GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,170 Commits 19 Branches 88 Tags
bf8616cbca32dd5f55b3d100f5266b7ba8043c7c
Commit Graph

3170 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
bf8616cbca tests: generate_oidc_test_data: fixed used of strncat 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos
370cc7cdf7 disable_system_calls: ensure gettimeofday is not a macro 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos
6b84d7e681 eliminate warnings when used for unit testing tests 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-12 19:47:50 +01:00
Nikos Mavrogiannopoulos
13b92d3b11 Fix crypt.h detection 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-12 19:47:50 +01:00
Alan Jowett
780fbb89a0 Script needs access to additional client metadata. 
Export more information to the script, including client device platform,
type and user agent.

Resolves: #256

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-03-11 09:13:55 +01:00
Nikos Mavrogiannopoulos
9a41a27b18 NEWS: documented bearer token support 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-03-09 21:51:06 +01:00
Alan Jowett
b43e782b12 Add support for RFC6750 bearer tokens to ocserv 
This permits the validation of OpenID Connect auth tokens OpenID
Connect is an OAuth 2.0 protocol used to identify a resource owner
(VPN client end-user) to a resource server (VPN server) intermediated
by an Authorization server.

Resolves: #240

Signed-off-by: Alan TG Jowett <alan.jowett@microsoft.com>
 2020-03-09 21:48:04 +01:00
Nikos Mavrogiannopoulos
a6c2d36952 Merge branch 'coverity_scan_defects' into 'master' 
Fix issues flag by Coverity:

See merge request openconnect/ocserv!144
 2020-03-05 19:26:32 +00:00
Alan Jowett
6d3b295b12 Fix issues flag by Coverity: 
288530 Dereference after null check
288529 Array compared against 0

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-03-04 09:49:24 -07:00
Nikos Mavrogiannopoulos
31719b2cec main: no need to check nullity on an array 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-04 12:14:54 +01:00
Nikos Mavrogiannopoulos
e70573d9fc new_client_entry: prevent null pointer dereference 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-04 12:14:29 +01:00
Nikos Mavrogiannopoulos
85912c705e Fixed incorrect pointer arithmetic on configuration error 
This addresses a crash on incorrect configuration.
Reported by Zero King <l2dy@icloud.com>

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-29 19:43:57 +01:00
Nikos Mavrogiannopoulos
4aeb5ea52e NEWS: doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-28 22:50:29 +01:00
Nikos Mavrogiannopoulos
31104c4de9 Merge branch 'issue251' into 'master' 
ocserv-worker that fails to complete it's authentication should be killed

Closes #251

See merge request openconnect/ocserv!141
 2020-02-28 21:41:39 +00:00
Nikos Mavrogiannopoulos
3449eefdc3 Merge branch 'issue252' into 'master' 
Use an HMAC to verify the local and remote IP presented during SEC_AUTH_INIT phase.

Closes #252

See merge request openconnect/ocserv!139
 2020-02-28 20:16:47 +00:00
Alan Jowett
c9662282a1 Prevent tampering of our_ip, ip, session_start_time in SEC_AUTH_INIT from ocserv-worker to ocserv->sm and reject replay of auth_init_messages from old sessions. 
Resolves: #252

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-02-28 11:20:30 -07:00
Nikos Mavrogiannopoulos
e0e3cc9c97 Merge branch 'issue245' into 'master' 
CMD_BAN_IP should not use the IP address provided by worker process as it is not verified.

Closes #245

See merge request openconnect/ocserv!140
 2020-02-27 20:15:04 +00:00
Alan Jowett
6518965129 CMD_BAN_IP should not use the IP address provided by worker process as it is not verified. 
Resolves: #245

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-02-27 12:18:09 -07:00
Alan Jowett
bfa442379d ocserv-worker that fails to complete it's authentication should be killed 
Resolves: #251

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-02-27 12:17:45 -07:00
Nikos Mavrogiannopoulos
6558653c4b .gitlab-ci.yml: include the right build in schedules [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-02-26 12:48:10 +01:00
Nikos Mavrogiannopoulos
85108c7598 .gitlab-ci.yml: corrected 'only' use in coverity build 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-02-26 12:43:34 +01:00
Nikos Mavrogiannopoulos
12c69171a8 steal_ip_leases: reorg to avoid null pointer dereference 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-02-25 08:25:24 +01:00
Nikos Mavrogiannopoulos
de3d3cb786 Merge branch 'tmp-fix231' into 'master' 
Ensure scripts have all the information on all disconnection types

Closes #231

See merge request openconnect/ocserv!137
 2020-02-24 21:32:59 +00:00
Nikos Mavrogiannopoulos
cc651b9de5 Ensure scripts have all the information on all disconnection types 
When a client re-uses a cookie and takes over a previous connection
previously the disconnect script of the old connection wouldn't receive
the IP information. Ensure that all information is provided to scripts
at this case.

