GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,523 Commits 19 Branches 88 Tags
4c43f06ab5578bcebc08a8477640628d349d6b3c
Commit Graph

2523 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
4c43f06ab5 tests: added check for connection using invalid certificate 2016-04-12 22:13:54 +02:00
Nikos Mavrogiannopoulos
34d059c43a sec-mod: corrected comment 2016-04-12 21:54:12 +02:00
Nikos Mavrogiannopoulos
eb9cdf1933 TODO: mention hostname override 2016-04-12 21:48:11 +02:00
Nikos Mavrogiannopoulos
01cde787d3 doc update 2016-04-02 15:06:13 +02:00
Nikos Mavrogiannopoulos
071a37aaa4 tests: Added test for radius group receiving 
This tests the receiving of groups using "Class" radius attribute
in the format "OU=group1;group2".
 2016-04-01 15:39:38 +02:00
Nikos Mavrogiannopoulos
e798493d08 sec-mod: perform group checks at auth completion stage 
This allows to retrieve allowed groups from radius response.
 2016-04-01 15:39:02 +02:00
Nikos Mavrogiannopoulos
b5cabb9589 tests: added check for trim_trailing_whitespace() 2016-04-01 15:33:11 +02:00
Nikos Mavrogiannopoulos
ade786a0f1 radius: replace experimental Group-Name with Class attribute 
The current format allows to handle multiple groups and is used
by several radius servers.

Suggested by Yick Xie.
 2016-04-01 15:33:11 +02:00
Nikos Mavrogiannopoulos
0b4333d7ee ocserv: warn when conflicting supplemental config options are specified 
That is, do not allow radius' groupconfig=true option to be combined
with config-per-user/group. This reduces frustration since these options
are incompatible.
 2016-04-01 15:32:27 +02:00
Nikos Mavrogiannopoulos
34857ff5a5 tests: check for DNS information propagation in user config 2016-04-01 15:32:20 +02:00
Nikos Mavrogiannopoulos
6bd1d0b0e0 worker: always free the previous msg in an fd update 2016-03-28 15:49:48 +02:00
Nikos Mavrogiannopoulos
2f684a227b doc update 2016-03-23 19:53:38 +01:00
Nikos Mavrogiannopoulos
a037174a87 occtl: use '?' for unknown time 2016-03-23 19:52:40 +01:00
Nikos Mavrogiannopoulos
1b1fab8c3c occtl: add newline into print iroutes 2016-03-21 21:48:48 +01:00
Nikos Mavrogiannopoulos
adc4aa40af sec-mod: don't set negative time into last_modified field 2016-03-21 21:44:45 +01:00
Nikos Mavrogiannopoulos
cd4fe99a57 main: don't require a full handshake packet when forwarding UDP session 
That is, to allow any small DPD packets to be sent to the correct
worker process.
 2016-03-19 23:26:19 +01:00
Nikos Mavrogiannopoulos
441c112575 bumped version ocserv_0_11_1 2016-03-19 13:05:34 +01:00
Nikos Mavrogiannopoulos
8bfc3f6e2d reduced logging verbosity in certain common failures 2016-03-13 10:29:28 +01:00
Nikos Mavrogiannopoulos
76e6aef74d doc: mention the ip_address option 2016-03-08 12:27:07 +01:00
Nikos Mavrogiannopoulos
98647dc117 occtl: correctly print last modified field 2016-03-07 16:12:36 +01:00
Nikos Mavrogiannopoulos
eb71a82210 worker: improved exit reason reporting for server disconnects 2016-03-07 13:56:16 +01:00
Nikos Mavrogiannopoulos
da4e4fcf2a Improved error message propagation due to new combined APIs 
This amends 8892eb1934
 2016-03-07 13:51:55 +01:00
Nikos Mavrogiannopoulos
c213a8b8fc sec-mod: do not export expired entries to cookies list op 
Also combined macro to determine expired entries.
 2016-03-07 13:42:46 +01:00
Nikos Mavrogiannopoulos
e4dbeb6bd3 more files to ignore 2016-03-06 19:08:10 +01:00
Nikos Mavrogiannopoulos
94b2da514c occtl: split show cookies to all and valid 2016-03-06 19:07:33 +01:00
Nikos Mavrogiannopoulos
e0947340bb ipc: pass the connection status as integer 
Conversion to textual form now happens at the client (occtl)
instead of the main server.
