GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,459 Commits 19 Branches 88 Tags
90b0ac7932cbd1b8d4d3baf45d55948ac4aa8df1
Commit Graph

1023 Commits

Author SHA1 Message Date
Nikos Mavrogiannopoulos
90b0ac7932 radius: added support for Framed-IPv6-Prefix 2014-12-29 20:00:45 +02:00
Nikos Mavrogiannopoulos
73726d13a3 print IPv6 netmask only when in non-full mode 
Also use the network address if available to print netmask.
 2014-12-29 19:42:00 +02:00
Nikos Mavrogiannopoulos
27b9e91eb8 bail out if use-seccomp is set to true but there is no seccomp capability 2014-12-29 14:22:45 +02:00
Nikos Mavrogiannopoulos
02734d8f54 send the Netmask when an IPv6 Address is assigned 2014-12-29 11:47:39 +02:00
Nikos Mavrogiannopoulos
0b47b5fb8f IPv6 fixes in ip-lease 
Issue discovered and fixed by sskaje.
 2014-12-29 11:39:52 +02:00
Nikos Mavrogiannopoulos
660311d74d enable IPv6 in Anyconnect clients, and send the prefix 2014-12-28 09:55:35 +02:00
Nikos Mavrogiannopoulos
071a8ae05f Do print error when pam_authenticate or pam_acct_mgmt fail 2014-12-27 11:17:41 +02:00
Nikos Mavrogiannopoulos
b38a1bb39a override the default ipv6_prefix only if ipv6_prefix is set 2014-12-26 20:23:12 +02:00
Nikos Mavrogiannopoulos
80459cfbd5 the default strings will enforce PFS 2014-12-25 10:56:19 +02:00
Nikos Mavrogiannopoulos
6d331584c1 radius: optimize "parse" of route 2014-12-14 20:55:04 +01:00
Nikos Mavrogiannopoulos
4cf2797afc radius: use Framed-Route and Framed-IPv6-Route 
That is read and if format is the expected, they are forwarded to client.
 2014-12-14 20:37:50 +01:00
Nikos Mavrogiannopoulos
3bbee0b069 more strlcpy() related changes 2014-12-14 20:12:08 +01:00
Nikos Mavrogiannopoulos
9fc8568107 ensure that stats are only updated if they increase 
That is, transferred bytes will not decrease in an update
due to miscommunication between main and workers.
 2014-12-14 20:00:33 +01:00
Nikos Mavrogiannopoulos
07e01d06b5 use strlcpy() instead of snprintf() where it make sense 
That should reduce wasted cycles.
 2014-12-14 19:24:14 +01:00
Nikos Mavrogiannopoulos
853f7876cd radius: increase the info sent during accounting requests 
Based on suggestions by Niels Peen. That adds:
Calling-Station-Id in auth message, and Service-Type,
Framed-Protocol, Framed-IP-Address, Acct-Authentic,
NAS-Port-Type, Acct-Session-Time in acct messages.
 2014-12-14 15:03:59 +01:00
Nikos Mavrogiannopoulos
d5a975d5e6 removed redundant checks 2014-12-14 07:30:14 +01:00
Nikos Mavrogiannopoulos
640211d8ea simplify radius usage 2014-12-13 22:23:44 +01:00
Nikos Mavrogiannopoulos
b18eeb7d74 first set amod and then use it 
That fixes a crash with PAM module on startup.
Reported by Ismail Donmez.
 2014-12-11 11:58:23 +01:00
Nikos Mavrogiannopoulos
6989b6a0c4 do not utilize radius symbols if radius is disabled 
Reported by Ismail Donmez
 2014-12-11 05:37:16 +01:00
Nikos Mavrogiannopoulos
065753bd57 undid ed5b177691 
It is not currently possible to reload only a part of the
configuration. If the back-end module changes, the server will
bail out instead.
