ocserv

mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00

Author	SHA1	Message	Date
Nikos Mavrogiannopoulos	21e35358b4	tests: improved radius log presentation Include the radiusd output with debugging information on stdout for the radius tests. This allows better visibility to potential configuration issues of radiusd. Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-29 16:38:03 +01:00
Dimitri Papadopoulos	df6a3c2abe	Further improvements to arguments of AC_INIT The first argument is the full package name. Change it to match the GitLab home page and documentation: ocserv → OpenConnect VPN Server The package tarname differs from the package name: the latter designates the full package name, while the former is the distribution tarball name. Because the tarname cannot be inferred from the newly modified full package name, we have to set it explicitly: ocserv The last argument url should be the home page for the package. Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-12-29 15:34:20 +01:00
Dimitri Papadopoulos	f6f4c260c3	Avoid Autoconf warning The warning is: configure.ac:94: warning: gl_HOST_CPU_C_ABI_32BIT is m4_require'd but not m4_defun'd The reason was that m4/lib-prefix.m4 was missing this depedency: m4/host-cpu-c-abi.m4 Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-12-29 14:48:28 +01:00
Nikos Mavrogiannopoulos	6ac5c62d08	.triage-policies.yml: reduce the time for closing old MRs Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-27 19:43:04 +01:00
Nikos Mavrogiannopoulos	135a60e2b6	key_cb_common_func: do not issue error about connecting to sec-mod This avoids noise during startup. Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-24 13:41:33 +01:00
Nikos Mavrogiannopoulos	5fa9724955	Merge branch 'second' into 'master' Use proper SI symbols See merge request openconnect/ocserv!394	2023-12-24 10:32:20 +00:00
Dimitri Papadopoulos	715b9b2ea1	Use proper symbol for second, prefix for kilo The SI symbol for second is s: https://www.bipm.org/en/si-base-units/second The SI prefix for a multiplying factor of 10³ is k: https://www.bipm.org/en/measurement-units/si-prefixes Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-12-24 10:40:21 +01:00
Nikos Mavrogiannopoulos	1507742896	Merge branch 'bug-report' into 'master' Modify bug-report argument of AC_INIT See merge request openconnect/ocserv!401	2023-12-24 08:52:54 +00:00
Nikos Mavrogiannopoulos	6fb5983082	Merge branch 'syslog_stderr' into 'master' Fix logging to stderr See merge request openconnect/ocserv!400	2023-12-24 08:50:32 +00:00
Dimitri Papadopoulos	eeac272832	Get rid of obsolescent AM_PROG_CC_C_O From the Automake manual: This is an obsolescent macro that checks that the C compiler supports the -c and -o options together. Note that, since Automake 1.14, the AC_PROG_CC is rewritten to implement such checks itself, and thus the explicit use of AM_PROG_CC_C_O should no longer be required. Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-12-23 23:17:45 +01:00
Dimitri Papadopoulos	54818f3b67	Fix logging to stderr While each `syslog()` adds a new entry to the system log, `fprintf(stder, ...)` does not automatically add a newline to distinguish between entries. We need to add the newline ourselves. We tried to make _oc_syslog() as atomic as possible in the context of a multi-process daemonn by keeping a single `fprtinf()` call. Probably not perfect, but the best we can do when printing to stderr instead of using the system logger. Works only with the GNU C or compatible compiler. Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-12-23 23:17:41 +01:00
Dimitri Papadopoulos	443a4ea795	Modify bug-report argument of AC_INIT The third argument of the Autoconf macro AC_INIT() is bug-report. The Autoconf 2.61 manual states this should be an email: The optional argument bug-report should be the email to which users should send bug reports. The Autoconf 2.68 manual relaxes the requirement by adding: AC_PACKAGE_BUGREPORT, PACKAGE_BUGREPORT Exactly bug-report, if one was provided. Typically an email address, or URL to a bug management web page. Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-12-23 13:01:00 +01:00
Nikos Mavrogiannopoulos	a000f32daf	Merge branch 'ff57a148' into 'master' Add missing entry in NEWS See merge request openconnect/ocserv!398	2023-12-23 11:09:56 +00:00
