GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,318 Commits 19 Branches 88 Tags
df61f59e3e689959a548818251d4d5f17fbd8a13
Commit Graph

3318 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
3065b5c54e Merge branch 'issue315' into 'master' 
Filter out sensitive headers when logging

Closes #315

See merge request openconnect/ocserv!187
 2020-06-30 19:43:27 +00:00
Alan Jowett
4204d8a5c0 Resolves: #315 
Filter out sensitive headers when logging

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-06-30 08:57:44 -06:00
Nikos Mavrogiannopoulos
e4f5c93381 Merge branch 'tmp-tests-stability' into 'master' 
tests: improve stability of certain tests

See merge request openconnect/ocserv!191
 2020-06-30 11:47:01 +00:00
Nikos Mavrogiannopoulos
fc5a1580e0 .gitlab-ci.yml: updated for new spec file 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-29 12:06:35 +02:00
Nikos Mavrogiannopoulos
6f3b20f17b radius-config: stability updates 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-29 12:06:35 +02:00
Nikos Mavrogiannopoulos
95fb96ee32 test-udp-listen-host: added some reliability improvements 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-29 12:06:29 +02:00
Nikos Mavrogiannopoulos
7a03b9c6a0 Merge branch 'tmp-syslog-fix' into 'master' 
syslog: LOG_AUTH is not a priority

See merge request openconnect/ocserv!188
 2020-06-28 16:05:34 +00:00
Nikos Mavrogiannopoulos
63866a7770 syslog: LOG_AUTH is not a priority 
The first argument of syslog() is a priority indicator.
The LOG_AUTH which was being provided is a facility indicator.
Report the previously LOG_AUTH issues with the LOG_NOTICE
priority.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-27 15:36:58 +02:00
Nikos Mavrogiannopoulos
8457249a8e README.md: removed badges and added section for supported platforms 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-24 20:22:04 +02:00
Nikos Mavrogiannopoulos
1da9c1b3b0 .gitlab-ci.yml: fix rpm generation 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-16 22:17:07 +02:00
Nikos Mavrogiannopoulos
56794e4b0c bumped version 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
1.1.0 		2020-06-16 19:37:45 +02:00
Nikos Mavrogiannopoulos
dd648772a6 Merge branch 'tmp-311' into 'master' 
tests: detect openconnect's path and fail if not found

Closes #311

See merge request openconnect/ocserv!182
 2020-06-11 21:08:34 +00:00
Nikos Mavrogiannopoulos
fdb80bb23e tests: detect openconnect's path and fail if not found 
Resolves: #311

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-11 22:26:33 +02:00
Nikos Mavrogiannopoulos
62cd787536 Log X-DTLS-App-ID and X-DTLS-Session-ID when sent 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-08 10:41:22 +02:00
Nikos Mavrogiannopoulos
f25875c758 Merge branch 'tmp-268' into 'master' 
tests: added test cases for no-route in group and main configuration

See merge request openconnect/ocserv!181
 2020-06-02 10:13:36 +00:00
Nikos Mavrogiannopoulos
1dacbb13a7 tests: added test cases for no-route in group and main configuration 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-30 10:38:44 +02:00
Nikos Mavrogiannopoulos
59bdd070b6 Merge branch 'latency_stats' into 'master' 
Add reporting of RX latency

Closes #258

See merge request openconnect/ocserv!145
 2020-05-27 08:42:12 +00:00
Alan Jowett
722e030e58 Add reporting of RX latency 
Resolve: #258

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-05-26 18:14:36 -06:00
Nikos Mavrogiannopoulos
efa7a61538 addressed resource leaks pointed by coverity 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-26 12:29:13 +02:00
Nikos Mavrogiannopoulos
7b294e0b0e snapshot_create: removed dead code 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-26 12:25:03 +02:00
Nikos Mavrogiannopoulos
0b146e5223 addressed several issues found by coverity 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-26 12:23:52 +02:00
Nikos Mavrogiannopoulos
2df4eb71fe NEWS: mention ocserv-worker binary 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-05-25 08:37:26 +02:00
Alan Jowett
ce66485ee6 Uses fork/exec to limit memory footprint of ocserv-worker processes 
Capture all the required worker process state in a protobuf and
pass to worker via env. Snapshot all config files to ensure ocserv-sm
and ocserv-worker remain in sync. Split ocserv-worker functionality
into it's own executable with minimal dependencies.

Resolves: #285

Signed-off-by: Alan Jowett alanjo@microsoft.com
 2020-05-25 08:33:16 +02:00
Nikos Mavrogiannopoulos
fb4116b2d7 Merge branch 'tmp-267-fix' into 'master' 
translate labels to groups when provided by client

Closes #267

See merge request openconnect/ocserv!180
 2020-05-25 06:22:35 +00:00
Nikos Mavrogiannopoulos
3a8e280a92 translate labels to groups when provided by client 
This addresses issues with anyconnect clients which send back the descriptive labels.

Resolves #267

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-21 22:24:17 +02:00
Nikos Mavrogiannopoulos
70f1fb2768 Merge branch 'tmp-rpmgen-fix' into 'master' 
.gitlab-ci.yml: fix rpm generation testing when version matches

See merge request openconnect/ocserv!179
 2020-05-16 18:15:45 +00:00
Nikos Mavrogiannopoulos
7f7bb95f81 .gitlab-ci.yml: fix rpm generation testing when version matches 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-16 11:53:35 +02:00
Nikos Mavrogiannopoulos
d94655fd2b Merge branch 'tmp-176' into 'master' 
tun: Bring up interface before setting IPv6 route on Linux

Closes #301

See merge request openconnect/ocserv!178
 2020-05-13 21:50:11 +00:00
Michael Brown
a227d6d66d tun: Bring up interface before setting IPv6 route on Linux 
Linux kernel commit 955ec4c ("net/ipv6: Do not allow route add with a
device that is down") rejects attempts to install an IPv6 route on an
interface that is not yet up.  This commit is first included in kernel
4.16.

