ocserv

mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00

Author	SHA1	Message	Date
Nikos Mavrogiannopoulos	c578c787b2	.gitignore: ignore static libs Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-14 19:14:56 +01:00
Nikos Mavrogiannopoulos	2559d68366	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-14 19:14:56 +01:00
Daniel Lenski	fbdf8f875e	Make escape_url() percent-escape fewer characters and escape ' ' as '+' Per RFC 3986, neither ASCII alphanumeric characters, nor any of '-', '_', '.', '~', need to be escaped anywhere in a URL or query string.	2018-01-13 13:11:33 -08:00
Daniel Lenski	38ebf44620	tests for unescaping decimal HTML escapes and '+' in URLs	2018-01-13 12:56:59 -08:00
Daniel Lenski	92f4d5076e	Correctly unescape '+' in URLs and decimal escapes in XML (e.g. ' ' instead of ' ') This patch changes only URL/XML unescaping, not escaping--changing escaping would remove the reversibility of the tests. I've been meaning to submit this ever since http://lists.infradead.org/pipermail/openconnect-devel/2016-October/004042.html but didn't have a particularly good reason. However, I recently ran into a (weirdly-customized) version of AnyConnect which actually sends '+' in one of the authentication forms. So this should improve AnyConnect compatibility in some corner cases.	2018-01-13 12:56:59 -08:00
Nikos Mavrogiannopoulos	b0f217ce43	replaced 'const static' definitions with 'static const' Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-01-12 13:45:05 +01:00
Nikos Mavrogiannopoulos	924ebdf143	configure: use the -Wextra gcc flag for warnings Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-01-12 13:43:58 +01:00
Nikos Mavrogiannopoulos	fb299001ea	config: fixed incorrect sign check Resolves #132 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-01-12 13:39:25 +01:00
Nikos Mavrogiannopoulos	647b44343f	README.md: updated link on technical info Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-07 16:47:11 +01:00
Nikos Mavrogiannopoulos	d8b507f68d	updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> ocserv_0_11_10	2018-01-07 16:36:06 +01:00
Nikos Mavrogiannopoulos	f6a6f0bc34	bumped version Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-07 16:34:37 +01:00
Nikos Mavrogiannopoulos	ea6b0d5da9	occtl: sessions: print the location when printing the remote IP Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-07 11:47:19 +01:00
Nikos Mavrogiannopoulos	4c4b60a5b6	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-07 11:43:37 +01:00
Nikos Mavrogiannopoulos	907c34c520	occtl: improved session output That is, do not print expiration time in sessions that are in use (they don't expire during that time), and print whether a session is in use. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-07 11:42:09 +01:00
Nikos Mavrogiannopoulos	a680af6a50	ocserv: improved session disconnection due to re-use messages Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-07 11:27:02 +01:00
Nikos Mavrogiannopoulos	6abd2dc5e6	occtl: introduced 'show session' option This allows printing information related to a session. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-07 11:15:45 +01:00
Nikos Mavrogiannopoulos	c027d4165b	sec-mod: always mark an active (open) session Previously it was only marked when an accounting module was present, though now that we export data to occtl, that information is useful even without accounting module. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-07 11:15:45 +01:00
Nikos Mavrogiannopoulos	3bdd6bc7dc	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-06 18:46:05 +01:00
Nikos Mavrogiannopoulos	fbd760372c	occtl: don't print compatibility fields by default Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-06 18:44:54 +01:00
Nikos Mavrogiannopoulos	b19dda27c3	sec-mod: avoid infinite loop in listing for sessions When having only a single expired session, the security module could enter an infinite loop attempting to list it. Resolves #130 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-06 18:35:27 +01:00
Nikos Mavrogiannopoulos	324f01f5ba	occtl: Last-Modified session printout moved to compatibility options Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-06 18:31:27 +01:00
Nikos Mavrogiannopoulos	7a19296119	tests: updated for increase in slack time Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2018-01-06 08:55:02 +01:00
Nikos Mavrogiannopoulos	bb40586630	forward_udp_to_owner: reduce the error log severity on bind error There are case cases where binding on the received address is not possible. As this is not a critical error, reduce its logging level to info. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-01-05 15:23:24 +01:00
Nikos Mavrogiannopoulos	ac065d871b	ocserv: pass cookie expiration time to occtl Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-01-05 15:21:51 +01:00
