GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,490 Commits 19 Branches 88 Tags
63d3b98cad7688c3fb5484d4e1499be5c63af2a7
Commit Graph

2490 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
63d3b98cad use more consistent naming in internal messages 2016-03-05 14:00:50 +01:00
Nikos Mavrogiannopoulos
76e602a4ca worker: don't log the SID in normal debugging levels 2016-03-05 11:20:54 +01:00
Nikos Mavrogiannopoulos
a2d62c005d worker: censor the DTLS master secret header as well 2016-03-05 11:16:03 +01:00
Nikos Mavrogiannopoulos
33a11af1b8 worker: pass received hostname to user via SESSION_INFO msg 2016-03-04 16:52:48 +01:00
Nikos Mavrogiannopoulos
9d144c89a9 Eliminated hostname handling in sec-mod 
This value never reached sec-mod as it is only get known
after session is initiated by the client (i.e., after
auth_rep message is received).
 2016-03-04 16:47:52 +01:00
Nikos Mavrogiannopoulos
2659d555ac main: overwrite the SID after removing a proc struct and on received packets 
That's because it is a sensitive value that can be used to resume
existing sessions. I should have used the fork+exec model in main.
 2016-03-04 16:33:08 +01:00
Nikos Mavrogiannopoulos
5ee78fec14 run_sec_mod: close unused sync fd 2016-03-02 09:19:06 +01:00
Nikos Mavrogiannopoulos
2fa8ed478e doc update [ci skip] 2016-02-29 14:22:03 +01:00
Nikos Mavrogiannopoulos
993df97b9b worker-privs: added getpid to the list of allowed syscalls 2016-02-27 17:55:02 +01:00
Nikos Mavrogiannopoulos
d64431ab83 doc update [ci skip] 2016-02-23 16:09:06 +01:00
Nikos Mavrogiannopoulos
f41b425f23 worker: replaced the timeout-based session forwarding with a validity checking 
That checks whether the first packet received in the new session is valid
and if true, accept the new fd. This avoids the mess with validity detection
based on timeouts.
 2016-02-23 15:50:39 +01:00
Nikos Mavrogiannopoulos
4fd259928d doc update [ci skip] 2016-02-23 15:35:59 +01:00
Nikos Mavrogiannopoulos
fccaca16bd Increased the SID (cookie) size to 256-bits 2016-02-23 15:31:17 +01:00
Nikos Mavrogiannopoulos
0be5ada07b tests: removed cookie key rotation check 
It is no longer applicable.
 2016-02-23 15:31:17 +01:00
Nikos Mavrogiannopoulos
010257c6a2 Simplified cookie handling 
This change set eliminates the need for cryptographically authenticated
cookies and relies on sec-module providing accurate information on
the SID provided by the client.
 2016-02-23 15:31:17 +01:00
Björn Ketelaars
88101dc9fd strerror was declared implicit. Pull in header 2016-02-23 14:54:17 +01:00
Björn Ketelaars
6443b6e245 remove unused variables 2016-02-23 14:54:10 +01:00
Nikos Mavrogiannopoulos
43931c8c88 doc update 2016-02-23 14:50:37 +01:00
Nikos Mavrogiannopoulos
220a6c2c4d tests: check the ipv4-network directive from user config 2016-02-23 14:49:20 +01:00
Nikos Mavrogiannopoulos
cbcd4c8279 sup-config/file: Addressed issue with ipv4-network not reading prefix 
That is the syntax now accepts options such as:
"ipv4-network = x.x.x.x/y". Reported by Frank Rosquin.
 2016-02-23 14:47:41 +01:00
Nikos Mavrogiannopoulos
260b07955c tests: allow compilation with included protobuf 2016-02-23 14:19:02 +01:00
Nikos Mavrogiannopoulos
a2f031a018 Allow compilation with local libopts 2016-02-22 14:12:42 +01:00
Nikos Mavrogiannopoulos
ef2456ab85 allow compilation with included protobuf 2016-02-22 14:07:36 +01:00
Nikos Mavrogiannopoulos
f6f957487e main: fixed issue with disconnection reason logging 
It was logged before it was made known.
