GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,443 Commits 19 Branches 88 Tags
ff5b2b7aad7760b15f0d5f978d0c226f23a972c9
Commit Graph

2443 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
ff5b2b7aad Use 32-bit length variable for transferring between occtl and ocserv 
This allows to handle the transfer of long data between ocserv and occtl.
Reported by Liviu.

Resolves #29
 2016-01-28 13:53:21 +01:00
Nikos Mavrogiannopoulos
353bd39686 replaced select() calls will poll() calls 
This allows to handle descriptors more than the maximum limit
allowed by select(), and thus handle more clients than 1024.
 2016-01-28 13:53:08 +01:00
Nikos Mavrogiannopoulos
f035ae170d human_addr2: Avoid the usage of getnameinfo and use the simpler inet_ntop 
This simplifies the function.
 2016-01-27 16:11:37 +01:00
Nikos Mavrogiannopoulos
1e3171685b Added sanity checks to CMSG_DATA() access 2016-01-27 15:54:00 +01:00
Nikos Mavrogiannopoulos
43a8ba526f main: fixed IP unbanning 2016-01-27 14:36:39 +01:00
Nikos Mavrogiannopoulos
3389286f34 occtl: corrected the printing of IPv4 IP ban points 2016-01-27 14:32:46 +01:00
Nikos Mavrogiannopoulos
06b855533b main: don't exit on setrlimit() failures 
Exiting would prevent operation under valgrind.
 2016-01-27 14:25:15 +01:00
Nikos Mavrogiannopoulos
b66b1f6390 main: don't attempt to access client configuration if not already set 
This prevents crash introduced by cefd77b633
 2016-01-27 14:24:49 +01:00
Nikos Mavrogiannopoulos
22b7df3131 ip-lease: do not attempt to calculate more than FIXED_IPS predictable IPs per user 
That allows to have an unlimited number of connections per user.
 2016-01-27 14:03:14 +01:00
Nikos Mavrogiannopoulos
727fc31ede Immediately terminate on session_close() error 
This is not a recoverable error.
 2016-01-27 13:53:03 +01:00
Nikos Mavrogiannopoulos
0315aa7c4f main: terminate sec-mod after every worker process has been sent a signal 
That is to reduce any possible timeouts caused by a defunc sec-mod on
termination.
 2016-01-27 13:51:05 +01:00
Nikos Mavrogiannopoulos
ced5e9b3f4 sec-mod: ensure keys are always initialized to NULL 
Addresses crash due to b6df22c8c3
 2016-01-27 12:08:33 +01:00
Nikos Mavrogiannopoulos
d49d3f2253 tests: fixed test-sighup-key-change to be able to cope with diffent build dir 2016-01-27 11:56:50 +01:00
Nikos Mavrogiannopoulos
d6b2d1696c doc update 2016-01-27 11:20:00 +01:00
Nikos Mavrogiannopoulos
1941c52c24 main: destroy the event loop on fork 
This reduces memory used by worker processes.
 2016-01-27 11:18:46 +01:00
Nikos Mavrogiannopoulos
a1d67c48ba main: ensure we call ev_child_stop() on child cleanup handlers 2016-01-27 10:54:00 +01:00
Kevin Cernekee
8c2d6adde1 Return HTML error message on 404 
Currently ocserv's 404 errors show up as a blank page in most web
browsers.  Add a simple HTML error page.
 2016-01-27 10:00:06 +01:00
Kevin Cernekee
8bf668c0f7 Use helper functions to send common HTTP headers/responses 
Factor out duplicated code in the AnyConnect compatibility handlers.
 2016-01-27 09:58:47 +01:00
Nikos Mavrogiannopoulos
b3c9da4ce1 doc update 2016-01-26 12:51:33 +01:00
Nikos Mavrogiannopoulos
ed2edd65c5 tests: added check for certificate update on reload 2016-01-26 12:51:05 +01:00
Nikos Mavrogiannopoulos
b6df22c8c3 Reload the certificates and private keys on SIGHUP 
Until now this part of the configuration was static, but
there is the need to reload certificates and keys, e.g., on
renewal.
 2016-01-26 12:51:05 +01:00
Nikos Mavrogiannopoulos
0681aa1e3c main.h: corrected typo in comment 2016-01-25 11:23:16 +01:00
Nikos Mavrogiannopoulos
c61e5eb47b doc: document that ocserv-fw requiring options are available in Linux systems only 2016-01-25 11:16:06 +01:00
Kevin Cernekee
05960f1751 Add default case for 'restrict-user-to-ports' switch 
This fixes a compiler warning:

      CC       main-user.o
    main-user.c: In function ‘call_script’:
    main-user.c:215:7: warning: ‘ret’ may be used uninitialized in this function [-Wmaybe-uninitialized]
        if (ret < 0) {
           ^
    main-user.c:66:6: note: ‘ret’ was declared here
      int ret;
          ^

