Nikos Mavrogiannopoulos
25fbdfbf70
Keep track of cookies internally.
...
That allows to restrict the cookie validity time to the absolutely minimum
required to establish and reconnect a recently disconnected session.
That deprecates the cookie-validity option and introduces the cookie-timeout
option.
2014-05-27 16:00:57 +02:00
Nikos Mavrogiannopoulos
a2728265b3
corrected safe_memset() of expired sessions.
2014-05-27 15:59:22 +02:00
Nikos Mavrogiannopoulos
01211c610c
Allow memset of zero
2014-05-27 15:58:12 +02:00
Nikos Mavrogiannopoulos
0586e4c5fa
Simplified the TLS hash table initialization.
2014-05-27 15:00:13 +02:00
Nikos Mavrogiannopoulos
8c82e8c96c
Overwrite TLS session data prior to release.
2014-05-27 14:56:30 +02:00
Nikos Mavrogiannopoulos
b4fcf4df82
use macros for reason messages
2014-05-27 11:00:30 +02:00
Nikos Mavrogiannopoulos
2e1c1bb29f
require the certificate being present on the sec-mod session initialization.
2014-05-27 10:46:16 +02:00
Nikos Mavrogiannopoulos
cdddc3df0a
Better HTTP error messages.
2014-05-27 10:45:28 +02:00
Nikos Mavrogiannopoulos
a2b0898821
doc update
2014-05-27 10:34:15 +02:00
Joerg Mayer
d879c9761a
ocserv: Fix out of tree builds
...
Signed-off-by: Joerg Mayer <jmayer@loplof.de >
2014-05-27 09:32:29 +02:00
Nikos Mavrogiannopoulos
843883750c
enable cisco-client-compat in cert test
2014-05-27 09:00:34 +02:00
Nikos Mavrogiannopoulos
b5d5e3cb36
do not deny roaming by default
2014-05-26 13:04:16 +02:00
Nikos Mavrogiannopoulos
7e06e1acfb
Return 401 error on cookie authentication failure.
2014-05-25 18:50:43 +02:00
Nikos Mavrogiannopoulos
c7653e2844
doc update
2014-05-25 10:17:54 +02:00
Nikos Mavrogiannopoulos
7ba0fffb07
Added the configuration option deny-roaming.
...
That required moving the read of the group configuration during the
cookie authentication phase.
2014-05-25 10:17:28 +02:00
Nikos Mavrogiannopoulos
4b91005118
released 0.8.0pre0
2014-05-24 14:38:24 +02:00
Nikos Mavrogiannopoulos
78132e2a6d
Added auto group listing on PAM authentication as well.
...
In addition a configuration option to print group IDs over a
certain number was added.
2014-05-23 16:36:48 +02:00
Nikos Mavrogiannopoulos
d3f701fba5
ensure that the group table isn't overflowed.
2014-05-23 16:01:26 +02:00
Nikos Mavrogiannopoulos
618a386f73
doc update
2014-05-23 13:31:05 +02:00
Nikos Mavrogiannopoulos
213f9a63ee
license upgraded to GPLv3
2014-05-23 11:50:56 +02:00
Nikos Mavrogiannopoulos
21aba3d3e7
test-pam: better messages
2014-05-23 11:45:35 +02:00
Nikos Mavrogiannopoulos
8eec409803
remove const from temp variables.
2014-05-23 11:43:08 +02:00
Nikos Mavrogiannopoulos
de50dd413b
Better auth log messages.
2014-05-23 11:36:37 +02:00
Nikos Mavrogiannopoulos
978e89c53f
re-use the string replace API for route add/del replacements.
2014-05-23 11:36:37 +02:00
Nikos Mavrogiannopoulos
d51a7cb7e7
re-use the string replace API for route add/del replacements.
2014-05-23 11:32:07 +02:00
Nikos Mavrogiannopoulos
57d848d228
The replaced keywords were put into brackets.
