ocserv

mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00

Author	SHA1	Message	Date
Nikos Mavrogiannopoulos	ac1e057158	occtl: allow listing only bans, or points	2015-02-26 15:52:59 +01:00
Nikos Mavrogiannopoulos	596cc35ff3	do not continuously extend the expiration time of banned IP entry	2015-02-26 15:40:58 +01:00
Nikos Mavrogiannopoulos	73ba4c06cb	doc update	2015-02-26 14:37:06 +01:00
Nikos Mavrogiannopoulos	0326ec168b	occtl: added ability to list banned, and unban IPs	2015-02-26 14:33:38 +01:00
Nikos Mavrogiannopoulos	bbee3767dc	sec-mod: don't use a timeout value in select() There is no need for that.	2015-02-26 13:41:39 +01:00
Nikos Mavrogiannopoulos	28dd005b76	removed support for linux namespaces; they don't provide any advantage over seccomp	2015-02-26 13:23:51 +01:00
Nikos Mavrogiannopoulos	a13e9a9507	tests: only run test-gssapi if gssntlmssp is found	2015-02-26 11:29:08 +01:00
Nikos Mavrogiannopoulos	445ea63783	made the ban points configurable	2015-02-26 11:23:06 +01:00
Nikos Mavrogiannopoulos	7619895a25	removed server-name config option	2015-02-26 11:00:07 +01:00
Nikos Mavrogiannopoulos	c9efcae416	doc update	2015-02-26 09:24:24 +01:00
Nikos Mavrogiannopoulos	7a675ff5e2	When sending BAN IP messages to main receive a reply on whether further actions should continue That allows to BAN a user even during an open connection.	2015-02-25 20:08:51 +01:00
Nikos Mavrogiannopoulos	874d0ce0e2	sec-mod: always send a reply to main	2015-02-25 19:10:16 +01:00
Nikos Mavrogiannopoulos	dbfca447a6	sec-mod: reply to main on failure to verify a session open cmd	2015-02-25 16:29:39 +01:00
Nikos Mavrogiannopoulos	8dd9cedd68	worker: collect any ban points and communicate them to main on exit	2015-02-25 16:10:15 +01:00
Nikos Mavrogiannopoulos	632ae25525	tests: radius-test: cleanup	2015-02-25 15:32:52 +01:00
Nikos Mavrogiannopoulos	0aa2c86f08	Added points in KKDCP connections to prevent DoS attacks.	2015-02-25 14:31:21 +01:00
Nikos Mavrogiannopoulos	58c8a52059	log message for rejected banned IP connection was moved to main-ban.c	2015-02-25 14:09:46 +01:00
Nikos Mavrogiannopoulos	ad66cb92d8	report the number of banned IPs via occtl	2015-02-25 14:07:53 +01:00
Nikos Mavrogiannopoulos	6254411131	doc update	2015-02-25 13:31:35 +01:00
Nikos Mavrogiannopoulos	4d7a4eaf23	HTTP debug messages moved to level 4	2015-02-25 13:29:42 +01:00
Nikos Mavrogiannopoulos	a3f5ae2551	Add a cost in number of connections per IP to prevent DoS attacks	2015-02-25 13:24:42 +01:00
Nikos Mavrogiannopoulos	a617485232	enforce of IP banning was moved to main	2015-02-25 13:16:56 +01:00
Nikos Mavrogiannopoulos	3222cedb99	simplify the communication between main and sec-mod	2015-02-25 10:33:25 +01:00
Nikos Mavrogiannopoulos	b44d84f7a2	tests: radius-test: require freeradius-client 1.1.7	2015-02-25 09:38:12 +01:00
Nikos Mavrogiannopoulos	43f3807e3b	prevent accounting methods from switching on reload	2015-02-25 09:31:17 +01:00
Nikos Mavrogiannopoulos	3a9617845e	radius: use the NAS identifier in accounting too	2015-02-24 19:15:57 +01:00
