GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,620 Commits 19 Branches 88 Tags
53a54b0e39ea64469c2947ae1051f82e5bfca7f3
Commit Graph

2620 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
53a54b0e39 doc: documented about krb5-k5tls plugin 
This plugin is required in Debian and Ubuntu based distributions
for kinit to be able to use KKDCP servers. Suggested by Jochen Hein.
 2016-07-13 09:08:46 +02:00
Nikos Mavrogiannopoulos
23558aff31 doc update 2016-07-09 10:57:53 +02:00
Nikos Mavrogiannopoulos
4015a19a29 open_tun() ignore EINVAL error in TUNSETGROUP ioctl() 
This allows ocserv to work with kernels prior to 2.6.23.

Relates #60
 2016-07-09 10:57:03 +02:00
Nikos Mavrogiannopoulos
5964c31d68 tun: enable multicast mode for FreeBSD systems 2016-07-04 14:00:08 +02:00
Nikos Mavrogiannopoulos
6aafcc0bf5 tun: move bsd-system-specific tun code to bsd_open_tun() 2016-07-04 14:00:08 +02:00
Nikos Mavrogiannopoulos
7254f3b2e7 document how a certificate may hold multiple groups 2016-07-04 10:50:40 +02:00
Nikos Mavrogiannopoulos
b4d04878a6 doc update 2016-07-04 00:20:06 +02:00
Nikos Mavrogiannopoulos
085df882ab tun: corrected tun device group assignment 2016-07-04 00:19:34 +02:00
Nikos Mavrogiannopoulos
e12d2e6818 tests: made pam check independent of builddir 2016-06-29 10:05:00 +02:00
Nikos Mavrogiannopoulos
0eb8aac9bf README.md: mention NSS wrapper 2016-06-29 09:50:41 +02:00
Nikos Mavrogiannopoulos
0d1358edf2 configure: enable pam tests only when liboath is present and PAM compiled in 2016-06-29 09:49:24 +02:00
Nikos Mavrogiannopoulos
a80abeb888 tun: use the same prefix (from the lease) in Linux and *BSD 2016-06-28 09:05:27 +02:00
Nikos Mavrogiannopoulos
ae3c20c3ed tests: pam tests were converted to use pam-wrapper 
This allows running the PAM tests without requiring root access
 2016-06-25 23:05:18 +02:00
Nikos Mavrogiannopoulos
dcab477d52 radius: corrected the accounting of gigawords for outgoing data 
Previously the incoming bytes were accounted instead of the
outgoing bytes.

Resolves #57
 2016-06-20 23:23:22 +02:00
Nikos Mavrogiannopoulos
954607e88a When sending auth_id reply to pre-3.x clients use a different auth_id for username and password 
That is because some modified v2.x clients require that any response
that asks for information does not have an XML form with auth_id set
to "main".

Resolves #55
 2016-06-20 23:02:38 +02:00
Nikos Mavrogiannopoulos
bcef7c58cf worker: always honour the DTLS ciphersuite that matches the TLS ciphersuite 
That is, do not consider the ciphersuite priorities at all, but rather
prefer the DTLS ciphersuite that matches the TLS one (if any).
 2016-06-18 16:09:10 +02:00
Nikos Mavrogiannopoulos
3d4fb9b3e6 tests: added unit test for valid_hostname() function 2016-06-18 14:27:40 +02:00
Nikos Mavrogiannopoulos
f7e057a6dd tests: check whether the hostname is overriden by per-user conf 2016-06-18 14:21:46 +02:00
Nikos Mavrogiannopoulos
1f809f5e64 ocserv: check the hostname value received by the client for validity 2016-06-18 14:21:41 +02:00
Nikos Mavrogiannopoulos
ed31709e75 ocserv: notify back the client about the hostname accepted (if any) 
That is, the server will populate X-CSTP-Hostname and send it
back the the client.
 2016-06-18 14:05:29 +02:00
Nikos Mavrogiannopoulos
4124b9c089 doc update 2016-06-18 11:17:02 +02:00
Nikos Mavrogiannopoulos
0c093ad8f3 ocserv: allow overriding hostname on the per-user configuration 
This allows for the administrator to set specific hostnames, or even
empty hostname for specific users.
 2016-06-18 11:08:53 +02:00
Nikos Mavrogiannopoulos
a81652a411 doc update 2016-06-18 10:47:08 +02:00
Nikos Mavrogiannopoulos
966206ecea worker: when advertising the IPv6 address/prefix use the subnet prefix 
That is, instead of advertising the address with the server's prefix
advertise the IPv6 address with the prefix that is assigned to the client
itself.
 2016-06-18 10:45:25 +02:00
Kevin Cernekee
fb1430f95e Zero out the whole sockaddr_in6 struct when parsing explicit-ipv6 
This initializes sin6_scope_id to 0, so that $IPV6_REMOTE doesn't
get strings that look like: "2001:db8::1234%932152953"

