GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,659 Commits 19 Branches 88 Tags
d6d5680249cbaeeb046f6c91124f6aaced27e95e
Commit Graph

495 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
2bdbf7927c Revert "Update CCAN code snippets" 
This reverts commit d78f57994a.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-05-07 14:23:33 +02:00
Nikos Mavrogiannopoulos
1bc33ad612 released 1.1.7 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-05-07 14:07:55 +02:00
Dimitri Papadopoulos
b43d4ce174 Fix new typo found by codespell 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-04-11 22:53:34 +02:00
Dimitri Papadopoulos
87e69fbfb7 CCAN hex: src/occtl/ → src/ccan/str/ 
Make clear hex.c and hex.h are vendored files from CCAN:
	https://github.com/rustyrussell/ccan

At the same time, update to commit ba79e21 committed on 9 January 2023,
for consistency with the rest of CCAN vendored files.

Additionally, by including <ccan/str/hex/hex.h> instead of "hex.h",
this fixes my Ubuntu 22.04 build, where including "hex.h" would include
the system Kerberos file /usr/include/heimdal/hex.h instead of
our local CCAN file hex.h.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-01-29 19:32:46 +01:00
Dimitri Papadopoulos
d78f57994a Update CCAN code snippets 
Latest current commit ba79e21 commited on 9 January 2023:
	https://github.com/rustyrussell/ccan

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-01-22 12:20:44 +01:00
Dimitri Papadopoulos
a0334733dd Print message in case of plain authentication error 
Message would be emitted at LOG_NOTICE level and go unnoticed.
Change to LOG_ERR.

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-01-12 10:28:51 +01:00
Dimitri Papadopoulos
92c31d1c02 inih: updated to latest version r56 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2023-01-03 08:50:03 +01:00
Dimitri Papadopoulos Orfanos
76334ef7d9 Merge branch 'RFC9110' into 'master' 
Use the capitalisation of RFC 9110 in HTTP headers

See merge request openconnect/ocserv!307
 2022-12-31 13:58:28 +00:00
Dimitri Papadopoulos
2b899aae82 Use the capitalisation of RFC 9110 in HTTP headers 
Capitalisation shouldn't be an issue, yet conform to RFC 9110 for
consistency:
https://www.rfc-editor.org/info/rfc9110

Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2022-12-30 21:28:45 +01:00
Dimitri Papadopoulos
bf71414cf9 updated to protobuf 1.4.1 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2022-12-30 19:12:27 +01:00
Dimitri Papadopoulos
f28669bf60 Remove spaces 
* Remove trailing spaces at end-of-line
* Remove blank lines at end-of-file

Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
 2022-11-28 11:22:33 +01:00
Nikos Mavrogiannopoulos
03b71ca57f doc update [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2022-11-26 16:25:21 +01:00
Nikos Mavrogiannopoulos
8b00d198d9 released 1.1.6 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2022-02-17 09:21:36 +01:00
Nikos Mavrogiannopoulos
cdcc5eda4d doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2022-02-11 11:41:58 +01:00
Nikos Mavrogiannopoulos
a2fbdabf5e seccomp: allow futex() 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2022-02-10 15:03:23 +01:00
Nikos Mavrogiannopoulos
ed4ec0a3cb NEWS: doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2022-02-05 10:20:26 +01:00
Dimitri Papadopoulos
e51acb8c3e Fix more typos 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2021-12-23 10:04:29 +01:00
Nikos Mavrogiannopoulos
db505b373c Merge branch 'visual_studio_spell_checker' into 'master' 
Typos found by Visual Studio Code Checker

See merge request openconnect/ocserv!276
 2021-12-22 18:41:17 +00:00
Dimitri Papadopoulos
3a92062b44 Typos found by Visual Studio Code Checker 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2021-12-22 19:21:02 +01:00
Nikos Mavrogiannopoulos
11fdd9fb04 manpages: fixed output with ronn-ng 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-11-17 13:18:55 +01:00
Nikos Mavrogiannopoulos
5f943148be NEWS: released 1.1.4 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-11-13 08:42:52 +01:00
Nikos Mavrogiannopoulos
3995473219 NEWS: doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-10-31 22:26:25 +01:00
Dimitri Papadopoulos
81df79a95b Typos found by codespell 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2021-10-09 17:57:11 +02:00
Nikos Mavrogiannopoulos
890a37ebea doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-10-07 09:34:21 +02:00
Nikos Mavrogiannopoulos
559a0f85c6 released 1.1.3 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-02 08:32:46 +02:00
Nikos Mavrogiannopoulos
750a4bfb3f NEWS: removed X-CSTP-Lease-Duration 
This amends fac0244f3e

