GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,575 Commits 19 Branches 88 Tags
e0a2fa4c3cca76dceec1610ee4b2dfe68a394172
Commit Graph

3575 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
176a10b8dc configure.ac: 1.1.4 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
1.1.4 		2021-11-13 08:45:56 +01:00
Nikos Mavrogiannopoulos
697f5f9bc2 maxmind: ensure that asprintf is checked 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-11-13 08:45:14 +01:00
Nikos Mavrogiannopoulos
5f943148be NEWS: released 1.1.4 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-11-13 08:42:52 +01:00
Nikos Mavrogiannopoulos
4f9c4de805 lgtm: ignore unuseful warnings 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-11-13 08:41:30 +01:00
Nikos Mavrogiannopoulos
6e821c3df3 Merge branch 'tmp-allow-small-prefix' into 'master' 
Do not assign an IPv6 address to client that matches the network

Closes #430

See merge request openconnect/ocserv!273
 2021-11-12 17:45:26 +00:00
Nikos Mavrogiannopoulos
11c79189cc tests: skip leaks in occtl 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-11-01 10:23:01 +01:00
Nikos Mavrogiannopoulos
296b4fb4fe test-explicit-ip: corrected the illegal IP address 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-10-31 22:26:25 +01:00
Nikos Mavrogiannopoulos
3995473219 NEWS: doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-10-31 22:26:25 +01:00
Nikos Mavrogiannopoulos
ceebc11cc4 tests: check functionality of an IPv6 net with prefix 127 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-10-31 22:26:16 +01:00
Nikos Mavrogiannopoulos
8ac992d273 Do not assign the same local and remote IPs 
Resolves: #430

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-10-31 17:18:42 +01:00
Nikos Mavrogiannopoulos
471d804e28 Merge branch 'tmp-codespell' into 'master' 
Typos found by codespell

See merge request openconnect/ocserv!271
 2021-10-09 16:25:14 +00:00
Nikos Mavrogiannopoulos
7fc33ad008 sample.config: documented sec-mod-scale 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-10-09 18:07:08 +02:00
Dimitri Papadopoulos
81df79a95b Typos found by codespell 
Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com>
 2021-10-09 17:57:11 +02:00
Nikos Mavrogiannopoulos
d8d19837d9 Merge branch 'tmp-no-self-test' into 'master' 
hash.c: removed self-test

See merge request openconnect/ocserv!272
 2021-10-07 07:50:46 +00:00
Nikos Mavrogiannopoulos
890a37ebea doc update 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-10-07 09:34:21 +02:00
Nikos Mavrogiannopoulos
53dfa056a4 hash.c: removed self-test 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-10-07 09:30:23 +02:00
Nikos Mavrogiannopoulos
80fd3293b2 Merge branch 'tmp-ignore-self-test' into 'master' 
cppcheck: ignore SELF_TEST in ccan/hash

See merge request openconnect/ocserv!269
 2021-09-14 07:15:50 +00:00
Nikos Mavrogiannopoulos
807250f78e cppcheck: ignore SELF_TEST in ccan/hash 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-09-13 22:17:57 +02:00
Luo Bo
ec14f60b79 seccomp: Add epoll_pwait to allow list. AArch64 requires this. 
Signed-off-by: Luo Bo <luobodi@hotmail.com>
 2021-09-13 22:07:08 +02:00
Nikos Mavrogiannopoulos
664d88d84e README.md: updated [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-23 09:17:56 +02:00
Nikos Mavrogiannopoulos
644873f5a9 README.md: updated [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-23 09:16:35 +02:00
Nikos Mavrogiannopoulos
45fcdbf0b3 Merge branch 'tmp-log-simple' into 'master' 
Clean ups on logging

See merge request openconnect/ocserv!266
 2021-06-12 21:11:30 +00:00
Nikos Mavrogiannopoulos
3c783faaa2 .gitlab-ci.yml: removed epel RPM builds on second stage 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 22:55:19 +02:00
Nikos Mavrogiannopoulos
add3272c1d disable_system_calls: added newfstatat unconditionally 
It is required in newer glibc.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 22:23:36 +02:00
Nikos Mavrogiannopoulos
4bfb42cb34 pcl: removed code causing use-after-free 
Found by static analyzer.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 21:46:28 +02:00
Nikos Mavrogiannopoulos
173b5abd56 .gitlab-ci.yml: updated fedora image name 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 21:42:51 +02:00
Nikos Mavrogiannopoulos
29995ebd43 log: simplified logging process 
This combines duplicate logic, and allows uncovering errors
when the wrong log level is specified.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 21:42:51 +02:00
Nikos Mavrogiannopoulos
bcf6ed7204 worker: minor improvements in log messages 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 21:42:21 +02:00
Nikos Mavrogiannopoulos
6daa24f010 worker: correct log message 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-06-12 10:16:27 +02:00
Nikos Mavrogiannopoulos
559a0f85c6 released 1.1.3 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
1.1.3 		2021-06-02 08:32:46 +02:00
Nikos Mavrogiannopoulos
750a4bfb3f NEWS: removed X-CSTP-Lease-Duration 
This amends fac0244f3e

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-23 18:58:28 +02:00
Nikos Mavrogiannopoulos
60af6e3f6a Merge branch 'do_not_set_X-CSTP-Lease-Duration_header' into 'master' 
Do not set X-CSTP-Lease-Duration header

See merge request openconnect/ocserv!265
 2021-05-22 18:17:29 +00:00
Daniel Lenski
fac0244f3e Do not set X-CSTP-Lease-Duration header 
This header was added in dd34f85875.
The intention was to allow clients to accurately determine the remaining
lifetime of the authentication session by replicating the headers that Cisco
servers were observed to send. See https://gitlab.com/openconnect/openconnect/-/merge_requests/156
for the client-side implementation in OpenConnect.

