GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,101 Commits 19 Branches 88 Tags
ea845a57fc8d7eeb38625990a305a486f33613cb
Commit Graph

3101 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
ea845a57fc tests: clean-up pam server initiation 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-11-17 11:10:19 +01:00
Nikos Mavrogiannopoulos
6739529e05 Merge branch 'tmp-anyconnect' into 'master' 
Improve IPv6 support for anyconnect clients

See merge request openconnect/ocserv!119
 2019-11-17 10:03:18 +00:00
Leendert van Doorn
f73269175a AnyConnect clients expect a different verb (X-CSTP-DNS-IP6) for passing IPv6 DNS addresses. 
Signed-off-by: Leendert van Doorn <leendert@paramecium.org>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-11-17 09:07:16 +01:00
Leendert van Doorn
e9b79254e7 Detect AnyConnect clients and allow IPV6 routes to be passed through. 
Signed-off-by: Leendert van Doorn <leendert@paramecium.org>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-11-17 09:01:53 +01:00
Nikos Mavrogiannopoulos
cb138ede03 sample.config: documented script exit code handling [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-10-30 08:24:06 +01:00
Nikos Mavrogiannopoulos
a5a1b2d62f .gitlab-ci.yml: added coverity build 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-10-23 10:37:46 +02:00
Nikos Mavrogiannopoulos
962de41fba released 0.12.5 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
ocserv_0_12_5 		2019-10-16 21:32:24 +02:00
Nikos Mavrogiannopoulos
caf8ed2d48 Merge branch 'tmp-maxmind' into 'master' 
occtl: use maxminddb when available

See merge request openconnect/ocserv!115
 2019-10-16 19:32:02 +00:00
Nikos Mavrogiannopoulos
960032e065 occtl: use maxminddb when available 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-10-15 12:11:17 +02:00
Nikos Mavrogiannopoulos
6c2c09362e README.md: removed references to git2cl [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-10-14 20:23:03 +02:00
Nikos Mavrogiannopoulos
b9ff297c7d NEWS: updated 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-10-03 09:21:25 +02:00
Nikos Mavrogiannopoulos
e4621ebcde Merge branch 'FreeBSD-tun' into 'master' 
FreeBSD tun(4)

See merge request openconnect/ocserv!114
 2019-10-03 07:19:12 +00:00
Trond Endrestøl
aa07f183f2 FreeBSD tun(4) 
FreeBSD has a mechanism by which a tunnel has a single controlling process,
and only that one process may close the tunnel.

Kyle Evans of the FreeBSD Project authored these changes.

See issue 213.

Signed-off-by: Trond Endrestøl <trond.endrestol@ximalas.info>
 2019-10-02 14:00:26 +00:00
Nikos Mavrogiannopoulos
994dfa0981 Merge branch 'udp-listen-host' into 'master' 
Add `udp-listen-host` option for DTLS

See merge request openconnect/ocserv!107
 2019-09-30 06:08:33 +00:00
Lele Long
17ed47488d Add udp-listen-host option for DTLS 
This option supports different listen addresses for tcp and
udp such as haproxy for tcp, but support dtls at the same time (haproxy
does not support UDP at the moment)
 2019-09-30 09:01:55 +08:00
Nikos Mavrogiannopoulos
c6b24c1898 http-parser: updated to latest version 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-09-26 23:25:41 +02:00
Nikos Mavrogiannopoulos
708147d60a ocserv: addressed gcc9 warnings 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-09-26 23:25:14 +02:00
Nikos Mavrogiannopoulos
16569dd05c Merge branch 'tmp-fix-json' into 'master' 
occtl: fix json in show status

Closes #220

See merge request openconnect/ocserv!108
 2019-09-25 19:18:35 +00:00
Nikos Mavrogiannopoulos
92b5db7b26 occtl: fix json in show status 
This removes a trailing comma from the end of the listing, and
adds a missing one.

Resolves: #220

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-09-25 20:37:16 +02:00
Nikos Mavrogiannopoulos
e2b1246003 design.md: updated URI [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-07-14 20:49:27 +02:00
Nikos Mavrogiannopoulos
e892ba4faa released 0.12.4 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
ocserv_0_12_4 		2019-07-03 21:18:43 +02:00
Nikos Mavrogiannopoulos
f79d5113e7 Merge branch 'tmp-better-cleanup' into 'master' 
Perform quicker cleanup of sessions which their user explicitly disconnected

Closes #210

See merge request openconnect/ocserv!102
 2019-07-01 20:59:26 +00:00
Nikos Mavrogiannopoulos
d43745bf70 Merge branch 'tmp-build-rpm' into 'master' 
Build an el7 rpm as part of the CI process

See merge request openconnect/ocserv!106
 2019-07-01 20:33:22 +00:00
Nikos Mavrogiannopoulos
9d7339f317 Perform quicker cleanup of sessions which their user explicitly disconnected 
When a user explicitly disconnects after the session is open,
cleanup its entry immediatelly. That ensures that a radius
server will be notified sooner, while anyconnect clients which
disconnect early (before session is open), remain unaffected.

