GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-11 09:16:59 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,157 Commits 19 Branches 88 Tags
213f9a63ee60192c5bb086c3c970c4644e55f459
Commit Graph

828 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
213f9a63ee license upgraded to GPLv3 2014-05-23 11:50:56 +02:00
Nikos Mavrogiannopoulos
8eec409803 remove const from temp variables. 2014-05-23 11:43:08 +02:00
Nikos Mavrogiannopoulos
de50dd413b Better auth log messages. 2014-05-23 11:36:37 +02:00
Nikos Mavrogiannopoulos
978e89c53f re-use the string replace API for route add/del replacements. 2014-05-23 11:36:37 +02:00
Nikos Mavrogiannopoulos
d51a7cb7e7 re-use the string replace API for route add/del replacements. 2014-05-23 11:32:07 +02:00
Nikos Mavrogiannopoulos
57d848d228 The replaced keywords were put into brackets. 2014-05-23 11:19:42 +02:00
Nikos Mavrogiannopoulos
92565e1f5d check for allocation error in custom header replacement. 2014-05-23 11:11:42 +02:00
Nikos Mavrogiannopoulos
0a1f5f0f55 The custom header options allows %U and %G. 2014-05-23 11:07:39 +02:00
Nikos Mavrogiannopoulos
28943341db Added the proxy-url option to allow sending a proxy URL. 
This corresponds to the X-CSTP-MSIE-Proxy-Pac-URL CSTP header.
 2014-05-23 11:04:30 +02:00
Nikos Mavrogiannopoulos
2276acf57b limit the cookie validity time to 3 hours in the configuration examples. 2014-05-22 13:48:09 +02:00
Nikos Mavrogiannopoulos
6dcc9acf77 Restrict cookies to a single IP address. 2014-05-21 16:19:07 +02:00
Nikos Mavrogiannopoulos
6ca3c4761c Cookies are packed using protocol buffers to reduce their size. 2014-05-21 16:11:05 +02:00
Nikos Mavrogiannopoulos
8ba0d563f0 Do not call close() twice. Issue spotted by coverity. 2014-05-21 14:54:18 +02:00
Nikos Mavrogiannopoulos
11a78970bb Correctly check for network name. Issue spotted using coverity. 2014-05-21 14:52:10 +02:00
Nikos Mavrogiannopoulos
e027dfd422 Corrected check for group list sending to client. 2014-05-21 14:48:19 +02:00
Nikos Mavrogiannopoulos
fce30e0513 doc update 2014-05-21 14:37:50 +02:00
Nikos Mavrogiannopoulos
0ed82312e9 Allow an empty friendly_group_list (in auto-select-group). 2014-05-21 14:23:02 +02:00
Nikos Mavrogiannopoulos
fbdcaa82ca Make pid-file an array to avoid issues with memory allocation. 2014-05-21 14:16:00 +02:00
Nikos Mavrogiannopoulos
5b8b3b1aa7 When a client has already selected a group, re-order our group selection form. 
This is required by some Anyconnect clients and the openconnect android app.
 2014-05-21 12:40:05 +02:00
Nikos Mavrogiannopoulos
177c1c95bd Allow aliases to group names. 2014-05-21 12:25:26 +02:00
Nikos Mavrogiannopoulos
7153ea8ea7 more precise usage of MAX_*_SIZE definitions. 2014-05-21 06:21:34 +02:00
Kevin Cernekee
8e67f959ed Add missing GnuTLS header file 
sec-mod.h now uses gnutls_privkey_t, so include <gnutls/abstract.h> to
fix this error:

      CC       main-misc.o
    In file included from main-misc.c:43:0:
    ./sec-mod.h:31:2: error: unknown type name ‘gnutls_privkey_t’
      gnutls_privkey_t *key;
      ^
 2014-05-21 06:17:09 +02:00
Nikos Mavrogiannopoulos
7133a1cf1b mention the occtl tool instead of who -u 2014-05-20 17:49:12 +02:00
Nikos Mavrogiannopoulos
b6531feee8 Corrected certificate generation instructions. 2014-05-20 15:50:11 +02:00
Nikos Mavrogiannopoulos
5af82e9ff4 fixed unescape code. 2014-05-20 15:50:09 +02:00
Nikos Mavrogiannopoulos
aef5dc0633 Allow multiple groups to be present in a client certificate. 
In that case the user will be prompted to select a group.
