GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,388 Commits 19 Branches 88 Tags
01bbb5cfa16d87c46ef5e1e36beb46adec512ca2
Commit Graph

1388 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
ff4f895cb0 main: deactivate the cookie when releasing proc. 2014-05-29 00:19:24 +02:00
Nikos Mavrogiannopoulos
5759032ef9 worker: only check for friendly names, if there are any 2014-05-29 00:14:28 +02:00
Nikos Mavrogiannopoulos
d11d8ae47c increased the maintainance time to 15 mins 2014-05-28 10:56:03 +02:00
Nikos Mavrogiannopoulos
3dd67c3f19 inline revive_cookie() 2014-05-28 10:48:27 +02:00
Nikos Mavrogiannopoulos
9eb68a381a No need for safe_memset() of the cookie hash. 2014-05-28 10:34:26 +02:00
Nikos Mavrogiannopoulos
e5c60a7a44 Limit the number of TLS resumption requests to one. 2014-05-28 10:32:35 +02:00
Nikos Mavrogiannopoulos
3a18882a40 Store a hash of the client's cookie instead of the cookie itself. 
That ensures that the cookies cannot be leaked from the server.
On a hash collision, the IP of the other cookie in use will be
hijacked.
 2014-05-28 10:13:08 +02:00
Nikos Mavrogiannopoulos
0f0cf31a79 zeroize cookies and TLS session data after read. 2014-05-28 10:11:17 +02:00
Nikos Mavrogiannopoulos
7ccdba8234 doc update 2014-05-27 16:04:53 +02:00
Nikos Mavrogiannopoulos
aaa06e3157 TLS sessions expire the at cookie timeout. 2014-05-27 16:01:14 +02:00
Nikos Mavrogiannopoulos
a872850b1e better printing of module name. 2014-05-27 16:01:09 +02:00
Nikos Mavrogiannopoulos
68071646c6 Report the number of active cookies and TLS resumed sessions to occtl 2014-05-27 16:01:03 +02:00
Nikos Mavrogiannopoulos
25fbdfbf70 Keep track of cookies internally. 
That allows to restrict the cookie validity time to the absolutely minimum
required to establish and reconnect a recently disconnected session.
That deprecates the cookie-validity option and introduces the cookie-timeout
option.
 2014-05-27 16:00:57 +02:00
Nikos Mavrogiannopoulos
a2728265b3 corrected safe_memset() of expired sessions. 2014-05-27 15:59:22 +02:00
Nikos Mavrogiannopoulos
01211c610c Allow memset of zero 2014-05-27 15:58:12 +02:00
Nikos Mavrogiannopoulos
0586e4c5fa Simplified the TLS hash table initialization. 2014-05-27 15:00:13 +02:00
Nikos Mavrogiannopoulos
8c82e8c96c Overwrite TLS session data prior to release. 2014-05-27 14:56:30 +02:00
Nikos Mavrogiannopoulos
b4fcf4df82 use macros for reason messages 2014-05-27 11:00:30 +02:00
Nikos Mavrogiannopoulos
2e1c1bb29f require the certificate being present on the sec-mod session initialization. 2014-05-27 10:46:16 +02:00
Nikos Mavrogiannopoulos
cdddc3df0a Better HTTP error messages. 2014-05-27 10:45:28 +02:00
Nikos Mavrogiannopoulos
a2b0898821 doc update 2014-05-27 10:34:15 +02:00
Joerg Mayer
d879c9761a ocserv: Fix out of tree builds 
Signed-off-by: Joerg Mayer <jmayer@loplof.de>
 2014-05-27 09:32:29 +02:00
Nikos Mavrogiannopoulos
843883750c enable cisco-client-compat in cert test 2014-05-27 09:00:34 +02:00
Nikos Mavrogiannopoulos
b5d5e3cb36 do not deny roaming by default 2014-05-26 13:04:16 +02:00
Nikos Mavrogiannopoulos
7e06e1acfb Return 401 error on cookie authentication failure. 2014-05-25 18:50:43 +02:00
Nikos Mavrogiannopoulos
c7653e2844 doc update 2014-05-25 10:17:54 +02:00
Nikos Mavrogiannopoulos
7ba0fffb07 Added the configuration option deny-roaming. 
That required moving the read of the group configuration during the
cookie authentication phase.
 2014-05-25 10:17:28 +02:00
Nikos Mavrogiannopoulos
4b91005118 released 0.8.0pre0 2014-05-24 14:38:24 +02:00
Nikos Mavrogiannopoulos
78132e2a6d Added auto group listing on PAM authentication as well. 
In addition a configuration option to print group IDs over a
certain number was added.
 2014-05-23 16:36:48 +02:00
Nikos Mavrogiannopoulos
d3f701fba5 ensure that the group table isn't overflowed. 2014-05-23 16:01:26 +02:00
Nikos Mavrogiannopoulos
618a386f73 doc update 2014-05-23 13:31:05 +02:00
Nikos Mavrogiannopoulos
213f9a63ee license upgraded to GPLv3 2014-05-23 11:50:56 +02:00
Nikos Mavrogiannopoulos
21aba3d3e7 test-pam: better messages 2014-05-23 11:45:35 +02:00
Nikos Mavrogiannopoulos
8eec409803 remove const from temp variables. 2014-05-23 11:43:08 +02:00
Nikos Mavrogiannopoulos
de50dd413b Better auth log messages. 2014-05-23 11:36:37 +02:00
Nikos Mavrogiannopoulos
978e89c53f re-use the string replace API for route add/del replacements. 2014-05-23 11:36:37 +02:00
Nikos Mavrogiannopoulos
d51a7cb7e7 re-use the string replace API for route add/del replacements. 2014-05-23 11:32:07 +02:00
Nikos Mavrogiannopoulos
57d848d228 The replaced keywords were put into brackets. 2014-05-23 11:19:42 +02:00
Nikos Mavrogiannopoulos
92565e1f5d check for allocation error in custom header replacement. 2014-05-23 11:11:42 +02:00
Nikos Mavrogiannopoulos
51494e0df1 doc update 2014-05-23 11:08:23 +02:00
Nikos Mavrogiannopoulos
0a1f5f0f55 The custom header options allows %U and %G. 2014-05-23 11:07:39 +02:00
Nikos Mavrogiannopoulos
28943341db Added the proxy-url option to allow sending a proxy URL. 
This corresponds to the X-CSTP-MSIE-Proxy-Pac-URL CSTP header.
 2014-05-23 11:04:30 +02:00
Nikos Mavrogiannopoulos
9eeffef280 doc update 2014-05-22 13:48:46 +02:00
Nikos Mavrogiannopoulos
2276acf57b limit the cookie validity time to 3 hours in the configuration examples. 2014-05-22 13:48:09 +02:00
Nikos Mavrogiannopoulos
6dcc9acf77 Restrict cookies to a single IP address. 2014-05-21 16:19:07 +02:00
Nikos Mavrogiannopoulos
6ca3c4761c Cookies are packed using protocol buffers to reduce their size. 2014-05-21 16:11:05 +02:00
Nikos Mavrogiannopoulos
8ba0d563f0 Do not call close() twice. Issue spotted by coverity. 2014-05-21 14:54:18 +02:00
Nikos Mavrogiannopoulos
11a78970bb Correctly check for network name. Issue spotted using coverity. 2014-05-21 14:52:10 +02:00
Nikos Mavrogiannopoulos
e027dfd422 Corrected check for group list sending to client. 2014-05-21 14:48:19 +02:00
Nikos Mavrogiannopoulos
fce30e0513 doc update 2014-05-21 14:37:50 +02:00