Nikos Mavrogiannopoulos	241aa06c3a	occtl: ensure initialization of printed expiration and creation time Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-01-05 15:17:05 +01:00
Nikos Mavrogiannopoulos	8e3d89eca5	doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-12-26 23:25:34 +01:00
Nikos Mavrogiannopoulos	f6f2351fef	vpn.h: increased AUTH_SLACK_TIME to 15 secs and documented its use Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-12-17 17:44:40 +01:00
Nikos Mavrogiannopoulos	bdb5ae4516	sample.config: added session-timeout parameter Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-12-11 08:26:48 +01:00
Nikos Mavrogiannopoulos	97fb12de51	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-12-11 08:26:48 +01:00
Nikos Mavrogiannopoulos	705b65d168	tests: updated to account for changes in cookie invalidation Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-12-11 08:26:48 +01:00
Nikos Mavrogiannopoulos	6cb4b37153	occtl: print cookie expiration time Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-12-11 08:26:48 +01:00
Nikos Mavrogiannopoulos	20fbbdbcd0	occtl: replaced last_modified time with created ocserv no longer sends the last modified time, but rather the cookie creation time. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-12-11 08:26:48 +01:00
Nikos Mavrogiannopoulos	8253cc2920	sec-mod: separated expiration from creation time fields That allows to set explicit expiration of the cookie, and ensure that we can close a session in a way that we provide a limited time window for it to re-open. That handles anyconnect client compatibility; this client terminates and reconnects using the original cookie, multiple times. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-12-11 08:26:43 +01:00
Nikos Mavrogiannopoulos	c4a8b21aad	base64-helper: use casts to avoid warnings with various nettle3 versions Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-12-10 15:06:40 +01:00
Nikos Mavrogiannopoulos	414e5d4c58	lz4: use LZ4_compress_default instead of the deprecated limitedOutput Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-12-10 15:05:28 +01:00
Nikos Mavrogiannopoulos	7bc61b1d56	Avoid gcc warnings due to snprintf truncation Detect such truncation and act accordingly. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-12-10 15:01:20 +01:00
Nikos Mavrogiannopoulos	0616435ec9	tlslib: eliminate warnings due to unused functions These warnings were related to gnutls 3.6.x support. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-12-10 14:41:54 +01:00
Nikos Mavrogiannopoulos	289a250864	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-11-30 15:53:59 +01:00
Nikos Mavrogiannopoulos	d5a4c2914c	dtls: do increase handshake timeout and decrease retransmission time That in effect enables the default timeouts described in gnutls_dtls_set_timeouts which are 60 seconds, and sets retransmissions to occur in half a second. Relates #122 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-11-30 15:53:56 +01:00
Nikos Mavrogiannopoulos	55cd8f4247	cmd_request_to_str: print the name of list cookies msg and its reply Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-11-22 07:52:19 +01:00
Nikos Mavrogiannopoulos	2134f139a2	.gitlab-ci.yml: added fedora rawhide build Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-11-19 16:42:58 +01:00
Nikos Mavrogiannopoulos	b73c50ab2d	doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-10-21 19:59:26 +02:00
Nikos Mavrogiannopoulos	803110634f	updated auto-generated files Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> ocserv_0_11_9	2017-10-09 21:48:16 +02:00
Nikos Mavrogiannopoulos	3d1598cfeb	released 0.11.9 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-10-09 21:47:50 +02:00
Nikos Mavrogiannopoulos	7937fe2533	bumped version Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-10-09 21:45:43 +02:00
Nikos Mavrogiannopoulos	edfff8d2b2	doc update Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-10-09 21:45:19 +02:00
Frank Huang	f10c5bc73e	Update ocpasswd-test Signed-off-by: Frank Huang <chuang213@gmail.com>	2017-10-09 21:42:30 +02:00
Frank Huang	fd8d87e8e6	ocpasswd: the lock command -l will add multiple lock mark to the password file The changes will check if it is already locked before apply the locking. This would be consistent with passwd like facilities. Signed-off-by: Frank Huang <chuang213@gmail.com>	2017-10-09 21:41:41 +02:00
Nikos Mavrogiannopoulos	a779b18a81	tests: test-pass-script: only run when openconnect supports --local-hostname Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-09-09 11:49:57 +02:00
Nikos Mavrogiannopoulos	ba1338d8af	README: updated to reflect the fact that more tests run under CI Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-09-09 11:37:23 +02:00

1 2 3 4 5 ...

2879 Commits