 2016-03-06 19:07:24 +01:00
Nikos Mavrogiannopoulos
8892eb1934 use a single format for all messages simplifying server 
That patch also combines all the message generation or receiving
functions for to allow easier modifications to the format.
 2016-03-06 19:07:07 +01:00
Nikos Mavrogiannopoulos
8a99ed78db doc update 2016-03-06 12:06:44 +01:00
Nikos Mavrogiannopoulos
f3338e84f7 Added occtl command to display cookies 
This allows to display and examine valid cookies from occtl.
 2016-03-06 12:05:36 +01:00
Nikos Mavrogiannopoulos
4541a73d3d tests: fixed proxyproto test on debian 2016-03-05 16:58:17 +01:00
Nikos Mavrogiannopoulos
435c78fa3d doc: eliminated references to HOSTNAME 
It was never available in the up/down scripts.
 2016-03-05 16:45:39 +01:00
Nikos Mavrogiannopoulos
4a1d8ab246 doc update 2016-03-05 16:43:20 +01:00
Nikos Mavrogiannopoulos
94e44d2eda tests: updated debian docker file 2016-03-05 14:10:30 +01:00
Nikos Mavrogiannopoulos
63d3b98cad use more consistent naming in internal messages 2016-03-05 14:00:50 +01:00
Nikos Mavrogiannopoulos
76e602a4ca worker: don't log the SID in normal debugging levels 2016-03-05 11:20:54 +01:00
Nikos Mavrogiannopoulos
a2d62c005d worker: censor the DTLS master secret header as well 2016-03-05 11:16:03 +01:00
Nikos Mavrogiannopoulos
33a11af1b8 worker: pass received hostname to user via SESSION_INFO msg 2016-03-04 16:52:48 +01:00
Nikos Mavrogiannopoulos
9d144c89a9 Eliminated hostname handling in sec-mod 
This value never reached sec-mod as it is only get known
after session is initiated by the client (i.e., after
auth_rep message is received).
 2016-03-04 16:47:52 +01:00
Nikos Mavrogiannopoulos
2659d555ac main: overwrite the SID after removing a proc struct and on received packets 
That's because it is a sensitive value that can be used to resume
existing sessions. I should have used the fork+exec model in main.
 2016-03-04 16:33:08 +01:00
Nikos Mavrogiannopoulos
5ee78fec14 run_sec_mod: close unused sync fd 2016-03-02 09:19:06 +01:00
Nikos Mavrogiannopoulos
2fa8ed478e doc update [ci skip] 2016-02-29 14:22:03 +01:00
Nikos Mavrogiannopoulos
993df97b9b worker-privs: added getpid to the list of allowed syscalls 2016-02-27 17:55:02 +01:00
Nikos Mavrogiannopoulos
d64431ab83 doc update [ci skip] 2016-02-23 16:09:06 +01:00
Nikos Mavrogiannopoulos
f41b425f23 worker: replaced the timeout-based session forwarding with a validity checking 
That checks whether the first packet received in the new session is valid
and if true, accept the new fd. This avoids the mess with validity detection
based on timeouts.
 2016-02-23 15:50:39 +01:00
Nikos Mavrogiannopoulos
4fd259928d doc update [ci skip] 2016-02-23 15:35:59 +01:00
Nikos Mavrogiannopoulos
fccaca16bd Increased the SID (cookie) size to 256-bits 2016-02-23 15:31:17 +01:00
Nikos Mavrogiannopoulos
0be5ada07b tests: removed cookie key rotation check 
It is no longer applicable.
 2016-02-23 15:31:17 +01:00
Nikos Mavrogiannopoulos
010257c6a2 Simplified cookie handling 
This change set eliminates the need for cryptographically authenticated
cookies and relies on sec-module providing accurate information on
the SID provided by the client.
 2016-02-23 15:31:17 +01:00
Björn Ketelaars
88101dc9fd strerror was declared implicit. Pull in header 2016-02-23 14:54:17 +01:00
Björn Ketelaars
6443b6e245 remove unused variables 2016-02-23 14:54:10 +01:00