GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,193 Commits 19 Branches 88 Tags
50f0e11cec7e764e69bd63fc06b6dec93725f200
Commit Graph

2193 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
50f0e11cec tests: added check for pam acct config option 2015-09-18 16:45:32 +02:00
Nikos Mavrogiannopoulos
1bfa6e7648 Reinstated the PAM accounting method 
It can be used to check for a valid PAM account, even when
certificates or another authentication method is in use.
 2015-09-18 16:45:32 +02:00
Nikos Mavrogiannopoulos
a8f852c178 optimize CRL reloads by avoid auto-detection of the type on every reload 2015-09-14 19:34:02 +02:00
Nikos Mavrogiannopoulos
c093480765 doc update 2015-09-14 18:52:20 +02:00
Nikos Mavrogiannopoulos
8c349b9b88 tests: check whether DER CRLs are being read 2015-09-14 18:51:52 +02:00
Nikos Mavrogiannopoulos
9ef5569c7c Allow loading DER-encoded CRLs 2015-09-14 18:46:20 +02:00
Nikos Mavrogiannopoulos
998c0dae4b tlslib: correctly determine the presence of GNUTLS_X509_CRT_LIST_SORT 2015-09-14 18:20:31 +02:00
Nikos Mavrogiannopoulos
f2caadbe83 updated documentation for CRL reload 2015-09-14 17:59:58 +02:00
Nikos Mavrogiannopoulos
090c51cf1f check the CRL periodically and reload it when modified 2015-09-14 17:55:59 +02:00
Nikos Mavrogiannopoulos
87ab853b4f doc update 2015-09-11 16:34:37 +02:00
Nikos Mavrogiannopoulos
f889713df1 When importing server certificate(s) sort them when supported by gnutls 
That avoids the "unsorted chain" error.
 2015-09-11 16:33:56 +02:00
Nikos Mavrogiannopoulos
edba5fc23e removed pam accounting method from config file 
Reported by Stuart Henderson.
 2015-09-05 00:16:06 +02:00
Nikos Mavrogiannopoulos
95684e9056 released 0.10.8 ocserv_0_10_8 2015-09-04 21:28:43 +02:00
Nikos Mavrogiannopoulos
e5f297af09 bumped version 2015-09-04 16:05:05 +02:00
Nikos Mavrogiannopoulos
82424ffd82 added informational message on KKDCP request processing 2015-09-04 15:53:17 +02:00
Nikos Mavrogiannopoulos
f9daea3f3b tests: kerberos: updated to account the change in IPv6 address assignment 2015-09-04 15:53:05 +02:00
Nikos Mavrogiannopoulos
199b3fdfce Store the configuration file internally to avoid dependency on cmdline arguments 
That allows reloading the configuration even after our setproctitle()
has overwritten the argv arguments.
 2015-09-04 14:17:38 +02:00
Nikos Mavrogiannopoulos
e2d2d033f2 tests: updated for change in IPv6 address assignment 2015-09-03 17:00:16 +02:00
Nikos Mavrogiannopoulos
bed8335145 doc update 2015-09-03 16:03:44 +02:00
Nikos Mavrogiannopoulos
cb759d966c use the complete mask when assigning IPv6 addresses 2015-09-03 16:03:43 +02:00
Nikos Mavrogiannopoulos
da830ab3e5 .gitignore: ignore binaries in tests/ 2015-09-03 13:42:15 +02:00
Nikos Mavrogiannopoulos
76712ef87f Keep PAM in the accounting types but simply ignore it. 
That requires no configuration changes for system where this
was accidentally enabled.
 2015-08-31 16:38:05 +02:00
Nikos Mavrogiannopoulos
ddd5ebc743 setproctitle: overwrite argv and argc 2015-08-31 16:35:19 +02:00
Nikos Mavrogiannopoulos
edb0cc3039 doc update 2015-08-31 16:26:06 +02:00
Nikos Mavrogiannopoulos
1c64073cf2 pam: removed accounting; it served no purpose 
In fact it could even cause issues in the security-module
depending on what was configured in PAM.
