GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,575 Commits 19 Branches 88 Tags
e0a2fa4c3cca76dceec1610ee4b2dfe68a394172
Commit Graph

120 Commits

Author SHA1 Message Date
Dimitri Papadopoulos
c009134915 Add codespell CI runner 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2021-12-23 10:04:30 +01:00
Nikos Mavrogiannopoulos
cffd7d23b3 fedora: updated to 35 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-12-22 19:38:16 +01:00
Nikos Mavrogiannopoulos
ceebc11cc4 tests: check functionality of an IPv6 net with prefix 127 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-10-31 22:26:16 +01:00
Nikos Mavrogiannopoulos
807250f78e cppcheck: ignore SELF_TEST in ccan/hash 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-09-13 22:17:57 +02:00
Nikos Mavrogiannopoulos
3c783faaa2 .gitlab-ci.yml: removed epel RPM builds on second stage 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 22:55:19 +02:00
Nikos Mavrogiannopoulos
173b5abd56 .gitlab-ci.yml: updated fedora image name 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 21:42:51 +02:00
Nikos Mavrogiannopoulos
3d5981c0f2 .gitlab-ci.yml: enabled more tests on ubuntu20.04 minimal 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-16 22:43:46 +02:00
Nikos Mavrogiannopoulos
59e4539736 .gitlab-ci.yml: merged options from minimal and Ubuntu minimal 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-16 22:19:00 +02:00
Nikos Mavrogiannopoulos
44bff9ce5e .gitlab-ci.yml: corrected syntax 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 13:27:27 +01:00
Nikos Mavrogiannopoulos
39a86845cb .gitlab-ci.yml: RPM/epel8: undo downstream patch 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 11:44:50 +01:00
Nikos Mavrogiannopoulos
3702debb95 README.md: no longer recommend pcllib 
It is a very small library that doesn't change, not used by
any other projects and we bundle it. Let's use the bundled
version by default.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-09 09:29:45 +01:00
Nikos Mavrogiannopoulos
a2e2bf0053 .gitlab-ci.yml: ubuntu: enabled nuttcp tests 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-12-03 10:57:32 +01:00
Nikos Mavrogiannopoulos
6d8bcb4795 .gitlab-ci.yml: do not use --disable-maintainer-mode 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-11-12 16:55:01 +01:00
Nikos Mavrogiannopoulos
dfadd45b9b Makefile: removed unused rules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-11-12 16:37:25 +01:00
Nikos Mavrogiannopoulos
940e489500 .gitlab-ci.yml: i386/Debian: do not run on schedules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-10-21 16:30:09 +02:00
Nikos Mavrogiannopoulos
b7575cc220 tests: fixed space after \ 
Also ensure that similar warnings are treated as errors
in CI.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-10-18 21:15:40 +02:00
Alan Jowett
afe437f8eb Raise warning level on malloc to catch double frees earlier. 
Signed-off-by: Alan Jowett alan.jowett@microsoft.com
 2020-10-09 09:39:35 -06:00
Nikos Mavrogiannopoulos
d0a509c6c3 tests: introduced new proxy protocol tests 
This replaces the old no longer used "docker-tests".

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 21:32:27 +02:00
Nikos Mavrogiannopoulos
0ecef93423 .gitlab-ci.yml: reenable address sanitizer 
This disables all the tests that use LD_PRELOAD, and thus limits
the test suite on the tests that are run as root.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-05 23:08:43 +02:00
Nikos Mavrogiannopoulos
7a3475951f Merge branch 'tmp-introduce-clang' into 'master' 
.gitlab-ci.yml: introduced clang compilation

See merge request openconnect/ocserv!203
 2020-08-03 13:36:15 +00:00
Nikos Mavrogiannopoulos
0fa951a06b .gitlab-ci.yml: introduced clang compilation 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-03 14:54:59 +02:00
Nikos Mavrogiannopoulos
0aed7584d9 Merge branch 'tmp-add-x86' into 'master' 
.gitlab-ci.yml: added i386 build

See merge request openconnect/ocserv!158
 2020-07-31 12:31:53 +00:00
Nikos Mavrogiannopoulos
1759bfdc4f .gitlab-ci.yml: added i386 build 
This introduces an i386 CI build to catch issues that relate
to 32-bit systems.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-31 13:50:37 +02:00
Nikos Mavrogiannopoulos
ce1911ffca .gitlab-ci.yml: added auto-triage rules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-28 21:39:28 +02:00
Nikos Mavrogiannopoulos
d0a12f6d8e .gitlab-ci.yml: coverity: use centos8 image 
This addresses incompatibilities with Fedora32.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 00:30:19 +02:00
Nikos Mavrogiannopoulos
0811d7d46b coverity: enable OIDC and latency stats in coverity run 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-23 09:00:20 +02:00
Nikos Mavrogiannopoulos
a1f5fbf206 .gitlab-ci.yml: reduce unnecessary runs in schedules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-23 08:57:46 +02:00
Nikos Mavrogiannopoulos
0d1ae8a53d .gitlab-ci.yml: updated ubuntu build to 20.04 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-18 21:30:12 +02:00
William Dauchy
f4c7d41d14 add basic namespace support for listen address 
- this patch adds `listen-netns` parameter
- when set the listening socket will be created in the given namespace

it allows to properly segregate your traffic:
- do the backend traffic in the root namespace
- receive the VIP traffic in a given namespace

All this patch is widely inspired by haproxy implementation which allows
to bind each IP in a given namespace.

