GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,114 Commits 19 Branches 88 Tags
739a2126d020c7d8353e5a3572b014591eb28218
Commit Graph

1114 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
739a2126d0 Clean-up all memory on deinitialization of sec-mod and worker. 
That will allow to easier spot any unintentional memory leaks.
 2014-05-15 15:36:03 +02:00
Nikos Mavrogiannopoulos
b62c14f613 corrected issue in talloc detection. 2014-05-15 14:52:13 +02:00
Nikos Mavrogiannopoulos
f9ce018f68 Add the clock_gettime() syscall on the list of allowed in seccomp. 2014-05-15 14:28:18 +02:00
Nikos Mavrogiannopoulos
a74f615766 doc update 2014-05-15 13:14:58 +02:00
Nikos Mavrogiannopoulos
044b910128 Force full connection after cookie when a script is involved. 
That is because in the new design of ocserv, the cookie is being
provided prior to any script being run or evaluated.
 2014-05-15 11:52:17 +02:00
Nikos Mavrogiannopoulos
68c4b2371b Renamed main-auth.h. 2014-05-15 11:39:02 +02:00
Nikos Mavrogiannopoulos
e7171ac859 Supplementary group/user configuration is now modular. 
That will ease the addition of other backends that can be used to
read the user/group configuration. The only backend supported now
is file.
 2014-05-15 11:36:30 +02:00
Nikos Mavrogiannopoulos
a2ea033f50 use safe_memset() when overwritting the group configuration 2014-05-15 10:46:53 +02:00
Nikos Mavrogiannopoulos
231316f624 cleanup the inclusion of protobuf sources. 2014-05-15 10:44:35 +02:00
Nikos Mavrogiannopoulos
37f295b31a doc update 2014-05-14 14:54:02 +02:00
Nikos Mavrogiannopoulos
fcaeacbd00 Added sanity checks in state transitions. 2014-05-14 14:51:41 +02:00
Nikos Mavrogiannopoulos
b25deaf742 Updated authentication state and design figures. 2014-05-14 14:50:03 +02:00
Nikos Mavrogiannopoulos
53f3129da9 Authentication modules were moved to subdirectory auth/ 2014-05-14 14:35:50 +02:00
Nikos Mavrogiannopoulos
a1a47f3294 doc update 2014-05-14 13:30:43 +02:00
Nikos Mavrogiannopoulos
788560b9ce Added default-user-config and default-group-config configuration options. 
These allow setting a configuration file that will be loaded if a
user-specific or group-specific configuration file isn't found.
 2014-05-14 13:27:51 +02:00
Nikos Mavrogiannopoulos
3f9a215f53 Allow for random and for predictable IP assignment. 2014-05-14 13:00:11 +02:00
Nikos Mavrogiannopoulos
09704b8819 Password authentication is now delegated to sec-mod. 
That prevents any memory from the authentication modules to be leaked
to a worker process. As a result, the status zombie and dead no longer
exists.
 2014-05-14 11:37:01 +02:00
Nikos Mavrogiannopoulos
df7b124df4 include malloc.h when needed. 2014-05-13 21:19:56 +02:00
Nikos Mavrogiannopoulos
07559df432 Corrected the removal of socket files in chrooted environment. 
In addition remove the occtl_socket_file.
 2014-05-12 11:14:53 +02:00
Nikos Mavrogiannopoulos
5e3afb92ad eliminate the need for a worker_pool variable in main_server_st. 2014-05-12 10:51:18 +02:00
Nikos Mavrogiannopoulos
1465a5922c Added no-udp group configuration option. 
That options allows disabling UDP for specific users or groups.
 2014-05-12 10:29:29 +02:00
Nikos Mavrogiannopoulos
2338251a0f corrected PAM module and its usage of malloc. 2014-05-12 10:25:03 +02:00
Nikos Mavrogiannopoulos
9f07c42b82 Allow the main process to connect to sec-module. 
That allows gnutls' to verify the key validity during initialization.
