GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,919 Commits 19 Branches 88 Tags
ba6921ed9a98b44a355771cf3a7eeadb86412576
Commit Graph

2919 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
ba6921ed9a Introduced the notion of virtual hosts 
This provides virtualized server configurations which take
effect after client connection when client hello is received.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-03-06 20:42:31 +01:00
Nikos Mavrogiannopoulos
26bc265652 .gitlab-ci.yml: disabled rawhide build 
The fedora image is broken since long time.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-03-02 19:36:18 +01:00
Nikos Mavrogiannopoulos
d211b3d795 config: properly warn on duplicate pid-file option 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-03-02 19:35:44 +01:00
Nikos Mavrogiannopoulos
274415d050 tests: use the --pid-file and -p options in ocserv 
This allows detecting issues like in #143 where these
two options regressed.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-03-01 19:18:54 +01:00
Nikos Mavrogiannopoulos
8769b2e041 ocserv: avoid crash when --pid-file is used 
Resolves #143

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-03-01 19:13:57 +01:00
Nikos Mavrogiannopoulos
cc12fe7131 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-27 07:04:28 +01:00
Nikos Mavrogiannopoulos
9bb7799fc2 worker: only switch to GSSAPI authentication if not already used certificate 
That allows using gssapi as primary and certificate as fallback.

Resolves #108

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 16:41:59 +01:00
Nikos Mavrogiannopoulos
d3c29765a3 worker: use explicit parenthesis for clarity 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 16:40:24 +01:00
Nikos Mavrogiannopoulos
15fd4c9fbb tests: introduced tests with gssapi falling back to pass or certs 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 16:31:55 +01:00
Nikos Mavrogiannopoulos
55bf469dce worker: simplified fallback to next authentication method 
That, also allows falling back from certificate authentication
failure, allowing it being listed as primary, with alternatives
present.

Resolves #108

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 16:03:50 +01:00
Nikos Mavrogiannopoulos
b59a12591c config.c: clarify if clause 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 16:03:50 +01:00
Nikos Mavrogiannopoulos
4ecfed7ed0 tests: added check cert or pass auth 
This is the similar to the test case (test-pass-opt-cert) of pass or cert,
but in that case the certificate method is set as primary.

Relates #108

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 16:03:50 +01:00
Nikos Mavrogiannopoulos
30d4b4e677 test-pass-opt-cert: modified not to require root access 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 16:03:50 +01:00
Nikos Mavrogiannopoulos
86ae99864b tests: check whether ocserv is build with oath support prior to running otp tests 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 16:03:33 +01:00
Nikos Mavrogiannopoulos
66f9f97d1d test: replaced docker otp-test with cwrap test-otp 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 16:00:09 +01:00
Nikos Mavrogiannopoulos
00c6f566cb tests: introduced test with OTP-password and certificate auth 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 14:38:19 +01:00
Nikos Mavrogiannopoulos
9dfe964def amend: plain: avoid crash on locked accounts 
The null pointer dereference fix broke plain OTP setup of
ocserv.

Resolves #114, #137

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-25 14:37:42 +01:00
Nikos Mavrogiannopoulos
31854eb208 unix: corrected header size when receiving events 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-22 22:26:27 +01:00
Nikos Mavrogiannopoulos
896894a6b6 README.md: removed references to autogen 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-22 22:17:28 +01:00
Nikos Mavrogiannopoulos
5ebea1e475 doc update [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-22 19:59:12 +01:00
Nikos Mavrogiannopoulos
53a166500f Hash the peer's DTLS IP separately from its CSTP IP 
This allows keeping track of clients which have their DTLS
stream come from a different IP location than their CSTP
stream.

Relates ocserv/ocserv#61
 2018-02-22 08:25:18 -08:00
Nikos Mavrogiannopoulos
b7a14f1c4a doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-19 20:18:38 +01:00
Nikos Mavrogiannopoulos
83d37ace16 .gitlab-ci.yml: rawhide: do not rely on tcp wrappers 
They are no longer part of Fedora28.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-02-19 16:07:43 +01:00
Nikos Mavrogiannopoulos
a157fc7068 doc: clarify auth and enable-auth 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-02-19 15:41:36 +01:00
Nikos Mavrogiannopoulos
e2a0be65e4 worker: mark new UDP fd received as UDP data reception time 
That prevents errors such as switching to TCP when no UDP packets
are received immediatelly after connection establishment.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-11 12:02:30 +01:00
Nikos Mavrogiannopoulos
e61029445c gnutls: increased dependency to 3.3.0 
That way PKCS#11 reinitialization and global initialization are
implicit.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-02-11 12:02:30 +01:00
Nikos Mavrogiannopoulos
7d762748db .gitlab-ci.yml: corrected artifacts dir in builds 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-30 20:19:58 +01:00
Nikos Mavrogiannopoulos
553dbd3df7 ax_code_coverage: updated to latest version 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-01-29 17:10:12 +01:00
Kevin Cernekee
85fe81d0e0 Set AGENT_OPENCONNECT for Java/Android clients 
These use a slightly different User-Agent string.  If they are not
detected correctly, then IPv6-only VPNs will not work.

