GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-03-07 07:17:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,306 Commits 16 Branches 89 Tags
ecd6e316a9f447a6766af6174d632e43a557e237
Commit Graph

225 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
ecd6e316a9 print the per-user RX and TX bytes from occtl 2014-09-02 11:44:03 +02:00
Nikos Mavrogiannopoulos
718fc4565a avoid calling gnutls_record_get_discarded() when a DTLS session isn't available 2014-08-27 16:57:57 +02:00
Nikos Mavrogiannopoulos
a186da0fdb corrected typo 2014-08-23 18:28:42 +02:00
Nikos Mavrogiannopoulos
6f4f60db5a added work-around for infinite loop if the UDP descriptor becomes invalid 2014-08-23 17:54:01 +02:00
Nikos Mavrogiannopoulos
9be381859d worker: call sigprocmask() prior to entering main loop 2014-08-08 12:27:08 +02:00
Nikos Mavrogiannopoulos
215f0d7254 only consider DTLS pending data if the UDP port is in active state 
That may address a possibility for an infinite loop.
 2014-08-05 16:21:01 +02:00
Nikos Mavrogiannopoulos
60dcb9d62f /profiles request allows partial match 2014-07-27 14:05:19 +02:00
Nikos Mavrogiannopoulos
70623591d5 Seccomp is now compiled in by default, and can be enabled at run-time. 2014-06-12 15:35:45 +02:00
Nikos Mavrogiannopoulos
0a0b51ab37 Added work-around for openconnect v3.20 
That version of openconnect requires some strict format on the
XML messages. Thus we send it, what it expects.
 2014-06-10 10:08:46 +02:00
Nikos Mavrogiannopoulos
b4544a9582 Send the server version string to client. 2014-06-03 17:42:32 +02:00
Nikos Mavrogiannopoulos
af7e967063 reduced the severity on several worker log messages. 2014-06-02 09:21:08 +02:00
Nikos Mavrogiannopoulos
3db871bb43 Do a more graceful termination of the client if main server closes the CMD fd. 2014-06-01 13:00:33 +02:00
Nikos Mavrogiannopoulos
936932c29c doc update 2014-05-30 08:55:33 +02:00
Nikos Mavrogiannopoulos
aaa06e3157 TLS sessions expire the at cookie timeout. 2014-05-27 16:01:14 +02:00
Nikos Mavrogiannopoulos
7e06e1acfb Return 401 error on cookie authentication failure. 2014-05-25 18:50:43 +02:00
Nikos Mavrogiannopoulos
213f9a63ee license upgraded to GPLv3 2014-05-23 11:50:56 +02:00
Nikos Mavrogiannopoulos
8eec409803 remove const from temp variables. 2014-05-23 11:43:08 +02:00
Nikos Mavrogiannopoulos
57d848d228 The replaced keywords were put into brackets. 2014-05-23 11:19:42 +02:00
Nikos Mavrogiannopoulos
92565e1f5d check for allocation error in custom header replacement. 2014-05-23 11:11:42 +02:00
Nikos Mavrogiannopoulos
0a1f5f0f55 The custom header options allows %U and %G. 2014-05-23 11:07:39 +02:00
Nikos Mavrogiannopoulos
28943341db Added the proxy-url option to allow sending a proxy URL. 
This corresponds to the X-CSTP-MSIE-Proxy-Pac-URL CSTP header.
 2014-05-23 11:04:30 +02:00
Nikos Mavrogiannopoulos
6ca3c4761c Cookies are packed using protocol buffers to reduce their size. 2014-05-21 16:11:05 +02:00
Nikos Mavrogiannopoulos
11a78970bb Correctly check for network name. Issue spotted using coverity. 2014-05-21 14:52:10 +02:00
Nikos Mavrogiannopoulos
6bc625df81 The route configuration directive accepts the keyword 'default' 
In that case it will return a default route irrespective of any other
route directives. That allows overriding existing routes with a default
route for specific users and groups.
 2014-05-19 09:58:37 +02:00
Nikos Mavrogiannopoulos
739a2126d0 Clean-up all memory on deinitialization of sec-mod and worker. 
That will allow to easier spot any unintentional memory leaks.
 2014-05-15 15:36:03 +02:00
Nikos Mavrogiannopoulos
09704b8819 Password authentication is now delegated to sec-mod. 
That prevents any memory from the authentication modules to be leaked
to a worker process. As a result, the status zombie and dead no longer
exists.
