GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,406 Commits 19 Branches 88 Tags
7725d53e8df62181752e5b12d8f0039479063dcb
Commit Graph

2406 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
7725d53e8d tls_recv() will retry on EINTR 2016-01-19 00:51:10 +01:00
Nikos Mavrogiannopoulos
40185fe0c2 radius: send user agent information as Connect-Info on accounting start 
Relates #26
 2016-01-18 11:55:16 +01:00
Nikos Mavrogiannopoulos
271ce75574 doc update 2016-01-18 09:08:12 +01:00
Nikos Mavrogiannopoulos
17473a734c tests: updated radius tests for Debian 2016-01-18 00:01:14 +01:00
Nikos Mavrogiannopoulos
55b1cbec91 radius: more careful checks around the user_agent access 2016-01-17 23:18:24 +01:00
Nikos Mavrogiannopoulos
c662641768 README.radius: added Connect-Info attribute 2016-01-17 23:13:04 +01:00
Nikos Mavrogiannopoulos
dfc4124d7a NEWS: doc update [ci skip] 2016-01-16 23:48:37 +01:00
Nikos Mavrogiannopoulos
6c6481de40 radius: send user agent information as Connect-Info 
That allows the radius server to store information on particular
client. Resolves #26
 2016-01-16 23:01:10 +01:00
Nikos Mavrogiannopoulos
8aa55db239 send_stats_to_secmod() is called as soon as possible 
This allows us to send the client assigned IP to radius server
as soon as it is available, rather than waiting a full interim_update
cycle.
 2016-01-14 17:25:35 +01:00
Nikos Mavrogiannopoulos
1fc9e31f3e Updated support for chacha20-poly1305 
It was modified to support the PSK variant of the algorithm because
draft-ietf-tls-chacha20-poly1305-03 doesn't define an RSA variant. It
was tested to interoperate with openconnect/gnutls.
 2016-01-13 11:44:19 +01:00
Nikos Mavrogiannopoulos
3eb2b903ed worker: Prevent any frozen worker processes by killing them on inactivity 
That is, introduced an alarm() call at the worker periodic check, which will
only get triggered if a very long timeout has occurred without the loop being
completed.
 2016-01-11 13:55:12 +01:00
Nikos Mavrogiannopoulos
43d55261e6 main: introduced main-worker-cmd.c 2016-01-11 13:09:34 +01:00
Nikos Mavrogiannopoulos
e1dea8ae71 moved run_sec_mod() to main-sec-mod-cmd.c 2016-01-11 13:07:15 +01:00
Nikos Mavrogiannopoulos
3002645108 moved proc creation and deinitialization at main-proc.c 2016-01-11 13:05:55 +01:00
Nikos Mavrogiannopoulos
f2bd0a0ec7 released 0.11.0rc0 2016-01-08 13:39:16 +01:00
Nikos Mavrogiannopoulos
22a4ab8a9b worker: use the state buffer for HTTP requests 2016-01-07 13:24:15 +01:00
Nikos Mavrogiannopoulos
79cfacf0fe worker: enforce a default socket timeout for TCP and UDP sockets 
That is because, although we  use select() to see whether a call to
recv() would block, there are certain cases in Linux where recv() blocks
even though select() notified of available data. Reported by Yick Xie.
 2016-01-06 23:51:01 +01:00
Nikos Mavrogiannopoulos
5bb19cae39 don't attempt to open per_user_dir if it is NULL 
Nor attempt to close a NULL handle. This addresses a crash in certain libc's.
 2016-01-05 21:44:43 +01:00
Nikos Mavrogiannopoulos
1955394cfa When receiving from unix socket attempt to reconstruct the CSTP packets 
That is because it may happen that the sender sends a complete packet
into multiple chunks. Resolves #22
 2016-01-02 00:13:56 +02:00
Nikos Mavrogiannopoulos
bee0d57323 set_tun_mtu: print the mtu size on failed assignment 2016-01-01 23:35:25 +02:00
Nikos Mavrogiannopoulos
e4cedfb898 README-radius: added more text for Framed-Route format 2016-01-01 23:35:24 +02:00
Nikos Mavrogiannopoulos
0ad8a3a46a correctly print the IP of addresses added to ban list 2015-12-23 19:33:14 +02:00
Nikos Mavrogiannopoulos
34fa33ca15 README.md: added radcli dependency 2015-12-22 00:29:45 +02:00
Nikos Mavrogiannopoulos
ca5cae6f01 tests: use libradcli4 in debian builds 2015-12-22 00:27:30 +02:00
Nikos Mavrogiannopoulos
3e82a965a8 Prior to sending profile files, perform cookie authentication 
That allows to read the per-user config file, and prevent
a null pointer dereference. Reported by Yick Xie.
