GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,335 Commits 19 Branches 88 Tags
e5fced512fc68012356cb343db8e6e999864b0c4
Commit Graph

3335 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
e5fced512f Merge branch 'tmp-test-updates2' into 'master' 
tests: eliminate legacy docker tests

See merge request openconnect/ocserv!209
 2020-08-09 20:13:31 +00:00
Nikos Mavrogiannopoulos
d0a509c6c3 tests: introduced new proxy protocol tests 
This replaces the old no longer used "docker-tests".

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 21:32:27 +02:00
Nikos Mavrogiannopoulos
5021c994db tests: always use @ISOLATE_WORKERS@ 
Now all tests configs are being auto-generated, so this variable
will be replaced.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 19:56:37 +02:00
Nikos Mavrogiannopoulos
8f3dd01483 sample.config: disable all legacy TLS versions by default 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 18:41:24 +02:00
Nikos Mavrogiannopoulos
c914b8d398 Merge branch 'tmp-test-updates' into 'master' 
test updates

Closes #340

See merge request openconnect/ocserv!207
 2020-08-09 16:39:57 +00:00
Nikos Mavrogiannopoulos
d84272ffed tests: added test for ping-leases 
Resolves: #340

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 17:59:04 +02:00
Nikos Mavrogiannopoulos
b2c0c6c1cf tests: replaced explicit ports with random assignment 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 13:14:22 +02:00
Nikos Mavrogiannopoulos
f814cf851b tests: added session resumption test 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-09 11:54:04 +02:00
Nikos Mavrogiannopoulos
ae9f299b0f Merge branch 'tmp-warn-in-password-auth' into 'master' 
config: error when multiple password authentication methods are present

See merge request openconnect/ocserv!205
 2020-08-06 11:10:53 +00:00
Nikos Mavrogiannopoulos
c3e62fe7a3 Merge branch 'tmp-enable-asan' into 'master' 
.gitlab-ci.yml: reenable address sanitizer

See merge request openconnect/ocserv!202
 2020-08-06 11:10:13 +00:00
Nikos Mavrogiannopoulos
0ecef93423 .gitlab-ci.yml: reenable address sanitizer 
This disables all the tests that use LD_PRELOAD, and thus limits
the test suite on the tests that are run as root.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-05 23:08:43 +02:00
Nikos Mavrogiannopoulos
7a7d432d0f use REMOTE_HOSTNAME to pass the user's advertised hostname 
The previously used HOSTNAME variable is being overriden by bash and
thus was not a reliable one. We switch to setting REMOTE_HOSTNAME,
but keep the HOSTNAME for compatibility.

This also changes 'test-pass-script' to check for the new variable.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-05 23:05:24 +02:00
Nikos Mavrogiannopoulos
08c0eecc85 config: error when multiple password authentication methods are present 
This prevents starting a server with an invalid configuration.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-05 22:46:24 +02:00
Nikos Mavrogiannopoulos
df61f59e3e config: better debug messages on default vhost 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-05 22:26:49 +02:00
Nikos Mavrogiannopoulos
9ce249e583 Merge branch 'tmp-update-contribution-guide' into 'master' 
CONTRIBUTING.md: added more detailed contribution rules

See merge request openconnect/ocserv!204
 2020-08-05 05:08:34 +00:00
Nikos Mavrogiannopoulos
24a9945e0d CONTRIBUTING.md: added more detailed contribution rules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-04 23:38:20 +02:00
Nikos Mavrogiannopoulos
91712b3420 test-script-multi-user: do not run under asan 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-04 22:48:33 +02:00
Nikos Mavrogiannopoulos
99fd5d7263 test-pass-script: introduced more sophisticated timeouts 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-04 22:48:33 +02:00
Nikos Mavrogiannopoulos
d2a9f6b5de occtl: free the talloc pool on exit 
This eliminates any memory leaks pointed by asan.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-04 22:48:33 +02:00
Nikos Mavrogiannopoulos
e379b5075a snapshot: clear htable on cleanup 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-03 21:58:18 +02:00
Nikos Mavrogiannopoulos
7a3475951f Merge branch 'tmp-introduce-clang' into 'master' 
.gitlab-ci.yml: introduced clang compilation

See merge request openconnect/ocserv!203
 2020-08-03 13:36:15 +00:00
Nikos Mavrogiannopoulos
0fa951a06b .gitlab-ci.yml: introduced clang compilation 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-08-03 14:54:59 +02:00
Nikos Mavrogiannopoulos
0aed7584d9 Merge branch 'tmp-add-x86' into 'master' 
.gitlab-ci.yml: added i386 build

See merge request openconnect/ocserv!158
 2020-07-31 12:31:53 +00:00
Nikos Mavrogiannopoulos
1759bfdc4f .gitlab-ci.yml: added i386 build 
This introduces an i386 CI build to catch issues that relate
to 32-bit systems.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-31 13:50:37 +02:00
Nikos Mavrogiannopoulos
2f9d534e2c NEWS: corrected issue number [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-30 22:41:14 +02:00
Nikos Mavrogiannopoulos
9ac1be83cd README.md: removed unnecessary dependency [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-30 09:19:57 +02:00
Nikos Mavrogiannopoulos
8934be816c Merge branch 'issue326' into 'master' 
Pass the hostname to ocserv-main after receiving the connect request.