 2016-02-21 15:23:19 +01:00
Nikos Mavrogiannopoulos
96796fc6e2 Renamed proc_search_ip() to proc_search_single_ip() 
This better reflects the purpose of the function and will
prevent misuse.
 2016-02-21 13:25:02 +01:00
Nikos Mavrogiannopoulos
06d8d65249 overwrite the memory of every packed message 2016-02-21 12:43:44 +01:00
Nikos Mavrogiannopoulos
d9a72ce629 doc update 2016-02-21 12:43:42 +01:00
Nikos Mavrogiannopoulos
aa6bd829d4 increased the default cookie rekey time to 3 days 2016-02-21 12:43:20 +01:00
Nikos Mavrogiannopoulos
796b5e0648 doc update 2016-02-20 18:33:27 +01:00
Nikos Mavrogiannopoulos
5dce846fef occtl: fixed compilation issue in OpenBSD 
Reported by Björn Ketelaars.
 2016-02-20 18:29:34 +01:00
Nikos Mavrogiannopoulos
fc0b90f889 tun: fixed compilation issue in OpenBSD 
Reported by Björn Ketelaars.
 2016-02-20 18:26:16 +01:00
Nikos Mavrogiannopoulos
176bf532ec released 0.11.0 ocserv_0_11_0 2016-02-19 10:57:33 +01:00
Nikos Mavrogiannopoulos
a2655972e8 bumped version 2016-02-19 10:51:44 +01:00
Nikos Mavrogiannopoulos
837b5989f8 configure: depend on radcli 1.2.5 
Previous versions have a bug which caused crashes under certain
circumstances.
 2016-02-19 10:50:18 +01:00
Nikos Mavrogiannopoulos
0d91834624 tests: allow compilation without http-parser lib 2016-02-19 10:05:48 +01:00
Nikos Mavrogiannopoulos
b3fe8afe3a tests: added check for human_addr() output 2016-02-19 10:04:21 +01:00
Nikos Mavrogiannopoulos
029e42d07d moved human_addr2() to ip-util.c 2016-02-19 09:56:21 +01:00
Nikos Mavrogiannopoulos
007e390d63 doc update 2016-02-18 18:08:57 +01:00
Nikos Mavrogiannopoulos
d3ebbe6afb tlslib: don't use GNUTLS_X509_CRT_LIST_SORT; it is buggy 2016-02-18 16:50:42 +01:00
Nikos Mavrogiannopoulos
83dde24620 tests: reference debian testing by name 2016-02-14 14:50:49 +01:00
Nikos Mavrogiannopoulos
b130bd9214 config: increased the default auth-timeout value to 4mins 
This provides slow users more time to enter their username,
password.
 2016-02-13 14:49:08 +01:00
Nikos Mavrogiannopoulos
57d79d524b Allow compilation without http-parser library 2016-02-10 13:09:15 +01:00
Nikos Mavrogiannopoulos
89f02bad02 config: put kkdcp options into brackets 
That is not necessary for the existing examples, but may be
in future ones, as they may contain characters that libopts doesn't
like.
 2016-02-08 19:27:39 +01:00
Nikos Mavrogiannopoulos
fb79008695 released 0.11.0rc1 2016-02-03 09:44:45 +01:00
Nikos Mavrogiannopoulos
5dbe753512 tests: increase timeout for radius accounting report 2016-01-28 15:22:22 +01:00
Nikos Mavrogiannopoulos
9b165b9e06 doc update 2016-01-28 13:57:32 +01:00
Nikos Mavrogiannopoulos
336c2dc8cd bumped version to rc1 2016-01-28 13:57:27 +01:00
Nikos Mavrogiannopoulos
ff5b2b7aad Use 32-bit length variable for transferring between occtl and ocserv 
This allows to handle the transfer of long data between ocserv and occtl.
Reported by Liviu.

Resolves #29
 2016-01-28 13:53:21 +01:00
Nikos Mavrogiannopoulos
353bd39686 replaced select() calls will poll() calls 
This allows to handle descriptors more than the maximum limit
allowed by select(), and thus handle more clients than 1024.
 2016-01-28 13:53:08 +01:00
Nikos Mavrogiannopoulos
f035ae170d human_addr2: Avoid the usage of getnameinfo and use the simpler inet_ntop 
This simplifies the function.
 2016-01-27 16:11:37 +01:00