GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,136 Commits 19 Branches 88 Tags
7eb80a3c013a2e06bb029f73fd6e617c50cca927
Commit Graph

1136 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
7eb80a3c01 corrected filename 2014-05-21 13:52:34 +02:00
Nikos Mavrogiannopoulos
5b8b3b1aa7 When a client has already selected a group, re-order our group selection form. 
This is required by some Anyconnect clients and the openconnect android app.
 2014-05-21 12:40:05 +02:00
Nikos Mavrogiannopoulos
177c1c95bd Allow aliases to group names. 2014-05-21 12:25:26 +02:00
Nikos Mavrogiannopoulos
7153ea8ea7 more precise usage of MAX_*_SIZE definitions. 2014-05-21 06:21:34 +02:00
Kevin Cernekee
8e67f959ed Add missing GnuTLS header file 
sec-mod.h now uses gnutls_privkey_t, so include <gnutls/abstract.h> to
fix this error:

      CC       main-misc.o
    In file included from main-misc.c:43:0:
    ./sec-mod.h:31:2: error: unknown type name ‘gnutls_privkey_t’
      gnutls_privkey_t *key;
      ^
 2014-05-21 06:17:09 +02:00
Nikos Mavrogiannopoulos
5552fc7a61 bumped version 2014-05-20 23:31:11 +02:00
Nikos Mavrogiannopoulos
7133a1cf1b mention the occtl tool instead of who -u 2014-05-20 17:49:12 +02:00
Nikos Mavrogiannopoulos
5f93be350a doc update 2014-05-20 16:11:29 +02:00
Nikos Mavrogiannopoulos
125917a9ac doc update 2014-05-20 16:06:15 +02:00
Nikos Mavrogiannopoulos
b6531feee8 Corrected certificate generation instructions. 2014-05-20 15:50:11 +02:00
Nikos Mavrogiannopoulos
5af82e9ff4 fixed unescape code. 2014-05-20 15:50:09 +02:00
Nikos Mavrogiannopoulos
5d0bdf2966 Added test for group selection when having a certificate. 2014-05-20 15:49:56 +02:00
Nikos Mavrogiannopoulos
2969d37298 Added tests for group authentication using passwords and PAM. 2014-05-20 15:36:50 +02:00
Nikos Mavrogiannopoulos
aef5dc0633 Allow multiple groups to be present in a client certificate. 
In that case the user will be prompted to select a group.
 2014-05-20 15:36:40 +02:00
Nikos Mavrogiannopoulos
2668fe63b4 Added the default-select-group directive. 2014-05-19 20:00:35 +02:00
Nikos Mavrogiannopoulos
d44982235d doc update 2014-05-19 18:27:12 +02:00
Nikos Mavrogiannopoulos
659cc9850c Corrected filename in Makefile. 2014-05-19 18:26:06 +02:00
Nikos Mavrogiannopoulos
4755ee48c5 Added the select-group and auto-select-group config options. 
These options allow to prompt the user for a group prior to login.
That in addition enhances the password file format and multiple groups
can be specified on a comma separated list, as:
user:group1,group2,group3:$5$encodedpassword
 2014-05-19 18:25:25 +02:00
Nikos Mavrogiannopoulos
6bc625df81 The route configuration directive accepts the keyword 'default' 
In that case it will return a default route irrespective of any other
route directives. That allows overriding existing routes with a default
route for specific users and groups.
 2014-05-19 09:58:37 +02:00
Nikos Mavrogiannopoulos
0f0f96ef5c sample.config: comment out the occtl-socket-file. 2014-05-17 08:47:27 +02:00
Nikos Mavrogiannopoulos
d99c527758 memory reorganization in sec-mod. 
It no longer relies on main pool, it uses it's own pool.
In addition the DEBUG_LEAKS definition was added to allow debugging
leaks.
 2014-05-15 16:44:43 +02:00
Nikos Mavrogiannopoulos
48c42fe254 define HAVE_LIBTALLOC when libtalloc is being used. 2014-05-15 15:36:54 +02:00
Nikos Mavrogiannopoulos
739a2126d0 Clean-up all memory on deinitialization of sec-mod and worker. 
That will allow to easier spot any unintentional memory leaks.
