GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,210 Commits 19 Branches 88 Tags
4001719560f79812dd98291b37f88c740b3fd955
Commit Graph

868 Commits

Author SHA1 Message Date
Brian Chu
4001719560 Fix insufficient arguments in an error message. 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
 2014-06-02 11:52:41 +02:00
Nikos Mavrogiannopoulos
8c55420a12 Avoid warning due to unused variables. 2014-06-02 11:49:58 +02:00
Brian Chu
de0388a3f7 Fix tun device usage on *BSD. 
SIOCSIFADDR is deprecated on *BSD. Instead, use SIOCAIFADDR to
add an alias. Also destroy the tun device with SIOCIFDESTROY when
the client disconnects.
 2014-06-02 11:49:08 +02:00
Nikos Mavrogiannopoulos
264114e799 doc update 2014-06-02 09:33:26 +02:00
Nikos Mavrogiannopoulos
6f3c07ca2d SID is no longer being randomized in main. 
This was unecessary as it is now being set (and generated) by sec-mod.
 2014-06-02 09:28:36 +02:00
Nikos Mavrogiannopoulos
af7e967063 reduced the severity on several worker log messages. 2014-06-02 09:21:08 +02:00
Nikos Mavrogiannopoulos
429195987c corrected string comparison 2014-06-02 08:50:29 +02:00
Nikos Mavrogiannopoulos
3db871bb43 Do a more graceful termination of the client if main server closes the CMD fd. 2014-06-01 13:00:33 +02:00
Nikos Mavrogiannopoulos
0c21e47f85 Always use the native endianness. 2014-05-31 22:09:09 +02:00
Nikos Mavrogiannopoulos
ade4f84e70 autogenerate args files if version.inc is update. 2014-05-31 21:47:56 +02:00
Nikos Mavrogiannopoulos
936932c29c doc update 2014-05-30 08:55:33 +02:00
Nikos Mavrogiannopoulos
c6519a74c3 main: correct hashing of cookie 2014-05-29 00:29:27 +02:00
Nikos Mavrogiannopoulos
98ed640258 more debug messages 2014-05-29 00:27:20 +02:00
Nikos Mavrogiannopoulos
1e48d0d0de main: removed the inactive ban_list. 2014-05-29 00:20:13 +02:00
Nikos Mavrogiannopoulos
ff4f895cb0 main: deactivate the cookie when releasing proc. 2014-05-29 00:19:24 +02:00
Nikos Mavrogiannopoulos
5759032ef9 worker: only check for friendly names, if there are any 2014-05-29 00:14:28 +02:00
Nikos Mavrogiannopoulos
d11d8ae47c increased the maintainance time to 15 mins 2014-05-28 10:56:03 +02:00
Nikos Mavrogiannopoulos
3dd67c3f19 inline revive_cookie() 2014-05-28 10:48:27 +02:00
Nikos Mavrogiannopoulos
9eb68a381a No need for safe_memset() of the cookie hash. 2014-05-28 10:34:26 +02:00
Nikos Mavrogiannopoulos
e5c60a7a44 Limit the number of TLS resumption requests to one. 2014-05-28 10:32:35 +02:00
Nikos Mavrogiannopoulos
3a18882a40 Store a hash of the client's cookie instead of the cookie itself. 
That ensures that the cookies cannot be leaked from the server.
On a hash collision, the IP of the other cookie in use will be
hijacked.
 2014-05-28 10:13:08 +02:00
Nikos Mavrogiannopoulos
0f0cf31a79 zeroize cookies and TLS session data after read. 2014-05-28 10:11:17 +02:00
Nikos Mavrogiannopoulos
7ccdba8234 doc update 2014-05-27 16:04:53 +02:00
Nikos Mavrogiannopoulos
aaa06e3157 TLS sessions expire the at cookie timeout. 2014-05-27 16:01:14 +02:00
Nikos Mavrogiannopoulos
a872850b1e better printing of module name. 2014-05-27 16:01:09 +02:00
Nikos Mavrogiannopoulos
68071646c6 Report the number of active cookies and TLS resumed sessions to occtl 2014-05-27 16:01:03 +02:00
Nikos Mavrogiannopoulos
25fbdfbf70 Keep track of cookies internally. 
