GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,189 Commits 19 Branches 88 Tags
f19c3f7d230bd2d5b348e9c64a60f908ad47f00d
Commit Graph

3189 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Trond Endrestøl
aa07f183f2 FreeBSD tun(4) 
FreeBSD has a mechanism by which a tunnel has a single controlling process,
and only that one process may close the tunnel.

Kyle Evans of the FreeBSD Project authored these changes.

See issue 213.

Signed-off-by: Trond Endrestøl <trond.endrestol@ximalas.info>
 2019-10-02 14:00:26 +00:00
Nikos Mavrogiannopoulos
994dfa0981 Merge branch 'udp-listen-host' into 'master' 
Add `udp-listen-host` option for DTLS

See merge request openconnect/ocserv!107
 2019-09-30 06:08:33 +00:00
Lele Long
17ed47488d Add udp-listen-host option for DTLS 
This option supports different listen addresses for tcp and
udp such as haproxy for tcp, but support dtls at the same time (haproxy
does not support UDP at the moment)
 2019-09-30 09:01:55 +08:00
Nikos Mavrogiannopoulos
c6b24c1898 http-parser: updated to latest version 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-09-26 23:25:41 +02:00
Nikos Mavrogiannopoulos
708147d60a ocserv: addressed gcc9 warnings 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-09-26 23:25:14 +02:00
Nikos Mavrogiannopoulos
16569dd05c Merge branch 'tmp-fix-json' into 'master' 
occtl: fix json in show status

Closes #220

See merge request openconnect/ocserv!108
 2019-09-25 19:18:35 +00:00
Nikos Mavrogiannopoulos
92b5db7b26 occtl: fix json in show status 
This removes a trailing comma from the end of the listing, and
adds a missing one.

Resolves: #220

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-09-25 20:37:16 +02:00
Nikos Mavrogiannopoulos
e2b1246003 design.md: updated URI [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-07-14 20:49:27 +02:00
Nikos Mavrogiannopoulos
e892ba4faa released 0.12.4 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
ocserv_0_12_4 		2019-07-03 21:18:43 +02:00
Nikos Mavrogiannopoulos
f79d5113e7 Merge branch 'tmp-better-cleanup' into 'master' 
Perform quicker cleanup of sessions which their user explicitly disconnected

Closes #210

See merge request openconnect/ocserv!102
 2019-07-01 20:59:26 +00:00
Nikos Mavrogiannopoulos
d43745bf70 Merge branch 'tmp-build-rpm' into 'master' 
Build an el7 rpm as part of the CI process

See merge request openconnect/ocserv!106
 2019-07-01 20:33:22 +00:00
Nikos Mavrogiannopoulos
9d7339f317 Perform quicker cleanup of sessions which their user explicitly disconnected 
When a user explicitly disconnects after the session is open,
cleanup its entry immediatelly. That ensures that a radius
server will be notified sooner, while anyconnect clients which
disconnect early (before session is open), remain unaffected.

Resolves: #210

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-07-01 21:57:08 +02:00
Nikos Mavrogiannopoulos
5247833d91 .gitlab-ci.yml: build rpm as part of the CI process 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-07-01 21:56:03 +02:00
Nikos Mavrogiannopoulos
9f51f86b55 Makefile: removed dependency on git2cl 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-07-01 21:56:03 +02:00
Nikos Mavrogiannopoulos
4da4ade2a3 bumped version 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-07-01 21:55:32 +02:00
Nikos Mavrogiannopoulos
91105ba256 Merge branch 'tmp-ev-script-fix' into 'master' 
remove_proc: remove script watcher from libev list

Closes #208

See merge request openconnect/ocserv!105
 2019-07-01 19:55:16 +00:00
Nikos Mavrogiannopoulos
a1b8d0794a ocpasswd: address memory leaks 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-07-01 21:34:03 +02:00
Nikos Mavrogiannopoulos
ee2f5e8c05 remove_proc: remove script watcher from libev list 
This ensures that libev will not be notified by already
terminated and handled scripts.

Resolves: #208

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-07-01 15:04:18 +02:00
Nikos Mavrogiannopoulos
a89fbec81d doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-06-26 11:38:20 +02:00
Nikos Mavrogiannopoulos
fdf0aeb36a Merge branch 'add-radius-access-challenge' into 'master' 
Add radius access-challenge (multifactor) authentication

See merge request openconnect/ocserv!103
 2019-06-26 09:37:36 +00:00
Alexey Dotsenko
97592426ce radius (challenge-response): add MAX_CHALLENGES macro as a limit of password requests 
max-challenge configuration option removed as redundant; replaced by static constraint
via MAX_CHALLENGES macro

radius (challenge-response): remove  max-challenge configuration parameter

Signed-off-by: Alexey Dotsenko <lex@rwx.su>
 2019-06-24 17:26:27 +03:00
Alexey Dotsenko
0153172c03 tests: add radius otp test 
tests (radius-otp): add a check radcli version (atleast 1.2.7), since debian uses version
1.2.6, which does not support Access-Challenge server response.

tests: show debug messages only in VERBOSE mode

tests (radius-otp): replace test for option max_challenge to macro MAX_CHALLENGE

Signed-off-by: Alexey Dotsenko <lex@rwx.su>
 2019-06-24 17:25:44 +03:00
Alexey Dotsenko
283daffc1a radius: add access-challenge (multifactor) authentication 
skip banning each next OTP for modules with allows_retries option:

sec_mod_auth: add check - the repeated password or the password of the
following factor is entered

radius: passwd_count incremention is related to a auth-message change

sec-mod-auth: set more descriptive name for password-retries indicator

Signed-off-by: Alexey Dotsenko <lex@rwx.su>
 2019-06-24 16:10:25 +03:00
Nikos Mavrogiannopoulos
4a6120e211 Merge branch 'tmp-radius-tests' into 'master' 
tests: rewrite the radius test using namespaces