 2014-05-12 10:12:39 +02:00
Nikos Mavrogiannopoulos
478c580a56 doc update 2014-05-11 14:30:43 +02:00
Nikos Mavrogiannopoulos
b83f168613 doc update 2014-05-11 14:24:46 +02:00
Nikos Mavrogiannopoulos
9434334918 updated sample.config 2014-05-11 14:23:43 +02:00
Nikos Mavrogiannopoulos
ed0cb777dd occtl: propagate error codes on error conditions. 2014-05-11 14:23:11 +02:00
Nikos Mavrogiannopoulos
522a9c35a4 Allow modifying the default occtl socket file. 2014-05-11 14:16:38 +02:00
Nikos Mavrogiannopoulos
fa22c1cbbf use safe_memset() when overwriting the TLS cache entries. 2014-05-11 10:10:39 +02:00
Nikos Mavrogiannopoulos
9229fcfb1c use common definition for date-time format. 2014-05-10 23:27:24 +02:00
Nikos Mavrogiannopoulos
41561567b5 status cmd will report the server uptime 2014-05-10 23:12:37 +02:00
Nikos Mavrogiannopoulos
4b1dc9b38e Added missing files. 2014-05-10 23:12:15 +02:00
Nikos Mavrogiannopoulos
d0729cf454 use safe_memset() where needed. 2014-05-10 13:48:00 +02:00
Nikos Mavrogiannopoulos
127fd35d2e Use a static buffer to read the password file entries from. 
That allows easier overwrite of the parameters read.
 2014-05-10 13:43:09 +02:00
Nikos Mavrogiannopoulos
93db512921 do not separately allocate buffer, but place it instead into worker structure. 2014-05-10 13:26:22 +02:00
Nikos Mavrogiannopoulos
0c86299a18 doc update 2014-05-09 21:13:52 +02:00
Nikos Mavrogiannopoulos
435a0bf5b0 corrected function prototype. 2014-05-09 21:05:24 +02:00
Nikos Mavrogiannopoulos
f21079b667 use malloc_trim() to return memory to OS after fork(). 2014-05-09 20:42:04 +02:00
Nikos Mavrogiannopoulos
929bf5e211 Fixes in talloc usage in occtl in combination with readline. 2014-05-09 16:52:16 +02:00
Nikos Mavrogiannopoulos
fe150f8ab3 better interplay between use-dbus and use-occtl. 2014-05-09 16:38:28 +02:00
Nikos Mavrogiannopoulos
ecfb7cf513 When deinitializing the IP-leases table disable the lease destructor. 2014-05-09 16:28:37 +02:00
Nikos Mavrogiannopoulos
2c3d7ff978 updated docker test. 2014-05-09 16:13:18 +02:00
Nikos Mavrogiannopoulos
969e684960 Use talloc() for all allocations to reduce the possibility of memory leaks. 2014-05-09 16:13:11 +02:00
Nikos Mavrogiannopoulos
fbb168e00a bumped version 2014-05-09 16:12:43 +02:00
Nikos Mavrogiannopoulos
b0e10065a0 Support for the unix socket is now configurable. 2014-05-09 16:12:37 +02:00
Nikos Mavrogiannopoulos
840c35e902 Added configure option --without-pam 2014-05-08 09:07:10 +02:00
Nikos Mavrogiannopoulos
71104b36a3 Added support for unix sockets for the occtl communication. 
D-BUS support is left, but is not enabled by default.
 2014-05-07 13:54:58 +02:00
Nikos Mavrogiannopoulos
6f694915c7 Added talloc. 2014-05-06 16:22:50 +02:00
Nikos Mavrogiannopoulos
89ddd81c0e Use exit_worker() or gnutls fatal errors instead of plain exit(). 
That solves issue with stats not being reported to the main process.
 2014-05-04 14:16:47 +02:00
Nikos Mavrogiannopoulos
d6583945f9 Added the STATS_DURATION script environment variable. 
This variable reports the duration of the session in seconds.
 2014-05-04 11:20:32 +02:00