GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,318 Commits 19 Branches 88 Tags
df61f59e3e689959a548818251d4d5f17fbd8a13
Commit Graph

3318 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
df61f59e3e config: better debug messages on default vhost 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-05 22:26:49 +02:00
Nikos Mavrogiannopoulos
9ce249e583 Merge branch 'tmp-update-contribution-guide' into 'master' 
CONTRIBUTING.md: added more detailed contribution rules

See merge request openconnect/ocserv!204
 2020-08-05 05:08:34 +00:00
Nikos Mavrogiannopoulos
24a9945e0d CONTRIBUTING.md: added more detailed contribution rules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-04 23:38:20 +02:00
Nikos Mavrogiannopoulos
7a3475951f Merge branch 'tmp-introduce-clang' into 'master' 
.gitlab-ci.yml: introduced clang compilation

See merge request openconnect/ocserv!203
 2020-08-03 13:36:15 +00:00
Nikos Mavrogiannopoulos
0fa951a06b .gitlab-ci.yml: introduced clang compilation 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-03 14:54:59 +02:00
Nikos Mavrogiannopoulos
0aed7584d9 Merge branch 'tmp-add-x86' into 'master' 
.gitlab-ci.yml: added i386 build

See merge request openconnect/ocserv!158
 2020-07-31 12:31:53 +00:00
Nikos Mavrogiannopoulos
1759bfdc4f .gitlab-ci.yml: added i386 build 
This introduces an i386 CI build to catch issues that relate
to 32-bit systems.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-31 13:50:37 +02:00
Nikos Mavrogiannopoulos
2f9d534e2c NEWS: corrected issue number [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-30 22:41:14 +02:00
Nikos Mavrogiannopoulos
9ac1be83cd README.md: removed unnecessary dependency [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-30 09:19:57 +02:00
Nikos Mavrogiannopoulos
8934be816c Merge branch 'issue326' into 'master' 
Pass the hostname to ocserv-main after receiving the connect request.

Closes #326

See merge request openconnect/ocserv!200
 2020-07-29 17:13:21 +00:00
Nikos Mavrogiannopoulos
ce1911ffca .gitlab-ci.yml: added auto-triage rules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-28 21:39:28 +02:00
Alan Jowett
34eab81339 Resolves: #326 
Pass the hostname to ocserv-main after receiving the connect request.

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-07-28 13:37:20 -06:00
Nikos Mavrogiannopoulos
68eccaedf7 sample.config: documented host-update-script and added unit test 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-28 20:12:52 +02:00
Nikos Mavrogiannopoulos
2b4251eba7 Merge branch 'tmp-banner2' into 'master' 
Added the config option of a pre-login banner

Closes #313

See merge request openconnect/ocserv!199
 2020-07-27 20:56:22 +00:00
Nikos Mavrogiannopoulos
9460367822 Added the config option of a pre-login banner 
Resolves: #313

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-27 22:15:12 +02:00
Nikos Mavrogiannopoulos
fc842a8d5d Merge branch 'tmp-disconnect-user2' into 'master' 
Race free disconnection of a connected user with occtl

Closes #59

See merge request openconnect/ocserv!198
 2020-07-26 11:11:08 +00:00
Nikos Mavrogiannopoulos
8aa39b0106 Improved user disconnection to avoid race conditions 
Previously when we were disconnecting a user there were few seconds
after which the cookie was still valid, so a reconnect would succeed
by the same user. This change ensures that a disconnected (via occtl)
user cannot re-use the same cookie to connect. That enables a safe
user removal from the authentication database, and from run-time.

Resolves: #59

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 21:38:55 +02:00
Nikos Mavrogiannopoulos
f100dcfa9a occtl: corrected error code on failed commands 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 00:30:52 +02:00
Nikos Mavrogiannopoulos
e677c8b536 common: added textual description to all messages 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 00:30:52 +02:00
Nikos Mavrogiannopoulos
d0a12f6d8e .gitlab-ci.yml: coverity: use centos8 image 
This addresses incompatibilities with Fedora32.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 00:30:19 +02:00
Nikos Mavrogiannopoulos
0811d7d46b coverity: enable OIDC and latency stats in coverity run 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-23 09:00:20 +02:00
Nikos Mavrogiannopoulos
a1f5fbf206 .gitlab-ci.yml: reduce unnecessary runs in schedules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-23 08:57:46 +02:00
Nikos Mavrogiannopoulos
3ebd9ecc3e Merge branch 'tmp-nobody' into 'master' 
README.md/sample.config: underline the need for a dedicated user

See merge request openconnect/ocserv!196
 2020-07-22 20:50:57 +00:00
Nikos Mavrogiannopoulos
e75e8d2471 README.md/sample.config: underline the need for a dedicated user 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-20 19:48:11 +02:00
Nikos Mavrogiannopoulos
bf8b22f3b9 Merge branch 'tmp-add-ubuntu20' into 'master' 
.gitlab-ci.yml: updated ubuntu build to 20.04

See merge request openconnect/ocserv!195
 2020-07-18 20:22:45 +00:00
Nikos Mavrogiannopoulos
0d1ae8a53d .gitlab-ci.yml: updated ubuntu build to 20.04 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-18 21:30:12 +02:00
Nikos Mavrogiannopoulos
f53d5e1395 Merge branch 'tmp-disable-tls13' into 'master' 
ocserv: disable TLS1.3 when cisco client compatibility is requested

Closes #318

See merge request openconnect/ocserv!194
 2020-07-18 19:27:10 +00:00
Nikos Mavrogiannopoulos
8d4238db68 README.md: added missing components 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-18 21:19:57 +02:00
Nikos Mavrogiannopoulos
5b8f3320d3 ocserv: disable TLS1.3 when cisco client compatibility is requested 
There are certain anyconnect clients which seem to fail connecting using
TLS1.3.