 2015-08-31 16:19:48 +02:00
Nikos Mavrogiannopoulos
144c6454e0 doc update 2015-08-28 11:42:31 +02:00
Nikos Mavrogiannopoulos
b674a46af6 occtl: print the configured split-dns domains 2015-08-28 11:41:58 +02:00
Nikos Mavrogiannopoulos
35ed4811e5 config: avoid crash when parsing empty subconfig strings 
Reported by Niels Peen.
 2015-08-28 11:11:30 +02:00
Nikos Mavrogiannopoulos
15d637db96 tests: connect script fixes 
The connect script used for proxyproto no longer needs /tmp/connect,
it will create it.
 2015-08-25 17:47:03 +02:00
Nikos Mavrogiannopoulos
f63e0cf65e human_addr2(): only attempt to parse INET addresses 2015-08-25 12:48:44 +02:00
Nikos Mavrogiannopoulos
91926c3d57 Enforce banned list even when proxy protocol is in use 
That would be later in the authentication process by the time
main is notified of the peer's IP. That is a compromise between
terminating a malicious client early (before fork), and handling
the proxy protocol in the privileged main process, which may
reduce the overall security.
 2015-08-25 10:13:07 +02:00
Nikos Mavrogiannopoulos
dca5fb3d9b prior to release check that the version of libopts matches the included 2015-08-22 21:48:54 +02:00
Nikos Mavrogiannopoulos
4f8afab8f1 tests: include proxyproto-unix-test to the test suite 2015-08-22 20:19:41 +02:00
Nikos Mavrogiannopoulos
1b7e4c1075 doc update 2015-08-22 20:13:46 +02:00
Nikos Mavrogiannopoulos
8ed48a14bb tests: check whether IPs are being passed correctly to script when in proxyproto 
That is check whether the remote IP passed is other than localhost,
and there is a non-empty IP_REAL_LOCAL.
 2015-08-22 20:13:46 +02:00
Nikos Mavrogiannopoulos
f8c7bccfa1 occtl: print the Local Device IP (the IP the user connected to) 2015-08-22 20:13:46 +02:00
Nikos Mavrogiannopoulos
d03f364058 proxyproto: corrected address type setting in our address 2015-08-22 20:13:46 +02:00
Nikos Mavrogiannopoulos
8ae336f2ba worker: notify early main on session info 
That allows to pass TLS information early, but more importantly
to pass information on the IP of the client (and our listen IP),
to main, which will be provided in turn to the up and down scripts,
as well as occtl.
 2015-08-22 20:13:46 +02:00
Nikos Mavrogiannopoulos
344167fd5c Be more verbose when CRLs are being loaded 2015-08-21 13:23:37 +02:00
Nikos Mavrogiannopoulos
0dbcb02861 doc: mention the facility log messages are sent to 2015-08-17 14:31:36 +02:00
Nikos Mavrogiannopoulos
ab93ea4d82 Log info message when the control socket is disabled 2015-08-17 14:27:11 +02:00
Nikos Mavrogiannopoulos
6085ec6ef3 On BSD systems only set IP_RECVDSTADDR when using IPv4 2015-08-17 14:24:35 +02:00
Nikos Mavrogiannopoulos
2a949e99c4 configure: discover suitable sed program 2015-08-17 14:20:41 +02:00
Nikos Mavrogiannopoulos
af6a44c346 config: remove whitespace from the end of strings 2015-08-17 14:13:12 +02:00
Nikos Mavrogiannopoulos
7b53d4063b use ':' instead of /bin/true for non-existing programs 2015-08-07 10:34:29 +02:00
Nikos Mavrogiannopoulos
c43d2ba82f bumped version ocserv_0_10_7 2015-08-06 18:43:24 +02:00
Nikos Mavrogiannopoulos
6586d39ed3 tests: don't expose any ports in docker tests 2015-08-06 17:32:57 +02:00
Nikos Mavrogiannopoulos
584c2dda5b proxyproto: use it to figure our IP 
Also made more precise the length checks in proxyproto values.
 2015-08-06 17:32:27 +02:00
Nikos Mavrogiannopoulos
67f6be9e9b proxyproto: allow for headers which have precisely 520-bytes of data 2015-08-05 15:08:56 +02:00
Nikos Mavrogiannopoulos
27509d267b tests: allow compilation without libopts 2015-07-23 20:54:38 +03:00