 2014-05-14 11:37:01 +02:00
Nikos Mavrogiannopoulos
93db512921 do not separately allocate buffer, but place it instead into worker structure. 2014-05-10 13:26:22 +02:00
Nikos Mavrogiannopoulos
969e684960 Use talloc() for all allocations to reduce the possibility of memory leaks. 2014-05-09 16:13:11 +02:00
Nikos Mavrogiannopoulos
89ddd81c0e Use exit_worker() or gnutls fatal errors instead of plain exit(). 
That solves issue with stats not being reported to the main process.
 2014-05-04 14:16:47 +02:00
Nikos Mavrogiannopoulos
d949b2844b Resumed sessions are assigned the correct auth_state. 2014-05-04 11:12:16 +02:00
Nikos Mavrogiannopoulos
2a0cc77c2e Export TUN device statistics from the worker process. 
When a worker process terminates in authenticated state, then
export statistics from the tun device (currently bytes_in and
bytes_out). These statistics are sent to main process using an
informational message just prior to process exit. The statistics
are also exported to the disconnect script using the STATS_BYTES_IN
and STATS_BYTES_OUT environment variables.
 2014-04-28 17:32:51 +02:00
Nikos Mavrogiannopoulos
03f6e7cc16 Setup an alternative stack for signals on heap. 2014-04-19 12:03:40 +02:00
Nikos Mavrogiannopoulos
0258824647 corrected program name in license 2014-04-18 16:16:31 +02:00
Nikos Mavrogiannopoulos
392c6a0178 Do not use renegotiation in old clients. 2014-04-15 11:22:27 +02:00
Nikos Mavrogiannopoulos
f8fbb9bde3 Corrected several coverity uncovered bugs. 2014-04-15 10:08:42 +02:00
Nikos Mavrogiannopoulos
bd9aaa1228 Revert "Try to read more than a single packet from the TUN device." 
This reverts commit 019126abfd.
 2014-04-06 09:08:44 +02:00
Nikos Mavrogiannopoulos
7d07ccb1e4 Revert "corrected DTLS data sending." 
This reverts commit 374f8d52a9.
 2014-04-06 09:08:37 +02:00
Nikos Mavrogiannopoulos
374f8d52a9 corrected DTLS data sending. 2014-04-05 19:57:53 +02:00
Nikos Mavrogiannopoulos
f9968decf9 Revert "check sockets for writability and use that information to discard packets rather than block." 
This reverts commit 449302afe2.
 2014-04-04 09:23:54 +02:00
Nikos Mavrogiannopoulos
019126abfd Try to read more than a single packet from the TUN device. 2014-04-03 13:54:56 +02:00
Nikos Mavrogiannopoulos
449302afe2 check sockets for writability and use that information to discard packets rather than block. 2014-04-03 13:32:08 +02:00
Nikos Mavrogiannopoulos
0d1eef4fa5 refactored worker main loop 2014-04-03 11:42:18 +02:00
Nikos Mavrogiannopoulos
78c0200a69 updated comments 2014-04-02 20:54:23 +02:00
Nikos Mavrogiannopoulos
4aa423f936 notify the peer when disabling the DTLS channel with a close alert. 2014-03-30 17:15:08 +02:00
Nikos Mavrogiannopoulos
df6653229a more cleanups in MTU calculation 2014-03-30 17:10:30 +02:00
Nikos Mavrogiannopoulos
1b711a1f7c Use the Base-MTU for MTU calculations. 2014-03-27 14:04:58 +01:00
Nikos Mavrogiannopoulos
dd11a06951 better naming of variables. 2014-03-23 18:26:23 +01:00
Nikos Mavrogiannopoulos
4c4650ea17 dropped support for Salsa20 and UMAC. 
They are not supported by openconnect and the latest IETF
drafts use Chacha20 with poly1305.
 2014-03-20 22:54:58 +01:00
Nikos Mavrogiannopoulos
1879207f37 No longer send IPv6 information to CISCO clients that may not be able to handle it. 
Now IPv6 information is only forwarded if the client is openconnect, or if
the client is unknown and has advertised full IPv6 support.
 2014-03-20 22:51:30 +01:00
Nikos Mavrogiannopoulos
4f9e06d16d Do not block in TLS and DTLS reads 
This prevents an issue where a client disconnects but the server
is blocked on a DTLS read without being able to detect the
disconnection.
 2014-03-09 21:40:07 +01:00