs 
Based on
60641282df.

Snapshot of config files are used to ensure that ocserv-sm and
ocserv-worker remain in sync. These snapshots are anonymous files that
are passed via a file descriptor. A worker creates a new file
description and file descriptor by using open(2) on /proc/self/fd.
Unfortunately OpenBSD lacks support for procfs.

Instead of using snapshot of config files let workers use the config
files.

While here add a note to README.md about this limitation, and add a CI
run (from @nmav).

Signed-off-by: Björn Ketelaars <bjorn.ketelaars@hydroxide.nl>
 2020-07-01 16:20:46 +02:00
Nikos Mavrogiannopoulos
fc5a1580e0 .gitlab-ci.yml: updated for new spec file 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-29 12:06:35 +02:00
Nikos Mavrogiannopoulos
1da9c1b3b0 .gitlab-ci.yml: fix rpm generation 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-16 22:17:07 +02:00
Alan Jowett
722e030e58 Add reporting of RX latency 
Resolve: #258

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-05-26 18:14:36 -06:00
Alan Jowett
ce66485ee6 Uses fork/exec to limit memory footprint of ocserv-worker processes 
Capture all the required worker process state in a protobuf and
pass to worker via env. Snapshot all config files to ensure ocserv-sm
and ocserv-worker remain in sync. Split ocserv-worker functionality
into it's own executable with minimal dependencies.

Resolves: #285

Signed-off-by: Alan Jowett alanjo@microsoft.com
 2020-05-25 08:33:16 +02:00
Nikos Mavrogiannopoulos
7f7bb95f81 .gitlab-ci.yml: fix rpm generation testing when version matches 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-16 11:53:35 +02:00
Nikos Mavrogiannopoulos
03b05526c3 tests: check whether ipv6 interface is up 
Relates: #301

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-13 06:16:27 +02:00
Nikos Mavrogiannopoulos
350250ea82 worker: allow filtered calls to fail with a trap 
This adds a fedora CI run to with filtered calls failing
with a signal in order to detect missing syscalls from our filters.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-10 21:45:05 +02:00
Nikos Mavrogiannopoulos
4e00087b57 .gitlab-ci.yml: the freebsd system became unavailable 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-02 06:10:08 +02:00
Alan Jowett
7e5052782e Remove unused code when --disable-compression is set. 
Resolves: #291

Singed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-04-27 09:18:09 -06:00
Alan Jowett
8cac05dac2 Remove unused code when --disable-anyconnect-compat is set. 
Resolves: #290

Signed-off-by: Alan Jowett alanjo@microsoft.com
 2020-04-26 13:10:10 -06:00
Nikos Mavrogiannopoulos
fd2bd42cb2 .gitlab-ci.yml: corrected kerberos tests 
This also corrects the kerberos test script environment
to enable running the test.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-04-10 23:06:07 +02:00
Nikos Mavrogiannopoulos
aa9c401cac Prevent clients with a broken GnuTLS version from connecting using DTLS 
That prevents clients that send an all-zero DTLS client hello from being
able to establish a connection.

That also introduces the OCSERV_ALLOW_BROKEN_CLIENTS environment variable
which when set to 1 it allows broken clients to connect. This is used
mainly to allow test cases to pass to existing vulnerable systems in our
CI.

Resolves: #277

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-04-03 12:51:22 +02:00
Nikos Mavrogiannopoulos
88059e43ac .gitlab-ci.yml: no longer test on Centos6 
This is a very old platform with old openconnect available in EPEL.
We do not need to keep compatibility with it.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-03-16 22:56:18 +01:00
Nikos Mavrogiannopoulos
3544e3ee2b tests: verify environment under Apple clients 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-03-16 22:21:37 +01:00
Nikos Mavrogiannopoulos
c4759fd334 .gitlab-ci.yml: introduce run with -Werror 
This allows catching warnings that could have slipped in.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-12 19:47:50 +01:00
Alan Jowett
b43e782b12 Add support for RFC6750 bearer tokens to ocserv 
This permits the validation of OpenID Connect auth tokens OpenID
Connect is an OAuth 2.0 protocol used to identify a resource owner
(VPN client end-user) to a resource server (VPN server) intermediated
by an Authorization server.