 2014-12-10 15:28:14 +01:00
Nikos Mavrogiannopoulos
c15a7befbb sec-mod: always reply on open-session cmd 2014-12-10 15:10:25 +01:00
Nikos Mavrogiannopoulos
c8a2666fa7 avoid crash when no auth module is in use 2014-12-10 14:15:37 +01:00
Nikos Mavrogiannopoulos
0551338a7a sec-mod: preparations for thread safety 2014-12-10 14:10:17 +01:00
Nikos Mavrogiannopoulos
54e6450807 sec-mod: separated request serving from main loop 2014-12-10 13:30:56 +01:00
Nikos Mavrogiannopoulos
93125ea945 updated documentation on radius 2014-12-10 11:46:17 +01:00
Nikos Mavrogiannopoulos
320773e80a Added support for radius interim updates 2014-12-10 11:18:29 +01:00
Nikos Mavrogiannopoulos
35e93c6341 added option to send statistics periodically to sec-mod 2014-12-10 11:18:23 +01:00
Nikos Mavrogiannopoulos
ed5b177691 authentication information is only read on load 2014-12-10 08:56:23 +01:00
Nikos Mavrogiannopoulos
766afb591a Added support for reading user configuration from radius. 2014-12-09 15:38:27 +01:00
Nikos Mavrogiannopoulos
2194e11b39 Added support for radius authentication 2014-12-09 10:59:18 +01:00
Nikos Mavrogiannopoulos
baa3e4701e Supplementary configuration is now read by the security module. 
That allows sec-mod to handle both authentication and accounting.
That deprecates the session-control configuration option.
 2014-12-08 13:52:28 +01:00
Nikos Mavrogiannopoulos
8365449e9b deprecated ipv6_netmask 2014-12-08 10:48:25 +01:00
Nikos Mavrogiannopoulos
7abfb3e800 call disconnect script only if the user was on connected state 2014-12-02 08:34:20 +01:00
Nikos Mavrogiannopoulos
6bfd5db245 separate log messages between up and down script 2014-12-02 08:27:32 +01:00
Nikos Mavrogiannopoulos
d7ec6a168e run the down script even if the client's IP address has been re-used 2014-12-01 22:56:31 +01:00
Nikos Mavrogiannopoulos
7b0e20e6ad sec-mod: made logging consistent with the main server 2014-12-01 22:49:09 +01:00
Nikos Mavrogiannopoulos
cb9dcde387 Notify the client that the server may have a dynamic DNS address 
That is send "X-CSTP-DynDNS: true", in CSTP headers if the
server is configured as having a dynamic DNS address.
 2014-11-30 11:30:08 +01:00
Nikos Mavrogiannopoulos
9a7a9a36a1 use define _XOPEN_SOURCE to get crypt() 2014-11-29 19:49:38 +01:00
Nikos Mavrogiannopoulos
987974a59e sec-mod: print whether a certificate is present 2014-11-27 13:33:02 +01:00
Nikos Mavrogiannopoulos
ece3324e40 forward to gnutls manual for priority string documentation 2014-11-25 21:59:40 +01:00
Nikos Mavrogiannopoulos
8f84801c32 use TCP_NOPUSH in systems that support it (FreeBSD) 2014-11-18 22:29:37 +01:00
Nikos Mavrogiannopoulos
0320f61e3f Disable RC4 in the default priority strings 2014-11-18 22:23:02 +01:00
Nikos Mavrogiannopoulos
141bc755ad when generating the DTLS session ID set its size as well 2014-11-16 12:36:20 +01:00
Nikos Mavrogiannopoulos
bf2e8c8cd6 added oclog_hex() 2014-11-16 12:34:30 +01:00
Nikos Mavrogiannopoulos
78b3685f7a Generate a new DTLS session ID on every cookie connection 
That allows openconnect to distinguish when the DTLS key has switched.
 2014-11-16 10:00:15 +01:00
Nikos Mavrogiannopoulos
01bbb5cfa1 print the username earlier in log 2014-11-16 09:15:28 +01:00
Nikos Mavrogiannopoulos
f1e71ec597 improved logged messages 2014-11-15 12:47:30 +01:00
Nikos Mavrogiannopoulos
57cbb43a3b advertise a new DTLS session only when it is one 2014-11-15 12:32:31 +01:00
Nikos Mavrogiannopoulos
79668eb5e5 partially reverted b924eba1ac 
The timeouts were reset to the original values.
 2014-11-15 10:21:26 +01:00
Nikos Mavrogiannopoulos
a4ec19eb55 disable matching of IPs when the listen-clear-file option is set 2014-11-15 09:50:35 +01:00