Since the Android bindings did not exist until 6.00, the V3 check is
unnecessary.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
 2018-01-29 12:32:45 +01:00
Nikos Mavrogiannopoulos
e6c4d5e492 bumped version 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:11:57 +01:00
Nikos Mavrogiannopoulos
dbaecfa80e doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:11:39 +01:00
Nikos Mavrogiannopoulos
760199a33c doc: man-pages are modified to be generated using ronn 
That eliminates the need for autogen and also combines
doc/sample.config and manpage contents. Now the doc/sample.config
is the primary config documentation location.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:07:18 +01:00
Nikos Mavrogiannopoulos
894cdb7a52 config: skip unknown sections 
This would allow future extensibility, by making clients which
don't support a section to skip it.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:07:18 +01:00
Nikos Mavrogiannopoulos
1b8079a11a Replaced the configuration parser with inih parser 
That eliminates the dependency on libopts as well as autogen.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:07:18 +01:00
Nikos Mavrogiannopoulos
533677bd73 ocserv: use getopt for command line parsing 
The complexity of its command line options didn't require
the use of libopts, and by eliminating that dependency for cmd
parsing, we can chose another parser for config file parsing.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:07:18 +01:00
Nikos Mavrogiannopoulos
6b7d09485e ocpasswd: removed dependency on autogen 
The complexity of its command line options didn't require
the linking to yet another library.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:07:18 +01:00
Nikos Mavrogiannopoulos
cbac133b07 .gitlab-ci.yml: added a -Werror build under F27 
That helps catch any potential issues early.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-23 21:07:18 +01:00
Nikos Mavrogiannopoulos
8ebe287f1c doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-17 20:50:54 +01:00
Nikos Mavrogiannopoulos
ee1cada66a worker: check for POLLERR condition 
When checking the events returned from poll, handle the POLLERR
condition. This fixes an infinite loop on the worker's main
loop.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-01-16 16:20:32 +01:00
Nikos Mavrogiannopoulos
ba92389b0c .gitlab-ci.yml: correctly point to scan-build artifacts 
Also added missing gperf package.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-14 19:14:56 +01:00
Nikos Mavrogiannopoulos
c578c787b2 .gitignore: ignore static libs 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-14 19:14:56 +01:00
Nikos Mavrogiannopoulos
2559d68366 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-14 19:14:56 +01:00
Daniel Lenski
fbdf8f875e Make escape_url() percent-escape fewer characters and escape ' ' as '+' 
Per RFC 3986, neither ASCII alphanumeric characters, nor any of '-', '_',
'.', '~', need to be escaped anywhere in a URL or query string.
 2018-01-13 13:11:33 -08:00
Daniel Lenski
38ebf44620 tests for unescaping decimal HTML escapes and '+' in URLs 2018-01-13 12:56:59 -08:00
Daniel Lenski
92f4d5076e Correctly unescape '+' in URLs and decimal escapes in XML (e.g. '&#32;' instead of '&#x20;') 
This patch changes only URL/XML unescaping, not escaping--changing escaping
would remove the reversibility of the tests.

I've been meaning to submit this ever since
http://lists.infradead.org/pipermail/openconnect-devel/2016-October/004042.html
but didn't have a particularly good reason.

However, I recently ran into a (weirdly-customized) version of AnyConnect which
actually sends '+' in one of the authentication forms. So this should improve
AnyConnect compatibility in some corner cases.
 2018-01-13 12:56:59 -08:00
Nikos Mavrogiannopoulos
b0f217ce43 replaced 'const static' definitions with 'static const' 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-01-12 13:45:05 +01:00
Nikos Mavrogiannopoulos
924ebdf143 configure: use the -Wextra gcc flag for warnings 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-01-12 13:43:58 +01:00
Nikos Mavrogiannopoulos
fb299001ea config: fixed incorrect sign check 
Resolves #132

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-01-12 13:39:25 +01:00
Nikos Mavrogiannopoulos
647b44343f README.md: updated link on technical info 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-01-07 16:47:11 +01:00
Nikos Mavrogiannopoulos
d8b507f68d updated auto-generated files 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
ocserv_0_11_10 		2018-01-07 16:36:06 +01:00