GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,509 Commits 19 Branches 88 Tags
80fd3293b2301134b6d8d51400b18d8acb0a3992
Commit Graph

3509 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
80fd3293b2 Merge branch 'tmp-ignore-self-test' into 'master' 
cppcheck: ignore SELF_TEST in ccan/hash

See merge request openconnect/ocserv!269
 2021-09-14 07:15:50 +00:00
Nikos Mavrogiannopoulos
807250f78e cppcheck: ignore SELF_TEST in ccan/hash 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-09-13 22:17:57 +02:00
Luo Bo
ec14f60b79 seccomp: Add epoll_pwait to allow list. AArch64 requires this. 
Signed-off-by: Luo Bo <luobodi@hotmail.com>
 2021-09-13 22:07:08 +02:00
Nikos Mavrogiannopoulos
664d88d84e README.md: updated [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-23 09:17:56 +02:00
Nikos Mavrogiannopoulos
644873f5a9 README.md: updated [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-23 09:16:35 +02:00
Nikos Mavrogiannopoulos
45fcdbf0b3 Merge branch 'tmp-log-simple' into 'master' 
Clean ups on logging

See merge request openconnect/ocserv!266
 2021-06-12 21:11:30 +00:00
Nikos Mavrogiannopoulos
3c783faaa2 .gitlab-ci.yml: removed epel RPM builds on second stage 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 22:55:19 +02:00
Nikos Mavrogiannopoulos
add3272c1d disable_system_calls: added newfstatat unconditionally 
It is required in newer glibc.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 22:23:36 +02:00
Nikos Mavrogiannopoulos
4bfb42cb34 pcl: removed code causing use-after-free 
Found by static analyzer.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 21:46:28 +02:00
Nikos Mavrogiannopoulos
173b5abd56 .gitlab-ci.yml: updated fedora image name 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 21:42:51 +02:00
Nikos Mavrogiannopoulos
29995ebd43 log: simplified logging process 
This combines duplicate logic, and allows uncovering errors
when the wrong log level is specified.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 21:42:51 +02:00
Nikos Mavrogiannopoulos
bcf6ed7204 worker: minor improvements in log messages 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 21:42:21 +02:00
Nikos Mavrogiannopoulos
6daa24f010 worker: correct log message 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 10:16:27 +02:00
Nikos Mavrogiannopoulos
559a0f85c6 released 1.1.3 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
1.1.3 		2021-06-02 08:32:46 +02:00
Nikos Mavrogiannopoulos
750a4bfb3f NEWS: removed X-CSTP-Lease-Duration 
This amends fac0244f3e

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-23 18:58:28 +02:00
Nikos Mavrogiannopoulos
60af6e3f6a Merge branch 'do_not_set_X-CSTP-Lease-Duration_header' into 'master' 
Do not set X-CSTP-Lease-Duration header

See merge request openconnect/ocserv!265
 2021-05-22 18:17:29 +00:00
Daniel Lenski
fac0244f3e Do not set X-CSTP-Lease-Duration header 
This header was added in dd34f85875.
The intention was to allow clients to accurately determine the remaining
lifetime of the authentication session by replicating the headers that Cisco
servers were observed to send. See https://gitlab.com/openconnect/openconnect/-/merge_requests/156
for the client-side implementation in OpenConnect.

However, two users of ocserv have now reported that the *presence* of this
header *breaks* compatibility with newer Cisco AnyConnect clients
(https://gitlab.com/openconnect/ocserv/-/issues/414#note_581221384,
https://gitlab.com/openconnect/ocserv/-/issues/232#note_477714207).

This patch removes the `X-CSTP-Lease-Duration` header, while leaving behind
the `X-CSTP-Session-Timeout` and `X-CSTP-Session-Timeout-Remaining` headers.
With

(a) Cisco AnyConnect clients are able to correct (tested at
    https://gitlab.com/openconnect/ocserv/-/issues/414#note_581563460)
(b) OpenConnect clients are still able to determine the authentication session
    lifetime (https://gitlab.com/openconnect/ocserv/-/issues/414#note_582314323)

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
 2021-05-22 10:32:52 -07:00
Nikos Mavrogiannopoulos
b37544b513 Merge branch 'refactorlogging' into 'master' 
Separated logging level from debug-ability

See merge request openconnect/ocserv!262
 2021-05-18 18:38:50 +00:00
Russell Young
658ffb47df Separated logging level from debug-ability 
Modified code to separate logging level from the debug-ability. Added new command line option -x or --traceable to control the pr_dumpable state (default is pr_dumpable false) Added config parameter for controlling the log-level the option is "log-level" it can also be specified on the commandline with -d or --debug.

Signed-off-by: Russell Young <ruyoung@microsoft.com>
 2021-05-18 18:38:49 +00:00
Nikos Mavrogiannopoulos
797d6f75d0 Merge branch 'bypass-protocol' into 'master' 
add client-bypass-protocol config option

Closes #407

See merge request openconnect/ocserv!261
 2021-05-18 07:15:43 +00:00
fdomain
b3fe0d85c2 Added client-bypass-protocol config option 
By default, anyconnect clients will drop all traffic of a given IP
version if there is no IP address in that version assigned to the
client. The client-bypass-protocol option, if enabled, will send an
extra header to the clients telling anyconnect client to bypass VPN
tunnel if there is no IP assigned. No impact for openconnect clients,
this header will simply be ignored.

