GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,717 Commits 19 Branches 88 Tags
c4c6590aeb20a281474408552ebda3afbcb67d60
Commit Graph

3717 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
c4c6590aeb Revert "Macros starting with if should be enclosed by a do - while loop to avoid possible if/else logic defects" 
This reverts commit b5380f2181.
This resolves this issue identified by coverity:
462455 Unexpected control flow

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-07-06 21:30:11 +02:00
Nikos Mavrogiannopoulos
52f64c4032 sample.config: added more information on how logging works 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-07-05 18:37:46 +02:00
Nikos Mavrogiannopoulos
b0c45ffc50 .gitlab-ci.yml: use the new centos images 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-26 13:31:19 +02:00
Dimitri Papadopoulos Orfanos
2eaf754c51 Merge branch '_XOPEN_SOURCE' into 'master' 
_XOPEN_SOURCE → AC_USE_SYSTEM_EXTENSIONS

See merge request openconnect/ocserv!354
 2023-06-22 18:15:41 +00:00
Nikos Mavrogiannopoulos
e547733d61 tests: removed legacy tests and added missing ones 
Added test-group-cert and test-fork tests that were
present but were never included in the CI test suite.

Removed unix-test which was an obsolete test present
in tests/.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-22 12:29:02 +02:00
Dimitri Papadopoulos
baecb64e3d _XOPEN_SOURCE → AC_USE_SYSTEM_EXTENSIONS 
Do not define _GNU_SOURCE directly in sources.
We just need to include "config.h" instead.

This is a follow-up to 1ca50d73: autoconf macro AC_USE_SYSTEM_EXTENSIONS
will define _GNU_SOURCE or _XOPEN_SOURCE in "config.h" as needed.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-20 11:32:25 +02:00
Dimitri Papadopoulos Orfanos
354e13f7c1 Merge branch 'print_single_value_int_0' into 'master' 
Call print_single_value_int() with has_more = 1

Closes #517

See merge request openconnect/ocserv!349
 2023-06-20 09:29:41 +00:00
Nikos Mavrogiannopoulos
a28ffdd4c3 Test both --debug and plain options. 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-20 06:58:00 +00:00
Nikos Mavrogiannopoulos
f1648c9d0f Merge branch 'strcasestr' into 'master' 
Get rid of strcasestr.c vendored file

See merge request openconnect/ocserv!353
 2023-06-19 08:28:36 +00:00
Dimitri Papadopoulos
b6658a8eaa Get rid of strcasestr.c vendored file 
The initial indea was to move strcasestr.c out of src/common,
as it only used by the main program, perhaps changing to the
OpenBSD implementation at the same time instead of falling back
to the Gnulib test.

Then it appeared we probably don't support systems without strcasestr().
I checked ihe following systems support it:
- glibc
- uClibc    https://git.uclibc.org/uClibc/tree/libc/string/strcasestr.c
- musl libc https://git.musl-libc.org/cgit/musl/tree/src/string/strcasestr.c
- Bionic    https://android.googlesource.com/platform/bionic/+log/master/libc/string/strcasestr.c
- Newlib    https://sourceware.org/git/?p=newlib-cygwin.git;a=blob;f=newlib/libc/string/strcasestr.c
- FreeeBSD  https://cgit.freebsd.org/src/tree/lib/libc/string/strcasestr.c
- OpenBSD   https://cvsweb.openbsd.org/src/lib/libc/string/strcasestr.c
- NetBSD    http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/string/strcasestr.c
- Solaris   https://docs.oracle.com/cd/E88353_01/html/E37843/strcasestr-3c.html

It might appear not to be available when _GNU_SOURCE or equivalent macros
have not been defined. Now with AC_USE_SYSTEM_EXTENSIONS, I doubt the
function is missing on any platform, therefore I get rid of the test and
the Gnulib fallback.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-19 08:33:59 +02:00
Nikos Mavrogiannopoulos
e74a0b7e47 Merge branch 'gnulib' into 'master' 
Remove remaining references to Gnulib