 2014-05-20 15:36:40 +02:00
Nikos Mavrogiannopoulos
2668fe63b4 Added the default-select-group directive. 2014-05-19 20:00:35 +02:00
Nikos Mavrogiannopoulos
659cc9850c Corrected filename in Makefile. 2014-05-19 18:26:06 +02:00
Nikos Mavrogiannopoulos
4755ee48c5 Added the select-group and auto-select-group config options. 
These options allow to prompt the user for a group prior to login.
That in addition enhances the password file format and multiple groups
can be specified on a comma separated list, as:
user:group1,group2,group3:$5$encodedpassword
 2014-05-19 18:25:25 +02:00
Nikos Mavrogiannopoulos
6bc625df81 The route configuration directive accepts the keyword 'default' 
In that case it will return a default route irrespective of any other
route directives. That allows overriding existing routes with a default
route for specific users and groups.
 2014-05-19 09:58:37 +02:00
Nikos Mavrogiannopoulos
d99c527758 memory reorganization in sec-mod. 
It no longer relies on main pool, it uses it's own pool.
In addition the DEBUG_LEAKS definition was added to allow debugging
leaks.
 2014-05-15 16:44:43 +02:00
Nikos Mavrogiannopoulos
739a2126d0 Clean-up all memory on deinitialization of sec-mod and worker. 
That will allow to easier spot any unintentional memory leaks.
 2014-05-15 15:36:03 +02:00
Nikos Mavrogiannopoulos
f9ce018f68 Add the clock_gettime() syscall on the list of allowed in seccomp. 2014-05-15 14:28:18 +02:00
Nikos Mavrogiannopoulos
68c4b2371b Renamed main-auth.h. 2014-05-15 11:39:02 +02:00
Nikos Mavrogiannopoulos
e7171ac859 Supplementary group/user configuration is now modular. 
That will ease the addition of other backends that can be used to
read the user/group configuration. The only backend supported now
is file.
 2014-05-15 11:36:30 +02:00
Nikos Mavrogiannopoulos
a2ea033f50 use safe_memset() when overwritting the group configuration 2014-05-15 10:46:53 +02:00
Nikos Mavrogiannopoulos
231316f624 cleanup the inclusion of protobuf sources. 2014-05-15 10:44:35 +02:00
Nikos Mavrogiannopoulos
fcaeacbd00 Added sanity checks in state transitions. 2014-05-14 14:51:41 +02:00
Nikos Mavrogiannopoulos
53f3129da9 Authentication modules were moved to subdirectory auth/ 2014-05-14 14:35:50 +02:00
Nikos Mavrogiannopoulos
788560b9ce Added default-user-config and default-group-config configuration options. 
These allow setting a configuration file that will be loaded if a
user-specific or group-specific configuration file isn't found.
 2014-05-14 13:27:51 +02:00
Nikos Mavrogiannopoulos
3f9a215f53 Allow for random and for predictable IP assignment. 2014-05-14 13:00:11 +02:00
Nikos Mavrogiannopoulos
09704b8819 Password authentication is now delegated to sec-mod. 
That prevents any memory from the authentication modules to be leaked
to a worker process. As a result, the status zombie and dead no longer
exists.
 2014-05-14 11:37:01 +02:00
Nikos Mavrogiannopoulos
df7b124df4 include malloc.h when needed. 2014-05-13 21:19:56 +02:00
Nikos Mavrogiannopoulos
07559df432 Corrected the removal of socket files in chrooted environment. 
In addition remove the occtl_socket_file.
 2014-05-12 11:14:53 +02:00
Nikos Mavrogiannopoulos
5e3afb92ad eliminate the need for a worker_pool variable in main_server_st. 2014-05-12 10:51:18 +02:00
Nikos Mavrogiannopoulos
1465a5922c Added no-udp group configuration option. 
That options allows disabling UDP for specific users or groups.
 2014-05-12 10:29:29 +02:00
Nikos Mavrogiannopoulos
2338251a0f corrected PAM module and its usage of malloc. 2014-05-12 10:25:03 +02:00
Nikos Mavrogiannopoulos
9f07c42b82 Allow the main process to connect to sec-module. 
That allows gnutls' to verify the key validity during initialization.
 2014-05-12 10:12:39 +02:00
Nikos Mavrogiannopoulos
ed0cb777dd occtl: propagate error codes on error conditions. 2014-05-11 14:23:11 +02:00
Nikos Mavrogiannopoulos
522a9c35a4 Allow modifying the default occtl socket file. 2014-05-11 14:16:38 +02:00