Signed-off-by: Florian Domain <f.domain@criteo.com>
 2021-05-18 07:15:43 +00:00
Nikos Mavrogiannopoulos
4eb211d8d0 Merge branch 'tmp-minimal-fix' into 'master' 
.gitlab-ci.yml: merged options from minimal and Ubuntu minimal

See merge request openconnect/ocserv!264
 2021-05-16 21:27:05 +00:00
Nikos Mavrogiannopoulos
3d5981c0f2 .gitlab-ci.yml: enabled more tests on ubuntu20.04 minimal 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-16 22:43:46 +02:00
Nikos Mavrogiannopoulos
59e4539736 .gitlab-ci.yml: merged options from minimal and Ubuntu minimal 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-16 22:19:00 +02:00
Nikos Mavrogiannopoulos
1d32c5052e updated NEWS for the owasp headers 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-16 21:33:42 +02:00
Nikos Mavrogiannopoulos
2584222a3f Merge branch 'owasp-headers' into 'master' 
Owasp headers

See merge request openconnect/ocserv!263
 2021-05-14 17:41:14 +00:00
Russ Young
1d5b699e49 Changed mode 2021-05-12 13:27:35 -06:00
Russ Young
c4bc01766d Removed conditional code for OWASP headers 2021-05-12 11:56:09 -06:00
Russ Young
065f51e6af Added build flags and Test for OWASP headers 2021-04-20 11:55:28 -06:00
Russ Young
f3e23793a7 Added the default OWASP http headers to http responses. 2021-04-14 13:59:04 -06:00
Nikos Mavrogiannopoulos
415a6bce7b Merge branch 'tmp-coverity-fixes' into 'master' 
Include fixes identified by coverity

See merge request openconnect/ocserv!260
 2021-04-02 18:56:09 +00:00
Nikos Mavrogiannopoulos
3f0ece492f set_self_oom_score_adj: corrected error handling 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-04-01 17:16:12 +02:00
Nikos Mavrogiannopoulos
2d1bd947e2 ctl_handler_init: fixed resource leaks 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-04-01 17:09:25 +02:00
Nikos Mavrogiannopoulos
6677ac04fa occtl: fixed uninitialized value 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-04-01 14:52:27 +02:00
Nikos Mavrogiannopoulos
b1c9573ce0 Merge branch 'lognoise' into 'master' 
Changes offensive messages. Reduced log noise

See merge request openconnect/ocserv!259
 2021-03-12 19:30:39 +00:00
Russ Young
cbd858081e Changed logging level to reduce noise. 2021-03-01 10:42:43 -07:00
Russ Young
7864798b59 Changed logging levels to reduce noise. 2021-03-01 10:41:30 -07:00
Russ Young
e9ddacde59 Changes offensive messages. 
Changed noisy messages to be logged at LOG_DEBUG level.
 2021-02-24 11:45:36 -07:00
Alan Jowett
25e899017a Merge branch 'cookie-httponly' into 'master' 
Added HttpOnly flag to cookie

See merge request openconnect/ocserv!258
 2021-02-22 16:25:42 +00:00
Russ Young
90e08cc12d Added HttpOnly flag to cookie 2021-02-17 12:15:09 -07:00
Nikos Mavrogiannopoulos
3e47d192ed Merge branch 'openbsd-devname' into 'master' 
OpenBSD Devname changes

Closes #399

See merge request openconnect/ocserv!256
 2021-02-11 10:24:31 +00:00
Jake S
a2775715ec OpenBSD Devname changes 2021-02-10 22:17:46 +00:00
Nikos Mavrogiannopoulos
7c81ba20f4 Merge branch 'dtls-fix-memory-corruption' into 'master' 
dtls connection setup: fix memory corruption, proper watcher setup

See merge request openconnect/ocserv!255
 2021-02-10 20:48:42 +00:00
Stefan Bühler
4cea55c6d6 dtls connection setup: fix memory corruption, proper watcher setup 
ev_init and ev_io_set must never be called on active watchers - we
need to cleanup previous connection state before setting a new one.

ev_init clears the "active" flag, but doesn't remove the watcher from
libev internal linked lists (and doesn't clear the "next" pointer for
it).  This can for example lead to (unexpected) cyclic lists in libev,
and libev can loop forever trying to deal with them.
 2021-02-10 13:23:42 +01:00
Nikos Mavrogiannopoulos
9f08770c08 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-02-04 21:58:41 +01:00
Nikos Mavrogiannopoulos
289ce060dc Merge branch 'issue400' into 'master' 
Close fd and stop ev_io on failed handshake.

Closes #400

See merge request openconnect/ocserv!253
 2021-02-04 20:56:06 +00:00
Alan Jowett
c53cc97395 Close fd and stop ev_io on failed handshake. 
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2021-02-04 10:18:34 -07:00
Nikos Mavrogiannopoulos
d4800b54e3 Updated NEWS 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-02-03 20:36:11 +01:00
Nikos Mavrogiannopoulos
ae049ee9ab Merge branch 'tmp-394' into 'master' 
Change how stdin and stdout are closed

Closes #394

See merge request openconnect/ocserv!252
 2021-01-31 19:43:15 +00:00
Nikos Mavrogiannopoulos
9d3ac17073 Change how stdin and stdout are closed 
We only close the descriptors on the main process
as this could close other unrelated descriptors.

Resolves: #394

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-01-25 21:19:40 +01:00