GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,336 Commits 19 Branches 88 Tags
6ac03c0c8055cb4abe8bcde7a084b19fa5864c0c
Commit Graph

2336 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
6ac03c0c80 tests: removed ipv6 functionality check from kerberos test 2015-11-27 09:42:35 +01:00
Nikos Mavrogiannopoulos
be77cdf671 tests: test-cookie-invalidation add a time wait after client termination 
That ensures that the client is already terminated when the final check
starts.
 2015-11-27 09:36:41 +01:00
Nikos Mavrogiannopoulos
dad2181261 doc update 2015-11-26 18:29:31 +01:00
Nikos Mavrogiannopoulos
e41d6b6e75 tests: updated radius config files for f23 2015-11-26 18:29:27 +01:00
Nikos Mavrogiannopoulos
2484d81aad Allow matching passwords of format <xxx_password> in client's login message 2015-11-26 18:29:22 +01:00
Nikos Mavrogiannopoulos
cefd77b633 Simplified per-user/group configuration handling 
We now use a common structure in SESSION_REPLY and AUTH_REP
messages. That structure is generated by sec-mod and forwarded
by main to worker, thus eliminating the need to create passing
code for each new user-config variable being added.
 2015-11-26 18:29:14 +01:00
Nikos Mavrogiannopoulos
f86fb99b50 doc update 2015-11-24 00:29:31 +01:00
Nikos Mavrogiannopoulos
fa6c7ac0e6 ocserv-fw: when called with --removeall exit immediately after action 2015-11-23 18:12:09 +01:00
Nikos Mavrogiannopoulos
ddddaee5be tests: check whether the firewall rules have been applied with restrict-user-to-routes 2015-11-23 17:43:14 +01:00
Nikos Mavrogiannopoulos
5952dfbece prior to execl() scripts set stdout to be our stderr to avoid confusing scripts 2015-11-23 17:32:01 +01:00
Nikos Mavrogiannopoulos
f5fca982dc Added configuration option restrict-user-to-routes 
This option, if set, will call /usr/bin/ocserv-fw for each user
connecting, i.e., adding firewall restrictions based on its allowed
routes.
 2015-11-23 17:31:55 +01:00
Nikos Mavrogiannopoulos
183820ae3c ocserv-fw: Added script to restrict clients to their allowed routes 
That is when called as a connect/disconnect script it restricts the client
to the routes it is allowed to see, and prevents it from accessing anything
else.
 2015-11-23 16:04:19 +01:00
Nikos Mavrogiannopoulos
a556837f2b tests: check whether the routes and DNS servers are set in scripts 2015-11-23 10:53:51 +01:00
Nikos Mavrogiannopoulos
6f794a287e If running the local script fails due to signal handle that as non-zero exit status 2015-11-23 10:53:48 +01:00
Nikos Mavrogiannopoulos
c7fe48f372 scripts: export the routes,no-routes and dns servers 2015-11-23 10:53:43 +01:00
Nikos Mavrogiannopoulos
45c2fb55c8 tests: avoid source dependencies from other dirs in Makefile 
That causes compilation errors under certain cirquimstances.
 2015-11-19 14:35:16 +01:00
Nikos Mavrogiannopoulos
854fd8f421 added cwrap libs as dependencies 2015-11-19 14:31:08 +01:00
Nikos Mavrogiannopoulos
e91a56117b tests: modified cwrap tests to run from different builddir 2015-11-19 14:30:48 +01:00
Nikos Mavrogiannopoulos
ba44c2a6c1 pass DPD and keepalive values to occtl 2015-11-19 12:23:37 +01:00
Nikos Mavrogiannopoulos
01a6435fad .gitlab-ci.yml: run all checks on build systems 2015-11-19 10:46:22 +01:00
Nikos Mavrogiannopoulos
345a752676 tests: converted part of the test suite to run with cwrap 
That allows several tests to run as non-root.
