Daniel Lenski [Mon, 18 May 2020 17:54:03 +0000 (10:54 -0700)]
add --allow-insecure-crypto, and corresponding API functions, to explicitly enable 3DES/RC4/SHA1
This closes #145, and adds tests intended to prevent similar situations from recurring.
Allowing the ancient, broken 3DES and RC4 ciphers is insecure; we do not
want to (re-)enable them by default. (See discussion:
https://gitlab.com/openconnect/openconnect/-/issues/145#note_344687335)
However, some still-in-use VPN servers can't do any better. So instead, we
explicitly disable them, unless explicitly enabled with the
`--allow-insecure-crypto` option, or corresponding API functions.
Also attempts to future-proof --allow-obsolete-crypto a bit, by setting
`%VERIFY_ALLOW_SIGN_WITH_SHA1` (per nmav:
https://gitlab.com/openconnect/openconnect/-/merge_requests/114#note_346496796),
and explicitly enabling SHA1 (which was moved to GnuTLS “bad hashes list” in 1d75e116b1681d0e6b140d7530e7f0403088da88)
Ash Holland [Wed, 24 Jun 2020 21:26:28 +0000 (22:26 +0100)]
Juniper: support password and 2FA fields in the same form
Juniper login forms typically ask for the password in the first form,
then put the 2FA field in a later form. However, some use a second
password field in the first form (usually frmLogin) for the 2FA token.
We now assume password fields after the first in a frmLogin to be 2FA
fields to cope with this case.
Daniel Lenski [Thu, 13 Aug 2020 17:00:58 +0000 (10:00 -0700)]
bump emulated GlobalProtect version number
Apparently some GlobalProtect servers complain about old versions of the client connecting to them, so we should periodically bump up the version number of the client that we emulate.
See https://gitlab.com/openconnect/openconnect/-/issues/176#note_395207613
.gitlab-ci.yml: run coverity weekly with a scheduled run
This also fixes the image for coverity to fedora31 to avoid
gcc compatibility issues. The reason for moving to scheduled
runs is that there is a limit to coverity runs per project.
Daniel Lenski [Thu, 21 May 2020 17:52:11 +0000 (10:52 -0700)]
re-add socket_wrapper and softhsm support to CentOS8 CI
It appears that a separate Power Tools repository needs to be enabled for `{uid,socket}_wrapper` in CentOS8.
See https://centos.pkgs.org/8/centos-powertools-x86_64/uid_wrapper-1.2.4-4.el8.x86_64.rpm.html and https://serverfault.com/questions/997896/how-to-enable-powertools-repository-in-centos-8
For softhsm, this should work per nmav: https://gitlab.com/openconnect/openconnect/-/issues/145#note_347864560
The auth-nonascii test, and DSA cert tests, are now failing again, and needs to be disabled.
Daniel Lenski [Wed, 14 Oct 2020 23:27:20 +0000 (16:27 -0700)]
fix CI
- dtls-psk is frequently failing; add 1-second wait AFTER tunnel interface appears
- (already merged in !128) CentOS8 now has GnuTLS with client random bug fixed (remove XFAIL_TESTS="dtls-psk")
- (already merged in !128) Fedora 32 needs crypto-policies-scripts package for update-crypto-policies to work
Daniel Lenski [Tue, 28 Jul 2020 21:38:31 +0000 (14:38 -0700)]
enable csd-wrapper.sh/csd-post.sh to run insecurely (no cert validation) for compatibility with ancient cURL
cURL <7.39 doesn't have `--pinnedpubkey` option. Falling back to insecure connection to CSD server (as we did until 4385272562d8e01166f31207938a08bec0a6fc4f) is the easiest band-aid.
CentOS 7 is affected, as described in https://lists.infradead.org/pipermail/openconnect-devel/2020-July/004886.html
Daniel Lenski [Thu, 21 Dec 2017 06:56:58 +0000 (22:56 -0800)]
Protocols should try explicitly request the same IP addresses on reconnect, since they will abort if new addresses are sent by the server.
* GlobalProtect:
- Supported and used by official clients (POST /ssl-vpn/getconfig.esp with preferred-ip form field).
- GlobalProtect servers often give different IP addresses on reconnect if this mechanism is *not* used,
so this mechanism is necessary.
- Same mechanism appears to exist for IPv6 (preferred-ipv6) and was added to OpenConnect in d6db0ec03394234d41fbec7ffc794ceeb486a8f0, even though IPv6 support is not yet complete.
* AnyConnect:
- Not (yet) supported by ocserv
- It appears that *some* AnyConnect server will try to provide the IP address provided in the X-CSTP-Address
*request* header along with the CONNECT request, but other servers appear not to
- This patch reproduces the behavior of GPST: attempt to request same IPv4 and IPv6 addresses on reconnect,
via CONNECT headers.
* Juniper:
- There does not appear to be any way to provide this using the Juniper NC protocol.
- No known reports of Juniper servers giving out different IP address on reconnect.