Nikos Mavrogiannopoulos	410ad632b0	added sanity checks in auth methods	2015-02-24 19:15:23 +01:00
Nikos Mavrogiannopoulos	437235e253	doc update	2015-02-24 19:01:54 +01:00
Nikos Mavrogiannopoulos	2f2f4a77d2	allow explicitly specifying the NAS identifier in radius	2015-02-24 18:59:05 +01:00
Nikos Mavrogiannopoulos	6647ddcbd3	tests: use unique temp files	2015-02-24 16:22:34 +01:00
Nikos Mavrogiannopoulos	cb52dd943e	worker: if a client retries a POST/GET request without the X-Support-HTTP header switch method That allows openconnect to retry using password authentication if it has no ticket or so. To advertize that behavior we set the header X-HTTP-Auth-Support: fallback in our 401 response.	2015-02-24 16:15:01 +01:00
Nikos Mavrogiannopoulos	ca9b7e6e7d	check all methods when using ws_switch_auth_to()	2015-02-24 15:49:30 +01:00
Nikos Mavrogiannopoulos	12ebe6b005	unix-test: added lz4 in fedora	2015-02-24 14:50:54 +01:00
Nikos Mavrogiannopoulos	6494ea6600	when stealing values do not reallocate them	2015-02-24 13:53:41 +01:00
Nikos Mavrogiannopoulos	29e834da4d	plain authentication uses the new parsing method	2015-02-24 13:53:37 +01:00
Nikos Mavrogiannopoulos	c5bba80854	pam uses the new sub-config format	2015-02-24 13:39:46 +01:00
Nikos Mavrogiannopoulos	43caa1be14	radius will use the new sub-config format	2015-02-24 13:04:28 +01:00
Nikos Mavrogiannopoulos	efa0f510d7	tests: test-gssapi: use require-local-user-map=false	2015-02-24 11:52:00 +01:00
Nikos Mavrogiannopoulos	e16ae6614c	Added more advanced suboption parser That adds the ability to parse options in the form: auth = "gssapi[option1=value1,option2=value2,...] It also introduces the keytab, and require-local-user-map suboptions for gssapi.	2015-02-24 11:50:55 +01:00
Nikos Mavrogiannopoulos	7b9e5a9f2a	when printing session information in log restrict to 5 chars	2015-02-24 10:41:34 +01:00
Nikos Mavrogiannopoulos	9b10323c2f	tests: fix IPs in unix-test	2015-02-23 19:20:18 +01:00
Nikos Mavrogiannopoulos	3c36f96de5	tests: set the proper hostname to KDC in kerberos-test	2015-02-23 19:12:14 +01:00
Nikos Mavrogiannopoulos	08c5ddea7e	tests: updated checks for gssapi	2015-02-23 16:52:50 +01:00
Nikos Mavrogiannopoulos	3caa7bb144	README: added krb5 dependency	2015-02-23 16:04:01 +01:00
Nikos Mavrogiannopoulos	6b0b8e5afc	tests: changed IP addresses of radius and PAM tests to not collide with full-test	2015-02-23 15:53:52 +01:00
Nikos Mavrogiannopoulos	4934cecdd6	doc update	2015-02-23 15:21:11 +01:00
Nikos Mavrogiannopoulos	40e96aae45	Separated accounting from authentication.	2015-02-23 15:19:44 +01:00
Nikos Mavrogiannopoulos	783be933e5	tests: updated kerberos-test	2015-02-23 09:34:06 +01:00
Nikos Mavrogiannopoulos	88e008cda3	radius: when sending accounting information include any updated IP	2015-02-23 09:34:06 +01:00
Nikos Mavrogiannopoulos	551e3b38c5	tests: added liblz4 into unix test and fixed IP addresses	2015-02-22 22:17:40 +01:00

1 2 3 4 5 ...

1766 Commits