GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,667 Commits 19 Branches 88 Tags
108d34f6132227c10888e4c10086601c9fd58a3d
Commit Graph

136 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
108d34f613 Ban an IP only when the MAX_PASSWORD_TRIES attempts have been exceeded 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
1f128219ae if gssapi authentication fails, switch to password auth if possible 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
11f43f144a eliminated auth message upper limit 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
daa18cae8d Ensure that any messages are being forwarded even on success packet 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
51ab9a97d0 only print WWW-Authenticate when there are data to print 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
a08329b398 Allow GSSAPI authentication even from GET commands 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
afef74fa23 removed the certificate[optional] auth type 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
8bb0af61bc Added GSSAPI as an additional password auth mechanism 
That also adds the ability to support an OR composition of multiple
authentication methods. That is using the 'enable-auth' config option.
 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
bcea928abe Added support for no-routes (X-Split-Exclude) 2015-02-06 14:05:10 +01:00
Nikos Mavrogiannopoulos
0dc2e43335 worker: allow empty passwords 2015-01-28 11:52:38 +01:00
Nikos Mavrogiannopoulos
b8bcf8b835 moved some debugging messages into http level 2015-01-28 11:41:15 +01:00
Nikos Mavrogiannopoulos
414c5d94da harmonize the time cookies are stored in security module and main server 2015-01-25 18:48:49 +01:00
Nikos Mavrogiannopoulos
b38a1bb39a override the default ipv6_prefix only if ipv6_prefix is set 2014-12-26 20:23:12 +02:00
Nikos Mavrogiannopoulos
07e01d06b5 use strlcpy() instead of snprintf() where it make sense 
That should reduce wasted cycles.
 2014-12-14 19:24:14 +01:00
Nikos Mavrogiannopoulos
35e93c6341 added option to send statistics periodically to sec-mod 2014-12-10 11:18:23 +01:00
Nikos Mavrogiannopoulos
8365449e9b deprecated ipv6_netmask 2014-12-08 10:48:25 +01:00
Nikos Mavrogiannopoulos
365ca267d4 added new authentication mode optional-certificate 
That mode allows having only specific group of users that are required
to present a certificate.
 2014-09-24 12:41:31 +02:00
Nikos Mavrogiannopoulos
30bcf35576 Revert "license upgraded to GPLv3" 
This reverts commit 213f9a63ee.

Conflicts:
	configure.ac
 2014-09-24 11:34:15 +02:00
Nikos Mavrogiannopoulos
4ea5a56ace Allow the CSTP layer to operate without TLS 
That also introduces a unix domain socket under which connections to the
server can occur.
 2014-09-23 16:08:29 +02:00
Nikos Mavrogiannopoulos
d5d27b2379 updated comment 2014-09-10 22:38:25 +02:00
Nikos Mavrogiannopoulos
265e723cdb send the IPv6 netmask in a compatible with cisco servers way 2014-09-09 09:36:48 +02:00
Nikos Mavrogiannopoulos
abe6d2d190 when the default group is selected, don't treat it as no selection 2014-08-28 10:08:42 +02:00
Nikos Mavrogiannopoulos
91c0566523 made the comparison for XML fiels case insensitive 
Suggested by sskaje, based on an issue with the Anyconnect iOS client.
 2014-08-28 09:26:27 +02:00
Nikos Mavrogiannopoulos
c781bea7cd user-profile is now allowed in per-user configuration 2014-07-31 14:57:09 +02:00
Nikos Mavrogiannopoulos
40d499ac1a better error messages when certificate username limit is reached 2014-07-27 11:21:36 +02:00
Nikos Mavrogiannopoulos
53c7bbeb1d ocserv: corrected debug message 2014-06-26 13:47:54 +02:00
Nikos Mavrogiannopoulos
309ad41475 ocserv: print the correct message when only selecting a group. 2014-06-26 13:46:31 +02:00
Nikos Mavrogiannopoulos
3de707b0fe introduced str_append_printf() 2014-06-26 13:46:31 +02:00
Nikos Mavrogiannopoulos
4fa0053d54 ocserv: prompt the user for group selection even if only certificate authentication is used. 2014-06-26 13:46:31 +02:00
Nikos Mavrogiannopoulos
3fac1c4e0c search for group_list in addition to group%5flist 
That allows to read the group from AnyConnect clients.
