GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,903 Commits 19 Branches 88 Tags
9dfe964defd676068624170883e3949cd4ae5d55
Commit Graph

2903 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
9dfe964def amend: plain: avoid crash on locked accounts 
The null pointer dereference fix broke plain OTP setup of
ocserv.

Resolves #114, #137

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 14:37:42 +01:00
Nikos Mavrogiannopoulos
31854eb208 unix: corrected header size when receiving events 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-22 22:26:27 +01:00
Nikos Mavrogiannopoulos
896894a6b6 README.md: removed references to autogen 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-22 22:17:28 +01:00
Nikos Mavrogiannopoulos
5ebea1e475 doc update [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-22 19:59:12 +01:00
Nikos Mavrogiannopoulos
53a166500f Hash the peer's DTLS IP separately from its CSTP IP 
This allows keeping track of clients which have their DTLS
stream come from a different IP location than their CSTP
stream.

Relates ocserv/ocserv#61
 2018-02-22 08:25:18 -08:00
Nikos Mavrogiannopoulos
b7a14f1c4a doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-19 20:18:38 +01:00
Nikos Mavrogiannopoulos
83d37ace16 .gitlab-ci.yml: rawhide: do not rely on tcp wrappers 
They are no longer part of Fedora28.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-02-19 16:07:43 +01:00
Nikos Mavrogiannopoulos
a157fc7068 doc: clarify auth and enable-auth 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-02-19 15:41:36 +01:00
Nikos Mavrogiannopoulos
e2a0be65e4 worker: mark new UDP fd received as UDP data reception time 
That prevents errors such as switching to TCP when no UDP packets
are received immediatelly after connection establishment.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-11 12:02:30 +01:00
Nikos Mavrogiannopoulos
e61029445c gnutls: increased dependency to 3.3.0 
That way PKCS#11 reinitialization and global initialization are
implicit.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-11 12:02:30 +01:00
Nikos Mavrogiannopoulos
7d762748db .gitlab-ci.yml: corrected artifacts dir in builds 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-30 20:19:58 +01:00
Nikos Mavrogiannopoulos
553dbd3df7 ax_code_coverage: updated to latest version 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-01-29 17:10:12 +01:00
Kevin Cernekee
85fe81d0e0 Set AGENT_OPENCONNECT for Java/Android clients 
These use a slightly different User-Agent string.  If they are not
detected correctly, then IPv6-only VPNs will not work.

Since the Android bindings did not exist until 6.00, the V3 check is
unnecessary.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
 2018-01-29 12:32:45 +01:00
Nikos Mavrogiannopoulos
e6c4d5e492 bumped version 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:11:57 +01:00
Nikos Mavrogiannopoulos
dbaecfa80e doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:11:39 +01:00
Nikos Mavrogiannopoulos
760199a33c doc: man-pages are modified to be generated using ronn 
That eliminates the need for autogen and also combines
doc/sample.config and manpage contents. Now the doc/sample.config
is the primary config documentation location.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:07:18 +01:00
Nikos Mavrogiannopoulos
894cdb7a52 config: skip unknown sections 
This would allow future extensibility, by making clients which
don't support a section to skip it.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:07:18 +01:00
Nikos Mavrogiannopoulos
1b8079a11a Replaced the configuration parser with inih parser 
That eliminates the dependency on libopts as well as autogen.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:07:18 +01:00
Nikos Mavrogiannopoulos
533677bd73 ocserv: use getopt for command line parsing 
The complexity of its command line options didn't require
the use of libopts, and by eliminating that dependency for cmd
parsing, we can chose another parser for config file parsing.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:07:18 +01:00
Nikos Mavrogiannopoulos
6b7d09485e ocpasswd: removed dependency on autogen 
The complexity of its command line options didn't require
the linking to yet another library.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:07:18 +01:00
Nikos Mavrogiannopoulos
cbac133b07 .gitlab-ci.yml: added a -Werror build under F27 
That helps catch any potential issues early.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:07:18 +01:00
Nikos Mavrogiannopoulos
8ebe287f1c doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-17 20:50:54 +01:00
Nikos Mavrogiannopoulos
ee1cada66a worker: check for POLLERR condition 
When checking the events returned from poll, handle the POLLERR
condition. This fixes an infinite loop on the worker's main
loop.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-01-16 16:20:32 +01:00
Nikos Mavrogiannopoulos
ba92389b0c .gitlab-ci.yml: correctly point to scan-build artifacts 
Also added missing gperf package.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-14 19:14:56 +01:00
Nikos Mavrogiannopoulos
c578c787b2 .gitignore: ignore static libs 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-14 19:14:56 +01:00
Nikos Mavrogiannopoulos
2559d68366 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-14 19:14:56 +01:00
Daniel Lenski
fbdf8f875e Make escape_url() percent-escape fewer characters and escape ' ' as '+' 
Per RFC 3986, neither ASCII alphanumeric characters, nor any of '-', '_',
'.', '~', need to be escaped anywhere in a URL or query string.
 2018-01-13 13:11:33 -08:00
Daniel Lenski
38ebf44620 tests for unescaping decimal HTML escapes and '+' in URLs 2018-01-13 12:56:59 -08:00
Daniel Lenski
92f4d5076e Correctly unescape '+' in URLs and decimal escapes in XML (e.g. '&#32;' instead of '&#x20;') 
This patch changes only URL/XML unescaping, not escaping--changing escaping
would remove the reversibility of the tests.

