GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,327 Commits 19 Branches 88 Tags
ae9f299b0fc4ece25a790b2a035c32be6272dd2c
Commit Graph

3327 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
9ae0c9831d NEWS: doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-03 18:25:53 +02:00
Nikos Mavrogiannopoulos
9210852bb5 Merge branch '#312' into 'master' 
OpenBSD lacks support for procfs

See merge request openconnect/ocserv!184
 2020-07-03 16:21:05 +00:00
Alan Jowett
be17dac16f OpenBSD lacks support for procfs 
Based on
60641282df.

Snapshot of config files are used to ensure that ocserv-sm and
ocserv-worker remain in sync. These snapshots are anonymous files that
are passed via a file descriptor. A worker creates a new file
description and file descriptor by using open(2) on /proc/self/fd.
Unfortunately OpenBSD lacks support for procfs.

Instead of using snapshot of config files let workers use the config
files.

While here add a note to README.md about this limitation, and add a CI
run (from @nmav).

Signed-off-by: Björn Ketelaars <bjorn.ketelaars@hydroxide.nl>
 2020-07-01 16:20:46 +02:00
Nikos Mavrogiannopoulos
baa9ae84db Merge branch 'tmp-coverity-updates' into 'master' 
Fixes related to coverity report

See merge request openconnect/ocserv!190
 2020-06-30 20:36:28 +00:00
Nikos Mavrogiannopoulos
ce89e0f582 Ensure that unchecked function calls are for a reason and fix otherwise 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-30 21:53:34 +02:00
Nikos Mavrogiannopoulos
0307f49a04 config: corrected typo in vhost assignment resulting to dead code 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-30 21:48:03 +02:00
Nikos Mavrogiannopoulos
d0857bd955 session_open: improved check for null config 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-30 21:47:58 +02:00
Nikos Mavrogiannopoulos
99fd5410bf setsockopt: always check its return value 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-30 21:46:32 +02:00
Nikos Mavrogiannopoulos
cc8d4a90a8 config: removed unnecessary null check 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-30 21:46:32 +02:00
Nikos Mavrogiannopoulos
3065b5c54e Merge branch 'issue315' into 'master' 
Filter out sensitive headers when logging

Closes #315

See merge request openconnect/ocserv!187
 2020-06-30 19:43:27 +00:00
Alan Jowett
4204d8a5c0 Resolves: #315 
Filter out sensitive headers when logging

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-06-30 08:57:44 -06:00
Nikos Mavrogiannopoulos
e4f5c93381 Merge branch 'tmp-tests-stability' into 'master' 
tests: improve stability of certain tests

See merge request openconnect/ocserv!191
 2020-06-30 11:47:01 +00:00
Nikos Mavrogiannopoulos
fc5a1580e0 .gitlab-ci.yml: updated for new spec file 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-29 12:06:35 +02:00
Nikos Mavrogiannopoulos
6f3b20f17b radius-config: stability updates 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-29 12:06:35 +02:00
Nikos Mavrogiannopoulos
95fb96ee32 test-udp-listen-host: added some reliability improvements 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-29 12:06:29 +02:00
Nikos Mavrogiannopoulos
7a03b9c6a0 Merge branch 'tmp-syslog-fix' into 'master' 
syslog: LOG_AUTH is not a priority

See merge request openconnect/ocserv!188
 2020-06-28 16:05:34 +00:00
Nikos Mavrogiannopoulos
63866a7770 syslog: LOG_AUTH is not a priority 
The first argument of syslog() is a priority indicator.
The LOG_AUTH which was being provided is a facility indicator.
Report the previously LOG_AUTH issues with the LOG_NOTICE
priority.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-27 15:36:58 +02:00
Nikos Mavrogiannopoulos
8457249a8e README.md: removed badges and added section for supported platforms 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-24 20:22:04 +02:00
Nikos Mavrogiannopoulos
1da9c1b3b0 .gitlab-ci.yml: fix rpm generation 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-16 22:17:07 +02:00
Nikos Mavrogiannopoulos
56794e4b0c bumped version 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
1.1.0 		2020-06-16 19:37:45 +02:00
Nikos Mavrogiannopoulos
dd648772a6 Merge branch 'tmp-311' into 'master' 
tests: detect openconnect's path and fail if not found

Closes #311

See merge request openconnect/ocserv!182
 2020-06-11 21:08:34 +00:00
Nikos Mavrogiannopoulos
fdb80bb23e tests: detect openconnect's path and fail if not found 
Resolves: #311

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-11 22:26:33 +02:00
Nikos Mavrogiannopoulos
62cd787536 Log X-DTLS-App-ID and X-DTLS-Session-ID when sent 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-08 10:41:22 +02:00
Nikos Mavrogiannopoulos
f25875c758 Merge branch 'tmp-268' into 'master' 
tests: added test cases for no-route in group and main configuration

See merge request openconnect/ocserv!181
 2020-06-02 10:13:36 +00:00
Nikos Mavrogiannopoulos
1dacbb13a7 tests: added test cases for no-route in group and main configuration 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-30 10:38:44 +02:00
Nikos Mavrogiannopoulos
59bdd070b6 Merge branch 'latency_stats' into 'master' 
Add reporting of RX latency

Closes #258

See merge request openconnect/ocserv!145
 2020-05-27 08:42:12 +00:00
Alan Jowett
722e030e58 Add reporting of RX latency 
Resolve: #258