Daniel Lenski [Tue, 13 Oct 2020 02:26:10 +0000 (19:26 -0700)]
handle errors on initial TLS connection identically to subsequent reconnection
In order to write OpenConnect wrapper scripts that decouple the
authentication phase and tunnel phase, while caching authentication cookies,
we need to be able to reliably distinguish errors from invalid/expired
cookies from other errors. This makes that possible.
Nikos Mavrogiannopoulos [Sat, 31 Oct 2020 11:58:55 +0000 (12:58 +0100)]
gnutls: try multiple hashes when checking for pub/priv key match
This also ensures that we don't take into account the state of the
algorithm (e.g., marked as insecure), because it does matter for
checking whether the keys match.
Previously a change in Fedora release would result to several weeks or
months of broken CI. Fix on a specific version so that the CI is stable,
even if that comes at the cost of a manual update of the fedora CI.
This removes dtls-psk from XFAIL in centos8 as it is no longer applicable,
adds crypto policies script from missing targets, and checks for both
devices prior to adding routes in dtls-psk.
Sergei Trofimovich [Fri, 8 May 2020 14:39:41 +0000 (10:39 -0400)]
gnutls: prevent buffer overflow in get_cert_name
The test suite for ocserv calls openconnect with a certificate that has
a name that is 84 bytes in length. The buffer passed to get_cert_name is
currently 80 bytes.
The gnutls_x509_crt_get_dn_by_oid function will update the buffer size
parameter if the buffer is too small.
RETURNS
GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long
enough, and in that case the buf_size will be updated with the
required size. GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there are no
data in the current index. On success 0 is returned.
Use a temporary variable to avoid clobbering the namelen variable that is
passed to get_cert_name.
Bug: https://bugs.gentoo.org/721570 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> Signed-off-by: Mike Gilbert <floppym@gentoo.org>
David Woodhouse [Mon, 4 May 2020 10:56:36 +0000 (11:56 +0100)]
Use shorter pathname for COPR RPM build
If the path of SOCKET_WRAPPER_DIR is too long, it doesn't fit in the
sun_path field of the sockaddr_un, and libsocket_wrapper gets very
unhappy, reporting 'Too many unix sockets'. Despite actually only ever
trying *one* path over and over again 1024 times due to truncation.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Daniel Lenski [Fri, 1 May 2020 18:49:25 +0000 (11:49 -0700)]
stop asking users to report unexpected GP login argument arg[19]="4"
We still don't know what this one means (my wild guess is that it's telling the client to prefer IPv4), but newer GP servers always send it and it's basically uninteresting.
David Woodhouse [Thu, 30 Apr 2020 16:41:20 +0000 (17:41 +0100)]
Attempt to fix EPEL8 build
Use --without-gnutls-version-check; as if EPEL8 *does* get the fix for
the zero-client-random bug it will probably come without a version bump.
This also partially reverts commit 68641c0393e which disabled the use of
--with-default-gnutls-priority on *all* EPEL versions, but since I wasn't
building for EPEL8 at that point I don't think it was done for EPEL8
specifically, and can probably be restored.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Daniel Lenski [Wed, 29 Apr 2020 21:34:43 +0000 (14:34 -0700)]
add and fix a few changelog entries
One significant user-facing entries left out of v8.09 changelog:
* modernized Juniper TNCC script
Two were labeled as being in v8.08 when in fact they weren't merged until v8.09:
* GlobalProtect MRs (!90, !93, !95)
* disabling of Nagle's algorithm for TLS sockets
Use OpenSSL X509_check_host() and X509_check_ip() correctly.
These functions return 1 for a successful match, 0 for a failed match,
-1 for an internal error, or -2 if the certificate is malformed.
OpenConnect has been treating any value other than zero as a success,
meaning that an attacker who could get a trusted CA to issue an invalid
certificate (on which the ASN.1 decoder fails, for example), could use
that to assume *any* identity.
Daniel Lenski [Thu, 23 Apr 2020 17:30:40 +0000 (10:30 -0700)]
fix IPv4 split-{in,ex}clude routes with misspecified host bits
Some VPN platforms (GlobalProtect, apparently) allow administrators to input
such non-canonical IPv4 routes, and some routing configuration utilities
(apparently *not* iproute2) simply do not accept such non-canonical IPv4
routes.
An example of the confusion this can cause:
https://lists.infradead.org/pipermail/openconnect-devel/2020-April/005665.html
The robustness principle suggests that the best thing to do here is to fix
these routes, but complain about them while we're at it.
David Woodhouse [Sat, 25 Apr 2020 08:54:28 +0000 (09:54 +0100)]
Fix dependencies and tests/configs/server-cert.prm to dist
Strictly, *break* the dependencies. We don't want server-cert.pem being
gratuitously rebuilt. It's breaking the CI because the file isn't pristine
when 'make tmp-distdir' runs.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
projects / users / dwmw2 / openconnect.git / log