GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,363 Commits 19 Branches 88 Tags
473ceebe4c2ea22bb294967d9d9313e514ec53b1
Commit Graph

1363 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
c7653e2844 doc update 2014-05-25 10:17:54 +02:00
Nikos Mavrogiannopoulos
7ba0fffb07 Added the configuration option deny-roaming. 
That required moving the read of the group configuration during the
cookie authentication phase.
 2014-05-25 10:17:28 +02:00
Nikos Mavrogiannopoulos
4b91005118 released 0.8.0pre0 2014-05-24 14:38:24 +02:00
Nikos Mavrogiannopoulos
78132e2a6d Added auto group listing on PAM authentication as well. 
In addition a configuration option to print group IDs over a
certain number was added.
 2014-05-23 16:36:48 +02:00
Nikos Mavrogiannopoulos
d3f701fba5 ensure that the group table isn't overflowed. 2014-05-23 16:01:26 +02:00
Nikos Mavrogiannopoulos
618a386f73 doc update 2014-05-23 13:31:05 +02:00
Nikos Mavrogiannopoulos
213f9a63ee license upgraded to GPLv3 2014-05-23 11:50:56 +02:00
Nikos Mavrogiannopoulos
21aba3d3e7 test-pam: better messages 2014-05-23 11:45:35 +02:00
Nikos Mavrogiannopoulos
8eec409803 remove const from temp variables. 2014-05-23 11:43:08 +02:00
Nikos Mavrogiannopoulos
de50dd413b Better auth log messages. 2014-05-23 11:36:37 +02:00
Nikos Mavrogiannopoulos
978e89c53f re-use the string replace API for route add/del replacements. 2014-05-23 11:36:37 +02:00
Nikos Mavrogiannopoulos
d51a7cb7e7 re-use the string replace API for route add/del replacements. 2014-05-23 11:32:07 +02:00
Nikos Mavrogiannopoulos
57d848d228 The replaced keywords were put into brackets. 2014-05-23 11:19:42 +02:00
Nikos Mavrogiannopoulos
92565e1f5d check for allocation error in custom header replacement. 2014-05-23 11:11:42 +02:00
Nikos Mavrogiannopoulos
51494e0df1 doc update 2014-05-23 11:08:23 +02:00
Nikos Mavrogiannopoulos
0a1f5f0f55 The custom header options allows %U and %G. 2014-05-23 11:07:39 +02:00
Nikos Mavrogiannopoulos
28943341db Added the proxy-url option to allow sending a proxy URL. 
This corresponds to the X-CSTP-MSIE-Proxy-Pac-URL CSTP header.
 2014-05-23 11:04:30 +02:00
Nikos Mavrogiannopoulos
9eeffef280 doc update 2014-05-22 13:48:46 +02:00
Nikos Mavrogiannopoulos
2276acf57b limit the cookie validity time to 3 hours in the configuration examples. 2014-05-22 13:48:09 +02:00
Nikos Mavrogiannopoulos
6dcc9acf77 Restrict cookies to a single IP address. 2014-05-21 16:19:07 +02:00
Nikos Mavrogiannopoulos
6ca3c4761c Cookies are packed using protocol buffers to reduce their size. 2014-05-21 16:11:05 +02:00
Nikos Mavrogiannopoulos
8ba0d563f0 Do not call close() twice. Issue spotted by coverity. 2014-05-21 14:54:18 +02:00
Nikos Mavrogiannopoulos
11a78970bb Correctly check for network name. Issue spotted using coverity. 2014-05-21 14:52:10 +02:00
Nikos Mavrogiannopoulos
e027dfd422 Corrected check for group list sending to client. 2014-05-21 14:48:19 +02:00
Nikos Mavrogiannopoulos
fce30e0513 doc update 2014-05-21 14:37:50 +02:00
Nikos Mavrogiannopoulos
0ed82312e9 Allow an empty friendly_group_list (in auto-select-group). 2014-05-21 14:23:02 +02:00
Nikos Mavrogiannopoulos
fbdcaa82ca Make pid-file an array to avoid issues with memory allocation. 2014-05-21 14:16:00 +02:00
Nikos Mavrogiannopoulos
7eb80a3c01 corrected filename 2014-05-21 13:52:34 +02:00
Nikos Mavrogiannopoulos
5b8b3b1aa7 When a client has already selected a group, re-order our group selection form. 