See merge request openconnect/ocserv!104
 2019-06-03 21:10:23 +00:00
Nikos Mavrogiannopoulos
15380220ac tests: rewrite the radius tests using namespaces 
This simplifies the test and makes it runnable in our CI.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-06-03 22:47:23 +02:00
Nikos Mavrogiannopoulos
5d226c4f32 ocserv: create its own process group 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-06-03 22:31:16 +02:00
Nikos Mavrogiannopoulos
72921e5cbf radius: parse_groupnames: avoid overflow in group parsing 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-06-03 22:10:06 +02:00
Nikos Mavrogiannopoulos
33633560b4 NEWS: doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
ocserv_0_12_3 		2019-03-12 21:15:54 +01:00
Nikos Mavrogiannopoulos
03cd4a198c released 0.12.3 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-03-12 21:14:24 +01:00
Nikos Mavrogiannopoulos
8450e3bb97 Merge branch 'tmp-centos-tests' into 'master' 
tests: make ping cmd functional in centos7,6

See merge request openconnect/ocserv!100
 2019-03-12 17:59:56 +00:00
Nikos Mavrogiannopoulos
6cac225203 tests: make ping cmd functional in centos7,6 
It requires the '-6' option to be able to function with
IPv6 addresses.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-03-12 17:21:17 +01:00
Nikos Mavrogiannopoulos
03c76eb873 worker: workarounds string is made applicable for gnutls 3.3 
The %NO_SESSION_HASH priority string does not work with gnutls 3.3.
This fix does not include it into the priority string.

Resolves: #201

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-03-12 12:02:24 +01:00
Nikos Mavrogiannopoulos
d9967aa63a doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-02-22 08:47:00 +01:00
Nikos Mavrogiannopoulos
0d8fd8d2b6 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2019-02-22 08:45:49 +01:00
Nikos Mavrogiannopoulos
b425d9f9a5 Merge branch 'patch-1' into 'master' 
Fix the bug of "ocserv-worker: segfault at 0 ip b76d6747 sp bf851c70",...

See merge request openconnect/ocserv!99
 2019-02-22 07:44:10 +00:00
Frank Huang
d3cb2e8f53 Fix the bug of "ocserv-worker: segfault at 0 ip b76d6747 sp bf851c70", https://gitlab.com/openconnect/ocserv/issues/197 
It must be some caller does not add extra size for null at the end

Signed-off-by: Frank Huang <chuang213@gmail.com>
 2019-02-17 08:12:42 +00:00
Nikos Mavrogiannopoulos
2d42c22919 main: removed unused code 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-31 07:57:37 +01:00
Nikos Mavrogiannopoulos
16c48bdf38 Merge branch 'tmp-coverage' into 'master' 
updates in code coverage calculation

See merge request openconnect/ocserv!97
 2019-01-30 18:50:22 +00:00
Nikos Mavrogiannopoulos
383c25e239 .gitlab-ci.yml: run code coverage with -O0 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-30 19:23:05 +01:00
Nikos Mavrogiannopoulos
75c8211fd6 README.md: updated URIs for new gitlab group 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-30 19:03:10 +01:00
Nikos Mavrogiannopoulos
020a985119 Merge branch 'tmp-tests-cleanup' into 'master' 
tests: several cleanups

See merge request openconnect/ocserv!96
 2019-01-30 17:00:55 +00:00
Nikos Mavrogiannopoulos
385af4e831 .gitlab-ci.yml: ensure gcov scripts are writeable 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-20 06:44:29 +01:00
Nikos Mavrogiannopoulos
27c83dcf42 tests: consistently disable isolate-workers in tests 
That is to prevent coverage reporting in tests.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-20 06:43:47 +01:00
Nikos Mavrogiannopoulos
a1d5ec1e1c Merge branch 'tmp-fix-tls-ciphersuite' into 'master' 
occtl: print the TLS session information, even if no DTLS channel

See merge request openconnect/ocserv!95
 2019-01-19 19:29:12 +00:00
Nikos Mavrogiannopoulos
8ba3987f4c occtl: print the TLS session information, even if no DTLS channel 
This ensures that the main process receives the TLS channel information
early and does not depend on DTLS channel establishment. Furthermore,
we refactor to make setup_dtls_psk_keys() fail early when no TLS channel
is available.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-19 20:09:53 +01:00
Nikos Mavrogiannopoulos
bfa7682d3f Merge branch 'tmp-test-aes-gcm' into 'master' 
tests: added tests for anyconnect's DTLS1.2 support

See merge request openconnect/ocserv!94
 2019-01-19 17:50:16 +00:00
Nikos Mavrogiannopoulos
e0f847b984 worker: added safety check for selected DTLS ciphersuite prior to use 
This avoids a crash when no DTLS ciphersuite is selected and adds a
test case for negotiation without DTLS.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-19 18:19:11 +01:00
Nikos Mavrogiannopoulos
71ef4e4b6a worker: allow negotiating AC-DTLS12 with openconnect 
This doesn't have the anyconnect client bug with parsing the
server hello.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-19 18:19:11 +01:00
Nikos Mavrogiannopoulos
7fc4e0d0ee tests: added tests for anyconnect's DTLS1.2 support 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-19 18:19:09 +01:00
Nikos Mavrogiannopoulos
ef468d6a24 test-cookie-timeout: updated for new openconnect kill semantics 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2019-01-19 13:42:35 +01:00