GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,363 Commits 19 Branches 88 Tags
8019490511a68a29803cdfd58e40a5025f040a10
Commit Graph

2363 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
8019490511 tests: added check for proper operation after SIGHUP 
This test checks whether we can retrieve user information
even after a SIGHUP (the time where the old config is invalidated).
 2015-12-07 10:38:16 +01:00
Nikos Mavrogiannopoulos
7db767599a Added /VPN to the list of known URLs for auth 
This URL is used by certain versions of the anyconnect client.
Reported by sskaje.
 2015-12-06 10:07:41 +01:00
Nikos Mavrogiannopoulos
4e71afbf6f occtl: use dash for no-dtls message to make it more consistent with other output 2015-12-06 02:10:26 +01:00
Nikos Mavrogiannopoulos
2588e617c0 configure: don't issue warnings that make compilation with libev impossible 2015-12-05 11:23:16 +01:00
Nikos Mavrogiannopoulos
c053474be9 doc update 2015-12-05 11:23:11 +01:00
Nikos Mavrogiannopoulos
fe28fd15cd Added occtl command 'show events', as well as the corresponding command in main 
This allows the main process to handle a single listener which will
get all information about new and disconnecting users.
 2015-12-05 11:23:06 +01:00
Nikos Mavrogiannopoulos
12bc8955bd main: allow multiple clients in control channel (occtl) 2015-12-05 11:23:01 +01:00
Nikos Mavrogiannopoulos
0e604b8a9f Master process was converted to use libev 2015-12-05 11:18:09 +01:00
Nikos Mavrogiannopoulos
9252e22298 Added reference counting to configuration values. 
That is, to allow referencing to these values from proc_st
without fearing of them being invalidated on a config reload. We
perform a cleanup of these values on the server periodic check.
 2015-12-05 11:08:51 +01:00
Nikos Mavrogiannopoulos
2e68ba1158 config-ports: added error checking on talloc 2015-12-03 14:48:33 +01:00
Nikos Mavrogiannopoulos
a580303e95 README.md: added liboath dependency 2015-12-02 13:59:58 +01:00
Nikos Mavrogiannopoulos
d910c8952b doc: list 'route=default' as an example 2015-12-02 10:41:16 +01:00
Nikos Mavrogiannopoulos
446baaf95a tests: use a common macro to obtain docker image IP address 2015-12-02 10:41:13 +01:00
Nikos Mavrogiannopoulos
34ac6bce56 tests: check restrict-user-to-ports in firewall-test 2015-12-02 10:41:10 +01:00
Nikos Mavrogiannopoulos
2bb25347d0 tests: Added check for port parser 2015-12-02 10:41:00 +01:00
Nikos Mavrogiannopoulos
eabfbe8473 Added configuration option 'restrict-user-to-ports' 
This option is intended to allow restricting users to accessing
specific ports once they enter the VPN. The rules set using this
option will be enforced by the ocserv-fw script.
 2015-12-02 10:38:12 +01:00
Nikos Mavrogiannopoulos
0a38b70cc3 removed unused structure 2015-12-01 13:51:30 +01:00
Nikos Mavrogiannopoulos
8990ee7448 eliminated double null check 2015-12-01 11:46:30 +01:00
Nikos Mavrogiannopoulos
a0ca61c9a8 README.md: added gssntlmssp as a dependency 2015-12-01 11:17:43 +01:00
Nikos Mavrogiannopoulos
53376c96a2 doc: document the behavior of restrict-user-to-routes in case of defaultroute 2015-11-29 20:24:32 +01:00
Nikos Mavrogiannopoulos
b11567dd64 include ocserv-fw 2015-11-28 23:11:14 +01:00
Nikos Mavrogiannopoulos
e215c77112 tests: check for %{RI} validity in test-iroute 2015-11-28 22:13:47 +01:00
Nikos Mavrogiannopoulos
d9fc3b465a tests: check for sever exit in test-cert 2015-11-28 20:25:28 +01:00
Nikos Mavrogiannopoulos
0ba6330d37 libopts: updated to 5.18.6 2015-11-28 20:04:04 +01:00
Nikos Mavrogiannopoulos
3e5a78d500 .gitignore: ignore more auto-generated files 2015-11-28 19:42:53 +01:00
Nikos Mavrogiannopoulos
c40b0aed13 tests: check whether append-routes directive works 2015-11-28 19:41:39 +01:00
Nikos Mavrogiannopoulos
2d823aa200 Added config option 'append-routes' 
If set to true it will restore the old configuration semantics
of appending the global routes to per user/group config.
