GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-11 09:16:59 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,646 Commits 19 Branches 88 Tags
afef74fa231ecab5dae0927a1b03a908034890c8
Commit Graph

1646 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
afef74fa23 removed the certificate[optional] auth type 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
8bb0af61bc Added GSSAPI as an additional password auth mechanism 
That also adds the ability to support an OR composition of multiple
authentication methods. That is using the 'enable-auth' config option.
 2015-02-19 11:47:20 +01:00
Nikos Mavrogiannopoulos
5e4763d229 bumped version ocserv_0_9_2 2015-02-18 08:12:19 +01:00
Nikos Mavrogiannopoulos
a6f6dea2cb ip-lease: use 128 as prefix in local IP 2015-02-17 10:10:52 +01:00
Nikos Mavrogiannopoulos
579900211e doc update 2015-02-16 23:04:17 +01:00
Nikos Mavrogiannopoulos
8d08df70cc tests: updated for new IPv4 assignment 2015-02-16 23:03:29 +01:00
Nikos Mavrogiannopoulos
e959c8cfab manpage: generate a DER PKCS #12 file 2015-02-16 23:02:00 +01:00
Nikos Mavrogiannopoulos
ce19dca719 avoid using the IPv4 network address as tun address, and simplify valid address checking 2015-02-16 23:00:59 +01:00
Nikos Mavrogiannopoulos
aa72455d39 doc update 2015-02-16 15:33:12 +01:00
Nikos Mavrogiannopoulos
f94276fc73 ip-lease: fixed hash value for IPv6 leases 
This corrects the unique check for assigned IPv6 addresses.
 2015-02-16 15:31:43 +01:00
Nikos Mavrogiannopoulos
ebcf2f7352 tests: fix pings to IPv6 addresses for the new tun address 2015-02-16 15:14:07 +01:00
Nikos Mavrogiannopoulos
31fb3b680f In IPv6 use the network address + 1 as the tun address 2015-02-16 15:13:30 +01:00
Nikos Mavrogiannopoulos
683fd2ec28 radius-test: completed test 2015-02-16 13:21:14 +01:00
Nikos Mavrogiannopoulos
a2f52c58cc full/unix-test: updated for new IP assignments 2015-02-16 13:19:22 +01:00
Nikos Mavrogiannopoulos
ad52336a14 Linux ipv6: assign route to the remote IP 2015-02-16 13:16:48 +01:00
Nikos Mavrogiannopoulos
e22a1d7f42 doc update 2015-02-15 12:23:42 +01:00
Nikos Mavrogiannopoulos
137e584538 force relative names on the socket file to allow it being accessible from main and workers 2015-02-15 12:23:39 +01:00
Nikos Mavrogiannopoulos
53b9bbe603 configure: use seccomp where it is available 2015-02-15 08:28:08 +01:00
Nikos Mavrogiannopoulos
a07be822ac use IPV6_V6ONLY flag only when defined ocserv_0_9_1 2015-02-15 08:21:39 +01:00
Nikos Mavrogiannopoulos
0794a32567 use headers for clone() only when ENABLE_LINUX_NS is defined 2015-02-15 08:21:22 +01:00
Nikos Mavrogiannopoulos
f3249a70aa doc update 2015-02-15 08:04:41 +01:00
Nikos Mavrogiannopoulos
9e3695ec15 tests: added missing file 2015-02-15 07:55:38 +01:00
Stuart Henderson
56c2d9a74a header/macro fix for OpenBSD 
Signed-off-by: Stuart Henderson <stu@spacehopper.org>
 2015-02-14 18:53:26 +01:00
Stuart Henderson
7cb57b162b correct byte-order for tun header 
Signed-off-by: Stuart Henderson <stu@spacehopper.org>
 2015-02-14 18:51:59 +01:00
Nikos Mavrogiannopoulos
d75c1d18a2 use writev() and readv() for tun_read/write in OpenBSD 2015-02-14 14:36:46 +01:00
Nikos Mavrogiannopoulos
9d5106995c Handle OpenBSD's additional tun header 2015-02-14 14:22:00 +01:00
Nikos Mavrogiannopoulos
82a0c334ba oc_recvfrom_at: correctly set *addrlen 2015-02-14 14:06:08 +01:00
Nikos Mavrogiannopoulos
1b9fe50628 Set blocking mode to fd returned by accept 
That addresses issues in OpenBSD where the fd is
set to non blocking when the accept's fd is non blocking.
 2015-02-14 11:49:26 +01:00
Nikos Mavrogiannopoulos
ff5c721d30 doc update 2015-02-14 11:14:53 +01:00
Nikos Mavrogiannopoulos
df81d16f9d added missing colon 2015-02-14 08:06:53 +01:00
Nikos Mavrogiannopoulos
14d8c34e60 Attempted to simplify the BSD tun handling code 2015-02-13 23:34:34 +01:00
Stuart Henderson
2c0849c8a9 BSD patches for ocserv 
Iterate over tunXX devices, for BSDs that can't just open /dev/tun to
retrieve the "next available tun".

