GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,348 Commits 19 Branches 88 Tags
80babceacf119de408983adf3fa7cffa4aacfcdf
Commit Graph

3348 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
William Dauchy
80babceacf listen-netns: fix worker case for DTLS 
while using udp, we later open a file descriptor for the worker. With a
listen netns config, I overlooked this case which oblige me to move the
struct containing the file descriptor in the main one. Then I can access
them from each worker to make it possible to open the socket in the
correct netns. I also need to keep the netns fd open during the whole
life of the process.

the issue was not visible on a tcp-only case, but while using udp you
can see logs such as:

main[user]: x.x.x.x:54024 bind UDP to 0.0.0.0:443: Cannot assign requested address
worker[user]: x.x.x.x setting up DTLS-PSK connection
main[user]: x.x.x.x:54024 bind UDP to 0.0.0.0:443: Cannot assign requested address

update tests to reflects that:
- instead of creating our own netns, use the one created in common.sh
- we start server in ns1, but listen in ns2, and test client from ns3
  (we don't want to listen in ns1 to test listen-ns)

Signed-off-by: William Dauchy <w.dauchy@criteo.com>
 2020-09-20 21:49:08 +02:00
Nikos Mavrogiannopoulos
8f6ff20f66 Merge branch 'minor' into 'master' 
cosmetic fixes for rx/tx per sec limit

See merge request openconnect/ocserv!214
 2020-09-16 12:17:06 +00:00
Yousong Zhou
c47911a7d0 Fix typo in comment of sample config 
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
 2020-09-15 19:14:50 +08:00
Yousong Zhou
5cb41a570b Fix display of rx/tx per sec limit 
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
 2020-09-15 19:14:37 +08:00
Nikos Mavrogiannopoulos
f1c093f8a8 Merge branch 'tmp-ocserv-group' into 'master' 
radius: ignore redundant group class

Closes #332

See merge request openconnect/ocserv!213
 2020-09-07 18:05:06 +00:00
Nikos Mavrogiannopoulos
6be284dd63 radius: ignore redundant group class 
This ignores any items following the first group class attribute.

Resolves: #332

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-09-03 14:35:31 +02:00
Nikos Mavrogiannopoulos
dbbf7fe3e0 ns.sh: conditionally call IP with NSNAME3 route 
This fixes operation in Fedora 32.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-09-03 14:34:03 +02:00
Alan Jowett
5b3b8e8d33 Merge branch 'issue345' into 'master' 
Stop accepting new TCP connections when the server is at maximum active connection capacity & add support for gracefully stopping the server.

Closes #345

See merge request openconnect/ocserv!212
 2020-09-02 14:51:05 +00:00
Alan Jowett
77dfa36c71 Stop accepting new TCP connections when the server is at maximum active connection capacity. 
Add support for gracefully stopping the server.
Add primer on using ocserv with L3 load balancer.

Resolves: #345

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-08-28 16:01:35 -06:00
Alan Jowett
e5191bf4f3 Merge branch 'issue341' into 'master' 
Modify ocserv-sm to permit it to scale up to the number of CPUs. This permits...

Closes #341

See merge request openconnect/ocserv!210
 2020-08-26 16:44:43 +00:00
Alan Jowett
945699097d Modify ocserv-sm to permit it to scale up to the number of CPUs. This permits a higher rate of client connections and prevents TLS signing from becoming a bottleneck for clients connecting. 
Resolves: #341

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-08-26 09:46:04 -06:00
Nikos Mavrogiannopoulos
44a1357083 Merge branch 'tmp-domain-suffix' into 'master' 
sample.config: documented how to specify multiple default domains

Closes #328

See merge request openconnect/ocserv!206
 2020-08-10 18:44:07 +00:00
Nikos Mavrogiannopoulos
e5fced512f Merge branch 'tmp-test-updates2' into 'master' 
tests: eliminate legacy docker tests

See merge request openconnect/ocserv!209
 2020-08-09 20:13:31 +00:00
Nikos Mavrogiannopoulos
d0a509c6c3 tests: introduced new proxy protocol tests 
This replaces the old no longer used "docker-tests".

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 21:32:27 +02:00
Nikos Mavrogiannopoulos
5021c994db tests: always use @ISOLATE_WORKERS@ 
Now all tests configs are being auto-generated, so this variable
will be replaced.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 19:56:37 +02:00
Nikos Mavrogiannopoulos
8f3dd01483 sample.config: disable all legacy TLS versions by default 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 18:41:24 +02:00
Nikos Mavrogiannopoulos
c914b8d398 Merge branch 'tmp-test-updates' into 'master' 
test updates

Closes #340

See merge request openconnect/ocserv!207
 2020-08-09 16:39:57 +00:00
Nikos Mavrogiannopoulos
d84272ffed tests: added test for ping-leases 
Resolves: #340

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 17:59:04 +02:00
Nikos Mavrogiannopoulos
b2c0c6c1cf tests: replaced explicit ports with random assignment 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 13:14:22 +02:00
Nikos Mavrogiannopoulos
f814cf851b tests: added session resumption test 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 11:54:04 +02:00
Nikos Mavrogiannopoulos
edbb1e7111 sample.config: documented how to specify multiple default domains 
It is possible to specify multiple domains in X-CSTP-Default-Domain for
openconnect clients; make sure that this is documented.