That allows to restrict the cookie validity time to the absolutely minimum
required to establish and reconnect a recently disconnected session.
That deprecates the cookie-validity option and introduces the cookie-timeout
option.
 2014-05-27 16:00:57 +02:00
Nikos Mavrogiannopoulos
a2728265b3 corrected safe_memset() of expired sessions. 2014-05-27 15:59:22 +02:00
Nikos Mavrogiannopoulos
01211c610c Allow memset of zero 2014-05-27 15:58:12 +02:00
Nikos Mavrogiannopoulos
0586e4c5fa Simplified the TLS hash table initialization. 2014-05-27 15:00:13 +02:00
Nikos Mavrogiannopoulos
8c82e8c96c Overwrite TLS session data prior to release. 2014-05-27 14:56:30 +02:00
Nikos Mavrogiannopoulos
b4fcf4df82 use macros for reason messages 2014-05-27 11:00:30 +02:00
Nikos Mavrogiannopoulos
2e1c1bb29f require the certificate being present on the sec-mod session initialization. 2014-05-27 10:46:16 +02:00
Nikos Mavrogiannopoulos
cdddc3df0a Better HTTP error messages. 2014-05-27 10:45:28 +02:00
Joerg Mayer
d879c9761a ocserv: Fix out of tree builds 
Signed-off-by: Joerg Mayer <jmayer@loplof.de>
 2014-05-27 09:32:29 +02:00
Nikos Mavrogiannopoulos
b5d5e3cb36 do not deny roaming by default 2014-05-26 13:04:16 +02:00
Nikos Mavrogiannopoulos
7e06e1acfb Return 401 error on cookie authentication failure. 2014-05-25 18:50:43 +02:00
Nikos Mavrogiannopoulos
7ba0fffb07 Added the configuration option deny-roaming. 
That required moving the read of the group configuration during the
cookie authentication phase.
 2014-05-25 10:17:28 +02:00
Nikos Mavrogiannopoulos
78132e2a6d Added auto group listing on PAM authentication as well. 
In addition a configuration option to print group IDs over a
certain number was added.
 2014-05-23 16:36:48 +02:00
Nikos Mavrogiannopoulos
d3f701fba5 ensure that the group table isn't overflowed. 2014-05-23 16:01:26 +02:00
Nikos Mavrogiannopoulos
213f9a63ee license upgraded to GPLv3 2014-05-23 11:50:56 +02:00
Nikos Mavrogiannopoulos
8eec409803 remove const from temp variables. 2014-05-23 11:43:08 +02:00
Nikos Mavrogiannopoulos
de50dd413b Better auth log messages. 2014-05-23 11:36:37 +02:00
Nikos Mavrogiannopoulos
978e89c53f re-use the string replace API for route add/del replacements. 2014-05-23 11:36:37 +02:00
Nikos Mavrogiannopoulos
d51a7cb7e7 re-use the string replace API for route add/del replacements. 2014-05-23 11:32:07 +02:00
Nikos Mavrogiannopoulos
57d848d228 The replaced keywords were put into brackets. 2014-05-23 11:19:42 +02:00
Nikos Mavrogiannopoulos
92565e1f5d check for allocation error in custom header replacement. 2014-05-23 11:11:42 +02:00
Nikos Mavrogiannopoulos
0a1f5f0f55 The custom header options allows %U and %G. 2014-05-23 11:07:39 +02:00
Nikos Mavrogiannopoulos
28943341db Added the proxy-url option to allow sending a proxy URL. 
This corresponds to the X-CSTP-MSIE-Proxy-Pac-URL CSTP header.
 2014-05-23 11:04:30 +02:00
Nikos Mavrogiannopoulos
2276acf57b limit the cookie validity time to 3 hours in the configuration examples. 2014-05-22 13:48:09 +02:00