It's not really necessary because proto gets checked when the option is
parsed, but gcc doesn't know that.
 2016-01-25 11:13:27 +01:00
Nikos Mavrogiannopoulos
a55cf312ca README.md: moved radius to main dependencies 2016-01-21 22:25:44 +01:00
Nikos Mavrogiannopoulos
655df51655 occtl: updated copyright text 2016-01-21 11:18:58 +01:00
Nikos Mavrogiannopoulos
d0fc4ce92b doc: added more info on isolate-workers 2016-01-20 13:12:37 +01:00
Nikos Mavrogiannopoulos
7fcd989d6a TODO: removed already handled issue 2016-01-20 11:58:44 +01:00
Nikos Mavrogiannopoulos
f80f513e4a tlslib: abstracted the recv_packet functions 2016-01-19 14:33:03 +01:00
Nikos Mavrogiannopoulos
f5e5bde862 tls_recv -> cstp_recv 2016-01-19 14:02:21 +01:00
Nikos Mavrogiannopoulos
3e556f21df worker: use DEFAULT_SOCKET_TIMEOUT and remove SOCKET_TIMEO_SECS 2016-01-19 13:56:17 +01:00
Nikos Mavrogiannopoulos
96febbaf61 proxyproto: use force_read_timeout() to ensure reconstruction of packets 2016-01-19 13:55:56 +01:00
Nikos Mavrogiannopoulos
9b6c4f3a26 cleaned up the fatal error checking in TLS/DTLS sessions 2016-01-19 13:19:57 +01:00
Nikos Mavrogiannopoulos
507e725189 tests: fixed issues in radius-test-config 2016-01-19 11:59:37 +01:00
Nikos Mavrogiannopoulos
af95a67182 tests: enhanced the radius checks to test for Connect-Info presence 2016-01-19 11:37:05 +01:00
Nikos Mavrogiannopoulos
72a71d21d1 ocserv: added the --test-config command line option 
This allows to test a configuration file for being valid without
starting the server.
 2016-01-19 10:27:58 +01:00
Nikos Mavrogiannopoulos
9cd8562fd4 worker: handle EOF during HTTP header parsing 2016-01-19 01:03:40 +01:00
Nikos Mavrogiannopoulos
7725d53e8d tls_recv() will retry on EINTR 2016-01-19 00:51:10 +01:00
Nikos Mavrogiannopoulos
40185fe0c2 radius: send user agent information as Connect-Info on accounting start 
Relates #26
 2016-01-18 11:55:16 +01:00
Nikos Mavrogiannopoulos
271ce75574 doc update 2016-01-18 09:08:12 +01:00
Nikos Mavrogiannopoulos
17473a734c tests: updated radius tests for Debian 2016-01-18 00:01:14 +01:00
Nikos Mavrogiannopoulos
55b1cbec91 radius: more careful checks around the user_agent access 2016-01-17 23:18:24 +01:00
Nikos Mavrogiannopoulos
c662641768 README.radius: added Connect-Info attribute 2016-01-17 23:13:04 +01:00
Nikos Mavrogiannopoulos
dfc4124d7a NEWS: doc update [ci skip] 2016-01-16 23:48:37 +01:00
Nikos Mavrogiannopoulos
6c6481de40 radius: send user agent information as Connect-Info 
That allows the radius server to store information on particular
client. Resolves #26
 2016-01-16 23:01:10 +01:00
Nikos Mavrogiannopoulos
8aa55db239 send_stats_to_secmod() is called as soon as possible 
This allows us to send the client assigned IP to radius server
as soon as it is available, rather than waiting a full interim_update
cycle.
 2016-01-14 17:25:35 +01:00
Nikos Mavrogiannopoulos
1fc9e31f3e Updated support for chacha20-poly1305 
It was modified to support the PSK variant of the algorithm because
draft-ietf-tls-chacha20-poly1305-03 doesn't define an RSA variant. It
was tested to interoperate with openconnect/gnutls.
 2016-01-13 11:44:19 +01:00
Nikos Mavrogiannopoulos
3eb2b903ed worker: Prevent any frozen worker processes by killing them on inactivity 
That is, introduced an alarm() call at the worker periodic check, which will
only get triggered if a very long timeout has occurred without the loop being
completed.
 2016-01-11 13:55:12 +01:00
Nikos Mavrogiannopoulos
43d55261e6 main: introduced main-worker-cmd.c 2016-01-11 13:09:34 +01:00
Nikos Mavrogiannopoulos
e1dea8ae71 moved run_sec_mod() to main-sec-mod-cmd.c 2016-01-11 13:07:15 +01:00