 2015-11-28 19:28:24 +01:00
Nikos Mavrogiannopoulos
6ac03c0c80 tests: removed ipv6 functionality check from kerberos test 2015-11-27 09:42:35 +01:00
Nikos Mavrogiannopoulos
be77cdf671 tests: test-cookie-invalidation add a time wait after client termination 
That ensures that the client is already terminated when the final check
starts.
 2015-11-27 09:36:41 +01:00
Nikos Mavrogiannopoulos
dad2181261 doc update 2015-11-26 18:29:31 +01:00
Nikos Mavrogiannopoulos
e41d6b6e75 tests: updated radius config files for f23 2015-11-26 18:29:27 +01:00
Nikos Mavrogiannopoulos
2484d81aad Allow matching passwords of format <xxx_password> in client's login message 2015-11-26 18:29:22 +01:00
Nikos Mavrogiannopoulos
cefd77b633 Simplified per-user/group configuration handling 
We now use a common structure in SESSION_REPLY and AUTH_REP
messages. That structure is generated by sec-mod and forwarded
by main to worker, thus eliminating the need to create passing
code for each new user-config variable being added.
 2015-11-26 18:29:14 +01:00
Nikos Mavrogiannopoulos
f86fb99b50 doc update 2015-11-24 00:29:31 +01:00
Nikos Mavrogiannopoulos
fa6c7ac0e6 ocserv-fw: when called with --removeall exit immediately after action 2015-11-23 18:12:09 +01:00
Nikos Mavrogiannopoulos
ddddaee5be tests: check whether the firewall rules have been applied with restrict-user-to-routes 2015-11-23 17:43:14 +01:00
Nikos Mavrogiannopoulos
5952dfbece prior to execl() scripts set stdout to be our stderr to avoid confusing scripts 2015-11-23 17:32:01 +01:00
Nikos Mavrogiannopoulos
f5fca982dc Added configuration option restrict-user-to-routes 
This option, if set, will call /usr/bin/ocserv-fw for each user
connecting, i.e., adding firewall restrictions based on its allowed
routes.
 2015-11-23 17:31:55 +01:00
Nikos Mavrogiannopoulos
183820ae3c ocserv-fw: Added script to restrict clients to their allowed routes 
That is when called as a connect/disconnect script it restricts the client
to the routes it is allowed to see, and prevents it from accessing anything
else.
 2015-11-23 16:04:19 +01:00
Nikos Mavrogiannopoulos
a556837f2b tests: check whether the routes and DNS servers are set in scripts 2015-11-23 10:53:51 +01:00
Nikos Mavrogiannopoulos
6f794a287e If running the local script fails due to signal handle that as non-zero exit status 2015-11-23 10:53:48 +01:00
Nikos Mavrogiannopoulos
c7fe48f372 scripts: export the routes,no-routes and dns servers 2015-11-23 10:53:43 +01:00
Nikos Mavrogiannopoulos
45c2fb55c8 tests: avoid source dependencies from other dirs in Makefile 
That causes compilation errors under certain cirquimstances.
 2015-11-19 14:35:16 +01:00
Nikos Mavrogiannopoulos
854fd8f421 added cwrap libs as dependencies 2015-11-19 14:31:08 +01:00
Nikos Mavrogiannopoulos
e91a56117b tests: modified cwrap tests to run from different builddir 2015-11-19 14:30:48 +01:00
Nikos Mavrogiannopoulos
ba44c2a6c1 pass DPD and keepalive values to occtl 2015-11-19 12:23:37 +01:00
Nikos Mavrogiannopoulos
01a6435fad .gitlab-ci.yml: run all checks on build systems 2015-11-19 10:46:22 +01:00
Nikos Mavrogiannopoulos
345a752676 tests: converted part of the test suite to run with cwrap 
That allows several tests to run as non-root.
 2015-11-19 10:44:34 +01:00
Nikos Mavrogiannopoulos
a09d4f51ab relocated confusing message on user logged in 2015-11-19 10:09:38 +01:00
Nikos Mavrogiannopoulos
8d03519fb2 doc update 2015-11-17 11:02:26 +01:00