Resolves: #328

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-06 20:57:22 +02:00
Nikos Mavrogiannopoulos
ae9f299b0f Merge branch 'tmp-warn-in-password-auth' into 'master' 
config: error when multiple password authentication methods are present

See merge request openconnect/ocserv!205
 2020-08-06 11:10:53 +00:00
Nikos Mavrogiannopoulos
c3e62fe7a3 Merge branch 'tmp-enable-asan' into 'master' 
.gitlab-ci.yml: reenable address sanitizer

See merge request openconnect/ocserv!202
 2020-08-06 11:10:13 +00:00
Nikos Mavrogiannopoulos
0ecef93423 .gitlab-ci.yml: reenable address sanitizer 
This disables all the tests that use LD_PRELOAD, and thus limits
the test suite on the tests that are run as root.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-05 23:08:43 +02:00
Nikos Mavrogiannopoulos
7a7d432d0f use REMOTE_HOSTNAME to pass the user's advertised hostname 
The previously used HOSTNAME variable is being overriden by bash and
thus was not a reliable one. We switch to setting REMOTE_HOSTNAME,
but keep the HOSTNAME for compatibility.

This also changes 'test-pass-script' to check for the new variable.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-05 23:05:24 +02:00
Nikos Mavrogiannopoulos
08c0eecc85 config: error when multiple password authentication methods are present 
This prevents starting a server with an invalid configuration.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-05 22:46:24 +02:00
Nikos Mavrogiannopoulos
df61f59e3e config: better debug messages on default vhost 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-05 22:26:49 +02:00
Nikos Mavrogiannopoulos
9ce249e583 Merge branch 'tmp-update-contribution-guide' into 'master' 
CONTRIBUTING.md: added more detailed contribution rules

See merge request openconnect/ocserv!204
 2020-08-05 05:08:34 +00:00
Nikos Mavrogiannopoulos
24a9945e0d CONTRIBUTING.md: added more detailed contribution rules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-04 23:38:20 +02:00
Nikos Mavrogiannopoulos
91712b3420 test-script-multi-user: do not run under asan 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-04 22:48:33 +02:00
Nikos Mavrogiannopoulos
99fd5d7263 test-pass-script: introduced more sophisticated timeouts 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-04 22:48:33 +02:00
Nikos Mavrogiannopoulos
d2a9f6b5de occtl: free the talloc pool on exit 
This eliminates any memory leaks pointed by asan.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-04 22:48:33 +02:00
Nikos Mavrogiannopoulos
e379b5075a snapshot: clear htable on cleanup 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-03 21:58:18 +02:00
Nikos Mavrogiannopoulos
7a3475951f Merge branch 'tmp-introduce-clang' into 'master' 
.gitlab-ci.yml: introduced clang compilation

See merge request openconnect/ocserv!203
 2020-08-03 13:36:15 +00:00
Nikos Mavrogiannopoulos
0fa951a06b .gitlab-ci.yml: introduced clang compilation 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-03 14:54:59 +02:00
Nikos Mavrogiannopoulos
0aed7584d9 Merge branch 'tmp-add-x86' into 'master' 
.gitlab-ci.yml: added i386 build

See merge request openconnect/ocserv!158
 2020-07-31 12:31:53 +00:00
Nikos Mavrogiannopoulos
1759bfdc4f .gitlab-ci.yml: added i386 build 
This introduces an i386 CI build to catch issues that relate
to 32-bit systems.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-31 13:50:37 +02:00
Nikos Mavrogiannopoulos
2f9d534e2c NEWS: corrected issue number [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-30 22:41:14 +02:00
Nikos Mavrogiannopoulos
9ac1be83cd README.md: removed unnecessary dependency [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-30 09:19:57 +02:00
Nikos Mavrogiannopoulos
8934be816c Merge branch 'issue326' into 'master' 
Pass the hostname to ocserv-main after receiving the connect request.

Closes #326

See merge request openconnect/ocserv!200
 2020-07-29 17:13:21 +00:00
Nikos Mavrogiannopoulos
ce1911ffca .gitlab-ci.yml: added auto-triage rules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-28 21:39:28 +02:00
Alan Jowett
34eab81339 Resolves: #326 
Pass the hostname to ocserv-main after receiving the connect request.

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-07-28 13:37:20 -06:00
Nikos Mavrogiannopoulos
68eccaedf7 sample.config: documented host-update-script and added unit test 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-28 20:12:52 +02:00
Nikos Mavrogiannopoulos
2b4251eba7 Merge branch 'tmp-banner2' into 'master' 
Added the config option of a pre-login banner

Closes #313

See merge request openconnect/ocserv!199
 2020-07-27 20:56:22 +00:00
Nikos Mavrogiannopoulos
9460367822 Added the config option of a pre-login banner 
Resolves: #313

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-27 22:15:12 +02:00
Nikos Mavrogiannopoulos
fc842a8d5d Merge branch 'tmp-disconnect-user2' into 'master' 
Race free disconnection of a connected user with occtl

Closes #59

See merge request openconnect/ocserv!198
 2020-07-26 11:11:08 +00:00
Nikos Mavrogiannopoulos
8aa39b0106 Improved user disconnection to avoid race conditions 
Previously when we were disconnecting a user there were few seconds
after which the cookie was still valid, so a reconnect would succeed
by the same user. This change ensures that a disconnected (via occtl)
user cannot re-use the same cookie to connect. That enables a safe
user removal from the authentication database, and from run-time.

Resolves: #59

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 21:38:55 +02:00
Nikos Mavrogiannopoulos
f100dcfa9a occtl: corrected error code on failed commands 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 00:30:52 +02:00
Nikos Mavrogiannopoulos
e677c8b536 common: added textual description to all messages 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 00:30:52 +02:00
Nikos Mavrogiannopoulos
d0a12f6d8e .gitlab-ci.yml: coverity: use centos8 image 
This addresses incompatibilities with Fedora32.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 00:30:19 +02:00