 2014-06-25 21:58:00 +02:00
Nikos Mavrogiannopoulos
e48ad13e82 Set the applicable DNS and NBNS servers in complete_vpn_info(). 2014-06-25 10:11:00 +02:00
Nikos Mavrogiannopoulos
4a0b16fb98 Forward the appropriate DNS and NBNS values when using a per-user/group config. 2014-06-25 10:02:16 +02:00
Nikos Mavrogiannopoulos
85288fd96f Ignore the return code of snprintf(); it is useless. 2014-06-23 17:26:01 +02:00
Nikos Mavrogiannopoulos
1d2f36f9bf When renegotiating, verify that any certificate received from the client contains the same username. 2014-06-13 15:08:40 +02:00
Nikos Mavrogiannopoulos
0a0b51ab37 Added work-around for openconnect v3.20 
That version of openconnect requires some strict format on the
XML messages. Thus we send it, what it expects.
 2014-06-10 10:08:46 +02:00
Nikos Mavrogiannopoulos
af7e967063 reduced the severity on several worker log messages. 2014-06-02 09:21:08 +02:00
Nikos Mavrogiannopoulos
5759032ef9 worker: only check for friendly names, if there are any 2014-05-29 00:14:28 +02:00
Nikos Mavrogiannopoulos
25fbdfbf70 Keep track of cookies internally. 
That allows to restrict the cookie validity time to the absolutely minimum
required to establish and reconnect a recently disconnected session.
That deprecates the cookie-validity option and introduces the cookie-timeout
option.
 2014-05-27 16:00:57 +02:00
Nikos Mavrogiannopoulos
b4fcf4df82 use macros for reason messages 2014-05-27 11:00:30 +02:00
Nikos Mavrogiannopoulos
cdddc3df0a Better HTTP error messages. 2014-05-27 10:45:28 +02:00
Nikos Mavrogiannopoulos
213f9a63ee license upgraded to GPLv3 2014-05-23 11:50:56 +02:00
Nikos Mavrogiannopoulos
28943341db Added the proxy-url option to allow sending a proxy URL. 
This corresponds to the X-CSTP-MSIE-Proxy-Pac-URL CSTP header.
 2014-05-23 11:04:30 +02:00
Nikos Mavrogiannopoulos
6ca3c4761c Cookies are packed using protocol buffers to reduce their size. 2014-05-21 16:11:05 +02:00
Nikos Mavrogiannopoulos
8ba0d563f0 Do not call close() twice. Issue spotted by coverity. 2014-05-21 14:54:18 +02:00
Nikos Mavrogiannopoulos
e027dfd422 Corrected check for group list sending to client. 2014-05-21 14:48:19 +02:00
Nikos Mavrogiannopoulos
0ed82312e9 Allow an empty friendly_group_list (in auto-select-group). 2014-05-21 14:23:02 +02:00
Nikos Mavrogiannopoulos
5b8b3b1aa7 When a client has already selected a group, re-order our group selection form. 
This is required by some Anyconnect clients and the openconnect android app.
 2014-05-21 12:40:05 +02:00
Nikos Mavrogiannopoulos
177c1c95bd Allow aliases to group names. 2014-05-21 12:25:26 +02:00
Nikos Mavrogiannopoulos
5af82e9ff4 fixed unescape code. 2014-05-20 15:50:09 +02:00
Nikos Mavrogiannopoulos
aef5dc0633 Allow multiple groups to be present in a client certificate. 
In that case the user will be prompted to select a group.
 2014-05-20 15:36:40 +02:00