Resolves: #240

Signed-off-by: Alan TG Jowett <alan.jowett@microsoft.com>
 2020-03-09 21:48:04 +01:00
Nikos Mavrogiannopoulos
6558653c4b .gitlab-ci.yml: include the right build in schedules [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-02-26 12:48:10 +01:00
Nikos Mavrogiannopoulos
85108c7598 .gitlab-ci.yml: corrected 'only' use in coverity build 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-02-26 12:43:34 +01:00
Nikos Mavrogiannopoulos
91de6c889e Merge branch 'tmp-coverity' into 'master' 
.gitlab-ci.yml: coverity jobs only run on schedules

See merge request openconnect/ocserv!138
 2020-02-22 23:21:16 +00:00
Nikos Mavrogiannopoulos
bc092793f0 .gitlab-ci.yml: coverity jobs only run on schedules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-22 23:43:48 +01:00
Nikos Mavrogiannopoulos
c3ff69e7c4 added ubuntu18 build and minor cleanup 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-22 22:43:55 +01:00
Nikos Mavrogiannopoulos
a6994ef1e7 .gitlab-ci.yml: specify the master branch coverity and web pages generation runs 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-13 23:04:38 +01:00
Nikos Mavrogiannopoulos
613242f343 .gitlab-ci.yml: added epel8 rpm build 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-13 23:02:55 +01:00
Nikos Mavrogiannopoulos
476638a52a .gitlab-ci.yml: avoid the use of '&&' 
gitlab CI will often mask a failure when multiple '&&' are
present.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-13 22:50:00 +01:00
Nikos Mavrogiannopoulos
f4126fa095 .gitlab-ci.yml: change raddb permissions 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-13 22:45:42 +01:00
Nikos Mavrogiannopoulos
a8d34a80b9 tests: radius: save log on CI failure 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-13 22:25:13 +01:00
Nikos Mavrogiannopoulos
fc901e03c4 .gitlab-ci.yml: use parallel builds 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-13 22:06:22 +01:00
Nikos Mavrogiannopoulos
243c5e9fa2 .gitlab-ci.yml: added centos8 build 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-02-11 12:33:39 +01:00
Nikos Mavrogiannopoulos
9bd3c136e1 .gitlab-ci.yml: run jobs on linux only 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-01-26 09:25:44 +01:00
Nikos Mavrogiannopoulos
c9e907c841 tests: replaced docker-based kerberos test case with one that runs in CI 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-11-17 14:51:21 +01:00
Nikos Mavrogiannopoulos
a5a1b2d62f .gitlab-ci.yml: added coverity build 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-10-23 10:37:46 +02:00
Nikos Mavrogiannopoulos
5247833d91 .gitlab-ci.yml: build rpm as part of the CI process 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-07-01 21:56:03 +02:00
Nikos Mavrogiannopoulos
15380220ac tests: rewrite the radius tests using namespaces 
This simplifies the test and makes it runnable in our CI.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-06-03 22:47:23 +02:00
Nikos Mavrogiannopoulos
6cac225203 tests: make ping cmd functional in centos7,6 
It requires the '-6' option to be able to function with
IPv6 addresses.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-03-12 17:21:17 +01:00
Nikos Mavrogiannopoulos
383c25e239 .gitlab-ci.yml: run code coverage with -O0 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-30 19:23:05 +01:00
Nikos Mavrogiannopoulos
385af4e831 .gitlab-ci.yml: ensure gcov scripts are writeable 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-20 06:44:29 +01:00
Nikos Mavrogiannopoulos
27c83dcf42 tests: consistently disable isolate-workers in tests 
That is to prevent coverage reporting in tests.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-20 06:43:47 +01:00
Nikos Mavrogiannopoulos
a67c45099f .gitlab-ci.yml: removed XFAIL from centos6; previous changes seem to fix it 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-10 19:30:36 +01:00
Nikos Mavrogiannopoulos
a5502022c2 .gitlab-ci.yml: skip Centos6 tests that fail 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-06 20:07:53 +01:00
Nikos Mavrogiannopoulos
c9c50909b9 .gitlab-ci.yml: disabled asan job as it conflicts with cwrap tools in F28 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-07-23 21:18:44 +02:00
Nikos Mavrogiannopoulos
4f79db43b6 .gitlab-ci.yml: parallelize make check in fedora build 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-07-20 22:15:42 +02:00
Nikos Mavrogiannopoulos
5a2bed6a58 .gitlab-ci.yml: updated for new debian build name 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-06-26 03:26:13 +02:00
Nikos Mavrogiannopoulos
6bc5da342f .gitlab-ci.yml: updated for new project 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-06-26 03:13:35 +02:00