Closes #326

See merge request openconnect/ocserv!200
 2020-07-29 17:13:21 +00:00
Nikos Mavrogiannopoulos
ce1911ffca .gitlab-ci.yml: added auto-triage rules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-28 21:39:28 +02:00
Alan Jowett
34eab81339 Resolves: #326 
Pass the hostname to ocserv-main after receiving the connect request.

Signed-off-by: Alan Jowett <alanjo@microsoft.com>
 2020-07-28 13:37:20 -06:00
Nikos Mavrogiannopoulos
68eccaedf7 sample.config: documented host-update-script and added unit test 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-28 20:12:52 +02:00
Nikos Mavrogiannopoulos
2b4251eba7 Merge branch 'tmp-banner2' into 'master' 
Added the config option of a pre-login banner

Closes #313

See merge request openconnect/ocserv!199
 2020-07-27 20:56:22 +00:00
Nikos Mavrogiannopoulos
9460367822 Added the config option of a pre-login banner 
Resolves: #313

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-27 22:15:12 +02:00
Nikos Mavrogiannopoulos
fc842a8d5d Merge branch 'tmp-disconnect-user2' into 'master' 
Race free disconnection of a connected user with occtl

Closes #59

See merge request openconnect/ocserv!198
 2020-07-26 11:11:08 +00:00
Nikos Mavrogiannopoulos
8aa39b0106 Improved user disconnection to avoid race conditions 
Previously when we were disconnecting a user there were few seconds
after which the cookie was still valid, so a reconnect would succeed
by the same user. This change ensures that a disconnected (via occtl)
user cannot re-use the same cookie to connect. That enables a safe
user removal from the authentication database, and from run-time.

Resolves: #59

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 21:38:55 +02:00
Nikos Mavrogiannopoulos
f100dcfa9a occtl: corrected error code on failed commands 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 00:30:52 +02:00
Nikos Mavrogiannopoulos
e677c8b536 common: added textual description to all messages 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 00:30:52 +02:00
Nikos Mavrogiannopoulos
d0a12f6d8e .gitlab-ci.yml: coverity: use centos8 image 
This addresses incompatibilities with Fedora32.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-25 00:30:19 +02:00
Nikos Mavrogiannopoulos
0811d7d46b coverity: enable OIDC and latency stats in coverity run 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-23 09:00:20 +02:00
Nikos Mavrogiannopoulos
a1f5fbf206 .gitlab-ci.yml: reduce unnecessary runs in schedules 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-23 08:57:46 +02:00
Nikos Mavrogiannopoulos
3ebd9ecc3e Merge branch 'tmp-nobody' into 'master' 
README.md/sample.config: underline the need for a dedicated user

See merge request openconnect/ocserv!196
 2020-07-22 20:50:57 +00:00
Nikos Mavrogiannopoulos
e75e8d2471 README.md/sample.config: underline the need for a dedicated user 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-20 19:48:11 +02:00
Nikos Mavrogiannopoulos
bf8b22f3b9 Merge branch 'tmp-add-ubuntu20' into 'master' 
.gitlab-ci.yml: updated ubuntu build to 20.04

See merge request openconnect/ocserv!195
 2020-07-18 20:22:45 +00:00
Nikos Mavrogiannopoulos
0d1ae8a53d .gitlab-ci.yml: updated ubuntu build to 20.04 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-18 21:30:12 +02:00
Nikos Mavrogiannopoulos
f53d5e1395 Merge branch 'tmp-disable-tls13' into 'master' 
ocserv: disable TLS1.3 when cisco client compatibility is requested

Closes #318

See merge request openconnect/ocserv!194
 2020-07-18 19:27:10 +00:00
Nikos Mavrogiannopoulos
8d4238db68 README.md: added missing components 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-18 21:19:57 +02:00
Nikos Mavrogiannopoulos
5b8f3320d3 ocserv: disable TLS1.3 when cisco client compatibility is requested 
There are certain anyconnect clients which seem to fail connecting using
TLS1.3.

Resolves: #318

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2020-07-16 13:20:21 +02:00
Nikos Mavrogiannopoulos
5882c9468c doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2020-07-15 09:05:07 +02:00
Nikos Mavrogiannopoulos
d4824cc1fc Merge branch 'namespace' into 'master' 
add basic namespace support for listen address

See merge request openconnect/ocserv!189
 2020-07-15 07:02:32 +00:00
William Dauchy
1bb2d8800f tests, ns: use namespace option for all ip commands 
simplifies use of of `ip netns exec` when it is about ip commands

Signed-off-by: William Dauchy <w.dauchy@criteo.com>
 2020-07-14 12:15:46 +02:00
William Dauchy
f4c7d41d14 add basic namespace support for listen address 
- this patch adds `listen-netns` parameter
- when set the listening socket will be created in the given namespace

it allows to properly segregate your traffic:
- do the backend traffic in the root namespace
- receive the VIP traffic in a given namespace

All this patch is widely inspired by haproxy implementation which allows
to bind each IP in a given namespace.

Resolves: #316

Signed-off-by: William Dauchy <w.dauchy@criteo.com>
 2020-07-13 18:11:30 +02:00