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-05-26 18:14:36 -06:00
Nikos Mavrogiannopoulos
efa7a61538 addressed resource leaks pointed by coverity 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-26 12:29:13 +02:00
Nikos Mavrogiannopoulos
7b294e0b0e snapshot_create: removed dead code 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-26 12:25:03 +02:00
Nikos Mavrogiannopoulos
0b146e5223 addressed several issues found by coverity 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-26 12:23:52 +02:00
Nikos Mavrogiannopoulos
2df4eb71fe NEWS: mention ocserv-worker binary 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-05-25 08:37:26 +02:00
Alan Jowett
ce66485ee6 Uses fork/exec to limit memory footprint of ocserv-worker processes 
Capture all the required worker process state in a protobuf and
pass to worker via env. Snapshot all config files to ensure ocserv-sm
and ocserv-worker remain in sync. Split ocserv-worker functionality
into it's own executable with minimal dependencies.

Resolves: #285

Signed-off-by: Alan Jowett alanjo@microsoft.com
 2020-05-25 08:33:16 +02:00
Nikos Mavrogiannopoulos
fb4116b2d7 Merge branch 'tmp-267-fix' into 'master' 
translate labels to groups when provided by client

Closes #267

See merge request openconnect/ocserv!180
 2020-05-25 06:22:35 +00:00
Nikos Mavrogiannopoulos
3a8e280a92 translate labels to groups when provided by client 
This addresses issues with anyconnect clients which send back the descriptive labels.

Resolves #267

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-21 22:24:17 +02:00
Nikos Mavrogiannopoulos
70f1fb2768 Merge branch 'tmp-rpmgen-fix' into 'master' 
.gitlab-ci.yml: fix rpm generation testing when version matches

See merge request openconnect/ocserv!179
 2020-05-16 18:15:45 +00:00
Nikos Mavrogiannopoulos
7f7bb95f81 .gitlab-ci.yml: fix rpm generation testing when version matches 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-16 11:53:35 +02:00
Nikos Mavrogiannopoulos
d94655fd2b Merge branch 'tmp-176' into 'master' 
tun: Bring up interface before setting IPv6 route on Linux

Closes #301

See merge request openconnect/ocserv!178
 2020-05-13 21:50:11 +00:00
Michael Brown
a227d6d66d tun: Bring up interface before setting IPv6 route on Linux 
Linux kernel commit 955ec4c ("net/ipv6: Do not allow route add with a
device that is down") rejects attempts to install an IPv6 route on an
interface that is not yet up.  This commit is first included in kernel
4.16.

The current code in os_set_ipv6_addr brings up the interface only
after attempting to install the IPv6 route.  On kernel 4.16 or later,
this fails with the error "Error setting route to remote IPv6: Network
is down".

Fix by switching the order of code blocks to bring the interface up
before attempting to configure the route.

Resolves: #301
Signed-off-by: Michael Brown <mbrown@fensystems.co.uk>
 2020-05-13 06:16:30 +02:00
Nikos Mavrogiannopoulos
03b05526c3 tests: check whether ipv6 interface is up 
Relates: #301

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-13 06:16:27 +02:00
Nikos Mavrogiannopoulos
10e3136a43 Merge branch 'tmp-eperm' into 'master' 
worker: allow filtered calls to fail with signal

See merge request openconnect/ocserv!175
 2020-05-11 19:15:30 +00:00
Nikos Mavrogiannopoulos
f9d8b3afc8 worker: enable all system calls used by worker 
This allows the set of non-blocking sockets in worker processes.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-10 21:45:18 +02:00
Nikos Mavrogiannopoulos
350250ea82 worker: allow filtered calls to fail with a trap 
This adds a fedora CI run to with filtered calls failing
with a signal in order to detect missing syscalls from our filters.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-10 21:45:05 +02:00
Nikos Mavrogiannopoulos
4e00087b57 .gitlab-ci.yml: the freebsd system became unavailable 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-02 06:10:08 +02:00
Nikos Mavrogiannopoulos
783c240998 ocsigaltstack: posix_memaligns does not return negative on failure 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-02 06:09:16 +02:00
Nikos Mavrogiannopoulos
7d4190a0a3 seccomp: fail with ENOSYS instead of EPERM 
When new calls are introduced in the kernel a libc may
chose to move to them. Having our filter return ENOSYS
will signal libc to fallback to the previous call which
exists in the filter.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-02 06:03:53 +02:00
Alan Jowett
75470d99c3 When setting up the DTLS session, close the previous DTLS session if it exists. 
Resolves: #293

Signed-off-by: Alan Jowett alanjo@microsoft.com
 2020-04-29 13:39:28 +02:00
Nikos Mavrogiannopoulos
d2def367c3 Merge branch 'issue291' into 'master' 
Remove unused code when --disable-compression is set.

Closes #291

See merge request openconnect/ocserv!170
 2020-04-27 19:56:56 +00:00
Alan Jowett
7e5052782e Remove unused code when --disable-compression is set. 
Resolves: #291

Singed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-04-27 09:18:09 -06:00
Nikos Mavrogiannopoulos
df5ea8bd3d Merge branch 'isssue290' into 'master' 
Remove unused code when --disable-anyconnect-compat is set.

Closes #290

See merge request openconnect/ocserv!169
 2020-04-27 11:35:58 +00:00
Alan Jowett
8cac05dac2 Remove unused code when --disable-anyconnect-compat is set. 
Resolves: #290

Signed-off-by: Alan Jowett alanjo@microsoft.com
 2020-04-26 13:10:10 -06:00