GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,490 Commits 19 Branches 88 Tags
797d6f75d00728516fce0bdc69739e2517426c57
Commit Graph

3490 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
797d6f75d0 Merge branch 'bypass-protocol' into 'master' 
add client-bypass-protocol config option

Closes #407

See merge request openconnect/ocserv!261
 2021-05-18 07:15:43 +00:00
fdomain
b3fe0d85c2 Added client-bypass-protocol config option 
By default, anyconnect clients will drop all traffic of a given IP
version if there is no IP address in that version assigned to the
client. The client-bypass-protocol option, if enabled, will send an
extra header to the clients telling anyconnect client to bypass VPN
tunnel if there is no IP assigned. No impact for openconnect clients,
this header will simply be ignored.

Signed-off-by: Florian Domain <f.domain@criteo.com>
 2021-05-18 07:15:43 +00:00
Nikos Mavrogiannopoulos
4eb211d8d0 Merge branch 'tmp-minimal-fix' into 'master' 
.gitlab-ci.yml: merged options from minimal and Ubuntu minimal

See merge request openconnect/ocserv!264
 2021-05-16 21:27:05 +00:00
Nikos Mavrogiannopoulos
3d5981c0f2 .gitlab-ci.yml: enabled more tests on ubuntu20.04 minimal 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-16 22:43:46 +02:00
Nikos Mavrogiannopoulos
59e4539736 .gitlab-ci.yml: merged options from minimal and Ubuntu minimal 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-16 22:19:00 +02:00
Nikos Mavrogiannopoulos
1d32c5052e updated NEWS for the owasp headers 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-16 21:33:42 +02:00
Nikos Mavrogiannopoulos
2584222a3f Merge branch 'owasp-headers' into 'master' 
Owasp headers

See merge request openconnect/ocserv!263
 2021-05-14 17:41:14 +00:00
Russ Young
1d5b699e49 Changed mode 2021-05-12 13:27:35 -06:00
Russ Young
c4bc01766d Removed conditional code for OWASP headers 2021-05-12 11:56:09 -06:00
Russ Young
065f51e6af Added build flags and Test for OWASP headers 2021-04-20 11:55:28 -06:00
Russ Young
f3e23793a7 Added the default OWASP http headers to http responses. 2021-04-14 13:59:04 -06:00
Nikos Mavrogiannopoulos
415a6bce7b Merge branch 'tmp-coverity-fixes' into 'master' 
Include fixes identified by coverity

See merge request openconnect/ocserv!260
 2021-04-02 18:56:09 +00:00
Nikos Mavrogiannopoulos
3f0ece492f set_self_oom_score_adj: corrected error handling 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-04-01 17:16:12 +02:00
Nikos Mavrogiannopoulos
2d1bd947e2 ctl_handler_init: fixed resource leaks 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-04-01 17:09:25 +02:00
Nikos Mavrogiannopoulos
6677ac04fa occtl: fixed uninitialized value 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-04-01 14:52:27 +02:00
Nikos Mavrogiannopoulos
b1c9573ce0 Merge branch 'lognoise' into 'master' 
Changes offensive messages. Reduced log noise

See merge request openconnect/ocserv!259
 2021-03-12 19:30:39 +00:00
Russ Young
cbd858081e Changed logging level to reduce noise. 2021-03-01 10:42:43 -07:00
Russ Young
7864798b59 Changed logging levels to reduce noise. 2021-03-01 10:41:30 -07:00
Russ Young
e9ddacde59 Changes offensive messages. 
Changed noisy messages to be logged at LOG_DEBUG level.
 2021-02-24 11:45:36 -07:00
Alan Jowett
25e899017a Merge branch 'cookie-httponly' into 'master' 
Added HttpOnly flag to cookie

See merge request openconnect/ocserv!258
 2021-02-22 16:25:42 +00:00
Russ Young
90e08cc12d Added HttpOnly flag to cookie 2021-02-17 12:15:09 -07:00
Nikos Mavrogiannopoulos
3e47d192ed Merge branch 'openbsd-devname' into 'master' 
OpenBSD Devname changes

Closes #399

See merge request openconnect/ocserv!256
 2021-02-11 10:24:31 +00:00
Jake S
a2775715ec OpenBSD Devname changes 2021-02-10 22:17:46 +00:00
Nikos Mavrogiannopoulos
7c81ba20f4 Merge branch 'dtls-fix-memory-corruption' into 'master' 
dtls connection setup: fix memory corruption, proper watcher setup

See merge request openconnect/ocserv!255
 2021-02-10 20:48:42 +00:00
Stefan Bühler
4cea55c6d6 dtls connection setup: fix memory corruption, proper watcher setup 
ev_init and ev_io_set must never be called on active watchers - we
need to cleanup previous connection state before setting a new one.

ev_init clears the "active" flag, but doesn't remove the watcher from
libev internal linked lists (and doesn't clear the "next" pointer for
it).  This can for example lead to (unexpected) cyclic lists in libev,
and libev can loop forever trying to deal with them.
 2021-02-10 13:23:42 +01:00
Nikos Mavrogiannopoulos
9f08770c08 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-02-04 21:58:41 +01:00
Nikos Mavrogiannopoulos
289ce060dc Merge branch 'issue400' into 'master' 
Close fd and stop ev_io on failed handshake.

