GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-03-07 07:17:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,831 Commits 16 Branches 89 Tags
a779b18a81bd229edbec415d64f612cacbb45855
Commit Graph

2831 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
b088d2df73 Makefiles: combined the rules for local libraries 2016-04-16 10:47:18 +02:00
Nikos Mavrogiannopoulos
3b844bf3f0 bumped version 2016-04-16 08:56:23 +02:00
Nikos Mavrogiannopoulos
df36a4c0ba main: close stdin and stdout as early after daemon() 
The reason is that in some systems daemon() may close stdin
completely. If we delay this close and another descriptor takes
the stdin fileno, we may end up closing a legitimate descriptor.
 2016-04-16 08:49:35 +02:00
Nikos Mavrogiannopoulos
8ae0d044f2 doc update 2016-04-16 08:47:30 +02:00
Nikos Mavrogiannopoulos
659c903369 FreeBSD: restrict to poll or select the main event loop 
This addresses an issue with FreeBSD and the kqueue interface.
When used it causes the sec-mod spawn to fail. Enabling it, it possibly
affects the pipes generated for communication.
 2016-04-16 08:47:05 +02:00
Nikos Mavrogiannopoulos
ca4e281c1d setproctitle: fixed compilation issue in Linux systems without prctl 2016-04-15 14:22:47 +02:00
Nikos Mavrogiannopoulos
70d78f39d9 updated comment 2016-04-15 14:16:51 +02:00
Nikos Mavrogiannopoulos
9a125c3aba tests: update tests to include the running username/group 
That removes the requirement to keep a uid_wrapper specific
hack in check_upeer_id().
 2016-04-15 11:17:35 +02:00
Nikos Mavrogiannopoulos
4c43f06ab5 tests: added check for connection using invalid certificate 2016-04-12 22:13:54 +02:00
Nikos Mavrogiannopoulos
34d059c43a sec-mod: corrected comment 2016-04-12 21:54:12 +02:00
Nikos Mavrogiannopoulos
eb9cdf1933 TODO: mention hostname override 2016-04-12 21:48:11 +02:00
Nikos Mavrogiannopoulos
01cde787d3 doc update 2016-04-02 15:06:13 +02:00
Nikos Mavrogiannopoulos
071a37aaa4 tests: Added test for radius group receiving 
This tests the receiving of groups using "Class" radius attribute
in the format "OU=group1;group2".
 2016-04-01 15:39:38 +02:00
Nikos Mavrogiannopoulos
e798493d08 sec-mod: perform group checks at auth completion stage 
This allows to retrieve allowed groups from radius response.
 2016-04-01 15:39:02 +02:00
Nikos Mavrogiannopoulos
b5cabb9589 tests: added check for trim_trailing_whitespace() 2016-04-01 15:33:11 +02:00
Nikos Mavrogiannopoulos
ade786a0f1 radius: replace experimental Group-Name with Class attribute 
The current format allows to handle multiple groups and is used
by several radius servers.

Suggested by Yick Xie.
 2016-04-01 15:33:11 +02:00
Nikos Mavrogiannopoulos
0b4333d7ee ocserv: warn when conflicting supplemental config options are specified 
That is, do not allow radius' groupconfig=true option to be combined
with config-per-user/group. This reduces frustration since these options
are incompatible.
 2016-04-01 15:32:27 +02:00
Nikos Mavrogiannopoulos
34857ff5a5 tests: check for DNS information propagation in user config 2016-04-01 15:32:20 +02:00
Nikos Mavrogiannopoulos
6bd1d0b0e0 worker: always free the previous msg in an fd update 2016-03-28 15:49:48 +02:00
Nikos Mavrogiannopoulos
2f684a227b doc update 2016-03-23 19:53:38 +01:00
Nikos Mavrogiannopoulos
a037174a87 occtl: use '?' for unknown time 2016-03-23 19:52:40 +01:00
Nikos Mavrogiannopoulos
1b1fab8c3c occtl: add newline into print iroutes 2016-03-21 21:48:48 +01:00
Nikos Mavrogiannopoulos
adc4aa40af sec-mod: don't set negative time into last_modified field 2016-03-21 21:44:45 +01:00
Nikos Mavrogiannopoulos
cd4fe99a57 main: don't require a full handshake packet when forwarding UDP session 
That is, to allow any small DPD packets to be sent to the correct
worker process.
