GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,195 Commits 19 Branches 88 Tags
37daebaf84e282a9a186aa9cd29d5d7febbc1526
Commit Graph

1195 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
37daebaf84 corrected compilation with local protobuf 2014-05-31 18:12:02 +02:00
Nikos Mavrogiannopoulos
936932c29c doc update 2014-05-30 08:55:33 +02:00
Nikos Mavrogiannopoulos
70dc25dce6 Listed previous releases. 2014-05-30 07:44:11 +02:00
Nikos Mavrogiannopoulos
68516206b2 bumped version 2014-05-29 21:11:04 +02:00
Nikos Mavrogiannopoulos
c6519a74c3 main: correct hashing of cookie 2014-05-29 00:29:27 +02:00
Nikos Mavrogiannopoulos
98ed640258 more debug messages 2014-05-29 00:27:20 +02:00
Nikos Mavrogiannopoulos
1e48d0d0de main: removed the inactive ban_list. 2014-05-29 00:20:13 +02:00
Nikos Mavrogiannopoulos
ff4f895cb0 main: deactivate the cookie when releasing proc. 2014-05-29 00:19:24 +02:00
Nikos Mavrogiannopoulos
5759032ef9 worker: only check for friendly names, if there are any 2014-05-29 00:14:28 +02:00
Nikos Mavrogiannopoulos
d11d8ae47c increased the maintainance time to 15 mins 2014-05-28 10:56:03 +02:00
Nikos Mavrogiannopoulos
3dd67c3f19 inline revive_cookie() 2014-05-28 10:48:27 +02:00
Nikos Mavrogiannopoulos
9eb68a381a No need for safe_memset() of the cookie hash. 2014-05-28 10:34:26 +02:00
Nikos Mavrogiannopoulos
e5c60a7a44 Limit the number of TLS resumption requests to one. 2014-05-28 10:32:35 +02:00
Nikos Mavrogiannopoulos
3a18882a40 Store a hash of the client's cookie instead of the cookie itself. 
That ensures that the cookies cannot be leaked from the server.
On a hash collision, the IP of the other cookie in use will be
hijacked.
 2014-05-28 10:13:08 +02:00
Nikos Mavrogiannopoulos
0f0cf31a79 zeroize cookies and TLS session data after read. 2014-05-28 10:11:17 +02:00
Nikos Mavrogiannopoulos
7ccdba8234 doc update 2014-05-27 16:04:53 +02:00
Nikos Mavrogiannopoulos
aaa06e3157 TLS sessions expire the at cookie timeout. 2014-05-27 16:01:14 +02:00
Nikos Mavrogiannopoulos
a872850b1e better printing of module name. 2014-05-27 16:01:09 +02:00
Nikos Mavrogiannopoulos
68071646c6 Report the number of active cookies and TLS resumed sessions to occtl 2014-05-27 16:01:03 +02:00
Nikos Mavrogiannopoulos
25fbdfbf70 Keep track of cookies internally. 
That allows to restrict the cookie validity time to the absolutely minimum
required to establish and reconnect a recently disconnected session.
That deprecates the cookie-validity option and introduces the cookie-timeout
option.
 2014-05-27 16:00:57 +02:00
Nikos Mavrogiannopoulos
a2728265b3 corrected safe_memset() of expired sessions. 2014-05-27 15:59:22 +02:00
Nikos Mavrogiannopoulos
01211c610c Allow memset of zero 2014-05-27 15:58:12 +02:00
Nikos Mavrogiannopoulos
0586e4c5fa Simplified the TLS hash table initialization. 2014-05-27 15:00:13 +02:00
Nikos Mavrogiannopoulos
8c82e8c96c Overwrite TLS session data prior to release. 2014-05-27 14:56:30 +02:00
Nikos Mavrogiannopoulos
b4fcf4df82 use macros for reason messages 2014-05-27 11:00:30 +02:00
Nikos Mavrogiannopoulos
2e1c1bb29f require the certificate being present on the sec-mod session initialization. 2014-05-27 10:46:16 +02:00
Nikos Mavrogiannopoulos
cdddc3df0a Better HTTP error messages. 2014-05-27 10:45:28 +02:00
Nikos Mavrogiannopoulos
a2b0898821 doc update 2014-05-27 10:34:15 +02:00
Joerg Mayer
d879c9761a ocserv: Fix out of tree builds 
Signed-off-by: Joerg Mayer <jmayer@loplof.de>
 2014-05-27 09:32:29 +02:00
Nikos Mavrogiannopoulos
843883750c enable cisco-client-compat in cert test 2014-05-27 09:00:34 +02:00
Nikos Mavrogiannopoulos
b5d5e3cb36 do not deny roaming by default 2014-05-26 13:04:16 +02:00
Nikos Mavrogiannopoulos
7e06e1acfb Return 401 error on cookie authentication failure. 2014-05-25 18:50:43 +02:00
Nikos Mavrogiannopoulos
c7653e2844 doc update 2014-05-25 10:17:54 +02:00
Nikos Mavrogiannopoulos
7ba0fffb07 Added the configuration option deny-roaming. 
That required moving the read of the group configuration during the
cookie authentication phase.
 2014-05-25 10:17:28 +02:00
Nikos Mavrogiannopoulos
4b91005118 released 0.8.0pre0 2014-05-24 14:38:24 +02:00
Nikos Mavrogiannopoulos
78132e2a6d Added auto group listing on PAM authentication as well. 
In addition a configuration option to print group IDs over a
certain number was added.
 2014-05-23 16:36:48 +02:00
Nikos Mavrogiannopoulos
d3f701fba5 ensure that the group table isn't overflowed. 2014-05-23 16:01:26 +02:00
Nikos Mavrogiannopoulos
618a386f73 doc update 2014-05-23 13:31:05 +02:00
Nikos Mavrogiannopoulos
213f9a63ee license upgraded to GPLv3 2014-05-23 11:50:56 +02:00
Nikos Mavrogiannopoulos
21aba3d3e7 test-pam: better messages 2014-05-23 11:45:35 +02:00
Nikos Mavrogiannopoulos
8eec409803 remove const from temp variables. 2014-05-23 11:43:08 +02:00
Nikos Mavrogiannopoulos
de50dd413b Better auth log messages. 2014-05-23 11:36:37 +02:00
Nikos Mavrogiannopoulos
978e89c53f re-use the string replace API for route add/del replacements. 2014-05-23 11:36:37 +02:00
Nikos Mavrogiannopoulos
d51a7cb7e7 re-use the string replace API for route add/del replacements. 2014-05-23 11:32:07 +02:00
Nikos Mavrogiannopoulos
57d848d228 The replaced keywords were put into brackets. 2014-05-23 11:19:42 +02:00
Nikos Mavrogiannopoulos
92565e1f5d check for allocation error in custom header replacement. 2014-05-23 11:11:42 +02:00
Nikos Mavrogiannopoulos
51494e0df1 doc update 2014-05-23 11:08:23 +02:00
Nikos Mavrogiannopoulos
0a1f5f0f55 The custom header options allows %U and %G. 2014-05-23 11:07:39 +02:00
Nikos Mavrogiannopoulos
28943341db Added the proxy-url option to allow sending a proxy URL. 
This corresponds to the X-CSTP-MSIE-Proxy-Pac-URL CSTP header.
 2014-05-23 11:04:30 +02:00
Nikos Mavrogiannopoulos
9eeffef280 doc update 2014-05-22 13:48:46 +02:00