GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,986 Commits 19 Branches 88 Tags
ocserv_0_12_0
Commit Graph

2986 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
601ce35a89 doc: added missing file 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
ocserv_0_12_0 		2018-04-22 10:54:58 +02:00
Nikos Mavrogiannopoulos
66656388c6 bumped version 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-22 10:43:29 +02:00
Nikos Mavrogiannopoulos
5b3fc7eb03 Merge branch 'tmp-comp-tests' into 'master' 
tests: enhanced compression tests

See merge request ocserv/ocserv!82
 2018-04-15 19:08:18 +00:00
Nikos Mavrogiannopoulos
a4525385bb lzs: updated from openconnect source code 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-15 20:53:17 +02:00
Nikos Mavrogiannopoulos
90e1b5cbde .gitignore: ignore new tests 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-15 17:27:51 +02:00
Nikos Mavrogiannopoulos
4111f598b8 tests: separated compression tests to lzs and lz4 
That allows testing both code paths separately.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-15 17:25:27 +02:00
Nikos Mavrogiannopoulos
b1e3ff580f config: added options to change compression algorithm priorities 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-15 17:25:27 +02:00
Nikos Mavrogiannopoulos
2ae4c2b2ed sample.config: the example paths reflect real system paths 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-15 17:25:27 +02:00
Nikos Mavrogiannopoulos
d49ba40fb2 Merge branch 'tmp-maintenance-check' into 'master' 
address issue in maintenance cycle

See merge request ocserv/ocserv!81
 2018-04-15 07:40:03 +00:00
Nikos Mavrogiannopoulos
03bccbcaef main/sec-mod: handle sec-mod reload via synchronous communication 
This eliminates race-conditions related to signal handling and potential
main/sec-mod desynchronizations related to cert/key pairs.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-15 09:25:55 +02:00
Nikos Mavrogiannopoulos
a40ac19c49 ms_sleep: do wait for the specified amount of time 
That is, do not return earlier due to a signal.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-15 09:25:55 +02:00
Nikos Mavrogiannopoulos
432c12dcce tests: added test to unit test the maintenance cycle 
This allows to catch issues like crashes late in the server
operation as in #149

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-15 09:25:51 +02:00
Nikos Mavrogiannopoulos
5fd5a1b349 main: allow forcing maintenance cycle with SIGUSR2 
This is done for testing purposes; allow test the maintenance
cycle without waiting for the necessary time.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-15 08:25:37 +02:00
Nikos Mavrogiannopoulos
55b8ce4b08 main: corrected call of CRL reload 
Resolves #149

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-15 08:15:34 +02:00
Nikos Mavrogiannopoulos
b117a165a6 gssapi auth: set the virtual host data early 
That prevents a crash on its use from get_name() later
in the initialization.

Resolves #145

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 21:30:43 +02:00
Nikos Mavrogiannopoulos
61e5d23f48 Merge branch 'tmp-minor-fixes' into 'master' 
Minor updates on master branch

See merge request ocserv/ocserv!79
 2018-04-14 19:19:49 +00:00
Nikos Mavrogiannopoulos
b4bb6c2049 .gitlab-ci.yml: do not use PAM under asan 
PAM tests would fail due to address sanitizer not detecting
the stack switches.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 18:55:10 +02:00
Nikos Mavrogiannopoulos
0bb085de4a tests: pam-test was restricted to pam_matrix 
valgrind and asan were indicating issues with pam_oath, so
avoid using it in the testsuite.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 18:36:03 +02:00
Nikos Mavrogiannopoulos
cf8304cadf sec-mod/main: eliminate mem leaks related to vhost transition 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 18:34:12 +02:00
Nikos Mavrogiannopoulos
9af953383e tests: properly handle memory in cfg_parse_ports() unit test 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 14:23:21 +02:00
Nikos Mavrogiannopoulos
f1e3d1e0a7 trim_trailing_whitespace: avoid invalid memory access/read 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 14:23:21 +02:00
Nikos Mavrogiannopoulos
82bc4fb841 proxy protocol: added check to avoid memcpy on zero data 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 14:23:21 +02:00
Nikos Mavrogiannopoulos
eb41aa8f45 .gitlab-ci.yml: corrected run of ubsan/asan 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 14:23:21 +02:00
Nikos Mavrogiannopoulos
9ecafa9d73 configure: do not warn on string truncation 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 14:23:21 +02:00
Nikos Mavrogiannopoulos
aec5112609 radius: allow more space in route from txt to avoid truncation 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 14:23:21 +02:00
Nikos Mavrogiannopoulos
f4cef63501 pam: corrected check for empty password 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 14:23:21 +02:00
Nikos Mavrogiannopoulos
b4b3f8978d tlslib: eliminated unneeded code for GnuTLS >= 3.3.0 
We already require GnuTLS 3.3.0 or later.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 14:23:09 +02:00
Nikos Mavrogiannopoulos
6f70ec1464 proc_table_update_ip: corrected DTLS address comparison 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 14:22:59 +02:00
Nikos Mavrogiannopoulos
90b3c439fb tests: server-cert-rsa-pss moved to xfail set 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 14:22:46 +02:00
Nikos Mavrogiannopoulos
21694d54dc tlslib: set public key algorithm with gnutls_privkey_import_ext4 
Previously we would require communication with sec-mod, which is
not setup during configuration time.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-14 14:22:46 +02:00
Nikos Mavrogiannopoulos
9cdd2be7f0 include crypt.h to use crypt() 
This is necessary in Fedora28 as it doesn't provide
crypt() prototype in unistd.h