I've been meaning to submit this ever since
http://lists.infradead.org/pipermail/openconnect-devel/2016-October/004042.html
but didn't have a particularly good reason.

However, I recently ran into a (weirdly-customized) version of AnyConnect which
actually sends '+' in one of the authentication forms. So this should improve
AnyConnect compatibility in some corner cases.
 2018-01-13 12:56:59 -08:00
Nikos Mavrogiannopoulos
b0f217ce43 replaced 'const static' definitions with 'static const' 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-01-12 13:45:05 +01:00
Nikos Mavrogiannopoulos
924ebdf143 configure: use the -Wextra gcc flag for warnings 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-01-12 13:43:58 +01:00
Nikos Mavrogiannopoulos
fb299001ea config: fixed incorrect sign check 
Resolves #132

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-01-12 13:39:25 +01:00
Nikos Mavrogiannopoulos
647b44343f README.md: updated link on technical info 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-07 16:47:11 +01:00
Nikos Mavrogiannopoulos
d8b507f68d updated auto-generated files 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
ocserv_0_11_10 		2018-01-07 16:36:06 +01:00
Nikos Mavrogiannopoulos
f6a6f0bc34 bumped version 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-07 16:34:37 +01:00
Nikos Mavrogiannopoulos
ea6b0d5da9 occtl: sessions: print the location when printing the remote IP 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-07 11:47:19 +01:00
Nikos Mavrogiannopoulos
4c4b60a5b6 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-07 11:43:37 +01:00
Nikos Mavrogiannopoulos
907c34c520 occtl: improved session output 
That is, do not print expiration time in sessions that are in use
(they don't expire during that time), and print whether a session
is in use.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-07 11:42:09 +01:00
Nikos Mavrogiannopoulos
a680af6a50 ocserv: improved session disconnection due to re-use messages 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-07 11:27:02 +01:00
Nikos Mavrogiannopoulos
6abd2dc5e6 occtl: introduced 'show session' option 
This allows printing information related to a session.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-07 11:15:45 +01:00
Nikos Mavrogiannopoulos
c027d4165b sec-mod: always mark an active (open) session 
Previously it was only marked when an accounting module was present,
though now that we export data to occtl, that information is useful
even without accounting module.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-07 11:15:45 +01:00
Nikos Mavrogiannopoulos
3bdd6bc7dc doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-06 18:46:05 +01:00
Nikos Mavrogiannopoulos
fbd760372c occtl: don't print compatibility fields by default 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-06 18:44:54 +01:00
Nikos Mavrogiannopoulos
b19dda27c3 sec-mod: avoid infinite loop in listing for sessions 
When having only a single expired session, the security module
could enter an infinite loop attempting to list it.

Resolves #130

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-06 18:35:27 +01:00
Nikos Mavrogiannopoulos
324f01f5ba occtl: Last-Modified session printout moved to compatibility options 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-06 18:31:27 +01:00
Nikos Mavrogiannopoulos
7a19296119 tests: updated for increase in slack time 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-06 08:55:02 +01:00
Nikos Mavrogiannopoulos
bb40586630 forward_udp_to_owner: reduce the error log severity on bind error 
There are case cases where binding on the received address is not
possible. As this is not a critical error, reduce its logging level
to info.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-01-05 15:23:24 +01:00
Nikos Mavrogiannopoulos
ac065d871b ocserv: pass cookie expiration time to occtl 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-01-05 15:21:51 +01:00
Nikos Mavrogiannopoulos
241aa06c3a occtl: ensure initialization of printed expiration and creation time 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-01-05 15:17:05 +01:00
Nikos Mavrogiannopoulos
8e3d89eca5 doc update [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-12-26 23:25:34 +01:00