GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,227 Commits 19 Branches 88 Tags
28dca2aa0ce96bb19bdb7fba82f570d95472e872
Commit Graph

19 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
28dca2aa0c Added support for session control (relevant for PAM for now) 
That in effect will utilize the pam_open_session() and pam_close_session().
It is disabled by default as it requires more resources from the security module.
 2014-06-10 15:16:40 +02:00
Nikos Mavrogiannopoulos
01db3e5817 Include the SID into the cookie and store it in proc_st. 2014-06-10 10:41:10 +02:00
Nikos Mavrogiannopoulos
25fbdfbf70 Keep track of cookies internally. 
That allows to restrict the cookie validity time to the absolutely minimum
required to establish and reconnect a recently disconnected session.
That deprecates the cookie-validity option and introduces the cookie-timeout
option.
 2014-05-27 16:00:57 +02:00
Nikos Mavrogiannopoulos
2e1c1bb29f require the certificate being present on the sec-mod session initialization. 2014-05-27 10:46:16 +02:00
Nikos Mavrogiannopoulos
78132e2a6d Added auto group listing on PAM authentication as well. 
In addition a configuration option to print group IDs over a
certain number was added.
 2014-05-23 16:36:48 +02:00
Nikos Mavrogiannopoulos
213f9a63ee license upgraded to GPLv3 2014-05-23 11:50:56 +02:00
Nikos Mavrogiannopoulos
de50dd413b Better auth log messages. 2014-05-23 11:36:37 +02:00
Nikos Mavrogiannopoulos
6dcc9acf77 Restrict cookies to a single IP address. 2014-05-21 16:19:07 +02:00
Nikos Mavrogiannopoulos
6ca3c4761c Cookies are packed using protocol buffers to reduce their size. 2014-05-21 16:11:05 +02:00
Nikos Mavrogiannopoulos
7153ea8ea7 more precise usage of MAX_*_SIZE definitions. 2014-05-21 06:21:34 +02:00
Nikos Mavrogiannopoulos
aef5dc0633 Allow multiple groups to be present in a client certificate. 
In that case the user will be prompted to select a group.
 2014-05-20 15:36:40 +02:00
Nikos Mavrogiannopoulos
4755ee48c5 Added the select-group and auto-select-group config options. 
These options allow to prompt the user for a group prior to login.
That in addition enhances the password file format and multiple groups
can be specified on a comma separated list, as:
user:group1,group2,group3:$5$encodedpassword
 2014-05-19 18:25:25 +02:00
Nikos Mavrogiannopoulos
d99c527758 memory reorganization in sec-mod. 
It no longer relies on main pool, it uses it's own pool.
In addition the DEBUG_LEAKS definition was added to allow debugging
leaks.
 2014-05-15 16:44:43 +02:00
Nikos Mavrogiannopoulos
f9ce018f68 Add the clock_gettime() syscall on the list of allowed in seccomp. 2014-05-15 14:28:18 +02:00
Nikos Mavrogiannopoulos
68c4b2371b Renamed main-auth.h. 2014-05-15 11:39:02 +02:00
Nikos Mavrogiannopoulos
fcaeacbd00 Added sanity checks in state transitions. 2014-05-14 14:51:41 +02:00
Nikos Mavrogiannopoulos
53f3129da9 Authentication modules were moved to subdirectory auth/ 2014-05-14 14:35:50 +02:00
Nikos Mavrogiannopoulos
3f9a215f53 Allow for random and for predictable IP assignment. 2014-05-14 13:00:11 +02:00
Nikos Mavrogiannopoulos
09704b8819 Password authentication is now delegated to sec-mod. 
That prevents any memory from the authentication modules to be leaked
to a worker process. As a result, the status zombie and dead no longer
exists.
 2014-05-14 11:37:01 +02:00