This is required by some Anyconnect clients and the openconnect android app.
 2014-05-21 12:40:05 +02:00
Nikos Mavrogiannopoulos
177c1c95bd Allow aliases to group names. 2014-05-21 12:25:26 +02:00
Nikos Mavrogiannopoulos
7153ea8ea7 more precise usage of MAX_*_SIZE definitions. 2014-05-21 06:21:34 +02:00
Kevin Cernekee
8e67f959ed Add missing GnuTLS header file 
sec-mod.h now uses gnutls_privkey_t, so include <gnutls/abstract.h> to
fix this error:

      CC       main-misc.o
    In file included from main-misc.c:43:0:
    ./sec-mod.h:31:2: error: unknown type name ‘gnutls_privkey_t’
      gnutls_privkey_t *key;
      ^
 2014-05-21 06:17:09 +02:00
Nikos Mavrogiannopoulos
5552fc7a61 bumped version 2014-05-20 23:31:11 +02:00
Nikos Mavrogiannopoulos
7133a1cf1b mention the occtl tool instead of who -u 2014-05-20 17:49:12 +02:00
Nikos Mavrogiannopoulos
5f93be350a doc update 2014-05-20 16:11:29 +02:00
Nikos Mavrogiannopoulos
125917a9ac doc update 2014-05-20 16:06:15 +02:00
Nikos Mavrogiannopoulos
b6531feee8 Corrected certificate generation instructions. 2014-05-20 15:50:11 +02:00
Nikos Mavrogiannopoulos
5af82e9ff4 fixed unescape code. 2014-05-20 15:50:09 +02:00
Nikos Mavrogiannopoulos
5d0bdf2966 Added test for group selection when having a certificate. 2014-05-20 15:49:56 +02:00
Nikos Mavrogiannopoulos
2969d37298 Added tests for group authentication using passwords and PAM. 2014-05-20 15:36:50 +02:00
Nikos Mavrogiannopoulos
aef5dc0633 Allow multiple groups to be present in a client certificate. 
In that case the user will be prompted to select a group.
 2014-05-20 15:36:40 +02:00
Nikos Mavrogiannopoulos
2668fe63b4 Added the default-select-group directive. 2014-05-19 20:00:35 +02:00
Nikos Mavrogiannopoulos
d44982235d doc update 2014-05-19 18:27:12 +02:00
Nikos Mavrogiannopoulos
659cc9850c Corrected filename in Makefile. 2014-05-19 18:26:06 +02:00
Nikos Mavrogiannopoulos
4755ee48c5 Added the select-group and auto-select-group config options. 
These options allow to prompt the user for a group prior to login.
That in addition enhances the password file format and multiple groups
can be specified on a comma separated list, as:
user:group1,group2,group3:$5$encodedpassword
 2014-05-19 18:25:25 +02:00
Nikos Mavrogiannopoulos
6bc625df81 The route configuration directive accepts the keyword 'default' 
In that case it will return a default route irrespective of any other
route directives. That allows overriding existing routes with a default
route for specific users and groups.
 2014-05-19 09:58:37 +02:00
Nikos Mavrogiannopoulos
0f0f96ef5c sample.config: comment out the occtl-socket-file. 2014-05-17 08:47:27 +02:00
Nikos Mavrogiannopoulos
d99c527758 memory reorganization in sec-mod. 
It no longer relies on main pool, it uses it's own pool.
In addition the DEBUG_LEAKS definition was added to allow debugging
leaks.
 2014-05-15 16:44:43 +02:00
Nikos Mavrogiannopoulos
48c42fe254 define HAVE_LIBTALLOC when libtalloc is being used. 2014-05-15 15:36:54 +02:00
Nikos Mavrogiannopoulos
739a2126d0 Clean-up all memory on deinitialization of sec-mod and worker. 
That will allow to easier spot any unintentional memory leaks.
 2014-05-15 15:36:03 +02:00