See merge request openconnect/ocserv!350
 2023-06-18 09:12:49 +00:00
Dimitri Papadopoulos
5942ced085 tests: check JSON output with occtl --debug 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-17 23:06:50 +02:00
Dimitri Papadopoulos
a5c261c074 iFix a typo: directly → directory 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-17 23:01:51 +02:00
Dimitri Papadopoulos
bcc41b8301 Remove remaining references to Gnulib 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-17 14:39:29 +02:00
Dimitri Papadopoulos
8139e78697 Call print_single_value_int() with has_more = 1 
This is not the last print. The "0" had been introduced by 722e030e.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-17 09:27:18 +02:00
Nikos Mavrogiannopoulos
0b210e034f Merge branch 'radius_multiple_group_avps' into 'master' 
radius: groups defined over multiple AVPs

Closes #489

See merge request openconnect/ocserv!321
 2023-06-17 04:37:28 +00:00
Dimitri Papadopoulos
f8ac9bb088 Emit a warning whenever we hit MAX_GROUPS 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-17 00:25:55 +02:00
Nikos Mavrogiannopoulos
1373a11f57 tests: added a test for groups defined over multiple AVPs 
This adds a test for the available multi-group options as
well as documentation for the feature. This tests two options:
 * Separate group names in separate class attributes
 * Separate group names in separate class attributes with the OU= format

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-17 00:25:55 +02:00
Dimitri Papadopoulos
813690b9c2 radius: groups defined over multiple AVPs 
This helps circumvent the 253 characters limit of RADIUS string values.

We distinguish between value strings that start with "OU=" and the rest:
* Value strings that start with "OU=" define multiple groups in a single
  AVP. Here, we update the previous logic by taking into account all the
  AVPs. We emit a warning when discarding subsequent AVPs, but also when
  discarding groups within the current AVP because we have reached the
  maximum number of groups.
* Other value strings define a single group. Here, we change the
  previous logic. We append to the list of groups instead of silently
  discarding subsequent value strings.
  We emit a warning when discarding AVPs because we have reached the
  maximum number of groups.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-17 00:25:50 +02:00
Dimitri Papadopoulos
8aecd4f0c5 Trim trailing whitespace first 
This doesn't change anything, we just want to make clear that trimming
the string pointed to by `p2`, after assigning `pctx->groupnames[i]`,
will have an effect on both since they point to the same string.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-17 00:24:45 +02:00
Nikos Mavrogiannopoulos
2830263d4c Merge branch 'SYSCALL_open' into 'master' 
seccomp: GnuTLS 3.7.3 requires open() unconditionally

Closes #491

See merge request openconnect/ocserv!322
 2023-06-16 19:23:46 +00:00
Dimitri Papadopoulos
ea23edd453 seccomp: GnuTLS 3.7.3 requires open() and openat() 
We have added open() unconditionally, to be able to open system priority
and FIPS complicance configuration files from workers.

We had already added openat() unconditionally.

Therefore there is no need to re-add them to read XML config files.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-16 17:16:27 +02:00
Dimitri Papadopoulos
e2afd99c96 seccomp: GnuTLS 3.7.3 requires open() unconditionally 
Required on some version of Suse with GnuTLS 3.7.3, reportedly to open
system priority and FIPS compliance configuration files:
	/etc/crypto-policies/back-ends/gnutls.config
	/proc/sys/crypto/fips_enabled

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-16 17:16:27 +02:00
Dimitri Papadopoulos Orfanos
a0d101f45f Merge branch '_GNU_SOURCE' into 'master' 
_GNU_SOURCE → AC_USE_SYSTEM_EXTENSIONS

See merge request openconnect/ocserv!345
 2023-06-15 11:32:20 +00:00
Dimitri Papadopoulos
73d94d7e5b _GNU_SOURCE → AC_USE_SYSTEM_EXTENSIONS 
Do not define _GNU_SOURCE directly in sources.
Make sure we include "config.h" instead.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-15 11:41:19 +02:00
Dimitri Papadopoulos Orfanos
661fc3b947 Merge branch 'for_if_switch_while_(' into 'master' 
for/if/switch/while( → for/if/switch/while (

See merge request openconnect/ocserv!343
 2023-06-15 09:22:21 +00:00
Dimitri Papadopoulos
99e67dcc16 switch( → switch ( 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-14 23:34:17 +02:00
Dimitri Papadopoulos
88c8672e7e for( → for ( 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-14 23:34:17 +02:00
Dimitri Papadopoulos
8bae1f6a59 while( → while ( 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-14 23:34:13 +02:00
Dimitri Papadopoulos
8d192c4e76 if( → if ( 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-14 23:32:35 +02:00
Nikos Mavrogiannopoulos
93e8b1628e Merge branch 'tmp-fedora38' into 'master' 
Add fedora38 and almalinux builds / get rid of gnulib

