vimacs

vimacs pushed to master at vimacs/bjbus-py

1 year ago

vimacs created new branch master at vimacs/bjbus-py

1 year ago

vimacs created repository vimacs/bjbus-py

1 year ago

vimacs pushed to master at vimacs/osm-stuff

2 years ago

vimacs pushed to h3cssl at vimacs/openconnect

  • a8c89f9683 Add h3c TLS VPN protocol This implements the protocol used by the H3C VPN client version iNode PC 7.3 (E0583).
  • 0e82c93714 Do not add 'single-sign-on' to the capabilities list for AnyConnect auth requests In 024336a8ddeb1754ae5e8fb18770e90c206070b1, we added 'single-sign-on-v2' to the list of auth-methods capabilities in AnyConnect auth requests, and also included 'single-sign-on' (no '-v2') because we had seen it included in a MITM capture from a Cisco client. See discussion at https://gitlab.com/openconnect/openconnect/-/merge_requests/126#note_853084596. However, OpenConnect does not actually know how to handle the 'single-sign-on' case, and include it appears to confuse Cisco servers and cause them not to return the expected XML structure in their subsequent responses. See https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/issues/72 and further discussion on https://gitlab.com/openconnect/openconnect/-/merge_requests/394. Removing 'single-sign-on' from the list of auth-methods capabilities should resolve this issue. Signed-off-by: Rahul Rameshbabu <sergeantsagara@protonmail.com> Co-Authored-By: Eric Work <work.eric@gmail.com> Signed-off-by: Daniel Lenski <dlenski@gmail.com>
  • 745126b750 Parse GlobalProtect XML more leniently This will cause the parser to ignore errant '&' characters, and should thus fix https://gitlab.com/openconnect/openconnect/-/issues/466. A similar fix was needed for Cisco's XML responses back in https://gitlab.com/openconnect/openconnect/-/commit/1b7537d7ec1638e23c93165f5fe28bae2b1cd488, and the F5 and Fortinet protocols also now use it when parsing XML. The GlobalProtect protocol can (insanely) provide either XML or Javascript-y responses, with no warning or other obviously differentiators, in this case we need to use the XML_PARSE_RECOVER flag very carefully, since it causes *anything* to be parsed successfully as an XML document, even if an empty one. Signed-off-by: Daniel Lenski <dlenski@gmail.com>
  • cb2be91062 Distinguish XML and non-XML error paths in gpst_xml_or_error This should help with debugging https://gitlab.com/openconnect/openconnect/-/issues/466 Signed-off-by: Daniel Lenski <dlenski@gmail.com>
  • e48fd023cf Don't set xmlReadMemory's URL argument to "noname.xml" This argument has been present "since the beginning" (aka 2008, https://gitlab.com/openconnect/openconnect/eaa41be14d94694b5523c3d97bd5af38c472ab23), but it's neither meaningful or necessary, even if we were to enable libxml2's built-in printing of XML parse errors. So let's remove it. Signed-off-by: Daniel Lenski <dlenski@gmail.com>

2 years ago

vimacs created new branch h3cssl at vimacs/openconnect

2 years ago

vimacs pushed to h3c at vimacs/openconnect

2 years ago

vimacs pushed to h3c at vimacs/openconnect

2 years ago

vimacs pushed to h3c at vimacs/openconnect

2 years ago

vimacs pushed to master at vimacs/osm-stuff

2 years ago

vimacs created new branch master at vimacs/osm-stuff

2 years ago

vimacs created repository vimacs/osm-stuff

2 years ago

vimacs pushed to h3c at vimacs/openconnect

2 years ago

vimacs pushed to h3c at vimacs/openconnect

  • e6280a480f add h3c skeleton
  • cf4c5dcfb8 Log more details of unknown Pulse packets Perhaps there's something useful/interesting lurking in the unknown packets, like a DPD/keepalive packet, as noted in https://gitlab.com/openconnect/openconnect/-/issues/456 Signed-off-by: Daniel Lenski <dlenski@gmail.com>
  • 37b6a79a80 Clarify purpose/scope of --usergroup option The name '--usergroup' exists purely for historical/Cisco-specific reasons. Its function is simply to override the *path* of the URL for the initial HTTPS request to the server. Thus 'openconnect --usergroup loginRealm vpn.server.com' and 'openconnect https://vpn.server.com/loginRealm' are entirely equivalent; with most front-ends, specifying the URL directly is the only way to set the path. Signed-off-by: Daniel Lenski <dlenski@gmail.com>
  • 895371501e Clarify purpose/scope of --authgroup option We frequently get questions from users who are unsure of how to automatically enter an authentication dropdown selection using the command line client. A recent example: https://lists.infradead.org/pipermail/openconnect-devel/2022-May/005125.html The `--authgroup=GROUP` option is specifically designed for this purpose: it can enter a value into "the right" dropdown/list field on multiple protocols: - Cisco AnyConnect/ocserv: "authgroup" selection form field - Juniper: "realm" OR "frmSelectRoles" selection form field - Pulse: "realm" selection form field - Fortinet: "realm" selection form field - F5: "domain" selection form field - GlobalProtect: "gateway" selection form field (found on the "portal" interface; this one actually controls the choice of gateway server) The functionality of the `--authgroup` option is not as obvious as it could/should be because the name "authgroup" is Cisco-specific. This patch improves the `--help` output and openconnect(8) man page to show that it works with other protocols as well, and mention the names of the relevant fields for those protocols. Signed-off-by: Daniel Lenski <dlenski@gmail.com>
  • 6246bbd16b Merge branch 'const' into 'master' Fix constness again in HKDF/HPKE-related functions See merge request openconnect/openconnect!384

2 years ago

vimacs created new branch h3c at vimacs/openconnect

2 years ago

vimacs created repository vimacs/openconnect

2 years ago

vimacs pushed to master at vimacs/centos7-packages

2 years ago

vimacs pushed to master at vimacs/centos7-packages

2 years ago

vimacs pushed to master at vimacs/centos7-packages

2 years ago

vimacs pushed to master at vimacs/centos7-packages

  • 28b1ec4340 use %{tool_name} in hosttools packages

2 years ago