Resolves: #231

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-23 13:44:19 +01:00
Nikos Mavrogiannopoulos
91de6c889e Merge branch 'tmp-coverity' into 'master' 
.gitlab-ci.yml: coverity jobs only run on schedules

See merge request openconnect/ocserv!138
 2020-02-22 23:21:16 +00:00
Nikos Mavrogiannopoulos
bc092793f0 .gitlab-ci.yml: coverity jobs only run on schedules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-22 23:43:48 +01:00
Nikos Mavrogiannopoulos
6ad8da8671 Merge branch 'tmp-ubuntu18' into 'master' 
added ubuntu18 build and minor cleanup

See merge request openconnect/ocserv!136
 2020-02-22 22:21:56 +00:00
Nikos Mavrogiannopoulos
c3ff69e7c4 added ubuntu18 build and minor cleanup 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-22 22:43:55 +01:00
Nikos Mavrogiannopoulos
2932043dd9 Merge branch 'issue244' into 'master' 
ocserv-main should limit the maximum message size a client can send

Closes #244

See merge request openconnect/ocserv!132
 2020-02-20 16:47:52 +00:00
Nikos Mavrogiannopoulos
f333e600b5 Merge branch 'issue247' into 'master' 
Resolves: #247 - Bound negotiated MTU between RFC 791 defined minimum and configured maximum.

Closes #247

See merge request openconnect/ocserv!135
 2020-02-20 16:46:07 +00:00
Alan Jowett
87b1dc65ba Bound negotited MTU between RFC 791 defined minumum and configured maximum. 
Resolves: #247

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-02-19 15:26:55 -07:00
Alan Jowett
f410a5c637 ocserv-main should limit the maximum message size a client can send 
Resolves: #244

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-02-19 15:11:03 -07:00
Nikos Mavrogiannopoulos
c4f9d6cffb Merge branch 'tmp-fix-disconnect-script' into 'master' 
tests: try to reproduce #231

See merge request openconnect/ocserv!127
 2020-02-19 21:55:19 +00:00
Nikos Mavrogiannopoulos
d852195e64 tests: reproduce #231 
This modifies test-pass-script to force a DPD timeout to
verify whether ${IP_REMOTE} is set on the disconnect script.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-19 22:17:31 +01:00
Alan Jowett
8d1aa343b4 Ban score should always increase. 
Resolves: #246

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-02-15 21:12:19 +01:00
Nikos Mavrogiannopoulos
17957ed98f Merge branch 'tmp-reorg-gitlab-ci-yml' into 'master' 
.gitlab-ci.yml: avoid the use of '&&'

See merge request openconnect/ocserv!131
 2020-02-13 22:39:16 +00:00
Nikos Mavrogiannopoulos
d28846404d Merge branch 'tmp-centos8' into 'master' 
.gitlab-ci.yml: added centos8 build

See merge request openconnect/ocserv!129
 2020-02-13 22:15:17 +00:00
Nikos Mavrogiannopoulos
5aea4680f5 Merge branch 'tmp-check-multi-users' into 'master' 
tests: added test to check whether server blocks if script blocks

Closes #241

See merge request openconnect/ocserv!126
 2020-02-13 22:15:06 +00:00
Nikos Mavrogiannopoulos
a6994ef1e7 .gitlab-ci.yml: specify the master branch coverity and web pages generation runs 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-13 23:04:38 +01:00
Nikos Mavrogiannopoulos
613242f343 .gitlab-ci.yml: added epel8 rpm build 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-13 23:02:55 +01:00
Nikos Mavrogiannopoulos
476638a52a .gitlab-ci.yml: avoid the use of '&&' 
gitlab CI will often mask a failure when multiple '&&' are
present.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-13 22:50:00 +01:00
Nikos Mavrogiannopoulos
f4126fa095 .gitlab-ci.yml: change raddb permissions 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-13 22:45:42 +01:00
Nikos Mavrogiannopoulos
a8d34a80b9 tests: radius: save log on CI failure 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-13 22:25:13 +01:00
Nikos Mavrogiannopoulos
fc901e03c4 .gitlab-ci.yml: use parallel builds 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-13 22:06:22 +01:00
Nikos Mavrogiannopoulos
243c5e9fa2 .gitlab-ci.yml: added centos8 build 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-02-11 12:33:39 +01:00
Nikos Mavrogiannopoulos
1bce6526f3 updated NEWS entries [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-07 22:50:00 +01:00
Nikos Mavrogiannopoulos
ebe7c3bfb4 tests: added test to check whether server blocks if script blocks 
This test verifies that the server will continue to operate
even if the up script will block indefinitely.

Resolves: #241

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-07 22:46:21 +01:00
Nikos Mavrogiannopoulos
cd4aac2305 inih: updated to latest version 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-07 22:43:51 +01:00
Nikos Mavrogiannopoulos
0402df11de config: avoid crash on invalid entries 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-02-07 22:43:51 +01:00
Nikos Mavrogiannopoulos
ea3f6900c1 common.sh: print message when script cannot run 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-02-07 17:12:59 +01:00