This is just copied with minor changes from openconnect/src/tun.c,

Signed-off-by: Stuart Henderson <stu@spacehopper.org>
 2015-02-13 23:21:05 +01:00
Stuart Henderson
a2b947de6f BSD patches for ocserv 
Hi Nikos, here are patches for a couple of issues which are stopping ocserv
from building on OpenBSD (and might be causing problems on other OS too).
There's a bit more to do for OpenBSD, it does need the iteration as done
in openconnect's tun.c:405-410, I might have another diff for that later.

Signed-off-by: Stuart Henderson <stu@spacehopper.org>
 2015-02-13 20:34:13 +01:00
Joerg Mayer
d1c3e05b92 Fix one of the places where "make distcheck" fails: In case of success ocpasswd-test should not leave the last test output lying around 
Signed-off-by: Joerg Mayer <jmayer@loplof.de>
 2015-02-13 14:00:32 +01:00
Joerg Mayer
12f7d42851 Fix out of tree build. 
Signed-off-by: Joerg Mayer <jmayer@loplof.de>
 2015-02-13 14:00:11 +01:00
Nikos Mavrogiannopoulos
9a0ba0218f tests: updated radius-test for fedora 2015-02-13 10:41:54 +01:00
Nikos Mavrogiannopoulos
3d55134215 when opening a session forward the received cookie to sec-module 
That allows to verify that the cookie hasn't been tampered
without relying only on the MAC.
 2015-02-12 21:44:32 +01:00
Nikos Mavrogiannopoulos
d348caacc2 added seclog_hex 2015-02-12 21:43:40 +01:00
Nikos Mavrogiannopoulos
b6ef99b443 doc update 2015-02-12 21:10:12 +01:00
Nikos Mavrogiannopoulos
23586bdb9c no longer document the auth option certificate[optional] 2015-02-12 21:08:41 +01:00
Nikos Mavrogiannopoulos
aa10eb53c1 doc update 2015-02-11 11:44:57 +01:00
Nikos Mavrogiannopoulos
965ea48ee2 always assign the first network address as PtP address 2015-02-11 10:27:30 +01:00
Nikos Mavrogiannopoulos
75af003f12 check the explicit IP addresses for existence in our leases 2015-02-11 09:51:43 +01:00
Nikos Mavrogiannopoulos
585d29763d test-explicit-ip: Modified illegal checks for the new illegal addresses 2015-02-11 09:39:57 +01:00
Nikos Mavrogiannopoulos
57225a2c6a reserve the first address of the network to be set as the local part in our tun devices 
That is used only when explicit IP addresses are set. That way we
don't need to separate addresses into odd and even.
 2015-02-11 09:37:26 +01:00
Nikos Mavrogiannopoulos
0d999f5424 Added failure codes for proc_table_add() 2015-02-10 18:36:40 +01:00
Nikos Mavrogiannopoulos
85483e98e8 added hash table to search via 'real' SID 2015-02-10 18:33:02 +01:00
Nikos Mavrogiannopoulos
820de6a979 correctly renamed DTLS ID search functions 2015-02-10 18:14:34 +01:00
Nikos Mavrogiannopoulos
45b1f46265 doc update 2015-02-10 11:17:04 +01:00
Nikos Mavrogiannopoulos
952d6adc9c Added implicit accounting when explicit addresses are specified 
Only odd IP addresses can now explicitly be set, so that the next
even address can be used as the local one.
 2015-02-10 11:07:58 +01:00