https://bugzilla.redhat.com/show_bug.cgi?id=1566464

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-04-12 14:59:05 +02:00
Nikos Mavrogiannopoulos
1b313b9e80 tlslib: added missing struct element 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2018-04-12 13:08:47 +02:00
Nikos Mavrogiannopoulos
c69c702818 Merge branch 'tmp-replace-tests' into 'master' 
tests: replace docker tests with tests based on namespaces

See merge request ocserv/ocserv!77
 2018-04-10 19:59:54 +00:00
Nikos Mavrogiannopoulos
158b099c9f tests: added test with compression enabled 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-06 06:53:27 +02:00
Nikos Mavrogiannopoulos
017bd414f9 .gitlab-ci.yml: update code coverage 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-05 20:09:36 +02:00
Nikos Mavrogiannopoulos
265e30dab7 tests: full-test was moved into traffic test 
The new traffic test only requires namespaces and no docker.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-05 20:06:27 +02:00
Nikos Mavrogiannopoulos
490a201826 haproxy-connect: split into lib 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-05 18:59:41 +02:00
Nikos Mavrogiannopoulos
6aaf37913f Merge branch 'tmp-haproxy' into 'master' 
Added testsuite with haproxy

See merge request ocserv/ocserv!75
 2018-04-04 05:38:05 +00:00
Nikos Mavrogiannopoulos
86fe0fc457 tests: added check with haproxy connection 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-04 07:22:49 +02:00
Nikos Mavrogiannopoulos
d6332cd428 proc_table_update_ip: do not update IP if the previous IP is not found 
That adds a safety net in case there is a mismatch of IPs, to prevent
adding two entries in the hashtable for the same IP.

Resolves #146

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-02 23:04:39 +02:00
Nikos Mavrogiannopoulos
bd5ad4d7c3 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-01 13:31:59 +02:00
Nikos Mavrogiannopoulos
8eda81e033 proc-search: indentation fixes 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-01 13:30:47 +02:00
Nikos Mavrogiannopoulos
63b7e81e87 tests: added test with proxy-protocol 
That tests operation under haproxy with proxy-protocol without docker.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-01 13:30:47 +02:00
Nikos Mavrogiannopoulos
5c719b4264 worker: properly handle the haproxy health commands 
That is, do not close that connection, but follow up and accept
it, according to the protocol.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-04-01 13:30:47 +02:00
Nikos Mavrogiannopoulos
e09f54ea77 NEWS: document only entries which are not available in 0.11.x branch 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-03-22 08:46:26 +01:00
Nikos Mavrogiannopoulos
348a45902e Merge branch 'tmp-bsd-rename' into 'master' 
Rename the tun device on FreeBSD

See merge request ocserv/ocserv!71
 2018-03-22 07:41:06 +00:00
Nikos Mavrogiannopoulos
1aa3056849 doc update 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-03-21 12:55:04 +01:00
Nikos Mavrogiannopoulos
d8731fbb99 configure: warn when no worker isolation is available 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-03-21 12:52:04 +01:00
Nikos Mavrogiannopoulos
0247db65d2 tun: better separation of OS dependent tun functionality 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-03-21 12:52:04 +01:00
Nikos Mavrogiannopoulos
511fe9a0d3 combined bsd_open_tun with bsd_ifrename 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
 2018-03-21 12:52:04 +01:00