GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,872 Commits 19 Branches 88 Tags
fb299001ea73bb5d3a5f3034f71a4ef4b98888a8
Commit Graph

2872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
834326fe70 tests: provide more verbose output on test-pam 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-09-08 11:29:31 +02:00
Nikos Mavrogiannopoulos
e1f4d1229c .gitlab-ci.yml: use fedora26 builds 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-09-08 10:36:28 +02:00
Nikos Mavrogiannopoulos
d5d1c2f780 .gitlab-ci.yml: added static analyzers 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-08 10:33:51 +02:00
Nikos Mavrogiannopoulos
a10376d750 occtl: disable code during static analysis that causes trouble to clang 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-07 21:57:31 +02:00
Nikos Mavrogiannopoulos
83770bb45d config: avoid compiler warning 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-07 21:57:31 +02:00
Nikos Mavrogiannopoulos
6b6b86c14c sec-mod: avoid null pointer dereference 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-07 21:57:31 +02:00
Nikos Mavrogiannopoulos
ba37feed5b occtl: avoid null pointer dereference 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-07 21:57:31 +02:00
Nikos Mavrogiannopoulos
ce297aed4b occtl: removed unused variables 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-07 21:57:31 +02:00
Nikos Mavrogiannopoulos
67991e6960 removed dead assignments 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-09-07 21:57:31 +02:00
Nikos Mavrogiannopoulos
4104160950 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-08-23 12:00:15 +02:00
Nikos Mavrogiannopoulos
077e16e36d tests: check server functionality with Ed25519/RSA-PSS certs 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-08-23 12:00:15 +02:00
Nikos Mavrogiannopoulos
af2a64df2f ocserv: handle RSA-PSS and ed25519 key types when compiled with gnutls 3.6.0 
That is, enhance the security module to accept and understand
more elaborate signing commands.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-08-23 12:00:15 +02:00
Nikos Mavrogiannopoulos
aaf2c0265f doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-08-23 11:59:53 +02:00
Nikos Mavrogiannopoulos
4527e5f864 is_ipv4_ok: corrected access to mask 
This prevents the acceptance of an invalid IPv4 address
as valid.

Resolves #112

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-08-23 11:58:44 +02:00
Nikos Mavrogiannopoulos
5d74492a59 tests: verify correct operation with locked account 
That checks whether connecting to a locked account will have
unexpected effects (e.g., login allowed).

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-08-23 09:26:58 +02:00
Nikos Mavrogiannopoulos
4fcea8ae06 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-08-23 09:19:01 +02:00
Nikos Mavrogiannopoulos
084fff8425 plain: avoid crash on locked accounts 
That is, avoid a null pointer dereference when crypt()
fails.

Resolves #114

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-08-23 09:18:03 +02:00
Nikos Mavrogiannopoulos
a62fe8791d .gitlab-ci.yml: enabled build for freebsd 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-07-21 18:18:53 +02:00
Aaron LI
fd3f415000 Fix build on DragonFly BSD 
With this fix, I can successfully build `ocserv-0.11.8` on DragonFly
BSD (4.9-DEVELOPMENT) using the `net/ocserv` port from FreeBSD [1]
without any further modifications.