Closes #400

See merge request openconnect/ocserv!253
 2021-02-04 20:56:06 +00:00
Alan Jowett
c53cc97395 Close fd and stop ev_io on failed handshake. 
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-02-04 10:18:34 -07:00
Nikos Mavrogiannopoulos
d4800b54e3 Updated NEWS 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-02-03 20:36:11 +01:00
Nikos Mavrogiannopoulos
ae049ee9ab Merge branch 'tmp-394' into 'master' 
Change how stdin and stdout are closed

Closes #394

See merge request openconnect/ocserv!252
 2021-01-31 19:43:15 +00:00
Nikos Mavrogiannopoulos
9d3ac17073 Change how stdin and stdout are closed 
We only close the descriptors on the main process
as this could close other unrelated descriptors.

Resolves: #394

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-01-25 21:19:40 +01:00
Nikos Mavrogiannopoulos
acf31f5dde parse_data: print unknown bye packets 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-27 21:58:18 +01:00
Nikos Mavrogiannopoulos
b7134d59f8 corrected typo 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-27 13:22:31 +01:00
Nikos Mavrogiannopoulos
7f088554d2 README-radius.md: corrected note 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-27 13:20:48 +01:00
Nikos Mavrogiannopoulos
1f6cfdc41e README-radius.md: better phrasing of NAS-Port issue with freeradius 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-27 13:12:34 +01:00
Nikos Mavrogiannopoulos
d0708ab3ff Merge branch 'tmp-coverage-check' into 'master' 
Include debugging output into our coverage tests

See merge request openconnect/ocserv!251
 2020-12-19 14:00:59 +00:00
Nikos Mavrogiannopoulos
d8377398bc .triage-policies.yml: improved message on reopening 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-19 14:17:32 +01:00
Nikos Mavrogiannopoulos
13f59eebbd tests: increase verbosity on coverage runs 
This includes the debugging output into our tests.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-19 14:15:56 +01:00
Nikos Mavrogiannopoulos
1657781caf Merge branch 'tmp-share-vars' into 'master' 
worker.h: share OCSERV_ENV_WORKER_STARTUP_MSG between main and worker

See merge request openconnect/ocserv!250
 2020-12-14 23:10:08 +00:00
Nikos Mavrogiannopoulos
8b9cc3a5c5 Merge branch 'tmp-cleanup' into 'master' 
Cleanups in Makefile

See merge request openconnect/ocserv!249
 2020-12-14 22:40:12 +00:00
Nikos Mavrogiannopoulos
8d4a5924e4 worker.h: share OCSERV_ENV_WORKER_STARTUP_MSG between main and worker 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-14 23:26:17 +01:00
Nikos Mavrogiannopoulos
b2a5688bf7 Makefile.am: cleanup 
This rearranges variables so they are set before they are used.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-14 21:20:22 +01:00
Nikos Mavrogiannopoulos
e09a7d5a70 Merge branch 'tmp-lgtm' into 'master' 
More fixes to reduce warnings from lgtm.com static analyzer

See merge request openconnect/ocserv!248
 2020-12-12 22:30:50 +00:00
Nikos Mavrogiannopoulos
56f98cbba2 sample.config: document what 'unlimited' means 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-12 23:12:10 +01:00
Nikos Mavrogiannopoulos
5869006ce1 Replaced redundant checked with asserts 
Although the checks where strictly redundant, an update
or restructuring of the loops/files could cause a signficant
issues. For that keep them but within an assert() statement
to be clear what it is about.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-12 22:47:43 +01:00
Nikos Mavrogiannopoulos
47c6638286 ocserv-worker: renamed loop to worker_loop 
This avoids warnings and static analyzers complains about
the libev functions hiding the global 'loop' variable

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-12 22:41:57 +01:00
Nikos Mavrogiannopoulos
c778881927 Revert ".lgtm.yml: added" 
This reverts commit f1be23a7f7.
The LGTM.com integration doesn't seem to work as lgtm cannot
checkout this project.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-11 09:50:25 +01:00
Nikos Mavrogiannopoulos
f1be23a7f7 .lgtm.yml: added 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-10 17:16:29 +01:00
Daniel Lenski
dd34f85875 OpenConnect will interpret these headers once https://gitlab.com/openconnect/openconnect/-/merge_requests/156 is merged 
Examples of newly-authenticated sessions from Cisco servers:

- Default value of `Session-Timeout` is 1209600 seconds (14 days) per
  https://www.cisco.com/assets/sol/sb/RV345P_Emulators/RV345P_Emulator_v1-0-01-17/help/help/t_SSL_VPN.html
- https://www.mail-archive.com/openconnect-devel@lists.infradead.org/msg00968.html:
  `Lease-Duration` having the default value, while `Session-Timeout`
  and `Session-Timeout-Remaining` are `none`
- https://gitlab.com/openconnect/openconnect/-/issues/43#note_177677716:
  `Lease-Duration`, `Session-Timeout`, and `Session-Timeout-Remaining` all with
  same value

My own testing of *reconnected* sessions (on a newer Cisco server supporting
DTLS 1.2) shows that Session-Timeout-Remaining will have a value less than
Session-Timeout, such that the expiration timestamp remains constant from one
reconnection to the next.

Signed-off-by: Daniel Lenski <dlenski@amazon.com>
 2020-12-09 17:27:00 -08:00
Nikos Mavrogiannopoulos
3257070312 Merge branch 'tmp-lgtm' into 'master' 
Several updates to remove LGTM.com warnings

See merge request openconnect/ocserv!246
 2020-12-09 15:40:24 +00:00