ocserv

mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-03-06 06:47:41 +08:00

Author	SHA1	Message	Date
Dimitri Papadopoulos	8139e78697	Call print_single_value_int() with has_more = 1 This is not the last print. The "0" had been introduced by `722e030e`. Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-06-17 09:27:18 +02:00
Dimitri Papadopoulos	813690b9c2	radius: groups defined over multiple AVPs This helps circumvent the 253 characters limit of RADIUS string values. We distinguish between value strings that start with "OU=" and the rest: * Value strings that start with "OU=" define multiple groups in a single AVP. Here, we update the previous logic by taking into account all the AVPs. We emit a warning when discarding subsequent AVPs, but also when discarding groups within the current AVP because we have reached the maximum number of groups. * Other value strings define a single group. Here, we change the previous logic. We append to the list of groups instead of silently discarding subsequent value strings. We emit a warning when discarding AVPs because we have reached the maximum number of groups. Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com> Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-06-17 00:25:50 +02:00
Dimitri Papadopoulos	ea23edd453	seccomp: GnuTLS 3.7.3 requires open() and openat() We have added open() unconditionally, to be able to open system priority and FIPS complicance configuration files from workers. We had already added openat() unconditionally. Therefore there is no need to re-add them to read XML config files. Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-06-16 17:16:27 +02:00
Dimitri Papadopoulos	e2afd99c96	seccomp: GnuTLS 3.7.3 requires open() unconditionally Required on some version of Suse with GnuTLS 3.7.3, reportedly to open system priority and FIPS compliance configuration files: /etc/crypto-policies/back-ends/gnutls.config /proc/sys/crypto/fips_enabled Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-06-16 17:16:27 +02:00
Nikos Mavrogiannopoulos	1ca50d7337	Removed gnulib Supporting gnulib brought a whole class of problems due to its complexity. Removing its support eliminates this class of problems and simplifies the code significantly. This sets the locale explicitly on server startup to eliminate the need for custom string comparison functions. Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-06-13 16:54:38 +02:00
Nikos Mavrogiannopoulos	5c253125c8	doc update Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-06-11 13:07:38 +02:00
Kirill Ovchinnikov	85fdf7d2e6	Camouflage functionality This adds a "camouflage" functionality (looking and acting like an ordinary web server), to prevent OCserv installations from being automatically scanned or blocked with active probing techniques. Signed-off-by: Kirill Ovchinnikov <kirill.ovchinn@gmail.com>	2023-06-09 15:08:25 +02:00
Nikos Mavrogiannopoulos	1ecdf35494	NEWS: added entry for 1.1.8 [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-06-06 14:41:15 +02:00
Nikos Mavrogiannopoulos	2bdbf7927c	Revert "Update CCAN code snippets" This reverts commit `d78f57994a`. Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-05-07 14:23:33 +02:00
Nikos Mavrogiannopoulos	1bc33ad612	released 1.1.7 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2023-05-07 14:07:55 +02:00
Dimitri Papadopoulos	b43d4ce174	Fix new typo found by codespell Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-04-11 22:53:34 +02:00
Dimitri Papadopoulos	87e69fbfb7	CCAN hex: src/occtl/ → src/ccan/str/ Make clear hex.c and hex.h are vendored files from CCAN: https://github.com/rustyrussell/ccan At the same time, update to commit ba79e21 committed on 9 January 2023, for consistency with the rest of CCAN vendored files. Additionally, by including <ccan/str/hex/hex.h> instead of "hex.h", this fixes my Ubuntu 22.04 build, where including "hex.h" would include the system Kerberos file /usr/include/heimdal/hex.h instead of our local CCAN file hex.h. Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-01-29 19:32:46 +01:00
Dimitri Papadopoulos	d78f57994a	Update CCAN code snippets Latest current commit ba79e21 commited on 9 January 2023: https://github.com/rustyrussell/ccan Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-01-22 12:20:44 +01:00
Dimitri Papadopoulos	a0334733dd	Print message in case of plain authentication error Message would be emitted at LOG_NOTICE level and go unnoticed. Change to LOG_ERR. Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-01-12 10:28:51 +01:00
Dimitri Papadopoulos	92c31d1c02	inih: updated to latest version r56 Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2023-01-03 08:50:03 +01:00
Dimitri Papadopoulos Orfanos	76334ef7d9	Merge branch 'RFC9110' into 'master' Use the capitalisation of RFC 9110 in HTTP headers See merge request openconnect/ocserv!307	2022-12-31 13:58:28 +00:00
Dimitri Papadopoulos	2b899aae82	Use the capitalisation of RFC 9110 in HTTP headers Capitalisation shouldn't be an issue, yet conform to RFC 9110 for consistency: https://www.rfc-editor.org/info/rfc9110 Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2022-12-30 21:28:45 +01:00
Dimitri Papadopoulos	bf71414cf9	updated to protobuf 1.4.1 Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2022-12-30 19:12:27 +01:00
Dimitri Papadopoulos	f28669bf60	Remove spaces * Remove trailing spaces at end-of-line * Remove blank lines at end-of-file Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>	2022-11-28 11:22:33 +01:00
