GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,994 Commits 19 Branches 88 Tags
519ce111a5113ac89f700cd27e6846b21937bf79
Commit Graph

57 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
519ce111a5 increased MAX_MSG_SIZE 2015-05-11 14:26:05 +02:00
Nikos Mavrogiannopoulos
d1d83d909c sec-mod: eliminated redundant parameters 2015-05-11 14:25:51 +02:00
Nikos Mavrogiannopoulos
10dcf1a82d added sanity checks in commands exchanged from main with sec-mod 2015-05-11 14:25:39 +02:00
Nikos Mavrogiannopoulos
41bcc9d0c0 radius: put the process ID into NAS-Port 2015-05-11 14:15:25 +02:00
Nikos Mavrogiannopoulos
99dd4a6e03 reject bad commands from main 2015-04-07 17:13:29 +02:00
Nikos Mavrogiannopoulos
0967f05f8d sec-mod: do not impose timeouts on reads from main 2015-03-31 10:13:13 +02:00
Nikos Mavrogiannopoulos
7ea22d3aac receive SM_CMD_AUTH_BAN_IP_REPLY asynchronously to prevent race conditions 2015-03-23 11:13:26 +01:00
Nikos Mavrogiannopoulos
872f39f777 sec-mod: handle unknown messages as bad commands 2015-03-15 11:20:42 +01:00
Nikos Mavrogiannopoulos
6c1f88a090 sec-mod: only exit on ERR_BAD_COMMAND errors from main msg handler 2015-03-14 18:46:17 +01:00
Nikos Mavrogiannopoulos
cc16a65819 separated permanent configuration options from the reloaded ones 2015-03-02 13:18:52 +01:00
Nikos Mavrogiannopoulos
f4d14f7000 sec-mod: will exit if it fails to process commands from main 2015-03-02 09:00:18 +01:00
Nikos Mavrogiannopoulos
2c23c86d48 removed unused parameter of select() 2015-02-26 20:36:49 +01:00
Nikos Mavrogiannopoulos
bbee3767dc sec-mod: don't use a timeout value in select() 
There is no need for that.
 2015-02-26 13:41:39 +01:00
Nikos Mavrogiannopoulos
a617485232 enforce of IP banning was moved to main 2015-02-25 13:16:56 +01:00
Nikos Mavrogiannopoulos
3222cedb99 simplify the communication between main and sec-mod 2015-02-25 10:33:25 +01:00
Nikos Mavrogiannopoulos
06e0c69f1d sec-mod: maintainance time was increased to be over the default cookie expiration time 2015-02-21 16:34:55 +01:00
Nikos Mavrogiannopoulos
8bb0af61bc Added GSSAPI as an additional password auth mechanism 
That also adds the ability to support an OR composition of multiple
authentication methods. That is using the 'enable-auth' config option.
 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
c954e45e53 silence debugging messages from sec-mod when not in debug 2015-01-18 17:34:59 +01:00
Nikos Mavrogiannopoulos
07e01d06b5 use strlcpy() instead of snprintf() where it make sense 
That should reduce wasted cycles.
 2014-12-14 19:24:14 +01:00
Nikos Mavrogiannopoulos
065753bd57 undid ed5b177691 
It is not currently possible to reload only a part of the
configuration. If the back-end module changes, the server will
bail out instead.
 2014-12-10 15:28:14 +01:00
Nikos Mavrogiannopoulos
0551338a7a sec-mod: preparations for thread safety 2014-12-10 14:10:17 +01:00
Nikos Mavrogiannopoulos
54e6450807 sec-mod: separated request serving from main loop 2014-12-10 13:30:56 +01:00
Nikos Mavrogiannopoulos
320773e80a Added support for radius interim updates 2014-12-10 11:18:29 +01:00
Nikos Mavrogiannopoulos
35e93c6341 added option to send statistics periodically to sec-mod 2014-12-10 11:18:23 +01:00
Nikos Mavrogiannopoulos
2194e11b39 Added support for radius authentication 2014-12-09 10:59:18 +01:00
Nikos Mavrogiannopoulos
baa3e4701e Supplementary configuration is now read by the security module. 