Resolves: #318

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-16 13:20:21 +02:00
Nikos Mavrogiannopoulos
5882c9468c doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-07-15 09:05:07 +02:00
Nikos Mavrogiannopoulos
d4824cc1fc Merge branch 'namespace' into 'master' 
add basic namespace support for listen address

See merge request openconnect/ocserv!189
 2020-07-15 07:02:32 +00:00
William Dauchy
1bb2d8800f tests, ns: use namespace option for all ip commands 
simplifies use of of `ip netns exec` when it is about ip commands

Signed-off-by: William Dauchy <w.dauchy@criteo.com>
 2020-07-14 12:15:46 +02:00
William Dauchy
f4c7d41d14 add basic namespace support for listen address 
- this patch adds `listen-netns` parameter
- when set the listening socket will be created in the given namespace

it allows to properly segregate your traffic:
- do the backend traffic in the root namespace
- receive the VIP traffic in a given namespace

All this patch is widely inspired by haproxy implementation which allows
to bind each IP in a given namespace.

Resolves: #316

Signed-off-by: William Dauchy <w.dauchy@criteo.com>
 2020-07-13 18:11:30 +02:00
Nikos Mavrogiannopoulos
a060acf9e3 Merge branch 'tmp-alpine' into 'master' 
.gitlab-ci.yml: added alpine linux CI run

See merge request openconnect/ocserv!193
 2020-07-11 11:40:50 +00:00
Nikos Mavrogiannopoulos
2aaa287a4c icmp-ping: removed unnecessary assignments 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-11 13:00:20 +02:00
Nikos Mavrogiannopoulos
dc042ec327 occtl: fixed issues with unused variables 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-11 12:57:22 +02:00
Nikos Mavrogiannopoulos
541bf6f137 .gitlab-ci.yml: added alpine linux CI run 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-11 12:54:26 +02:00
Nikos Mavrogiannopoulos
4ba30c87e5 worker-privs: use signal.h instead of sys/signal.h 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-11 12:54:26 +02:00
Alan Jowett
6533299b78 Improve accept rate limitation and make it conditional on queue depth. 
Resolves: #310

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-07-11 12:51:29 +02:00
Nikos Mavrogiannopoulos
fba372ba0a Merge branch 'issue317' into 'master' 
Check for presence of /dev/net/tun device in tests that need them.

See merge request openconnect/ocserv!192
 2020-07-11 09:33:36 +00:00
Alan Jowett
770c4202f5 Provide option to suppress tests that depend on /dev/net/tun 
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-07-08 14:31:35 -06:00
Nikos Mavrogiannopoulos
9ae0c9831d NEWS: doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-03 18:25:53 +02:00
Nikos Mavrogiannopoulos
9210852bb5 Merge branch '#312' into 'master' 
OpenBSD lacks support for procfs

See merge request openconnect/ocserv!184
 2020-07-03 16:21:05 +00:00
Alan Jowett
be17dac16f OpenBSD lacks support for procfs 
Based on
60641282df.

Snapshot of config files are used to ensure that ocserv-sm and
ocserv-worker remain in sync. These snapshots are anonymous files that
are passed via a file descriptor. A worker creates a new file
description and file descriptor by using open(2) on /proc/self/fd.
Unfortunately OpenBSD lacks support for procfs.

Instead of using snapshot of config files let workers use the config
files.

While here add a note to README.md about this limitation, and add a CI
run (from @nmav).

Signed-off-by: Björn Ketelaars <bjorn.ketelaars@hydroxide.nl>
 2020-07-01 16:20:46 +02:00
Nikos Mavrogiannopoulos
baa9ae84db Merge branch 'tmp-coverity-updates' into 'master' 
Fixes related to coverity report

See merge request openconnect/ocserv!190
 2020-06-30 20:36:28 +00:00
Nikos Mavrogiannopoulos
ce89e0f582 Ensure that unchecked function calls are for a reason and fix otherwise 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-30 21:53:34 +02:00
Nikos Mavrogiannopoulos
0307f49a04 config: corrected typo in vhost assignment resulting to dead code 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-30 21:48:03 +02:00
Nikos Mavrogiannopoulos
d0857bd955 session_open: improved check for null config 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-30 21:47:58 +02:00
Nikos Mavrogiannopoulos
99fd5410bf setsockopt: always check its return value 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-30 21:46:32 +02:00
Nikos Mavrogiannopoulos
cc8d4a90a8 config: removed unnecessary null check 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-30 21:46:32 +02:00