GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,781 Commits 19 Branches 88 Tags
0f5b9d1ebd671c25ff60bee78ad21779f6247a22
Commit Graph

1781 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
0f5b9d1ebd print the accurate time on banned IP expiration 2015-02-26 21:35:35 +01:00
Nikos Mavrogiannopoulos
1f6340f1fa occtl: banned IPs -> IPs in ban list 2015-02-26 21:17:08 +01:00
Nikos Mavrogiannopoulos
9f95d086d9 removed unused variables and structures 2015-02-26 21:15:17 +01:00
Nikos Mavrogiannopoulos
3acd229e81 occtl: pretty print uptime 2015-02-26 21:13:13 +01:00
Nikos Mavrogiannopoulos
6e9b202aa8 occtl: pretty print expiration time in bans 2015-02-26 21:07:51 +01:00
Nikos Mavrogiannopoulos
e64528c9f1 occtl: avoid crash on empty cmdline argument 2015-02-26 20:59:03 +01:00
Nikos Mavrogiannopoulos
056730e931 removed duplicate entries in makefile 2015-02-26 20:58:49 +01:00
Nikos Mavrogiannopoulos
9a97565a60 occtl: rename show ip points to show ip ban points 2015-02-26 20:49:39 +01:00
Nikos Mavrogiannopoulos
15f0733f7d PAM accounting is only included when PAM is enabled 2015-02-26 20:40:29 +01:00
Nikos Mavrogiannopoulos
9c9ac721c2 include kkdcp_asn1_tab.c only when GSSAPI is included 2015-02-26 20:39:53 +01:00
Nikos Mavrogiannopoulos
2c23c86d48 removed unused parameter of select() 2015-02-26 20:36:49 +01:00
Nikos Mavrogiannopoulos
24842d837e include security/pam_appl.h only when PAM is enabled 2015-02-26 20:36:20 +01:00
Nikos Mavrogiannopoulos
f725c08576 removed obsolete file 2015-02-26 20:32:13 +01:00
Nikos Mavrogiannopoulos
9552638acd occtl: added cache and completion for IP addresses 2015-02-26 16:27:19 +01:00
Nikos Mavrogiannopoulos
17c1c3d381 sanitize IP addresses provided by occtl 2015-02-26 16:15:40 +01:00
Nikos Mavrogiannopoulos
ac1e057158 occtl: allow listing only bans, or points 2015-02-26 15:52:59 +01:00
Nikos Mavrogiannopoulos
596cc35ff3 do not continuously extend the expiration time of banned IP entry 2015-02-26 15:40:58 +01:00
Nikos Mavrogiannopoulos
73ba4c06cb doc update 2015-02-26 14:37:06 +01:00
Nikos Mavrogiannopoulos
0326ec168b occtl: added ability to list banned, and unban IPs 2015-02-26 14:33:38 +01:00
Nikos Mavrogiannopoulos
bbee3767dc sec-mod: don't use a timeout value in select() 
There is no need for that.
 2015-02-26 13:41:39 +01:00
Nikos Mavrogiannopoulos
28dd005b76 removed support for linux namespaces; they don't provide any advantage over seccomp 2015-02-26 13:23:51 +01:00
Nikos Mavrogiannopoulos
a13e9a9507 tests: only run test-gssapi if gssntlmssp is found 2015-02-26 11:29:08 +01:00
Nikos Mavrogiannopoulos
445ea63783 made the ban points configurable 2015-02-26 11:23:06 +01:00
Nikos Mavrogiannopoulos
7619895a25 removed server-name config option 2015-02-26 11:00:07 +01:00
Nikos Mavrogiannopoulos
c9efcae416 doc update 2015-02-26 09:24:24 +01:00
Nikos Mavrogiannopoulos
7a675ff5e2 When sending BAN IP messages to main receive a reply on whether further actions should continue 
That allows to BAN a user even during an open connection.
 2015-02-25 20:08:51 +01:00
Nikos Mavrogiannopoulos
874d0ce0e2 sec-mod: always send a reply to main 2015-02-25 19:10:16 +01:00
Nikos Mavrogiannopoulos
dbfca447a6 sec-mod: reply to main on failure to verify a session open cmd 2015-02-25 16:29:39 +01:00
Nikos Mavrogiannopoulos
8dd9cedd68 worker: collect any ban points and communicate them to main on exit 2015-02-25 16:10:15 +01:00
Nikos Mavrogiannopoulos
632ae25525 tests: radius-test: cleanup 2015-02-25 15:32:52 +01:00
Nikos Mavrogiannopoulos
0aa2c86f08 Added points in KKDCP connections to prevent DoS attacks. 2015-02-25 14:31:21 +01:00
Nikos Mavrogiannopoulos
58c8a52059 log message for rejected banned IP connection was moved to main-ban.c 2015-02-25 14:09:46 +01:00
Nikos Mavrogiannopoulos
ad66cb92d8 report the number of banned IPs via occtl 2015-02-25 14:07:53 +01:00
Nikos Mavrogiannopoulos
6254411131 doc update 2015-02-25 13:31:35 +01:00
Nikos Mavrogiannopoulos
4d7a4eaf23 HTTP debug messages moved to level 4 2015-02-25 13:29:42 +01:00
Nikos Mavrogiannopoulos
a3f5ae2551 Add a cost in number of connections per IP to prevent DoS attacks 2015-02-25 13:24:42 +01:00
Nikos Mavrogiannopoulos
a617485232 enforce of IP banning was moved to main 2015-02-25 13:16:56 +01:00
Nikos Mavrogiannopoulos
3222cedb99 simplify the communication between main and sec-mod 2015-02-25 10:33:25 +01:00
Nikos Mavrogiannopoulos
b44d84f7a2 tests: radius-test: require freeradius-client 1.1.7 2015-02-25 09:38:12 +01:00
Nikos Mavrogiannopoulos
43f3807e3b prevent accounting methods from switching on reload 2015-02-25 09:31:17 +01:00
Nikos Mavrogiannopoulos
3a9617845e radius: use the NAS identifier in accounting too 2015-02-24 19:15:57 +01:00
Nikos Mavrogiannopoulos
410ad632b0 added sanity checks in auth methods 2015-02-24 19:15:23 +01:00
Nikos Mavrogiannopoulos
437235e253 doc update 2015-02-24 19:01:54 +01:00
Nikos Mavrogiannopoulos
2f2f4a77d2 allow explicitly specifying the NAS identifier in radius 2015-02-24 18:59:05 +01:00
Nikos Mavrogiannopoulos
6647ddcbd3 tests: use unique temp files 2015-02-24 16:22:34 +01:00
Nikos Mavrogiannopoulos
cb52dd943e worker: if a client retries a POST/GET request without the X-Support-HTTP header switch method 
That allows openconnect to retry using password authentication if it
has no ticket or so. To advertize that behavior we set the header
X-HTTP-Auth-Support: fallback
in our 401 response.
 2015-02-24 16:15:01 +01:00
Nikos Mavrogiannopoulos
ca9b7e6e7d check all methods when using ws_switch_auth_to() 2015-02-24 15:49:30 +01:00
Nikos Mavrogiannopoulos
12ebe6b005 unix-test: added lz4 in fedora 2015-02-24 14:50:54 +01:00
Nikos Mavrogiannopoulos
6494ea6600 when stealing values do not reallocate them 2015-02-24 13:53:41 +01:00
Nikos Mavrogiannopoulos
29e834da4d plain authentication uses the new parsing method 2015-02-24 13:53:37 +01:00