See merge request openconnect/ocserv!342
 2023-06-14 05:29:55 +00:00
Nikos Mavrogiannopoulos
e33ef13a21 base64-helper: do not use restrict keyword for portability 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-13 16:54:42 +02:00
Nikos Mavrogiannopoulos
1ca50d7337 Removed gnulib 
Supporting gnulib brought a whole class of problems due to its complexity.
Removing its support eliminates this class of problems and simplifies the
code significantly.

This sets the locale explicitly on server startup to eliminate the
need for custom string comparison functions.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-13 16:54:38 +02:00
Nikos Mavrogiannopoulos
0fac0efc14 .gitlab-ci.yml: added almalinux9 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-13 16:51:38 +02:00
Nikos Mavrogiannopoulos
f41a07c7c1 occtl: removed dead code 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-13 16:51:38 +02:00
Nikos Mavrogiannopoulos
39e6eb7d2c .gitlab-ci.yml: added almalinux8 build 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-13 16:51:38 +02:00
Nikos Mavrogiannopoulos
cb48bc8f7f .gitlab-ci.yml: use fedora38 image 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-13 16:51:38 +02:00
Dimitri Papadopoulos Orfanos
359a137d1b Merge branch 'asprintf' into 'master' 
Check the return value of asprintf()

Closes #515

See merge request openconnect/ocserv!347
 2023-06-13 12:11:14 +00:00
Nikos Mavrogiannopoulos
92da630c37 Merge branch 'ocserv/ocserv' into 'master' 
https://gitlab.com/ocserv/ocserv → openconnect/ocserv

See merge request openconnect/ocserv!346
 2023-06-13 11:36:45 +00:00
Nikos Mavrogiannopoulos
210da435f4 sec-mod: simplified load_keys() 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-13 11:49:30 +02:00
Dimitri Papadopoulos
e57b36e112 Check the return value of asprintf() 
The value of the pointer to the string printed to might be undefined.
In case of error, set to NULL, as we do with strdup() calls.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-12 20:41:42 +02:00
Dimitri Papadopoulos
d2fef9f08f https://gitlab.com/ocserv/ocserv → openconnect/ocserv 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-12 17:25:59 +02:00
Nikos Mavrogiannopoulos
59ba4a63be Merge branch 'dtls_pull' into 'master' 
Fix function defined but not used (in some cases)

See merge request openconnect/ocserv!344
 2023-06-12 12:24:10 +00:00
Dimitri Papadopoulos
abebe4553c Fix function defined but not used (in some cases) 
worker-vpn.c:170:9: warning: 'dtls_pull' defined but not used [-Wunused-function]
  170 | ssize_t dtls_pull(gnutls_transport_ptr_t ptr, void *data, size_t size)
      |         ^~~~~~~~~

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-06-12 13:53:34 +02:00
Nikos Mavrogiannopoulos
5c253125c8 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-11 13:07:38 +02:00
Dimitri Papadopoulos Orfanos
0bd957350a Merge branch 'ignore-querystring-of-post' into 'master' 
ignore querystring of post while dispatching

See merge request openconnect/ocserv!337
 2023-06-10 12:01:16 +00:00
johnson
eadebbbd71 ignore querystring while dispatching 
Signed-off-by: johnson <10619522-OnFIs@users.noreply.gitlab.com>
 2023-06-10 16:21:34 +08:00
Kirill Ovchinnikov
85fdf7d2e6 Camouflage functionality 
This adds a "camouflage" functionality (looking and acting like an ordinary web server),
to prevent OCserv installations from being automatically scanned or blocked with active probing techniques.

Signed-off-by: Kirill Ovchinnikov <kirill.ovchinn@gmail.com>
 2023-06-09 15:08:25 +02:00
Nikos Mavrogiannopoulos
1ecdf35494 NEWS: added entry for 1.1.8 [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-06 14:41:15 +02:00
Nikos Mavrogiannopoulos
a8d5d3616e corrected typo 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-06-06 14:34:37 +02:00