 2015-12-22 00:20:39 +02:00
Nikos Mavrogiannopoulos
97a49138e6 improved logged messages for certificate auth 2015-12-20 12:43:39 +02:00
Nikos Mavrogiannopoulos
7b086fb3f9 Don't print any cookie data unless debug level is set to be over 8 
That prevents adding into debugging logs sensitive data which can be used
to resume sessions.
 2015-12-18 11:22:49 +01:00
Nikos Mavrogiannopoulos
a52ffc4d06 When max-clients is set adjust the file descriptor limits accordingly 
This also increases the default number of descriptors to 4k.
 2015-12-08 16:31:30 +01:00
Nikos Mavrogiannopoulos
3b0342c678 doc update 2015-12-08 14:35:30 +01:00
Nikos Mavrogiannopoulos
4f4fa817b6 doc update 2015-12-08 14:28:16 +01:00
Nikos Mavrogiannopoulos
01706859e0 occtl: print the restricted ports for the client 2015-12-08 14:14:27 +01:00
Nikos Mavrogiannopoulos
cc4848fa6a protocol buffers generated sources for ctl were moved to libipc 2015-12-08 13:53:06 +01:00
Nikos Mavrogiannopoulos
e1fc1f3c45 TLS session resumption database was moved to sec-mod 
This reduces the number of sensitive data available to main process.
Resolves #21
 2015-12-07 19:52:30 +01:00
Nikos Mavrogiannopoulos
d378ce0709 doc update 2015-12-07 19:12:31 +01:00
Nikos Mavrogiannopoulos
9979b8cde0 tests: kill politely openconnect in all docker tests 2015-12-07 14:40:36 +01:00
Nikos Mavrogiannopoulos
4fad865864 tests: proxyproto-test: kill openconnect more politely and give it few seconds before checking output 2015-12-07 14:35:30 +01:00
Nikos Mavrogiannopoulos
c9e3911eaf tests: use consistent name for PID file 2015-12-07 14:20:35 +01:00
Nikos Mavrogiannopoulos
4539bd2ef5 ocserv-fw: removed unneeded variable 2015-12-07 14:20:00 +01:00
Nikos Mavrogiannopoulos
420b003a23 tests: corrected routes in ocserv-fw-neg and ocserv-reload tests 
Also simplified the ocserv-fw-neg test by not checking whether the
follow up script was run. This is part of the -fw test.
 2015-12-07 14:19:07 +01:00
Nikos Mavrogiannopoulos
3dcf18d7b4 occtl: added command 'show iroutes' 
This command will list all iroutes currently available.
Resolves #20
 2015-12-07 13:32:44 +01:00
Nikos Mavrogiannopoulos
75ad8a4359 ocserv-fw: added license 2015-12-07 13:10:45 +01:00
Nikos Mavrogiannopoulos
4df69f49b9 tests: added check for restrict-user-to-ports negation options 2015-12-07 11:34:41 +01:00
Nikos Mavrogiannopoulos
14d19b3e9a Enhanced configuration option 'restrict-user-to-ports' 
This enhancement allows to negate the rules and allow the user connecting
to all ports except the specified.
 2015-12-07 11:15:56 +01:00
Nikos Mavrogiannopoulos
8019490511 tests: added check for proper operation after SIGHUP 
This test checks whether we can retrieve user information
even after a SIGHUP (the time where the old config is invalidated).
 2015-12-07 10:38:16 +01:00
Nikos Mavrogiannopoulos
7db767599a Added /VPN to the list of known URLs for auth 
This URL is used by certain versions of the anyconnect client.
Reported by sskaje.
 2015-12-06 10:07:41 +01:00
Nikos Mavrogiannopoulos
4e71afbf6f occtl: use dash for no-dtls message to make it more consistent with other output 2015-12-06 02:10:26 +01:00
Nikos Mavrogiannopoulos
2588e617c0 configure: don't issue warnings that make compilation with libev impossible 2015-12-05 11:23:16 +01:00
Nikos Mavrogiannopoulos
c053474be9 doc update 2015-12-05 11:23:11 +01:00
Nikos Mavrogiannopoulos
fe28fd15cd Added occtl command 'show events', as well as the corresponding command in main 
This allows the main process to handle a single listener which will
get all information about new and disconnecting users.
 2015-12-05 11:23:06 +01:00
Nikos Mavrogiannopoulos
12bc8955bd main: allow multiple clients in control channel (occtl) 2015-12-05 11:23:01 +01:00