 2016-03-19 23:26:19 +01:00
Nikos Mavrogiannopoulos
441c112575 bumped version ocserv_0_11_1 2016-03-19 13:05:34 +01:00
Nikos Mavrogiannopoulos
8bfc3f6e2d reduced logging verbosity in certain common failures 2016-03-13 10:29:28 +01:00
Nikos Mavrogiannopoulos
76e6aef74d doc: mention the ip_address option 2016-03-08 12:27:07 +01:00
Nikos Mavrogiannopoulos
98647dc117 occtl: correctly print last modified field 2016-03-07 16:12:36 +01:00
Nikos Mavrogiannopoulos
eb71a82210 worker: improved exit reason reporting for server disconnects 2016-03-07 13:56:16 +01:00
Nikos Mavrogiannopoulos
da4e4fcf2a Improved error message propagation due to new combined APIs 
This amends 8892eb1934
 2016-03-07 13:51:55 +01:00
Nikos Mavrogiannopoulos
c213a8b8fc sec-mod: do not export expired entries to cookies list op 
Also combined macro to determine expired entries.
 2016-03-07 13:42:46 +01:00
Nikos Mavrogiannopoulos
e4dbeb6bd3 more files to ignore 2016-03-06 19:08:10 +01:00
Nikos Mavrogiannopoulos
94b2da514c occtl: split show cookies to all and valid 2016-03-06 19:07:33 +01:00
Nikos Mavrogiannopoulos
e0947340bb ipc: pass the connection status as integer 
Conversion to textual form now happens at the client (occtl)
instead of the main server.
 2016-03-06 19:07:24 +01:00
Nikos Mavrogiannopoulos
8892eb1934 use a single format for all messages simplifying server 
That patch also combines all the message generation or receiving
functions for to allow easier modifications to the format.
 2016-03-06 19:07:07 +01:00
Nikos Mavrogiannopoulos
8a99ed78db doc update 2016-03-06 12:06:44 +01:00
Nikos Mavrogiannopoulos
f3338e84f7 Added occtl command to display cookies 
This allows to display and examine valid cookies from occtl.
 2016-03-06 12:05:36 +01:00
Nikos Mavrogiannopoulos
4541a73d3d tests: fixed proxyproto test on debian 2016-03-05 16:58:17 +01:00
Nikos Mavrogiannopoulos
435c78fa3d doc: eliminated references to HOSTNAME 
It was never available in the up/down scripts.
 2016-03-05 16:45:39 +01:00
Nikos Mavrogiannopoulos
4a1d8ab246 doc update 2016-03-05 16:43:20 +01:00
Nikos Mavrogiannopoulos
94e44d2eda tests: updated debian docker file 2016-03-05 14:10:30 +01:00
Nikos Mavrogiannopoulos
63d3b98cad use more consistent naming in internal messages 2016-03-05 14:00:50 +01:00
Nikos Mavrogiannopoulos
76e602a4ca worker: don't log the SID in normal debugging levels 2016-03-05 11:20:54 +01:00
Nikos Mavrogiannopoulos
a2d62c005d worker: censor the DTLS master secret header as well 2016-03-05 11:16:03 +01:00
Nikos Mavrogiannopoulos
33a11af1b8 worker: pass received hostname to user via SESSION_INFO msg 2016-03-04 16:52:48 +01:00
Nikos Mavrogiannopoulos
9d144c89a9 Eliminated hostname handling in sec-mod 
This value never reached sec-mod as it is only get known
after session is initiated by the client (i.e., after
auth_rep message is received).
 2016-03-04 16:47:52 +01:00
Nikos Mavrogiannopoulos
2659d555ac main: overwrite the SID after removing a proc struct and on received packets 
That's because it is a sensitive value that can be used to resume
existing sessions. I should have used the fork+exec model in main.
 2016-03-04 16:33:08 +01:00
Nikos Mavrogiannopoulos
5ee78fec14 run_sec_mod: close unused sync fd 2016-03-02 09:19:06 +01:00
Nikos Mavrogiannopoulos
2fa8ed478e doc update [ci skip] 2016-02-29 14:22:03 +01:00
Nikos Mavrogiannopoulos
993df97b9b worker-privs: added getpid to the list of allowed syscalls 2016-02-27 17:55:02 +01:00