Resolves: #316

Signed-off-by: William Dauchy <w.dauchy@criteo.com>
 2020-07-13 18:11:30 +02:00
Nikos Mavrogiannopoulos
541bf6f137 .gitlab-ci.yml: added alpine linux CI run 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-11 12:54:26 +02:00
Alan Jowett
be17dac16f OpenBSD lacks support for procfs 
Based on
60641282df.

Snapshot of config files are used to ensure that ocserv-sm and
ocserv-worker remain in sync. These snapshots are anonymous files that
are passed via a file descriptor. A worker creates a new file
description and file descriptor by using open(2) on /proc/self/fd.
Unfortunately OpenBSD lacks support for procfs.

Instead of using snapshot of config files let workers use the config
files.

While here add a note to README.md about this limitation, and add a CI
run (from @nmav).

Signed-off-by: Björn Ketelaars <bjorn.ketelaars@hydroxide.nl>
 2020-07-01 16:20:46 +02:00
Nikos Mavrogiannopoulos
fc5a1580e0 .gitlab-ci.yml: updated for new spec file 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-29 12:06:35 +02:00
Nikos Mavrogiannopoulos
1da9c1b3b0 .gitlab-ci.yml: fix rpm generation 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-06-16 22:17:07 +02:00
Alan Jowett
722e030e58 Add reporting of RX latency 
Resolve: #258

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-05-26 18:14:36 -06:00
Alan Jowett
ce66485ee6 Uses fork/exec to limit memory footprint of ocserv-worker processes 
Capture all the required worker process state in a protobuf and
pass to worker via env. Snapshot all config files to ensure ocserv-sm
and ocserv-worker remain in sync. Split ocserv-worker functionality
into it's own executable with minimal dependencies.

Resolves: #285

Signed-off-by: Alan Jowett alanjo@microsoft.com
 2020-05-25 08:33:16 +02:00
Nikos Mavrogiannopoulos
7f7bb95f81 .gitlab-ci.yml: fix rpm generation testing when version matches 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-16 11:53:35 +02:00
Nikos Mavrogiannopoulos
03b05526c3 tests: check whether ipv6 interface is up 
Relates: #301

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-13 06:16:27 +02:00
Nikos Mavrogiannopoulos
350250ea82 worker: allow filtered calls to fail with a trap 
This adds a fedora CI run to with filtered calls failing
with a signal in order to detect missing syscalls from our filters.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-10 21:45:05 +02:00
Nikos Mavrogiannopoulos
4e00087b57 .gitlab-ci.yml: the freebsd system became unavailable 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-05-02 06:10:08 +02:00
Alan Jowett
7e5052782e Remove unused code when --disable-compression is set. 
Resolves: #291

Singed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-04-27 09:18:09 -06:00
Alan Jowett
8cac05dac2 Remove unused code when --disable-anyconnect-compat is set. 
Resolves: #290

Signed-off-by: Alan Jowett alanjo@microsoft.com
 2020-04-26 13:10:10 -06:00
Nikos Mavrogiannopoulos
fd2bd42cb2 .gitlab-ci.yml: corrected kerberos tests 
This also corrects the kerberos test script environment
to enable running the test.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-04-10 23:06:07 +02:00
Nikos Mavrogiannopoulos
aa9c401cac Prevent clients with a broken GnuTLS version from connecting using DTLS 
That prevents clients that send an all-zero DTLS client hello from being
able to establish a connection.

That also introduces the OCSERV_ALLOW_BROKEN_CLIENTS environment variable
which when set to 1 it allows broken clients to connect. This is used
mainly to allow test cases to pass to existing vulnerable systems in our
CI.

Resolves: #277

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-04-03 12:51:22 +02:00
Nikos Mavrogiannopoulos
88059e43ac .gitlab-ci.yml: no longer test on Centos6 
This is a very old platform with old openconnect available in EPEL.
We do not need to keep compatibility with it.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-03-16 22:56:18 +01:00
Nikos Mavrogiannopoulos
3544e3ee2b tests: verify environment under Apple clients 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-03-16 22:21:37 +01:00
Nikos Mavrogiannopoulos
c4759fd334 .gitlab-ci.yml: introduce run with -Werror 
This allows catching warnings that could have slipped in.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2020-03-12 19:47:50 +01:00
Alan Jowett
b43e782b12 Add support for RFC6750 bearer tokens to ocserv 
This permits the validation of OpenID Connect auth tokens OpenID
Connect is an OAuth 2.0 protocol used to identify a resource owner
(VPN client end-user) to a resource server (VPN server) intermediated
by an Authorization server.

Resolves: #240

Signed-off-by: Alan TG Jowett <alan.jowett@microsoft.com>
 2020-03-09 21:48:04 +01:00
Nikos Mavrogiannopoulos
6558653c4b .gitlab-ci.yml: include the right build in schedules [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-02-26 12:48:10 +01:00
Nikos Mavrogiannopoulos
85108c7598 .gitlab-ci.yml: corrected 'only' use in coverity build 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-02-26 12:43:34 +01:00
Nikos Mavrogiannopoulos
91de6c889e Merge branch 'tmp-coverity' into 'master' 
.gitlab-ci.yml: coverity jobs only run on schedules

See merge request openconnect/ocserv!138
 2020-02-22 23:21:16 +00:00