[1] https://github.com/freebsd/freebsd-ports/tree/master/net/ocserv

Signed-off-by: Aaron LI <aly@aaronly.me>
 2017-07-09 17:01:57 +02:00
Lele Long
ae11fced53 Update --load-ca-certificate argument to ca-cert.pem in examples 
Signed-off-by: Lele Long <schemacs@gmail.com>
 2017-06-16 18:49:28 +08:00
Nikos Mavrogiannopoulos
ae3e52c252 .gitlab-ci.yml: disabled freebsd builds; system no longer available [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-06-14 15:58:08 +02:00
Nikos Mavrogiannopoulos
6ac543e3a0 document that not all methods can be combined 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-05-31 09:34:23 +02:00
Nikos Mavrogiannopoulos
89ba65922a Avoid the use of the VERS-ALL priority string when gnutls < 3.3.24 is present 
That priority string is only available on gnutls 3.3.24+ versions of gnutls.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-05-18 08:27:02 +02:00
Nikos Mavrogiannopoulos
954774d43e doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
ocserv_0_11_8 		2017-05-03 02:34:43 +02:00
Nikos Mavrogiannopoulos
48f59f1b94 .gitlab-ci.yml: compile using GeoIP-devel in F25/Centos7 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-05-03 00:15:46 +02:00
Nikos Mavrogiannopoulos
a332788bd4 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-05-03 00:13:30 +02:00
Nikos Mavrogiannopoulos
f0969ffd3f configure: allow disabling libgeoip detection 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-05-03 00:12:26 +02:00
Nikos Mavrogiannopoulos
1c236a8abb occtl: print peer location on show user info 
That utilizes libgeoip.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-05-02 13:45:38 +02:00
Nikos Mavrogiannopoulos
2664d1c42c occtl: print Status grouped with general info 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-05-02 07:10:29 +02:00
Nikos Mavrogiannopoulos
abd621b30c kkdcp: increased read timeout and made it a definition 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-04-29 13:01:35 +02:00
Nikos Mavrogiannopoulos
373af80d60 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-04-28 17:20:29 +02:00
Nikos Mavrogiannopoulos
02471bd0cb kkdcp: increase maximum packet size to 64kb 
There are cases where our previous limit (16kb) was insufficient
(see #100), and it is reasonable to switch to a limit related to
maximum UDP packet size.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-04-28 17:20:29 +02:00
Nikos Mavrogiannopoulos
9dae1ecedc doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-27 09:06:28 +02:00
Nikos Mavrogiannopoulos
0b9ce68c17 handle_worker_commands: fix use of send_msg_to_worker 
Relates #100

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-27 08:57:09 +02:00
Nikos Mavrogiannopoulos
f932e61e46 updated auto-generated files [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-25 19:05:48 +02:00
Nikos Mavrogiannopoulos
1627f09cc9 configure: bumped version 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-25 19:01:32 +02:00
Nikos Mavrogiannopoulos
5c20ad2c61 occtl: combined stats and status cmd 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-24 19:35:38 +02:00
Nikos Mavrogiannopoulos
03c81b190a doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-23 19:09:39 +02:00
Nikos Mavrogiannopoulos
0d8ee5e6a9 config: increased the default max-ban-score to 8 wrong password attempts 
This still prevents abuse, while allowing few more attempts than 5, which
are typically easily reached through software which remembers passwords.
At the same time increase the default ban time to 20 minutes.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-23 19:09:39 +02:00
Nikos Mavrogiannopoulos
53fe6218e6 occtl: always print the stats reset time 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-19 19:57:30 +02:00
Nikos Mavrogiannopoulos
5e7f416e72 doc update [ci skip] 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 17:24:23 +03:00
Nikos Mavrogiannopoulos
c99ca67354 reset_stats: print session statistics prior to reset 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 17:02:28 +03:00
Nikos Mavrogiannopoulos
e135f8a54e doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
e8b19309f1 sample.config: added server-stats-reset-time 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
ccb80b5d4f occtl: improved presentation of printed statistics 
Also added different values to keep authentication failures
and closed sessions, in total and per accounting period.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
99b2fdcd06 Reset periodically the server statistics kept 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
d6ff620487 secmod sends periodically stats to main 
That ensures that statistics will reach main even if no
users are logged in/logged out.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
538d1bca21 occtl: print statistics provided by main 
Also introduced the --debug option.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
e9cf88f8c2 main: store additional statistics globally 
That is, store:
 * number of timed out sessions
 * number of timed out due being idle sessions
 * number of errored sessions
 * total number of session handled (closed)
 * total number of kbytes sent
 * total number of kbytes received
 * minimum MTU seen
 * maximum MTU seen
 * total authentication failures
 * average/max authentication time (in secs)
 * average/max session time (in minutes)

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 16:39:00 +03:00
Nikos Mavrogiannopoulos
81d2a86eff tun: defined undeclared variable 'e' 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2017-04-14 16:27:02 +03:00