However, two users of ocserv have now reported that the *presence* of this
header *breaks* compatibility with newer Cisco AnyConnect clients
(https://gitlab.com/openconnect/ocserv/-/issues/414#note_581221384,
https://gitlab.com/openconnect/ocserv/-/issues/232#note_477714207).

This patch removes the `X-CSTP-Lease-Duration` header, while leaving behind
the `X-CSTP-Session-Timeout` and `X-CSTP-Session-Timeout-Remaining` headers.
With

(a) Cisco AnyConnect clients are able to correct (tested at
    https://gitlab.com/openconnect/ocserv/-/issues/414#note_581563460)
(b) OpenConnect clients are still able to determine the authentication session
    lifetime (https://gitlab.com/openconnect/ocserv/-/issues/414#note_582314323)

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
 2021-05-22 10:32:52 -07:00
Nikos Mavrogiannopoulos
b37544b513 Merge branch 'refactorlogging' into 'master' 
Separated logging level from debug-ability

See merge request openconnect/ocserv!262
 2021-05-18 18:38:50 +00:00
Russell Young
658ffb47df Separated logging level from debug-ability 
Modified code to separate logging level from the debug-ability. Added new command line option -x or --traceable to control the pr_dumpable state (default is pr_dumpable false) Added config parameter for controlling the log-level the option is "log-level" it can also be specified on the commandline with -d or --debug.

Signed-off-by: Russell Young <ruyoung@microsoft.com>
 2021-05-18 18:38:49 +00:00
Nikos Mavrogiannopoulos
797d6f75d0 Merge branch 'bypass-protocol' into 'master' 
add client-bypass-protocol config option

Closes #407

See merge request openconnect/ocserv!261
 2021-05-18 07:15:43 +00:00
fdomain
b3fe0d85c2 Added client-bypass-protocol config option 
By default, anyconnect clients will drop all traffic of a given IP
version if there is no IP address in that version assigned to the
client. The client-bypass-protocol option, if enabled, will send an
extra header to the clients telling anyconnect client to bypass VPN
tunnel if there is no IP assigned. No impact for openconnect clients,
this header will simply be ignored.

Signed-off-by: Florian Domain <f.domain@criteo.com>
 2021-05-18 07:15:43 +00:00
Nikos Mavrogiannopoulos
4eb211d8d0 Merge branch 'tmp-minimal-fix' into 'master' 
.gitlab-ci.yml: merged options from minimal and Ubuntu minimal

See merge request openconnect/ocserv!264
 2021-05-16 21:27:05 +00:00
Nikos Mavrogiannopoulos
3d5981c0f2 .gitlab-ci.yml: enabled more tests on ubuntu20.04 minimal 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-16 22:43:46 +02:00
Nikos Mavrogiannopoulos
59e4539736 .gitlab-ci.yml: merged options from minimal and Ubuntu minimal 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-16 22:19:00 +02:00
Nikos Mavrogiannopoulos
1d32c5052e updated NEWS for the owasp headers 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-05-16 21:33:42 +02:00
Nikos Mavrogiannopoulos
2584222a3f Merge branch 'owasp-headers' into 'master' 
Owasp headers

See merge request openconnect/ocserv!263
 2021-05-14 17:41:14 +00:00
Russ Young
1d5b699e49 Changed mode 2021-05-12 13:27:35 -06:00
Russ Young
c4bc01766d Removed conditional code for OWASP headers 2021-05-12 11:56:09 -06:00
Russ Young
065f51e6af Added build flags and Test for OWASP headers 2021-04-20 11:55:28 -06:00
Russ Young
f3e23793a7 Added the default OWASP http headers to http responses. 2021-04-14 13:59:04 -06:00
Nikos Mavrogiannopoulos
415a6bce7b Merge branch 'tmp-coverity-fixes' into 'master' 
Include fixes identified by coverity

See merge request openconnect/ocserv!260
 2021-04-02 18:56:09 +00:00
Nikos Mavrogiannopoulos
3f0ece492f set_self_oom_score_adj: corrected error handling 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-04-01 17:16:12 +02:00
Nikos Mavrogiannopoulos
2d1bd947e2 ctl_handler_init: fixed resource leaks 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-04-01 17:09:25 +02:00
Nikos Mavrogiannopoulos
6677ac04fa occtl: fixed uninitialized value 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2021-04-01 14:52:27 +02:00