GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,690 Commits 19 Branches 88 Tags
35a586a85c3af39d6de65b244a038f0989e81b47
Commit Graph

1690 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
35a586a85c tests: fixed explicit-ip check 2015-02-19 17:20:52 +01:00
Nikos Mavrogiannopoulos
98f88f2060 sec-mod-auth: use auth_user module function only when a module is available 2015-02-19 17:11:56 +01:00
Nikos Mavrogiannopoulos
08d4f7cfe3 tests: added PAM test suite 2015-02-19 17:08:24 +01:00
Nikos Mavrogiannopoulos
35817b9642 tests: added negative authentication checks 2015-02-19 16:03:56 +01:00
Nikos Mavrogiannopoulos
62be0ef470 tests: added kerberos-test 2015-02-19 15:41:04 +01:00
Nikos Mavrogiannopoulos
661d92cfc6 bumped version and updated NEWS 2015-02-19 15:31:55 +01:00
Nikos Mavrogiannopoulos
cc86c2d174 tests: added kerberos test suite 2015-02-19 15:27:58 +01:00
Nikos Mavrogiannopoulos
9a3be087b4 kkdcp: allow the handling of multiple realms per URL 2015-02-19 15:27:55 +01:00
Nikos Mavrogiannopoulos
5f1f0ce87e reduced level of command socket closed error 2015-02-19 15:27:52 +01:00
Nikos Mavrogiannopoulos
ab74201b99 gssapi: better log messages 2015-02-19 15:27:50 +01:00
Nikos Mavrogiannopoulos
4e9a329b59 pam: return empty message when not in the appropriate state 2015-02-19 15:27:47 +01:00
Nikos Mavrogiannopoulos
953241fc56 gssapi: require the localname to login 2015-02-19 15:27:42 +01:00
Nikos Mavrogiannopoulos
85de70c621 kkdcp: attempt to read the whole message 2015-02-19 15:27:40 +01:00
Nikos Mavrogiannopoulos
3e33936f0c corrected DER message construction 2015-02-19 15:27:37 +01:00
Nikos Mavrogiannopoulos
f591cb0181 sanitized strcmp check 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
7a46da3379 Use content-length: 0 when closing connection 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
fbce6f5924 when cookie is present avoid basic authentication 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
4a940145ad doc update 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
597d1a6a47 update username in GSSAPI 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
773d277802 kkdcp: perform the proper encoding and decoding on exchanged data 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
6334bada15 renamed urlfw to kkdcp 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
b5a0fe354f more specific log message 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
b300177eb7 Added max-password-retries config option 
That makes the number of retries prior to banning the IP
configurable.
 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
108d34f613 Ban an IP only when the MAX_PASSWORD_TRIES attempts have been exceeded 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
1fc59e0099 gssapi: better error printing and restrict to SPNEGO 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
1459f39790 X-Need-SPNEGO renamed to X-Support-SPNEGO 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
1f128219ae if gssapi authentication fails, switch to password auth if possible 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
06f2147155 prohibit worker from sending an auth_type of zero 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
c0ceeba0f8 Fail if authentication modules are changed on reload 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
bfeab4b015 Additional data are passed only to auth module's global_init 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
2d72c0a526 doc update 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
01ec22db27 Allow setting content-type urlfw, and allow tcp 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
ac4ca3cd70 updated documentation 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
494738dd55 Added url-fw config option 
That allows to specify a class of URLs where, if a client
POSTS to it, the data will be forwarded to the configured server,
and the client will receive its reply.
 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
41a6c25a91 use vasprintf() in cstp_printf() 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
11f43f144a eliminated auth message upper limit 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
4bbd987525 test-gssapi: added check for gssapi authentication 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
065bcbd2ea increased maximum message size to 2048 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
daa18cae8d Ensure that any messages are being forwarded even on success packet 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
51ab9a97d0 only print WWW-Authenticate when there are data to print 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
a08329b398 Allow GSSAPI authentication even from GET commands 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
e865dcb354 In certificate verification separate between no certificate and verification failure 2015-02-19 11:47:20 +01:00
Kevin Cernekee
370fa01de6 gssapi: Don't include gssapi header files if !HAVE_GSSAPI 
This fixes:

      CC       auth/gssapi.o
    auth/gssapi.c:30:27: fatal error: gssapi/gssapi.h: No such file or directory
     #include <gssapi/gssapi.h>
                               ^
 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
507d6cc502 test-pass-opt-cert: updated for enable-auth config option 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
afef74fa23 removed the certificate[optional] auth type 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
8bb0af61bc Added GSSAPI as an additional password auth mechanism 
That also adds the ability to support an OR composition of multiple
authentication methods. That is using the 'enable-auth' config option.
 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
5e4763d229 bumped version ocserv_0_9_2 2015-02-18 08:12:19 +01:00
Nikos Mavrogiannopoulos
a6f6dea2cb ip-lease: use 128 as prefix in local IP 2015-02-17 10:10:52 +01:00
Nikos Mavrogiannopoulos
579900211e doc update 2015-02-16 23:04:17 +01:00
Nikos Mavrogiannopoulos
8d08df70cc tests: updated for new IPv4 assignment 2015-02-16 23:03:29 +01:00