That allows sec-mod to handle both authentication and accounting.
That deprecates the session-control configuration option.
 2014-12-08 13:52:28 +01:00
Nikos Mavrogiannopoulos
7b0e20e6ad sec-mod: made logging consistent with the main server 2014-12-01 22:49:09 +01:00
Nikos Mavrogiannopoulos
1cb35b8b09 use more reasonable names to open and close a session 2014-09-25 16:41:54 +02:00
Nikos Mavrogiannopoulos
30bcf35576 Revert "license upgraded to GPLv3" 
This reverts commit 213f9a63ee.

Conflicts:
	configure.ac
 2014-09-24 11:34:15 +02:00
Nikos Mavrogiannopoulos
c49128f1bb doc update 2014-06-10 15:50:55 +02:00
Nikos Mavrogiannopoulos
cfa74a4e29 Reload the configuration of the security module as well, on main process reload. 2014-06-10 15:47:58 +02:00
Nikos Mavrogiannopoulos
28dca2aa0c Added support for session control (relevant for PAM for now) 
That in effect will utilize the pam_open_session() and pam_close_session().
It is disabled by default as it requires more resources from the security module.
 2014-06-10 15:16:40 +02:00
Nikos Mavrogiannopoulos
0c21e47f85 Always use the native endianness. 2014-05-31 22:09:09 +02:00
Nikos Mavrogiannopoulos
213f9a63ee license upgraded to GPLv3 2014-05-23 11:50:56 +02:00
Nikos Mavrogiannopoulos
d99c527758 memory reorganization in sec-mod. 
It no longer relies on main pool, it uses it's own pool.
In addition the DEBUG_LEAKS definition was added to allow debugging
leaks.
 2014-05-15 16:44:43 +02:00
Nikos Mavrogiannopoulos
739a2126d0 Clean-up all memory on deinitialization of sec-mod and worker. 
That will allow to easier spot any unintentional memory leaks.
 2014-05-15 15:36:03 +02:00
Nikos Mavrogiannopoulos
09704b8819 Password authentication is now delegated to sec-mod. 
That prevents any memory from the authentication modules to be leaked
to a worker process. As a result, the status zombie and dead no longer
exists.
 2014-05-14 11:37:01 +02:00
Nikos Mavrogiannopoulos
9f07c42b82 Allow the main process to connect to sec-module. 
That allows gnutls' to verify the key validity during initialization.
 2014-05-12 10:12:39 +02:00
Nikos Mavrogiannopoulos
71104b36a3 Added support for unix sockets for the occtl communication. 
D-BUS support is left, but is not enabled by default.
 2014-05-07 13:54:58 +02:00
Nikos Mavrogiannopoulos
0258824647 corrected program name in license 2014-04-18 16:16:31 +02:00
Nikos Mavrogiannopoulos
f8fbb9bde3 Corrected several coverity uncovered bugs. 2014-04-15 10:08:42 +02:00
Nikos Mavrogiannopoulos
c15a3bb125 indented file 2014-01-22 22:30:02 +01:00
Nikos Mavrogiannopoulos
c1312145d4 Added support for getpeereid 2014-01-22 22:29:19 +01:00
Nikos Mavrogiannopoulos
b46d32a66f Added comments 2013-12-22 19:06:28 +01:00
Nikos Mavrogiannopoulos
b267ba203f adjusted severity 2013-12-09 22:10:29 +01:00
Nikos Mavrogiannopoulos
3fbac00817 sec-mod ensures that requests come from the correct user. 2013-12-09 15:39:40 +01:00
Nikos Mavrogiannopoulos
74f0ba5e72 do not ignore errors from system calls 2013-11-05 20:06:18 +01:00
Nikos Mavrogiannopoulos
85f4db201c updated license information and authors 2013-11-05 19:38:30 +01:00
Nikos Mavrogiannopoulos
5be935dfd8 use gnutls_privkey_sign_hash() when available. 2013-05-27 22:39:29 +02:00
Nikos Mavrogiannopoulos
67e83f89d7 Use sigaction() to have a consistent behavior across systems for signals. 2013-05-02 11:46:02 +03:00