Nikos Mavrogiannopoulos	f7da007da8	Merge branch 'servers' into 'master' Minor typo See merge request openconnect/ocserv!399	2023-12-22 18:25:53 +00:00
Dimitri Papadopoulos	8a61a68f06	More missing entries in NEWS Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-12-22 15:59:13 +01:00
Dimitri Papadopoulos	311433b4db	Minor typo Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-12-22 15:56:47 +01:00
Dimitri Papadopoulos	2f2346c625	Add missing entry in NEWS For `ff57a148` / !397. Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-12-20 22:09:58 +01:00
Nikos Mavrogiannopoulos	1792d3d00f	Merge branch 'authgroup' into 'master' Fix openconnect --authgroup option in tests See merge request openconnect/ocserv!395	2023-12-20 19:31:08 +00:00
Dimitri Papadopoulos Orfanos	77098a7d98	Merge branch 'master' into 'master' Added /VPNManifest.xml to AnyConnect urls for Cisco AnyConnect Linux clients See merge request openconnect/ocserv!397	2023-12-20 17:05:44 +00:00
Rob van Oostenrijk	ff57a14824	Added /VPNManifest.xml to AnyConnect urls for Cisco AnyConnect Linux clients Signed-off-by: Rob van Oostenrijk <rob.vanoostenrijk@emirates.com>	2023-12-20 19:14:34 +04:00
Dimitri Papadopoulos	7d6213a0d0	Fix openconnect --authgroup option in tests Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-12-20 13:34:31 +01:00
Nikos Mavrogiannopoulos	d504ba832b	sample.config: added warning for compression [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-19 22:36:33 +01:00
Nikos Mavrogiannopoulos	675c1280a8	added missing NEWS entry [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-17 21:50:36 +01:00
Nikos Mavrogiannopoulos	0f5ba83f76	released 1.2.3 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> 1.2.3	2023-12-17 12:26:58 +01:00
Nikos Mavrogiannopoulos	639a381a0d	subconfig: eliminated informational messages with little value Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-17 11:18:53 +01:00
Nikos Mavrogiannopoulos	161523dad1	config: do not print informational messages on worker load Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-17 11:18:53 +01:00
Stefan Bühler	b670a323b3	Log assigned IP addresses with NOTICE * Client IPs are essential for abuse handling * NOTICE instead of INFO means they will be logged by default Signed-off-by: Stefan Bühler <source@stbuehler.de>	2023-12-17 11:18:53 +01:00
Nikos Mavrogiannopoulos	e44cc6fd78	Separated logging for worker and main and oc_syslog() respects log-level This makes oc_syslog respect the configured log-level. This also introduces a clear separation of the logging function between the two processes. Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-17 11:18:47 +01:00
Nikos Mavrogiannopoulos	f0067ae0ea	Cleanup of the logging subsystem; allow logging to stderr only Separated the logging logically from any remaining debugging features. Introduced command line option for logging to stderr only (for systemd and containers). The default log level is set to (2) info. Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-15 13:04:40 +01:00
Nikos Mavrogiannopoulos	39f274fb01	doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-14 14:16:05 +01:00
Nikos Mavrogiannopoulos	5779a9cac1	Merge branch 'IPv6_for_unknown_agents' into 'master' Don't disable IPv6 for unknown client agents See merge request openconnect/ocserv!377	2023-12-14 12:52:22 +00:00
Daniel Lenski	44fe565dbd	Remove obsolete comment ocserv has sent IPv6 DNS/routes to AnyConnect clients since `e9b79254e7`, but this comment was inadvertently retained. Signed-off-by: Daniel Lenski <dlenski@gmail.com>	2023-12-14 13:31:06 +01:00
Nikos Mavrogiannopoulos	c1a6f2b04a	Added test for IPv6 routes in openconnect v3 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-14 13:28:56 +01:00