The current code in os_set_ipv6_addr brings up the interface only
after attempting to install the IPv6 route.  On kernel 4.16 or later,
this fails with the error "Error setting route to remote IPv6: Network
is down".

Fix by switching the order of code blocks to bring the interface up
before attempting to configure the route.

Resolves: #301
Signed-off-by: Michael Brown <mbrown@fensystems.co.uk>
 2020-05-13 06:16:30 +02:00
Nikos Mavrogiannopoulos
03b05526c3 tests: check whether ipv6 interface is up 
Relates: #301

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-13 06:16:27 +02:00
Nikos Mavrogiannopoulos
10e3136a43 Merge branch 'tmp-eperm' into 'master' 
worker: allow filtered calls to fail with signal

See merge request openconnect/ocserv!175
 2020-05-11 19:15:30 +00:00
Nikos Mavrogiannopoulos
f9d8b3afc8 worker: enable all system calls used by worker 
This allows the set of non-blocking sockets in worker processes.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-10 21:45:18 +02:00
Nikos Mavrogiannopoulos
350250ea82 worker: allow filtered calls to fail with a trap 
This adds a fedora CI run to with filtered calls failing
with a signal in order to detect missing syscalls from our filters.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-10 21:45:05 +02:00
Nikos Mavrogiannopoulos
4e00087b57 .gitlab-ci.yml: the freebsd system became unavailable 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-02 06:10:08 +02:00
Nikos Mavrogiannopoulos
783c240998 ocsigaltstack: posix_memaligns does not return negative on failure 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-02 06:09:16 +02:00
Nikos Mavrogiannopoulos
7d4190a0a3 seccomp: fail with ENOSYS instead of EPERM 
When new calls are introduced in the kernel a libc may
chose to move to them. Having our filter return ENOSYS
will signal libc to fallback to the previous call which
exists in the filter.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-02 06:03:53 +02:00
Alan Jowett
75470d99c3 When setting up the DTLS session, close the previous DTLS session if it exists. 
Resolves: #293

Signed-off-by: Alan Jowett alanjo@microsoft.com
 2020-04-29 13:39:28 +02:00
Nikos Mavrogiannopoulos
d2def367c3 Merge branch 'issue291' into 'master' 
Remove unused code when --disable-compression is set.

Closes #291

See merge request openconnect/ocserv!170
 2020-04-27 19:56:56 +00:00
Alan Jowett
7e5052782e Remove unused code when --disable-compression is set. 
Resolves: #291

Singed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-04-27 09:18:09 -06:00
Nikos Mavrogiannopoulos
df5ea8bd3d Merge branch 'isssue290' into 'master' 
Remove unused code when --disable-anyconnect-compat is set.

Closes #290

See merge request openconnect/ocserv!169
 2020-04-27 11:35:58 +00:00
Alan Jowett
8cac05dac2 Remove unused code when --disable-anyconnect-compat is set. 
Resolves: #290

Signed-off-by: Alan Jowett alanjo@microsoft.com
 2020-04-26 13:10:10 -06:00
Nikos Mavrogiannopoulos
c407ef9cc5 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-04-22 21:36:48 +02:00
Nikos Mavrogiannopoulos
626ca7f377 configure: fixed enable-oidc-auth help message 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-04-22 13:01:43 +02:00
Alan Jowett
b63ecb7717 Kill ocserv workers before ocserv-main or ocserv-secmod 
On systems that are running low on memory, the ocserv worker processes
should be killed before the ocserv-main or ocserv-sm process.

To achieve this, we set /proc/self/oom_score_adj to 1000

Resolves: #283

Signed-off-by: Alan TG Jowett <alan.jowett@microsoft.com>
 2020-04-22 12:59:07 +02:00
Nikos Mavrogiannopoulos
deef4603a0 Merge branch 'issue284' into 'master' 
Attempt to download updated JWKs if the client presents an unknown key.

Closes #284

See merge request openconnect/ocserv!168
 2020-04-22 10:56:55 +00:00
Alan Jowett
9d9907ef5e Attempt to download updated JWKs if the client presents an unknown key. 
Limit the download of keys to every 900s.

Resolves: #284
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-04-19 16:30:12 -06:00
Nikos Mavrogiannopoulos
e79348a154 corrected typo 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-04-17 22:14:58 +02:00
Nikos Mavrogiannopoulos
df3b925524 Merge branch 'tmp-disable-nagle' into 'master' 
Disable TCP queuing on the TLS port.

See merge request openconnect/ocserv!165
 2020-04-11 17:31:22 +00:00
Nikos Mavrogiannopoulos
c702227b3b Merge branch 'tmp-enable-kerberos' into 'master' 
Fix kerberos tests

See merge request openconnect/ocserv!149
 2020-04-10 21:44:55 +00:00
Nikos Mavrogiannopoulos
fd2bd42cb2 .gitlab-ci.yml: corrected kerberos tests 
This also corrects the kerberos test script environment
to enable running the test.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-04-10 23:06:07 +02:00