Nikos Mavrogiannopoulos	03b71ca57f	doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2022-11-26 16:25:21 +01:00
Nikos Mavrogiannopoulos	8b00d198d9	released 1.1.6 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2022-02-17 09:21:36 +01:00
Nikos Mavrogiannopoulos	cdcc5eda4d	doc update Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2022-02-11 11:41:58 +01:00
Nikos Mavrogiannopoulos	a2fbdabf5e	seccomp: allow futex() Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2022-02-10 15:03:23 +01:00
Nikos Mavrogiannopoulos	ed4ec0a3cb	NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2022-02-05 10:20:26 +01:00
Dimitri Papadopoulos	e51acb8c3e	Fix more typos Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2021-12-23 10:04:29 +01:00
Nikos Mavrogiannopoulos	db505b373c	Merge branch 'visual_studio_spell_checker' into 'master' Typos found by Visual Studio Code Checker See merge request openconnect/ocserv!276	2021-12-22 18:41:17 +00:00
Dimitri Papadopoulos	3a92062b44	Typos found by Visual Studio Code Checker Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2021-12-22 19:21:02 +01:00
Nikos Mavrogiannopoulos	11fdd9fb04	manpages: fixed output with ronn-ng Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2021-11-17 13:18:55 +01:00
Nikos Mavrogiannopoulos	5f943148be	NEWS: released 1.1.4 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2021-11-13 08:42:52 +01:00
Nikos Mavrogiannopoulos	3995473219	NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2021-10-31 22:26:25 +01:00
Dimitri Papadopoulos	81df79a95b	Typos found by codespell Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>	2021-10-09 17:57:11 +02:00
Nikos Mavrogiannopoulos	890a37ebea	doc update Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2021-10-07 09:34:21 +02:00
Nikos Mavrogiannopoulos	559a0f85c6	released 1.1.3 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2021-06-02 08:32:46 +02:00
Nikos Mavrogiannopoulos	750a4bfb3f	NEWS: removed X-CSTP-Lease-Duration This amends `fac0244f3e` Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2021-05-23 18:58:28 +02:00
Nikos Mavrogiannopoulos	1d32c5052e	updated NEWS for the owasp headers Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2021-05-16 21:33:42 +02:00
Nikos Mavrogiannopoulos	9f08770c08	doc update Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2021-02-04 21:58:41 +01:00
Nikos Mavrogiannopoulos	d4800b54e3	Updated NEWS Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2021-02-03 20:36:11 +01:00
Nikos Mavrogiannopoulos	bbaf5125e1	released 1.1.2 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-12-06 14:00:50 +01:00
Nikos Mavrogiannopoulos	5cf457b425	Removed the listen-clear-file config option This option was almost impossible to use in general and worked with very few clients only (not including openconnect). That also meant that it could not be tested. Removed to reduce maintenance to parameters that are used in practice. Resolves: #376 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-12-03 10:04:57 +01:00
Nikos Mavrogiannopoulos	37856ba314	doc update Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-10-19 21:38:35 +02:00
Alan Jowett	3436705a9c	Allow setup of new DTLS session while processing on old session Resolves: #359 Signed-off-by: Alan Jowett alan.jowett@microsoft.com	2020-10-19 10:36:03 -06:00
Nikos Mavrogiannopoulos	e7233819da	inih: increased max line size This also removes the stop on first error directive which was set but not used for very long time. Resolves: #364 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-10-18 13:30:00 +02:00
Nikos Mavrogiannopoulos	f8ff70a098	NEWS: updated Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-10-02 21:56:48 +02:00
Alan Jowett	12c3d62276	Stop listening on ocserv-sm socket on error to prevent looping. Resolves #356 Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>	2020-09-29 22:51:52 +02:00
Nikos Mavrogiannopoulos	b9f8ea6b6c	bumped version for 1.1.1 release Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-09-21 12:21:21 +02:00
Nikos Mavrogiannopoulos	6be284dd63	radius: ignore redundant group class This ignores any items following the first group class attribute. Resolves: #332 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-09-03 14:35:31 +02:00
Alan Jowett	945699097d	Modify ocserv-sm to permit it to scale up to the number of CPUs. This permits a higher rate of client connections and prevents TLS signing from becoming a bottleneck for clients connecting. Resolves: #341 Signed-off-by: Alan Jowett <alanjo@microsoft.com>	2020-08-26 09:46:04 -06:00
Nikos Mavrogiannopoulos	2f9d534e2c	NEWS: corrected issue number [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-07-30 22:41:14 +02:00
Nikos Mavrogiannopoulos	9460367822	Added the config option of a pre-login banner Resolves: #313 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-07-27 22:15:12 +02:00
Nikos Mavrogiannopoulos	8aa39b0106	Improved user disconnection to avoid race conditions Previously when we were disconnecting a user there were few seconds after which the cookie was still valid, so a reconnect would succeed by the same user. This change ensures that a disconnected (via occtl) user cannot re-use the same cookie to connect. That enables a safe user removal from the authentication database, and from run-time. Resolves: #59 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-07-25 21:38:55 +02:00

1 2 3 4 5 ...

503 Commits