Daniel Lenski	8b8a1a7b53	Don't disable IPv6 for unknown client agents We are now planning to change the default HTTP user-agent string in the OpenConnect client. In order to improve compatibility with Cisco servers, it needs to start with `AnyConnect`; likely, the complete prefix will be `AnyConnect-compatible OpenConnect VPN Agent`. (Details in https://gitlab.com/openconnect/openconnect/-/merge_requests/497) ocserv treats clients differently depending on their user-agent strings: 1. ocserv makes simplifications/accommodations in its authentication flow to accommodate old versions of OpenConnect (`AGENT_OPENCONNECTV3`). https://gitlab.com/openconnect/ocserv/-/blob/master/src/worker-auth.c 2. `ocserv` entirely disables IPv6 for old versions of OpenConnect (`AGENT_OPENCONNECTV3`) and for unknown client software (`AGENT_UNKNOWN`). https://gitlab.com/openconnect/ocserv/-/blob/master/src/worker-vpn.c#L2123-2136 At this point, ocserv seems to be aware of a reasonably-complete list of compatible client software: AnyConnect, OpenConnect, Clavister OneConnect, AnyLink, and Cisco SVC IPPhone. Among these, only old OpenConnect clients are known to require special handling to unconditionally disable IPv6. This patch modifies ocserv so that the IPv6 is disabled only for old OpenConnect clients, and not for unknown clients. This should make the transition to OpenConnect's modified UA string go more smoothly. This should also improve "future-proofness" generally. Accommodations for buggy clients should specifically list the affected clients, rather than include unknown clients, since unknown clients are most likely to be newer clients, in which bugs and incompatibilities may have been fixed. Signed-off-by: Daniel Lenski <dlenski@gmail.com>	2023-12-14 13:28:01 +01:00
Nikos Mavrogiannopoulos	aaf2a53246	Improve graceful termination Wait for all processes to terminate within 5 seconds, and report the number of processes that did not terminate. Resolves: #563 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-13 23:02:07 +01:00
Nikos Mavrogiannopoulos	eb011030d5	lzs: sync with version from openconnect Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-12 15:18:01 +01:00
Nikos Mavrogiannopoulos	6e05add266	code coverage: work with lcov 2.0 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-12 11:27:53 +01:00
Nikos Mavrogiannopoulos	86cd25dafb	sample.config: further clarify RX and TX meaning [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-10 02:11:13 +01:00
Nikos Mavrogiannopoulos	d192340484	sample.config: clarified RX and TX meaning [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-07 16:06:14 +01:00
Dimitri Papadopoulos Orfanos	a711aa4a22	Merge branch 'libexec' into 'master' bin/ocserv-fw → libexec/ocserv-fw Closes #78 See merge request openconnect/ocserv!388	2023-12-06 17:51:37 +00:00
Dimitri Papadopoulos Orfanos	69f7c0845d	Merge branch 'PRIu64' into 'master' Avoid compiler warning on 32-bit Linux See merge request openconnect/ocserv!391	2023-12-06 17:49:58 +00:00
Dimitri Papadopoulos Orfanos	db4caaefb0	Merge branch 'MAX_IP_STR' into 'master' MAX_IP_STR → INET6_ADDRSTRLEN / INET_ADDRSTRLEN Closes #556 See merge request openconnect/ocserv!382	2023-12-06 17:49:29 +00:00
Nikos Mavrogiannopoulos	30cf47ad60	sample.config: set default logging priority to 2 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-06 16:47:00 +01:00
Nikos Mavrogiannopoulos	bdc4d5988a	.triage-policies.yml: close merge requests without update for a year Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-12-06 16:43:26 +01:00
Dimitri Papadopoulos	99dfdb3b8f	Avoid compiler warning on 32-bit Linux From i386/Debian CI jobs: warning: format '%ld' expects argument of type 'long int', but argument 4 has type 'uint64_t' {aka 'long long unsigned int'} [-Wformat=] snprintf(output, output_size, "%ldms", microseconds / 1000); ~~^ ~~~~~~~~~~~~~~~~~~~ %lld Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-12-06 15:50:46 +01:00
Dimitri Papadopoulos	00ad2b7611	Move macros at the top of the header file Macros are usually defined at the top. In this specififc file, all other macros are already at the top. Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-12-06 15:20:12 +01:00
Dimitri Papadopoulos	f3ded6f3ae	MAX_IP_STR → INET6_ADDRSTRLEN / INET_ADDRSTRLEN Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-12-06 15:08:02 +01:00
Dimitri Papadopoulos	8ada82ff5c	bin/ocserv-fw → libexec/ocserv-fw Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-11-28 21:57:02 +01:00
Dimitri Papadopoulos Orfanos	a3ff6864b9	Merge branch 'fix_clean_all_rules' into 'master' Fix clean_all_rules bug on multiple devices See merge request openconnect/ocserv!384	2023-11-27 21:35:39 +00:00
Gennady Sadchikov	392a6542d3	Fixed clean_all_rules logic on multiple similar devices Signed-off-by: Gennady Sadchikov <dessolo@mail.ru>	2023-11-27 15:29:42 +03:00

1 2 3 4 5 ...

3888 Commits