GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,125 Commits 19 Branches 88 Tags
5d0bdf296678a8402386bb702d877776b26397ff
Commit Graph

1125 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
5d0bdf2966 Added test for group selection when having a certificate. 2014-05-20 15:49:56 +02:00
Nikos Mavrogiannopoulos
2969d37298 Added tests for group authentication using passwords and PAM. 2014-05-20 15:36:50 +02:00
Nikos Mavrogiannopoulos
aef5dc0633 Allow multiple groups to be present in a client certificate. 
In that case the user will be prompted to select a group.
 2014-05-20 15:36:40 +02:00
Nikos Mavrogiannopoulos
2668fe63b4 Added the default-select-group directive. 2014-05-19 20:00:35 +02:00
Nikos Mavrogiannopoulos
d44982235d doc update 2014-05-19 18:27:12 +02:00
Nikos Mavrogiannopoulos
659cc9850c Corrected filename in Makefile. 2014-05-19 18:26:06 +02:00
Nikos Mavrogiannopoulos
4755ee48c5 Added the select-group and auto-select-group config options. 
These options allow to prompt the user for a group prior to login.
That in addition enhances the password file format and multiple groups
can be specified on a comma separated list, as:
user:group1,group2,group3:$5$encodedpassword
 2014-05-19 18:25:25 +02:00
Nikos Mavrogiannopoulos
6bc625df81 The route configuration directive accepts the keyword 'default' 
In that case it will return a default route irrespective of any other
route directives. That allows overriding existing routes with a default
route for specific users and groups.
 2014-05-19 09:58:37 +02:00
Nikos Mavrogiannopoulos
0f0f96ef5c sample.config: comment out the occtl-socket-file. 2014-05-17 08:47:27 +02:00
Nikos Mavrogiannopoulos
d99c527758 memory reorganization in sec-mod. 
It no longer relies on main pool, it uses it's own pool.
In addition the DEBUG_LEAKS definition was added to allow debugging
leaks.
 2014-05-15 16:44:43 +02:00
Nikos Mavrogiannopoulos
48c42fe254 define HAVE_LIBTALLOC when libtalloc is being used. 2014-05-15 15:36:54 +02:00
Nikos Mavrogiannopoulos
739a2126d0 Clean-up all memory on deinitialization of sec-mod and worker. 
That will allow to easier spot any unintentional memory leaks.
 2014-05-15 15:36:03 +02:00
Nikos Mavrogiannopoulos
b62c14f613 corrected issue in talloc detection. 2014-05-15 14:52:13 +02:00
Nikos Mavrogiannopoulos
f9ce018f68 Add the clock_gettime() syscall on the list of allowed in seccomp. 2014-05-15 14:28:18 +02:00
Nikos Mavrogiannopoulos
a74f615766 doc update 2014-05-15 13:14:58 +02:00
Nikos Mavrogiannopoulos
044b910128 Force full connection after cookie when a script is involved. 
That is because in the new design of ocserv, the cookie is being
provided prior to any script being run or evaluated.
 2014-05-15 11:52:17 +02:00
Nikos Mavrogiannopoulos
68c4b2371b Renamed main-auth.h. 2014-05-15 11:39:02 +02:00
Nikos Mavrogiannopoulos
e7171ac859 Supplementary group/user configuration is now modular. 
That will ease the addition of other backends that can be used to
read the user/group configuration. The only backend supported now
is file.
 2014-05-15 11:36:30 +02:00
Nikos Mavrogiannopoulos
a2ea033f50 use safe_memset() when overwritting the group configuration 2014-05-15 10:46:53 +02:00
Nikos Mavrogiannopoulos
231316f624 cleanup the inclusion of protobuf sources. 2014-05-15 10:44:35 +02:00
Nikos Mavrogiannopoulos
37f295b31a doc update 2014-05-14 14:54:02 +02:00
Nikos Mavrogiannopoulos
fcaeacbd00 Added sanity checks in state transitions. 2014-05-14 14:51:41 +02:00
Nikos Mavrogiannopoulos
b25deaf742 Updated authentication state and design figures. 2014-05-14 14:50:03 +02:00
Nikos Mavrogiannopoulos
53f3129da9 Authentication modules were moved to subdirectory auth/ 2014-05-14 14:35:50 +02:00
Nikos Mavrogiannopoulos
a1a47f3294 doc update 2014-05-14 13:30:43 +02:00
Nikos Mavrogiannopoulos
788560b9ce Added default-user-config and default-group-config configuration options. 