 2015-11-19 10:44:34 +01:00
Nikos Mavrogiannopoulos
a09d4f51ab relocated confusing message on user logged in 2015-11-19 10:09:38 +01:00
Nikos Mavrogiannopoulos
8d03519fb2 doc update 2015-11-17 11:02:26 +01:00
Nikos Mavrogiannopoulos
2b0102d1c5 tests: use more sensible names for pid files 2015-11-17 08:36:27 +01:00
Nikos Mavrogiannopoulos
f770e0000c tests: added check to verify the proper operation of cookie key rotation 2015-11-17 08:36:04 +01:00
Nikos Mavrogiannopoulos
2473633b8d Added cookie key rotation 2015-11-17 08:33:38 +01:00
Nikos Mavrogiannopoulos
fd5f9df898 route-add: added more sensible version of system() 2015-11-16 22:30:56 +01:00
Nikos Mavrogiannopoulos
9f93c318a3 prior to calling system set the default signal mask 2015-11-16 18:14:16 +01:00
Nikos Mavrogiannopoulos
684f779381 tests: use fedora 23 for docker images 2015-11-16 17:59:32 +01:00
Nikos Mavrogiannopoulos
850dd24be3 document testing dependencies 2015-11-16 17:59:23 +01:00
Nikos Mavrogiannopoulos
cc48b0808a A failure to apply iroutes is propagated and login is denied 2015-11-16 17:22:45 +01:00
Nikos Mavrogiannopoulos
8cb807d27d design.md: document a possible optimization in IPC protocol 2015-11-13 12:46:36 +01:00
Nikos Mavrogiannopoulos
3c653fa747 worker-extras -> worker-http-handers 2015-11-13 10:24:02 +01:00
Nikos Mavrogiannopoulos
a53ee64472 occtl: include files from generated common dir 2015-11-11 16:30:29 +01:00
Nikos Mavrogiannopoulos
0d9d283b12 tests: remove CCAN sources - we already link to libccan.a 2015-11-11 16:26:47 +01:00
Nikos Mavrogiannopoulos
8d17358c8b don't export LIBTALLOC_CFLAGS when using the included 2015-11-11 16:25:45 +01:00
Nikos Mavrogiannopoulos
b2881375af tests: use proper cflags after code refactor 2015-11-11 16:16:02 +01:00
Nikos Mavrogiannopoulos
ba81d998e9 common: include upper dir for auto-generated headers 2015-11-11 16:12:54 +01:00
Nikos Mavrogiannopoulos
d9d246a375 finish move of ctl.proto to common/ 2015-11-11 16:10:31 +01:00
Nikos Mavrogiannopoulos
113c265030 common: Added missing file 2015-11-11 16:06:19 +01:00
Nikos Mavrogiannopoulos
b5640d61fb cstp_send_file: use system calls instead of libc for open/read 
That simplifies the handling of seccomp rules.
 2015-11-11 16:06:16 +01:00
Nikos Mavrogiannopoulos
3ba4c2b618 move common sources to common/ 2015-11-11 14:59:30 +01:00
Nikos Mavrogiannopoulos
2ef8d5a4c2 gnulib: remove all fcntl/open/etc compatibility functions 2015-11-11 14:53:17 +01:00
Nikos Mavrogiannopoulos
e6b942b5f8 .gitlab-ci.yml: cannot build with --with-local-talloc - it conflicts with system header 2015-11-11 14:10:50 +01:00
Nikos Mavrogiannopoulos
75b3461f70 .gitlab-ci.yml: don't use --enable-local-libopts on minimal build 
It cannot be used everywhere.
 2015-11-11 14:04:33 +01:00
Nikos Mavrogiannopoulos
6c3e5d31a7 ccan: build as an included library 2015-11-11 14:03:55 +01:00
Nikos Mavrogiannopoulos
805db4f9f6 use an intermediate protobuf library for the included protobuf sources 2015-11-11 13:35:25 +01:00
Nikos Mavrogiannopoulos
e618f2891a .gitlab-ci.yml: added build check with minimal setup 2015-11-10 16:13:48 +01:00
Nikos Mavrogiannopoulos
65004a55df Added configuration option tunnel-all-dns 2015-11-10 13:50:03 +01:00
Nikos Mavrogiannopoulos
f10b7e0055 use 'secondary_password' as name for any additional XML password fields 2015-11-10 13:49:59 +01:00