Resolves: #210

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-07-01 21:57:08 +02:00
Nikos Mavrogiannopoulos
5247833d91 .gitlab-ci.yml: build rpm as part of the CI process 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-07-01 21:56:03 +02:00
Nikos Mavrogiannopoulos
9f51f86b55 Makefile: removed dependency on git2cl 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-07-01 21:56:03 +02:00
Nikos Mavrogiannopoulos
4da4ade2a3 bumped version 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-07-01 21:55:32 +02:00
Nikos Mavrogiannopoulos
91105ba256 Merge branch 'tmp-ev-script-fix' into 'master' 
remove_proc: remove script watcher from libev list

Closes #208

See merge request openconnect/ocserv!105
 2019-07-01 19:55:16 +00:00
Nikos Mavrogiannopoulos
a1b8d0794a ocpasswd: address memory leaks 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-07-01 21:34:03 +02:00
Nikos Mavrogiannopoulos
ee2f5e8c05 remove_proc: remove script watcher from libev list 
This ensures that libev will not be notified by already
terminated and handled scripts.

Resolves: #208

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-07-01 15:04:18 +02:00
Nikos Mavrogiannopoulos
a89fbec81d doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-06-26 11:38:20 +02:00
Nikos Mavrogiannopoulos
fdf0aeb36a Merge branch 'add-radius-access-challenge' into 'master' 
Add radius access-challenge (multifactor) authentication

See merge request openconnect/ocserv!103
 2019-06-26 09:37:36 +00:00
Alexey Dotsenko
97592426ce radius (challenge-response): add MAX_CHALLENGES macro as a limit of password requests 
max-challenge configuration option removed as redundant; replaced by static constraint
via MAX_CHALLENGES macro

radius (challenge-response): remove  max-challenge configuration parameter

Signed-off-by: Alexey Dotsenko <lex@rwx.su>
 2019-06-24 17:26:27 +03:00
Alexey Dotsenko
0153172c03 tests: add radius otp test 
tests (radius-otp): add a check radcli version (atleast 1.2.7), since debian uses version
1.2.6, which does not support Access-Challenge server response.

tests: show debug messages only in VERBOSE mode

tests (radius-otp): replace test for option max_challenge to macro MAX_CHALLENGE

Signed-off-by: Alexey Dotsenko <lex@rwx.su>
 2019-06-24 17:25:44 +03:00
Alexey Dotsenko
283daffc1a radius: add access-challenge (multifactor) authentication 
skip banning each next OTP for modules with allows_retries option:

sec_mod_auth: add check - the repeated password or the password of the
following factor is entered

radius: passwd_count incremention is related to a auth-message change

sec-mod-auth: set more descriptive name for password-retries indicator

Signed-off-by: Alexey Dotsenko <lex@rwx.su>
 2019-06-24 16:10:25 +03:00
Nikos Mavrogiannopoulos
4a6120e211 Merge branch 'tmp-radius-tests' into 'master' 
tests: rewrite the radius test using namespaces

See merge request openconnect/ocserv!104
 2019-06-03 21:10:23 +00:00
Nikos Mavrogiannopoulos
15380220ac tests: rewrite the radius tests using namespaces 
This simplifies the test and makes it runnable in our CI.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-06-03 22:47:23 +02:00
Nikos Mavrogiannopoulos
5d226c4f32 ocserv: create its own process group 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-06-03 22:31:16 +02:00
Nikos Mavrogiannopoulos
72921e5cbf radius: parse_groupnames: avoid overflow in group parsing 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-06-03 22:10:06 +02:00
Nikos Mavrogiannopoulos
33633560b4 NEWS: doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
ocserv_0_12_3 		2019-03-12 21:15:54 +01:00
Nikos Mavrogiannopoulos
03cd4a198c released 0.12.3 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-03-12 21:14:24 +01:00
Nikos Mavrogiannopoulos
8450e3bb97 Merge branch 'tmp-centos-tests' into 'master' 
tests: make ping cmd functional in centos7,6

See merge request openconnect/ocserv!100
 2019-03-12 17:59:56 +00:00
Nikos Mavrogiannopoulos
6cac225203 tests: make ping cmd functional in centos7,6 
It requires the '-6' option to be able to function with
IPv6 addresses.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-03-12 17:21:17 +01:00
Nikos Mavrogiannopoulos
03c76eb873 worker: workarounds string is made applicable for gnutls 3.3 
The %NO_SESSION_HASH priority string does not work with gnutls 3.3.
This fix does not include it into the priority string.

Resolves: #201

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-03-12 12:02:24 +01:00
Nikos Mavrogiannopoulos
d9967aa63a doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-02-22 08:47:00 +01:00
Nikos Mavrogiannopoulos
0d8fd8d2b6 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-02-22 08:45:49 +01:00
Nikos Mavrogiannopoulos
b425d9f9a5 Merge branch 'patch-1' into 'master' 
Fix the bug of "ocserv-worker: segfault at 0 ip b76d6747 sp bf851c70",...

See merge request openconnect/ocserv!99
 2019-02-22 07:44:10 +00:00
Frank Huang
d3cb2e8f53 Fix the bug of "ocserv-worker: segfault at 0 ip b76d6747 sp bf851c70", https://gitlab.com/openconnect/ocserv/issues/197 
It must be some caller does not add extra size for null at the end

Signed-off-by: Frank Huang <chuang213@gmail.com>
 2019-02-17 08:12:42 +00:00
Nikos Mavrogiannopoulos
2d42c22919 main: removed unused code 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-31 07:57:37 +01:00
Nikos Mavrogiannopoulos
16c48bdf38 Merge branch 'tmp-coverage' into 'master' 
updates in code coverage calculation

See merge request openconnect/ocserv!97
 2019-01-30 18:50:22 +00:00