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-23 18:58:28 +02:00
Nikos Mavrogiannopoulos
1d32c5052e updated NEWS for the owasp headers 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-16 21:33:42 +02:00
Nikos Mavrogiannopoulos
9f08770c08 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-02-04 21:58:41 +01:00
Nikos Mavrogiannopoulos
d4800b54e3 Updated NEWS 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-02-03 20:36:11 +01:00
Nikos Mavrogiannopoulos
bbaf5125e1 released 1.1.2 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-06 14:00:50 +01:00
Nikos Mavrogiannopoulos
5cf457b425 Removed the listen-clear-file config option 
This option was almost impossible to use in general and worked with
very few clients only (not including openconnect). That also meant that
it could not be tested. Removed to reduce maintenance to parameters
that are used in practice.

Resolves: #376

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-03 10:04:57 +01:00
Nikos Mavrogiannopoulos
37856ba314 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-10-19 21:38:35 +02:00
Alan Jowett
3436705a9c Allow setup of new DTLS session while processing on old session 
Resolves: #359

Signed-off-by: Alan Jowett alan.jowett@microsoft.com
 2020-10-19 10:36:03 -06:00
Nikos Mavrogiannopoulos
e7233819da inih: increased max line size 
This also removes the stop on first error directive
which was set but not used for very long time.

Resolves: #364

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-10-18 13:30:00 +02:00
Nikos Mavrogiannopoulos
f8ff70a098 NEWS: updated 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-10-02 21:56:48 +02:00
Alan Jowett
12c3d62276 Stop listening on ocserv-sm socket on error to prevent looping. 
Resolves #356

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
 2020-09-29 22:51:52 +02:00
Nikos Mavrogiannopoulos
b9f8ea6b6c bumped version for 1.1.1 release 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-09-21 12:21:21 +02:00
Nikos Mavrogiannopoulos
6be284dd63 radius: ignore redundant group class 
This ignores any items following the first group class attribute.

Resolves: #332

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-09-03 14:35:31 +02:00
Alan Jowett
945699097d Modify ocserv-sm to permit it to scale up to the number of CPUs. This permits a higher rate of client connections and prevents TLS signing from becoming a bottleneck for clients connecting. 
Resolves: #341

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-08-26 09:46:04 -06:00
Nikos Mavrogiannopoulos
2f9d534e2c NEWS: corrected issue number [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-30 22:41:14 +02:00
Nikos Mavrogiannopoulos
9460367822 Added the config option of a pre-login banner 
Resolves: #313

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-27 22:15:12 +02:00
Nikos Mavrogiannopoulos
8aa39b0106 Improved user disconnection to avoid race conditions 
Previously when we were disconnecting a user there were few seconds
after which the cookie was still valid, so a reconnect would succeed
by the same user. This change ensures that a disconnected (via occtl)
user cannot re-use the same cookie to connect. That enables a safe
user removal from the authentication database, and from run-time.

Resolves: #59

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 21:38:55 +02:00
Nikos Mavrogiannopoulos
5b8f3320d3 ocserv: disable TLS1.3 when cisco client compatibility is requested 
There are certain anyconnect clients which seem to fail connecting using
TLS1.3.

Resolves: #318

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-16 13:20:21 +02:00
Nikos Mavrogiannopoulos
5882c9468c doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-07-15 09:05:07 +02:00
Alan Jowett
6533299b78 Improve accept rate limitation and make it conditional on queue depth. 
Resolves: #310

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-07-11 12:51:29 +02:00
Nikos Mavrogiannopoulos
9ae0c9831d NEWS: doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-03 18:25:53 +02:00
Nikos Mavrogiannopoulos
56794e4b0c bumped version 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-16 19:37:45 +02:00
Nikos Mavrogiannopoulos
2df4eb71fe NEWS: mention ocserv-worker binary 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-05-25 08:37:26 +02:00
Alan Jowett
ce66485ee6 Uses fork/exec to limit memory footprint of ocserv-worker processes 
Capture all the required worker process state in a protobuf and
pass to worker via env. Snapshot all config files to ensure ocserv-sm
and ocserv-worker remain in sync. Split ocserv-worker functionality
into it's own executable with minimal dependencies.

Resolves: #285

Signed-off-by: Alan Jowett alanjo@microsoft.com
 2020-05-25 08:33:16 +02:00
Alan Jowett
75470d99c3 When setting up the DTLS session, close the previous DTLS session if it exists. 
Resolves: #293

Signed-off-by: Alan Jowett alanjo@microsoft.com
 2020-04-29 13:39:28 +02:00