 2014-05-15 15:36:03 +02:00
Nikos Mavrogiannopoulos
b62c14f613 corrected issue in talloc detection. 2014-05-15 14:52:13 +02:00
Nikos Mavrogiannopoulos
f9ce018f68 Add the clock_gettime() syscall on the list of allowed in seccomp. 2014-05-15 14:28:18 +02:00
Nikos Mavrogiannopoulos
a74f615766 doc update 2014-05-15 13:14:58 +02:00
Nikos Mavrogiannopoulos
044b910128 Force full connection after cookie when a script is involved. 
That is because in the new design of ocserv, the cookie is being
provided prior to any script being run or evaluated.
 2014-05-15 11:52:17 +02:00
Nikos Mavrogiannopoulos
68c4b2371b Renamed main-auth.h. 2014-05-15 11:39:02 +02:00
Nikos Mavrogiannopoulos
e7171ac859 Supplementary group/user configuration is now modular. 
That will ease the addition of other backends that can be used to
read the user/group configuration. The only backend supported now
is file.
 2014-05-15 11:36:30 +02:00
Nikos Mavrogiannopoulos
a2ea033f50 use safe_memset() when overwritting the group configuration 2014-05-15 10:46:53 +02:00
Nikos Mavrogiannopoulos
231316f624 cleanup the inclusion of protobuf sources. 2014-05-15 10:44:35 +02:00
Nikos Mavrogiannopoulos
37f295b31a doc update 2014-05-14 14:54:02 +02:00
Nikos Mavrogiannopoulos
fcaeacbd00 Added sanity checks in state transitions. 2014-05-14 14:51:41 +02:00
Nikos Mavrogiannopoulos
b25deaf742 Updated authentication state and design figures. 2014-05-14 14:50:03 +02:00
Nikos Mavrogiannopoulos
53f3129da9 Authentication modules were moved to subdirectory auth/ 2014-05-14 14:35:50 +02:00
Nikos Mavrogiannopoulos
a1a47f3294 doc update 2014-05-14 13:30:43 +02:00
Nikos Mavrogiannopoulos
788560b9ce Added default-user-config and default-group-config configuration options. 
These allow setting a configuration file that will be loaded if a
user-specific or group-specific configuration file isn't found.
 2014-05-14 13:27:51 +02:00
Nikos Mavrogiannopoulos
3f9a215f53 Allow for random and for predictable IP assignment. 2014-05-14 13:00:11 +02:00
Nikos Mavrogiannopoulos
09704b8819 Password authentication is now delegated to sec-mod. 
That prevents any memory from the authentication modules to be leaked
to a worker process. As a result, the status zombie and dead no longer
exists.
 2014-05-14 11:37:01 +02:00
Nikos Mavrogiannopoulos
df7b124df4 include malloc.h when needed. 2014-05-13 21:19:56 +02:00
Nikos Mavrogiannopoulos
07559df432 Corrected the removal of socket files in chrooted environment. 
In addition remove the occtl_socket_file.
 2014-05-12 11:14:53 +02:00
Nikos Mavrogiannopoulos
5e3afb92ad eliminate the need for a worker_pool variable in main_server_st. 2014-05-12 10:51:18 +02:00
Nikos Mavrogiannopoulos
1465a5922c Added no-udp group configuration option. 
That options allows disabling UDP for specific users or groups.
 2014-05-12 10:29:29 +02:00
Nikos Mavrogiannopoulos
2338251a0f corrected PAM module and its usage of malloc. 2014-05-12 10:25:03 +02:00
Nikos Mavrogiannopoulos
9f07c42b82 Allow the main process to connect to sec-module. 
That allows gnutls' to verify the key validity during initialization.
 2014-05-12 10:12:39 +02:00
Nikos Mavrogiannopoulos
478c580a56 doc update 2014-05-11 14:30:43 +02:00
Nikos Mavrogiannopoulos
b83f168613 doc update 2014-05-11 14:24:46 +02:00
Nikos Mavrogiannopoulos
9434334918 updated sample.config 2014-05-11 14:23:43 +02:00
Nikos Mavrogiannopoulos
ed0cb777dd occtl: propagate error codes on error conditions. 2014-05-11 14:23:11 +02:00
Nikos Mavrogiannopoulos
522a9c35a4 Allow modifying the default occtl socket file. 2014-05-11 14:16:38 +02:00