ocserv

mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00

Author	SHA1	Message	Date
Nikos Mavrogiannopoulos	41bcc9d0c0	radius: put the process ID into NAS-Port	2015-05-11 14:15:25 +02:00
Nikos Mavrogiannopoulos	f89525ff94	added config option 'persistent-cookies' When it is set, it doesn't invalidate cookies after user disconnection.	2015-05-06 20:41:42 +02:00
Nikos Mavrogiannopoulos	4083684be2	sec-mod: terminate a client session immediately only if there is a single user	2015-05-06 13:15:43 +02:00
Nikos Mavrogiannopoulos	df4425a7d2	radius: consider Acct-Interim-Interval by default That can also be overriden by specifying 'override-interim-updates=true' in the radius subconfig.	2015-05-05 11:24:34 +02:00
Nikos Mavrogiannopoulos	9ed9716e0e	radius: send IP address on session start	2015-05-04 19:02:40 +02:00
Nikos Mavrogiannopoulos	2929e1c2e8	radius: properly close accounting for certificate sessions	2015-05-04 10:25:37 +02:00
Nikos Mavrogiannopoulos	3f91dfab83	corrected termination of sessions which had no associated module (i.e., certificate)	2015-04-29 11:55:15 +02:00
Nikos Mavrogiannopoulos	6e336431fe	radius: distinguish between user disconnect and admin reset of worker process	2015-04-29 11:45:29 +02:00
Nikos Mavrogiannopoulos	e0cd5c2660	on explicit user termination notify radious as soon	2015-04-28 16:36:35 +02:00
Nikos Mavrogiannopoulos	a034626add	radius: differentiate between user termination and session timeout	2015-04-27 09:49:45 +02:00
Nikos Mavrogiannopoulos	02aa9c691e	keep track of client entries in sec-mod and report them in status msg	2015-04-26 17:06:16 +02:00
Nikos Mavrogiannopoulos	ea7b975840	sec-mod: expire sessions which are in terminated state Reported by riteki@gmail.com.	2015-04-26 16:46:39 +02:00
Nikos Mavrogiannopoulos	b3db947a7d	when the user has voluntarily terminated the session invalidate the cookie	2015-04-21 16:00:20 +02:00
Nikos Mavrogiannopoulos	4a40ec6afa	reduce messages sent by main to sec-mod	2015-03-26 07:48:02 +01:00
Nikos Mavrogiannopoulos	7ea22d3aac	receive SM_CMD_AUTH_BAN_IP_REPLY asynchronously to prevent race conditions	2015-03-23 11:13:26 +01:00
Nikos Mavrogiannopoulos	53aa95bc1e	print unknown SIDs	2015-03-16 14:06:45 +01:00
Nikos Mavrogiannopoulos	423540b757	tolerate session close in unusual cases, and avoid desync	2015-03-14 18:54:22 +01:00
Nikos Mavrogiannopoulos	6c1f88a090	sec-mod: only exit on ERR_BAD_COMMAND errors from main msg handler	2015-03-14 18:46:17 +01:00
Nikos Mavrogiannopoulos	cc16a65819	separated permanent configuration options from the reloaded ones	2015-03-02 13:18:52 +01:00
Nikos Mavrogiannopoulos	4eafc3c847	client stats are conveyed to master through sec-mod That way both can keep a more accurate picture of user statistics.	2015-02-27 22:33:58 +01:00
Nikos Mavrogiannopoulos	ee7cba2fd2	sec-mod: simplified session open and close handling	2015-02-27 21:45:23 +01:00
Nikos Mavrogiannopoulos	4bbf27a1e8	don't attempt keeping scores for banning if banning is disabled	2015-02-27 08:57:26 +01:00
Nikos Mavrogiannopoulos	56bb8e1be1	sec-mod: do not reply on session close cmd	2015-02-27 07:50:59 +01:00
Nikos Mavrogiannopoulos	445ea63783	made the ban points configurable	2015-02-26 11:23:06 +01:00
Nikos Mavrogiannopoulos	7619895a25	removed server-name config option	2015-02-26 11:00:07 +01:00
Nikos Mavrogiannopoulos	7a675ff5e2	When sending BAN IP messages to main receive a reply on whether further actions should continue That allows to BAN a user even during an open connection.	2015-02-25 20:08:51 +01:00
Nikos Mavrogiannopoulos	874d0ce0e2	sec-mod: always send a reply to main	2015-02-25 19:10:16 +01:00
Nikos Mavrogiannopoulos	dbfca447a6	sec-mod: reply to main on failure to verify a session open cmd	2015-02-25 16:29:39 +01:00
Nikos Mavrogiannopoulos	0aa2c86f08	Added points in KKDCP connections to prevent DoS attacks.	2015-02-25 14:31:21 +01:00
Nikos Mavrogiannopoulos	a617485232	enforce of IP banning was moved to main	2015-02-25 13:16:56 +01:00
Nikos Mavrogiannopoulos	7b9e5a9f2a	when printing session information in log restrict to 5 chars	2015-02-24 10:41:34 +01:00
Nikos Mavrogiannopoulos	40e96aae45	Separated accounting from authentication.	2015-02-23 15:19:44 +01:00
Nikos Mavrogiannopoulos	88e008cda3	radius: when sending accounting information include any updated IP	2015-02-23 09:34:06 +01:00
Nikos Mavrogiannopoulos	e7f0b1f947	keep statistics over the lifetime of a session rather than closing and opening the session multiple times	2015-02-22 22:01:47 +01:00
Nikos Mavrogiannopoulos	bc7c1bf8d9	check state on session cmd	2015-02-22 10:35:52 +01:00
Nikos Mavrogiannopoulos	9682a0f635	when combining multiple auth methods as primary, combine the name as well	2015-02-22 10:31:55 +01:00
Nikos Mavrogiannopoulos	de932ec60a	removed pointless check	2015-02-22 10:08:10 +01:00
Nikos Mavrogiannopoulos	f1bc754169	add part of the session ID in logs to differentiate them	2015-02-21 17:14:09 +01:00
Nikos Mavrogiannopoulos	89ca2a3889	sec-mod: prevent an auth init message when not in inactive mode	2015-02-21 16:40:53 +01:00
Nikos Mavrogiannopoulos	30300cf65e	sec-mod: more verbose logging	2015-02-21 16:32:14 +01:00
Nikos Mavrogiannopoulos	218162458e	sec-mod: corrected usage counting issue in client entries kept	2015-02-21 10:03:33 +01:00
Nikos Mavrogiannopoulos	c1a6f4730b	Added the configure option server-name If set it will be used to set the NAS_IDENTIFIER in radius.	2015-02-21 08:20:16 +01:00
Nikos Mavrogiannopoulos	2557944bf0	eliminated unneeded variable	2015-02-19 19:29:03 +01:00
Nikos Mavrogiannopoulos	98f88f2060	sec-mod-auth: use auth_user module function only when a module is available	2015-02-19 17:11:56 +01:00
Nikos Mavrogiannopoulos	597d1a6a47	update username in GSSAPI	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	108d34f613	Ban an IP only when the MAX_PASSWORD_TRIES attempts have been exceeded	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	06f2147155	prohibit worker from sending an auth_type of zero	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	bfeab4b015	Additional data are passed only to auth module's global_init	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	11f43f144a	eliminated auth message upper limit	2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos	daa18cae8d	Ensure that any messages are being forwarded even on success packet	2015-02-19 11:47:20 +01:00

1 2

96 Commits