2026-03-16 14:57:48 +08:00 · 2021-12-22 18:41:17 +00:00
parent accfc8169d 3a92062b44
commit db505b373c
8 changed files with 10 additions and 10 deletions
							
							
								
							
							
						
@@ -39,7 +39,7 @@ which is only run during development.
file in the repository. The goal is to have a test suite which runs for
every new merge request prior to merging. There are no particular rules for
the test targets, except for them being reliable and running in a reasonable
timeframe (~1 hour).
time frame (~1 hour).
## Reviewing code
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -356,7 +356,7 @@
* Version 0.10.9 (released 2015-10-07)
- When compiled with GnuTLS 3.4 automatically sort the certificate list
  to be imported.
- Reload the CRL during periodic maintaince if its modification time
- Reload the CRL during periodic maintenance if its modification time
  changes.
- Address issue with duplicate check failing on IPv6 addresses (issue #5).
- Added the ability to specify a UsersFile in plain auth for using an OTP.
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -24,7 +24,7 @@ For as more detailed explanation see the OpenID Connect protocol (<https://openi
## Deploying OIDC authentication
An administrator wanting to deployg OIDC as an authentication scheme must do the following:
An administrator wanting to deploy OIDC as an authentication scheme must do the following:
1) Register an application identity with the OIDC provider
2) Obtain the token endpoint and the OpenID Connect metadata document endpoint for their OIDC provider
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -70,7 +70,7 @@ remain valid until the `cookie-timeout` value expires.
Dictionary
==========
Ocserv supports the following radious attributes.
Ocserv supports the following radius attributes.
```
#	Standard attributes
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -22,7 +22,7 @@ The main component consists of the process which is tasked to:
 * State is passed between main process and worker via an environment 
   variable.
 * Listen for incomping UDP "connections" and forward the packet stream
 * Listen for incoming UDP "connections" and forward the packet stream
   to the appropriate worker process. - See main.c
 * Create and forward to workers with an authenticated user a dedicated
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -515,7 +515,7 @@ static json_t *oidc_extract_claims(cjose_jws_t * jws)
	return token_claims;
}
static bool oidc_verify_singature(oidc_vctx_st * vctx, cjose_jws_t * jws)
static bool oidc_verify_signature(oidc_vctx_st * vctx, cjose_jws_t * jws)
{
	bool result = false;
							
								
							
							
								
							
							
						
@@ -616,7 +616,7 @@ static bool oidc_verify_token(oidc_vctx_st * vctx, const char *token,
		goto cleanup;
	}
	if (!oidc_verify_singature(vctx, jws)) {
	if (!oidc_verify_signature(vctx, jws)) {
		syslog(LOG_NOTICE,
		       "ocserv-oidc: Token signature validation failed\n");
		goto cleanup;
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -381,7 +381,7 @@ static inline const void *list_tail_(const struct list_head *h, size_t off)
 * @off: offset(relative to @i) at which list node data resides.
 *
 * This is a low-level wrapper to iterate @i over the entire list, used to
 * implement all oher, more high-level, for-each constructs. It's a for loop,
 * implement all other, more high-level, for-each constructs. It's a for loop,
 * so you can break and continue as normal.
 *
 * WARNING! Being the low-level macro that it is, this wrapper doesn't know
							
							
							
								
							
						
@@ -390,7 +390,7 @@ static inline const void *list_tail_(const struct list_head *h, size_t off)
 * properly filled `struct node_list' which in turn contains pointers to
 * memory chunks and it's turtles all the way down. With all that in mind
 * remember that given the wrong pointer/offset couple this macro will
 * happilly churn all you memory until SEGFAULT stops it, in other words
 * happily churn all you memory until SEGFAULT stops it, in other words
 * caveat emptor.
 *
 * It is worth mentioning that one of legitimate use-cases for that wrapper
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -902,7 +902,7 @@ void sec_auth_user_deinit(sec_mod_st *sec, client_entry_st *e)
	vhost = e->vhost;
	seclog(sec, LOG_DEBUG, "permamently closing session of user '%s' "SESSION_STR, e->acct_info.username, e->acct_info.safe_id);
	seclog(sec, LOG_DEBUG, "permanently closing session of user '%s' "SESSION_STR, e->acct_info.username, e->acct_info.safe_id);
	if (vhost->perm_config.acct.amod != NULL && vhost->perm_config.acct.amod->close_session != NULL && e->session_is_open != 0) {
		vhost->perm_config.acct.amod->close_session(e->vhost_acct_ctx, e->auth_type, &e->acct_info, &e->saved_stats, e->discon_reason);
	}