2014-05-23 11:19:42 +02:00
Nikos Mavrogiannopoulos
92565e1f5d
check for allocation error in custom header replacement.
2014-05-23 11:11:42 +02:00
Nikos Mavrogiannopoulos
51494e0df1
doc update
2014-05-23 11:08:23 +02:00
Nikos Mavrogiannopoulos
0a1f5f0f55
The custom header options allows %U and %G.
2014-05-23 11:07:39 +02:00
Nikos Mavrogiannopoulos
28943341db
Added the proxy-url option to allow sending a proxy URL.
...
This corresponds to the X-CSTP-MSIE-Proxy-Pac-URL CSTP header.
2014-05-23 11:04:30 +02:00
Nikos Mavrogiannopoulos
9eeffef280
doc update
2014-05-22 13:48:46 +02:00
Nikos Mavrogiannopoulos
2276acf57b
limit the cookie validity time to 3 hours in the configuration examples.
2014-05-22 13:48:09 +02:00
Nikos Mavrogiannopoulos
6dcc9acf77
Restrict cookies to a single IP address.
2014-05-21 16:19:07 +02:00
Nikos Mavrogiannopoulos
6ca3c4761c
Cookies are packed using protocol buffers to reduce their size.
2014-05-21 16:11:05 +02:00
Nikos Mavrogiannopoulos
8ba0d563f0
Do not call close() twice. Issue spotted by coverity.
2014-05-21 14:54:18 +02:00
Nikos Mavrogiannopoulos
11a78970bb
Correctly check for network name. Issue spotted using coverity.
2014-05-21 14:52:10 +02:00
Nikos Mavrogiannopoulos
e027dfd422
Corrected check for group list sending to client.
2014-05-21 14:48:19 +02:00
Nikos Mavrogiannopoulos
fce30e0513
doc update
2014-05-21 14:37:50 +02:00
Nikos Mavrogiannopoulos
0ed82312e9
Allow an empty friendly_group_list (in auto-select-group).
2014-05-21 14:23:02 +02:00
Nikos Mavrogiannopoulos
fbdcaa82ca
Make pid-file an array to avoid issues with memory allocation.
2014-05-21 14:16:00 +02:00
Nikos Mavrogiannopoulos
7eb80a3c01
corrected filename
2014-05-21 13:52:34 +02:00
Nikos Mavrogiannopoulos
5b8b3b1aa7
When a client has already selected a group, re-order our group selection form.
...
This is required by some Anyconnect clients and the openconnect android app.
2014-05-21 12:40:05 +02:00
Nikos Mavrogiannopoulos
177c1c95bd
Allow aliases to group names.
2014-05-21 12:25:26 +02:00
Nikos Mavrogiannopoulos
7153ea8ea7
more precise usage of MAX_*_SIZE definitions.
2014-05-21 06:21:34 +02:00
Kevin Cernekee
8e67f959ed
Add missing GnuTLS header file
...
sec-mod.h now uses gnutls_privkey_t, so include <gnutls/abstract.h> to
fix this error:
CC main-misc.o
In file included from main-misc.c:43:0:
./sec-mod.h:31:2: error: unknown type name ‘gnutls_privkey_t’
gnutls_privkey_t *key;
^
2014-05-21 06:17:09 +02:00
Nikos Mavrogiannopoulos
5552fc7a61
bumped version
2014-05-20 23:31:11 +02:00
Nikos Mavrogiannopoulos
7133a1cf1b
mention the occtl tool instead of who -u
2014-05-20 17:49:12 +02:00
Nikos Mavrogiannopoulos
5f93be350a
doc update
2014-05-20 16:11:29 +02:00
Nikos Mavrogiannopoulos
125917a9ac
doc update
2014-05-20 16:06:15 +02:00
Nikos Mavrogiannopoulos
b6531feee8
Corrected certificate generation instructions.
2014-05-20 15:50:11 +02:00