These allow setting a configuration file that will be loaded if a
user-specific or group-specific configuration file isn't found.
 2014-05-14 13:27:51 +02:00
Nikos Mavrogiannopoulos
3f9a215f53 Allow for random and for predictable IP assignment. 2014-05-14 13:00:11 +02:00
Nikos Mavrogiannopoulos
09704b8819 Password authentication is now delegated to sec-mod. 
That prevents any memory from the authentication modules to be leaked
to a worker process. As a result, the status zombie and dead no longer
exists.
 2014-05-14 11:37:01 +02:00
Nikos Mavrogiannopoulos
df7b124df4 include malloc.h when needed. 2014-05-13 21:19:56 +02:00
Nikos Mavrogiannopoulos
07559df432 Corrected the removal of socket files in chrooted environment. 
In addition remove the occtl_socket_file.
 2014-05-12 11:14:53 +02:00
Nikos Mavrogiannopoulos
5e3afb92ad eliminate the need for a worker_pool variable in main_server_st. 2014-05-12 10:51:18 +02:00
Nikos Mavrogiannopoulos
1465a5922c Added no-udp group configuration option. 
That options allows disabling UDP for specific users or groups.
 2014-05-12 10:29:29 +02:00
Nikos Mavrogiannopoulos
2338251a0f corrected PAM module and its usage of malloc. 2014-05-12 10:25:03 +02:00
Nikos Mavrogiannopoulos
9f07c42b82 Allow the main process to connect to sec-module. 
That allows gnutls' to verify the key validity during initialization.
 2014-05-12 10:12:39 +02:00
Nikos Mavrogiannopoulos
478c580a56 doc update 2014-05-11 14:30:43 +02:00
Nikos Mavrogiannopoulos
b83f168613 doc update 2014-05-11 14:24:46 +02:00
Nikos Mavrogiannopoulos
9434334918 updated sample.config 2014-05-11 14:23:43 +02:00
Nikos Mavrogiannopoulos
ed0cb777dd occtl: propagate error codes on error conditions. 2014-05-11 14:23:11 +02:00
Nikos Mavrogiannopoulos
522a9c35a4 Allow modifying the default occtl socket file. 2014-05-11 14:16:38 +02:00
Nikos Mavrogiannopoulos
fa22c1cbbf use safe_memset() when overwriting the TLS cache entries. 2014-05-11 10:10:39 +02:00
Nikos Mavrogiannopoulos
9229fcfb1c use common definition for date-time format. 2014-05-10 23:27:24 +02:00
Nikos Mavrogiannopoulos
41561567b5 status cmd will report the server uptime 2014-05-10 23:12:37 +02:00
Nikos Mavrogiannopoulos
4b1dc9b38e Added missing files. 2014-05-10 23:12:15 +02:00
Nikos Mavrogiannopoulos
d0729cf454 use safe_memset() where needed. 2014-05-10 13:48:00 +02:00
Nikos Mavrogiannopoulos
127fd35d2e Use a static buffer to read the password file entries from. 
That allows easier overwrite of the parameters read.
 2014-05-10 13:43:09 +02:00
Nikos Mavrogiannopoulos
93db512921 do not separately allocate buffer, but place it instead into worker structure. 2014-05-10 13:26:22 +02:00
Nikos Mavrogiannopoulos
0c86299a18 doc update 2014-05-09 21:13:52 +02:00
Nikos Mavrogiannopoulos
435a0bf5b0 corrected function prototype. 2014-05-09 21:05:24 +02:00
Nikos Mavrogiannopoulos
f21079b667 use malloc_trim() to return memory to OS after fork(). 2014-05-09 20:42:04 +02:00
Nikos Mavrogiannopoulos
929bf5e211 Fixes in talloc usage in occtl in combination with readline. 2014-05-09 16:52:16 +02:00