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
 2016-06-18 10:41:32 +02:00
Nikos Mavrogiannopoulos
efafdd9e73 tests: added missing certs 2016-06-17 23:11:21 +02:00
Nikos Mavrogiannopoulos
a0ffa818c0 tests: use the .tmp suffix to pid files 2016-06-17 11:56:43 +02:00
Nikos Mavrogiannopoulos
f2bef25cdc sample.config: use new paths 2016-06-17 11:54:07 +02:00
Nikos Mavrogiannopoulos
cbc4dde44b tests: moved passwd files to data/ 2016-06-17 11:54:05 +02:00
Nikos Mavrogiannopoulos
f3a182dbdf tests: moved config files to data/ 2016-06-17 11:54:03 +02:00
Nikos Mavrogiannopoulos
5c88ee7715 tests: moved all certificates and keys in certs/ 2016-06-17 11:53:50 +02:00
Nikos Mavrogiannopoulos
0810cc0aa7 doc update ocserv_0_11_3 2016-06-16 08:49:52 +02:00
Nikos Mavrogiannopoulos
05badbea7a doc update 2016-06-16 08:28:42 +02:00
Nikos Mavrogiannopoulos
bb1ba34bdc ocserv-fw: updated with Lance LeFlore's version 2016-06-16 08:27:22 +02:00
Nikos Mavrogiannopoulos
c49b395a54 ocserv: better log message on terminating worker processes 2016-06-08 19:37:17 +02:00
Nikos Mavrogiannopoulos
aa27271f3b tests: remove the explicit docker pull commands from docker-common.sh 2016-06-08 17:01:48 +02:00
Nikos Mavrogiannopoulos
7a6a7c707a worker: wait for confirmation on messages sent during disconnect 
when disconnecting and sending stats and info to main and sec-mod
ensure that messages have been processed prior to exiting. That makes
sure that these messages are accounted and are not lost. This addresses
issue where the stats on disconnect were not properly reported to
sec-mod.
 2016-06-05 11:35:51 +02:00
Nikos Mavrogiannopoulos
d83c523661 sec-mod: process_packet -> process_worker_packet 2016-06-05 11:25:52 +02:00
Nikos Mavrogiannopoulos
1276ebeb48 ocserv: eliminated race condition with up/down scripts 
If a user is disconnected while the connect script is running,
kill the script and wait for its termination. If it successfully
terminated (exit code = 0) then run the user disconnect (down) script.
 2016-06-05 10:38:34 +02:00
Nikos Mavrogiannopoulos
ceed05b030 doc update 2016-06-05 10:14:34 +02:00
Nikos Mavrogiannopoulos
55cb72522a doc update 2016-06-04 20:03:40 +02:00
Nikos Mavrogiannopoulos
ab5d22c005 tests: added check for host-update-script being run 2016-06-04 20:02:15 +02:00
Nikos Mavrogiannopoulos
5c9cda67fb ocserv: added a host-update-script config option 
This option will set a script to be called once the user is
connected and provides a hostname to be used with his IP. That
script can be used to update a DNS server or so.

Relates #39
 2016-06-04 19:49:03 +02:00
Andrew Karpow
db31e9def3 ocserv: fix ipv6 tun control on OpenBSD 
This fixes ipv6 tunnel support on OpenBSD. OpenBSD network stack doesn't
enable the multicast flag on tun devices like FreeBSD - but this is
obligatory for ipv6.

Error message without this patch:
main: tun.c:260: tun0: Error setting IPv6: Invalid argument

Signed-off-by: Andrew Karpow <andy@ndyk.de>
 2016-06-01 22:10:51 +02:00
Nikos Mavrogiannopoulos
8c3990cfde doc update 2016-06-01 15:41:13 +02:00
Nikos Mavrogiannopoulos
9e4ee0551a ocserv: improved old openconnect version detection 
That is enhance detection to detect openconnect version 3 and _earlier_.

Resolves #51
 2016-06-01 15:37:17 +02:00
Nikos Mavrogiannopoulos
63e4500f09 bumped version 2016-05-29 11:57:33 +02:00
Nikos Mavrogiannopoulos
0c9feb2b8b Added travis automatic builds 2016-05-29 11:46:07 +02:00
Nikos Mavrogiannopoulos
c7200bb3cf configure.ac: reduced libtasn1 dependency to 3.4 
This allows building in travis systems.
 2016-05-29 11:46:02 +02:00
Nikos Mavrogiannopoulos
0ee0ef79fb documented the available URL handlers 2016-05-17 14:50:52 +02:00